Chip Zoller
Chip Zoller
My guess is this has to do specifically with use of `anyPattern` along with the ["existence" anchor](https://kyverno.io/docs/writing-policies/validate/#anchors).
Probably start by collecting the value of the `image:` field for all YAML files in directories named `.kyverno-test` and `.chainsaw-test`.
Just my two cents here but making it configurable could be beneficial for the reason provided, but setting it as the default I would not do. Host networking is a...
Converted to draft.
Just about every project publishes container images using a tag which reflects the version. Use of the `latest` tag, which is mutable, creates unpredictability as there's no way to know...
Closed by #68
Seems related but not the same.
https://kyverno.io/blog/2024/02/04/securing-services-meshes-easier-with-kyverno/
Works for me: ```sh k create -f temp1.yaml Error from server: error when creating "temp1.yaml": admission webhook "validate.kyverno.svc-fail" denied the request: resource Pod/default/pod-with-net-admin was blocked due to the following policies...
No service mesh when I tested.