This message was deleted.
# general
a
This message was deleted.
b
you can either not allow the deployment by project/namespace or simply hide system namespaces from the preferences
in the latest version I’ve filtered out them pretty much like on the top
h
sorry - a newbie follow up question... do you have an example on where I can set the same filter(s)?
b
If is a single user case and you can simply hint to disable it, hide the system namespaces is the easiest way
if instead you are configuring the users, you can sets some restrictions in the namespace or in the cluster, depends by yours needs
h
Thank you!
a
Maybe late to the party… But since you are checking out NeuVector, yes, you can set admission control filters to block deployments to specific namespaces..
The “monitor” mode won’t block the image, but will report that it was violating the admission control rule… In “protect” mode, the image will not be allowed to schedule in the cluster (blocked)
👏 1
h
this is fantastic! I did try above filter with default namespace. For setting same filter on kube-system and cattle-system would it still allow future kubernetes upgrades which would update things in kube-system?