Opa deny unallowed docker registries
Package Owner Merge Request
Package Changes
- Updated constraint
allowed-docker-registriesenforcement to default deny - Excluded kube-system namespace for constraint
allowed-docker-registries - Excluded istio-system namespace for constraint
allowed-docker-registriesin template/gatekeeper/values.yaml - Exempted Mattermost postgres container in template/gatekeeper/values.yaml
- Added docs/production.md to detail recommendation for production
Links to all MRs that are associated with this change are required.
Also, include any issues closed with "Closes #ISSUENUMBER". See example:
Closes https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/issues/61
Add any labels for affected packages so that they are deployed in CI. See example:
Once the MR is ready for review also add the status::review label.
Edited by Mark Sanchez