Amjad Hammoudeh:
Hello,
Does ImagePolicyWebhook prevents latest tag by default? because i can not see anything related to that in the configuration yaml file
Amjad Hammoudeh:
Hello,
Does ImagePolicyWebhook prevents latest tag by default? because i can not see anything related to that in the configuration yaml file
Fernando Jordan Silva:
No, ImagePolicyWebhook just make a request for validation to an user defined http service that must implement the business logic that you may need.
If you add the ImagePolicyWebhook admissioncontroller to your cluster, also must provide for a backend service used for validation.
Amjad Hammoudeh:
what i meant is using the configuration for ImageWebhook files that were provided by the course/lab
there nothing written to block the latest image, that is why i asked if it by default prevents it
Amjad Hammoudeh:
this is what i meant , i did not configure anything for tag in admission controller , yet the latest image is blocked
Fernando Jordan Silva:
The service of the lab should detect the latest tag, but you also have to configure the policy to prevent the installation. Check it, there is a parameter for that
Fernando Jordan Silva:
You should set it to false to prevent the installation if the webhook fails (in your case, if the webhook detect the latest tag)
Amjad Hammoudeh:
the https://github.com/kainlite/kube-image-bouncer|kube-image-bouncer image blocks latest image by default
thank you