UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Verified Commit cd700235 authored by Micah Nagel's avatar Micah Nagel Committed by Tunde Oladipupo
Browse files

Apply 1 suggestion(s) to 1 file(s)

parent 60881d39
No related branches found
No related tags found
1 merge request!1551Kyverno docs
This commit is part of merge request !1551. Comments created here will be created in the context of that merge request.
Hide whitespace changes
Inline Side-by-side
charter/packages/kyverno/Architecture.md
+ 9
6
View file @ cd700235
......@@ -35,13 +35,16 @@ Data from Kyverno is not stored by the app directly, it is stored as objects in
When deploying to k3d, istio-system should be added from `excludedNamespaces` under the `allowedDockerRegistries` violations. This can be done by modifying `chart/values.yaml` file or passing an override file with the values set as seen below. This is for development purposes only: production should not allow containers in the `istio-system` namespace to be pulled from outside of Registry1.
```yaml
kyverno:
kyvernopolicies:
values:
violations:
allowedDockerRegistries:
match:
excludedNamespaces:
- istio-system # allows creation for loadbalancer pods for various ports and various vendor loadbalancers
exclude:
any:
# Allows k3d load balancer to bypass policies.
- resources:
namespaces:
- istio-system
names:
- svclb-*
```
## High Availability
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED - NO CUI