UNCLASSIFIED - NO CUI

Skip to content

Opa deny unallowed docker registries

Mark Sanchez requested to merge opa-deny-unallowed-docker-registries into master

Package Owner Merge Request

Package Changes

  • Updated constraint allowed-docker-registries enforcement to default deny
  • Excluded kube-system namespace for constraint allowed-docker-registries
  • Excluded istio-system namespace for constraint allowed-docker-registries in template/gatekeeper/values.yaml
  • Exempted Mattermost postgres container in template/gatekeeper/values.yaml
  • Added docs/production.md to detail recommendation for production

Links to all MRs that are associated with this change are required.

Also, include any issues closed with "Closes #ISSUENUMBER". See example:

Closes https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/issues/61

Add any labels for affected packages so that they are deployed in CI. See example:

Once the MR is ready for review also add the status::review label.

Edited by Mark Sanchez

Merge request reports

Loading