Policy Manager

    • Introduction
    • Quick start
    • Tutorials
      • Writing Kubewarden policies
        • Introduction to CEL
          • Reusing ValidatingAdmissionPolicies
          • Context-aware CEL policies
          • Sigstore host capabilities
        • Rust
          • Creating a policy
          • Defining policy settings
          • Writing validation logic
          • Creating a new mutation policy
          • Logging
          • Building and distributing policies
          • Raw policies
        • Writing policies in Go
          • Creating a new validation policy
          • Defining policy settings
          • Writing the validation logic
          • End-to-end testing
          • Logging
          • Integrating with GitHub Actions
          • Distributing policy
          • Validation using JSON queries
          • Writing raw policies
        • Rego
          • Builtin support
          • Open Policy Agent
            • Introduction to Open Policy Agent
            • Creating a new policy
            • Build and run a OPA policy for Kubewarden
            • Distributing an OPA policy with Kubewarden
            • Writing raw policies
          • Gatekeeper
            • Gatekeeper support
            • Creating a new Gatekeeper Rego policy
            • Build and run a Gatekeeper policy
            • Distributing a Gatekeeper policy with Kubewarden
        • C#
        • Swift
        • Typescript
        • Other languages
        • WASI
          • WASI
          • Writing raw policies
        • Policy metadata
      • Testing policies
        • Policy testing
        • Testing for policy authors
        • Testing for cluster operators
      • Verifying Kubewarden
      • Publish policies to Artifact Hub
    • Explanations
      • Mutating policies
      • Context aware policies
      • Policy Groups
      • Certificate rotation
      • Distributing policies
      • Comparisons
        • Kubewarden vs OPA Gatekeeper
      • What is the Audit Scanner?
        • Audit Scanner - Limitations
        • Audit Scanner - Policy Reports
      • SUSE® Admission Policy Manager architecture
    • Howtos
      • Common tasks
      • Install kwctl
      • Production deployments
      • Deployment at scale
      • Audit Scanner
      • Configuring policies
      • Emergency disable
      • Configuring Policy Servers
        • Using custom CAs
        • Configuring PolicyServers to use private registries
        • Production deployments
      • Policy groups
      • PSP migration
      • ValidatingAdmissionPolicy migration
      • Pod Security Admission
      • Custom certificate authorities
      • Raw policies
      • ArgoCD Installation
      • Security
        • Secure supply chain
        • Enable mTLS with K3s
      • Air gap
        • Requirements
        • Installation
        • Hauler installation
      • Telemetry quick starts
        • Open Telemetry quick start
        • Tracing quickstart
        • Metrics quickstart
        • Custom OpenTelemetry Collector
      • Rancher Fleet
      • Rancher UI extension
        • Quickstart
        • Monitoring
        • Tracing
      • Rancher Application Collection
        • Verify images
      • Workarounds
        • Certificate rotation
      • Contribution guide
        • Contributing to documentation
        • Improving documentation
      • Migrating Gatekeeper policies to Kubewarden
    • Reference
      • Custom Resource Definitions (CRD)
      • Dependency matrix
      • Artifacts
      • Upgrade path
      • Metrics reference
      • Monitor mode
      • Policy specification
        • Policy communication specification
        • Policy settings
        • Validating policies
        • Mutating policies
        • Context aware policies
        • Host capabilities
          • Host capabilities specification
          • Signature verifier policies
          • Container registry capabilities
          • Network capabilities
          • Cryptographic capabilities
          • Kubernetes capabilities
      • OCI registry support for Kubewarden
      • Security
        • Webhooks
      • Threat Model
      • Policy evaluation timeout protection
      • Verification configuration format
      • Reference for sources.yaml
      • kwctl CLI
      • Policy Server CLI
    • For who?
    • Use cases
    • Organization
    • Enterprise
    • Glossary
    • Security disclosure
Policy Manager 1.29
  • Cluster API
    • Latest
    • 0.24
    • 0.23
    • 0.22
    • 0.21
    • 0.20
    • 0.19
    • 0.18
    • 0.17
    • 0.16
    • 0.15
    • 0.14
    • 0.13
    • 0.12
    • 0.11
  • Continuous Delivery
    • 0.12
    • 0.11
    • 0.10
    • 0.9
  • K3s
    • Latest
  • OS Manager
    • Next
    • Latest
    • 1.7
    • 1.6
    • 1.5
  • Policy Manager
    • 1.30-next
    • 1.29
    • 1.28
    • 1.27
    • 1.26
    • 1.25
  • RKE2
    • Latest
  • SUSE Observability
    • Latest
  • SUSE® Rancher Manager
    • latest
    • v2.12
    • v2.11
    • v2.10
    • v2.9
    • v2.8
  • SUSE® Security
    • 5.4
    • 5.3
  • SUSE® Storage
    • Latest
    • 1.11 (Dev)
    • 1.10 (Dev)
    • 1.9 (Latest)
    • 1.8
  • SUSE® Virtualization
    • v1.6 (Dev)
    • v1.5 (Latest)
    • v1.4
    • v1.3
  • Documentation Home
  • Policy Manager
  • Howtos
1.30-next 1.29 1.28 1.27 1.26 1.25
Edit

Configuring PolicyServers for production

Please refer to the PolicyServer configuration section in the Production deployments documentation.

Configuring PolicyServers to use private registries Policy groups