Configuring Image Analyzer

Image analyzer by Deepfactor is a service that runs alongside its Webhook. It's responsible for fetching the image manifests of all the containers in a pod that Deepfactor will instrument. Later on, image manifests are utilized to determine container entrypoints.
By default, the image analyzer gets deployed, but the users can opt-out by adding the following settings to webhook-override.yaml.

imageanalyzer:
enabled: false

Handling Private Container Registries

Image analyzer requires access to the secrets used by the Pod in order to retrieve the image manifests of private container images.
There are two ways in which you can do the above

  1. By granting access to secrets of application namespaces (this requires the application namespaces to be created before deploying Webhook)

    imageanalyzer:
    rbac:
    # If cluster role binding(crb) is disabled then role binding will be
    # created in the namespaces available here.
    namespaces:
    - app-namespace-1
    - app-namespace-2
  2. By providing the access to all the secrets in the cluster

    imageanalyzer:
    rbac:
    # If cluster role binding(crb) is enabled then cluster role binding
    # will be created.
    crb: true
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.