How can I disable mutation for managed sidecars #1220
Labels
question
Further information is requested
Comments
|
@BitRacer I wouldn't recommend to disable the mutation for a container. In addition to that, I won't recommend it as a security best practice consists on relying on digests instead of tags. |
|
It is not possible today to disable it with the existing source code. Feel free to make any changes to that logic. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm using a managed version of service mesh in GKE, Anthos Service Mesh. The managed service mesh injects envoy sidecars and references the containers by tag, not with a sha. The result of mutating the sha on the sidecar is that ASM cannot determine what version is installed and chaos ensues.
Is there a way to disable mutation for a container, or set of containers. for example gcr.io/releases/asm*
I only want to skip this mutation for theses sidecars. Not for the main container, which is signed and delivered with a sha
I can't find any examples of how to set this in the cluster policy or mutating webhook config.
The text was updated successfully, but these errors were encountered: