Skip to content

policy values.yamlšŸ’£

openshiftšŸ’£

Type: bool

Default value
false

replicasšŸ’£

Type: int

Default value
3

auditIntervalšŸ’£

Type: int

Default value
300

metricsBackends[0]šŸ’£

Type: string

Default value
"prometheus"

auditMatchKindOnlyšŸ’£

Type: bool

Default value
true

constraintViolationsLimitšŸ’£

Type: int

Default value
1000

auditFromCachešŸ’£

Type: bool

Default value
false

disableMutationšŸ’£

Type: bool

Default value
true

disableValidatingWebhookšŸ’£

Type: bool

Default value
false

validatingWebhookTimeoutSecondsšŸ’£

Type: int

Default value
15

validatingWebhookFailurePolicyšŸ’£

Type: string

Default value
"Ignore"

validatingWebhookAnnotationsšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

validatingWebhookExemptNamespacesLabelsšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

validatingWebhookObjectSelectoršŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

validatingWebhookCheckIgnoreFailurePolicyšŸ’£

Type: string

Default value
"Fail"

validatingWebhookCustomRulesšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

enableDeleteOperationsšŸ’£

Type: bool

Default value
false

enableExternalDatašŸ’£

Type: bool

Default value
true

enableGeneratorResourceExpansionšŸ’£

Type: bool

Default value
false

enableTLSHealthcheckšŸ’£

Type: bool

Default value
false

maxServingThreadsšŸ’£

Type: int

Default value
-1

mutatingWebhookFailurePolicyšŸ’£

Type: string

Default value
"Ignore"

mutatingWebhookReinvocationPolicyšŸ’£

Type: string

Default value
"Never"

mutatingWebhookAnnotationsšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

mutatingWebhookExemptNamespacesLabelsšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

mutatingWebhookObjectSelectoršŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

mutatingWebhookTimeoutSecondsšŸ’£

Type: int

Default value
1

mutatingWebhookCustomRulesšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

mutationAnnotationsšŸ’£

Type: bool

Default value
false

auditChunkSizešŸ’£

Type: int

Default value
500

logLevelšŸ’£

Type: string

Default value
"INFO"

logDeniesšŸ’£

Type: bool

Default value
true

logMutationsšŸ’£

Type: bool

Default value
true

emitAdmissionEventsšŸ’£

Type: bool

Default value
false

emitAuditEventsšŸ’£

Type: bool

Default value
false

resourceQuotašŸ’£

Type: bool

Default value
true

postUpgrade.labelNamespace.enabledšŸ’£

Type: bool

Default value
false

postUpgrade.labelNamespace.image.repositoryšŸ’£

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

postUpgrade.labelNamespace.image.tagšŸ’£

Type: string

Default value
"v1.26.3"

postUpgrade.labelNamespace.image.pullPolicyšŸ’£

Type: string

Default value
"IfNotPresent"

postUpgrade.labelNamespace.image.pullSecretsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

postUpgrade.labelNamespace.extraNamespacesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

postUpgrade.labelNamespace.podSecurityšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

postUpgrade.affinityšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

postUpgrade.tolerationsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

postUpgrade.nodeSelector.”kubernetes.io/os”šŸ’£

Type: string

Default value
"linux"

postUpgrade.resourcesšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

postUpgrade.securityContext.allowPrivilegeEscalationšŸ’£

Type: bool

Default value
false

postUpgrade.securityContext.capabilities.drop[0]šŸ’£

Type: string

Default value
"ALL"

postUpgrade.securityContext.readOnlyRootFilesystemšŸ’£

Type: bool

Default value
true

postUpgrade.securityContext.runAsGroupšŸ’£

Type: int

Default value
999

postUpgrade.securityContext.runAsNonRootšŸ’£

Type: bool

Default value
true

postUpgrade.securityContext.runAsUseršŸ’£

Type: int

Default value
1000

postInstall.labelNamespace.enabledšŸ’£

Type: bool

Default value
true

postInstall.labelNamespace.extraRulesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

postInstall.labelNamespace.image.repositoryšŸ’£

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

postInstall.labelNamespace.image.tagšŸ’£

Type: string

Default value
"v1.26.3"

postInstall.labelNamespace.image.pullPolicyšŸ’£

Type: string

Default value
"IfNotPresent"

postInstall.labelNamespace.image.pullSecretsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

postInstall.labelNamespace.extraNamespacesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

postInstall.labelNamespace.podSecurityšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

postInstall.probeWebhook.enabledšŸ’£

Type: bool

Default value
true

postInstall.probeWebhook.image.repositoryšŸ’£

Type: string

Default value
"registry1.dso.mil/ironbank/big-bang/base"

postInstall.probeWebhook.image.tagšŸ’£

Type: string

Default value
"2.0.0"

postInstall.probeWebhook.image.pullPolicyšŸ’£

Type: string

Default value
"IfNotPresent"

postInstall.probeWebhook.image.pullSecretsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

postInstall.probeWebhook.waitTimeoutšŸ’£

Type: int

Default value
60

postInstall.probeWebhook.httpTimeoutšŸ’£

Type: int

Default value
2

postInstall.probeWebhook.insecureHTTPSšŸ’£

Type: bool

Default value
false

postInstall.affinityšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

postInstall.tolerationsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

postInstall.nodeSelector.”kubernetes.io/os”šŸ’£

Type: string

Default value
"linux"

postInstall.securityContext.allowPrivilegeEscalationšŸ’£

Type: bool

Default value
false

postInstall.securityContext.capabilities.drop[0]šŸ’£

Type: string

Default value
"ALL"

postInstall.securityContext.readOnlyRootFilesystemšŸ’£

Type: bool

Default value
true

postInstall.securityContext.runAsGroupšŸ’£

Type: int

Default value
999

postInstall.securityContext.runAsNonRootšŸ’£

Type: bool

Default value
true

postInstall.securityContext.runAsUseršŸ’£

Type: int

Default value
1000

preUninstall.deleteWebhookConfigurations.extraRulesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

preUninstall.deleteWebhookConfigurations.enabledšŸ’£

Type: bool

Default value
false

preUninstall.deleteWebhookConfigurations.image.repositoryšŸ’£

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

preUninstall.deleteWebhookConfigurations.image.tagšŸ’£

Type: string

Default value
"v1.26.3"

preUninstall.deleteWebhookConfigurations.image.pullPolicyšŸ’£

Type: string

Default value
"IfNotPresent"

preUninstall.deleteWebhookConfigurations.image.pullSecretsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

preUninstall.affinityšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

preUninstall.tolerationsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

preUninstall.nodeSelector.”kubernetes.io/os”šŸ’£

Type: string

Default value
"linux"

preUninstall.resourcesšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

preUninstall.securityContext.allowPrivilegeEscalationšŸ’£

Type: bool

Default value
false

preUninstall.securityContext.capabilities.drop[0]šŸ’£

Type: string

Default value
"ALL"

preUninstall.securityContext.readOnlyRootFilesystemšŸ’£

Type: bool

Default value
true

preUninstall.securityContext.runAsGroupšŸ’£

Type: int

Default value
999

preUninstall.securityContext.runAsNonRootšŸ’£

Type: bool

Default value
true

preUninstall.securityContext.runAsUseršŸ’£

Type: int

Default value
1000

image.repositoryšŸ’£

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper"

image.releasešŸ’£

Type: string

Default value
"v3.11.0"

image.pullPolicyšŸ’£

Type: string

Default value
"IfNotPresent"

image.pullSecrets[0].namešŸ’£

Type: string

Default value
"private-registry"

image.crdRepositoryšŸ’£

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

image.crdReleasešŸ’£

Type: string

Default value
"v1.26.3"

podAnnotations.”container.seccomp.security.alpha.kubernetes.io/manager”šŸ’£

Type: string

Default value
"runtime/default"

podLabelsšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

podCountLimitšŸ’£

Type: string

Default value
"100"

secretAnnotationsšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

enableRuntimeDefaultSeccompProfilešŸ’£

Type: bool

Default value
true

controllerManager.exemptNamespacesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

controllerManager.exemptNamespacePrefixesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

controllerManager.hostNetworkšŸ’£

Type: bool

Default value
false

controllerManager.dnsPolicyšŸ’£

Type: string

Default value
"ClusterFirst"

controllerManager.portšŸ’£

Type: int

Default value
8443

controllerManager.metricsPortšŸ’£

Type: int

Default value
8888

controllerManager.healthPortšŸ’£

Type: int

Default value
9090

controllerManager.readinessTimeoutšŸ’£

Type: int

Default value
1

controllerManager.livenessTimeoutšŸ’£

Type: int

Default value
1

controllerManager.priorityClassNamešŸ’£

Type: string

Default value
"system-cluster-critical"

controllerManager.disableCertRotationšŸ’£

Type: bool

Default value
false

controllerManager.tlsMinVersionšŸ’£

Type: float

Default value
1.3

controllerManager.clientCertNamešŸ’£

Type: string

Default value
""

controllerManager.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].keyšŸ’£

Type: string

Default value
"gatekeeper.sh/operation"

controllerManager.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operatoršŸ’£

Type: string

Default value
"In"

controllerManager.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values[0]šŸ’£

Type: string

Default value
"webhook"

controllerManager.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKeyšŸ’£

Type: string

Default value
"kubernetes.io/hostname"

controllerManager.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weightšŸ’£

Type: int

Default value
100

controllerManager.topologySpreadConstraintsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

controllerManager.tolerationsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

controllerManager.nodeSelector.”kubernetes.io/os”šŸ’£

Type: string

Default value
"linux"

controllerManager.resources.limits.cpušŸ’£

Type: string

Default value
"175m"

controllerManager.resources.limits.memoryšŸ’£

Type: string

Default value
"512Mi"

controllerManager.resources.requests.cpušŸ’£

Type: string

Default value
"175m"

controllerManager.resources.requests.memoryšŸ’£

Type: string

Default value
"512Mi"

controllerManager.securityContext.allowPrivilegeEscalationšŸ’£

Type: bool

Default value
false

controllerManager.securityContext.capabilities.drop[0]šŸ’£

Type: string

Default value
"ALL"

controllerManager.securityContext.readOnlyRootFilesystemšŸ’£

Type: bool

Default value
true

controllerManager.securityContext.runAsGroupšŸ’£

Type: int

Default value
999

controllerManager.securityContext.runAsNonRootšŸ’£

Type: bool

Default value
true

controllerManager.securityContext.runAsUseršŸ’£

Type: int

Default value
1000

controllerManager.podSecurityContext.fsGroupšŸ’£

Type: int

Default value
999

controllerManager.podSecurityContext.supplementalGroups[0]šŸ’£

Type: int

Default value
999

controllerManager.extraRulesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

audit.hostNetworkšŸ’£

Type: bool

Default value
false

audit.dnsPolicyšŸ’£

Type: string

Default value
"ClusterFirst"

audit.metricsPortšŸ’£

Type: int

Default value
8888

audit.healthPortšŸ’£

Type: int

Default value
9090

audit.readinessTimeoutšŸ’£

Type: int

Default value
1

audit.livenessTimeoutšŸ’£

Type: int

Default value
1

audit.priorityClassNamešŸ’£

Type: string

Default value
"system-cluster-critical"

audit.disableCertRotationšŸ’£

Type: bool

Default value
true

audit.affinityšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

audit.tolerationsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

audit.nodeSelector.”kubernetes.io/os”šŸ’£

Type: string

Default value
"linux"

audit.resources.limits.cpušŸ’£

Type: float

Default value
1.2

audit.resources.limits.memoryšŸ’£

Type: string

Default value
"768Mi"

audit.resources.requests.cpušŸ’£

Type: float

Default value
1.2

audit.resources.requests.memoryšŸ’£

Type: string

Default value
"768Mi"

audit.securityContext.allowPrivilegeEscalationšŸ’£

Type: bool

Default value
false

audit.securityContext.capabilities.drop[0]šŸ’£

Type: string

Default value
"ALL"

audit.securityContext.readOnlyRootFilesystemšŸ’£

Type: bool

Default value
true

audit.securityContext.runAsGroupšŸ’£

Type: int

Default value
999

audit.securityContext.runAsNonRootšŸ’£

Type: bool

Default value
true

audit.securityContext.runAsUseršŸ’£

Type: int

Default value
1000

audit.podSecurityContext.fsGroupšŸ’£

Type: int

Default value
999

audit.podSecurityContext.supplementalGroups[0]šŸ’£

Type: int

Default value
999

audit.writeToRAMDiskšŸ’£

Type: bool

Default value
false

audit.extraRulesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

crds.affinityšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

crds.tolerationsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

crds.nodeSelector.”kubernetes.io/os”šŸ’£

Type: string

Default value
"linux"

crds.resourcesšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

crds.securityContext.allowPrivilegeEscalationšŸ’£

Type: bool

Default value
false

crds.securityContext.capabilities.drop[0]šŸ’£

Type: string

Default value
"ALL"

crds.securityContext.readOnlyRootFilesystemšŸ’£

Type: bool

Default value
true

crds.securityContext.runAsGroupšŸ’£

Type: int

Default value
65532

crds.securityContext.runAsNonRootšŸ’£

Type: bool

Default value
true

crds.securityContext.runAsUseršŸ’£

Type: int

Default value
65532

pdb.controllerManager.minAvailablešŸ’£

Type: int

Default value
1

servicešŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

disabledBuiltins[0]šŸ’£

Type: string

Default value
"{http.send}"

psp.enabledšŸ’£

Type: bool

Default value
false

upgradeCRDs.enabledšŸ’£

Type: bool

Default value
true

upgradeCRDs.extraRulesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

cleanupCRDs.enabledšŸ’£

Type: bool

Default value
true

rbac.createšŸ’£

Type: bool

Default value
true

externalCertInjection.enabledšŸ’£

Type: bool

Default value
false

externalCertInjection.secretNamešŸ’£

Type: string

Default value
"gatekeeper-webhook-server-cert"

violations.allowedAppArmorProfiles.enabledšŸ’£

Type: bool

Default value
false

violations.allowedAppArmorProfiles.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.allowedAppArmorProfiles.kindšŸ’£

Type: string

Default value
"K8sPSPAppArmor"

violations.allowedAppArmorProfiles.namešŸ’£

Type: string

Default value
"allowed-app-armor-profiles"

violations.allowedAppArmorProfiles.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.allowedAppArmorProfiles.parameters.allowedProfiles[0]šŸ’£

Type: string

Default value
"runtime/default"

violations.allowedAppArmorProfiles.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedCapabilities.enabledšŸ’£

Type: bool

Default value
true

violations.allowedCapabilities.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.allowedCapabilities.kindšŸ’£

Type: string

Default value
"K8sPSPCapabilities"

violations.allowedCapabilities.namešŸ’£

Type: string

Default value
"allowed-capabilities"

violations.allowedCapabilities.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.allowedCapabilities.parameters.allowedCapabilitiesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedCapabilities.parameters.requiredDropCapabilities[0]šŸ’£

Type: string

Default value
"all"

violations.allowedCapabilities.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedDockerRegistries.enabledšŸ’£

Type: bool

Default value
true

violations.allowedDockerRegistries.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.allowedDockerRegistries.kindšŸ’£

Type: string

Default value
"K8sAllowedRepos"

violations.allowedDockerRegistries.namešŸ’£

Type: string

Default value
"allowed-docker-registries"

violations.allowedDockerRegistries.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.allowedDockerRegistries.parameters.repos[0]šŸ’£

Type: string

Default value
"registry1.dso.mil"

violations.allowedDockerRegistries.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedFlexVolumes.enabledšŸ’£

Type: bool

Default value
true

violations.allowedFlexVolumes.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.allowedFlexVolumes.kindšŸ’£

Type: string

Default value
"K8sPSPFlexVolumes"

violations.allowedFlexVolumes.namešŸ’£

Type: string

Default value
"allowed-flex-volumes"

violations.allowedFlexVolumes.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.allowedFlexVolumes.parameters.allowedFlexVolumesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedFlexVolumes.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedHostFilesystem.enabledšŸ’£

Type: bool

Default value
true

violations.allowedHostFilesystem.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.allowedHostFilesystem.kindšŸ’£

Type: string

Default value
"K8sPSPHostFilesystem"

violations.allowedHostFilesystem.namešŸ’£

Type: string

Default value
"allowed-host-filesystem"

violations.allowedHostFilesystem.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.allowedHostFilesystem.parameters.allowedHostPathsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedHostFilesystem.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedIPs.enabledšŸ’£

Type: bool

Default value
true

violations.allowedIPs.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.allowedIPs.kindšŸ’£

Type: string

Default value
"K8sExternalIPs"

violations.allowedIPs.namešŸ’£

Type: string

Default value
"allowed-ips"

violations.allowedIPs.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.allowedIPs.parameters.allowedIPsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedIPs.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedProcMount.enabledšŸ’£

Type: bool

Default value
true

violations.allowedProcMount.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.allowedProcMount.kindšŸ’£

Type: string

Default value
"K8sPSPProcMount"

violations.allowedProcMount.namešŸ’£

Type: string

Default value
"allowed-proc-mount"

violations.allowedProcMount.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.allowedProcMount.parameters.procMountšŸ’£

Type: string

Default value
"Default"

violations.allowedProcMount.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedSecCompProfiles.enabledšŸ’£

Type: bool

Default value
true

violations.allowedSecCompProfiles.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.allowedSecCompProfiles.kindšŸ’£

Type: string

Default value
"K8sPSPSeccomp"

violations.allowedSecCompProfiles.namešŸ’£

Type: string

Default value
"allowed-sec-comp-profiles"

violations.allowedSecCompProfiles.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.allowedSecCompProfiles.parameters.allowedProfiles[0]šŸ’£

Type: string

Default value
"runtime/default"

violations.allowedSecCompProfiles.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.allowedUsers.enabledšŸ’£

Type: bool

Default value
true

violations.allowedUsers.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.allowedUsers.kindšŸ’£

Type: string

Default value
"K8sPSPAllowedUsers"

violations.allowedUsers.namešŸ’£

Type: string

Default value
"allowed-users"

violations.allowedUsers.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.allowedUsers.parameters.runAsUser.rulešŸ’£

Type: string

Default value
"MustRunAsNonRoot"

violations.allowedUsers.parameters.fsGroup.rulešŸ’£

Type: string

Default value
"MustRunAs"

violations.allowedUsers.parameters.fsGroup.ranges[0].minšŸ’£

Type: int

Default value
1000

violations.allowedUsers.parameters.fsGroup.ranges[0].maxšŸ’£

Type: int

Default value
65535

violations.allowedUsers.parameters.runAsGroup.rulešŸ’£

Type: string

Default value
"MustRunAs"

violations.allowedUsers.parameters.runAsGroup.ranges[0].minšŸ’£

Type: int

Default value
1000

violations.allowedUsers.parameters.runAsGroup.ranges[0].maxšŸ’£

Type: int

Default value
65535

violations.allowedUsers.parameters.supplementalGroups.rulešŸ’£

Type: string

Default value
"MustRunAs"

violations.allowedUsers.parameters.supplementalGroups.ranges[0].minšŸ’£

Type: int

Default value
1000

violations.allowedUsers.parameters.supplementalGroups.ranges[0].maxšŸ’£

Type: int

Default value
65535

violations.allowedUsers.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.bannedImageTags.enabledšŸ’£

Type: bool

Default value
true

violations.bannedImageTags.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.bannedImageTags.kindšŸ’£

Type: string

Default value
"K8sBannedImageTags"

violations.bannedImageTags.namešŸ’£

Type: string

Default value
"banned-image-tags"

violations.bannedImageTags.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.bannedImageTags.parameters.tags[0]šŸ’£

Type: string

Default value
"latest"

violations.bannedImageTags.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.blockNodePort.enabledšŸ’£

Type: bool

Default value
true

violations.blockNodePort.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.blockNodePort.kindšŸ’£

Type: string

Default value
"K8sBlockNodePort"

violations.blockNodePort.namešŸ’£

Type: string

Default value
"block-node-ports"

violations.blockNodePort.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.blockNodePort.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.containerRatio.enabledšŸ’£

Type: bool

Default value
true

violations.containerRatio.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.containerRatio.kindšŸ’£

Type: string

Default value
"K8sContainerRatios"

violations.containerRatio.namešŸ’£

Type: string

Default value
"container-ratios"

violations.containerRatio.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.containerRatio.parameters.ratiošŸ’£

Type: string

Default value
"2"

violations.containerRatio.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.hostNetworking.enabledšŸ’£

Type: bool

Default value
true

violations.hostNetworking.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.hostNetworking.kindšŸ’£

Type: string

Default value
"K8sPSPHostNetworkingPorts"

violations.hostNetworking.namešŸ’£

Type: string

Default value
"host-networking"

violations.hostNetworking.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.hostNetworking.parameters.hostNetworkšŸ’£

Type: bool

Default value
false

violations.hostNetworking.parameters.minšŸ’£

Type: int

Default value
0

violations.hostNetworking.parameters.maxšŸ’£

Type: int

Default value
0

violations.hostNetworking.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.httpsOnly.enabledšŸ’£

Type: bool

Default value
true

violations.httpsOnly.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.httpsOnly.kindšŸ’£

Type: string

Default value
"K8sHttpsOnly2"

violations.httpsOnly.namešŸ’£

Type: string

Default value
"https-only"

violations.httpsOnly.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.httpsOnly.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.imageDigest.enabledšŸ’£

Type: bool

Default value
true

violations.imageDigest.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.imageDigest.kindšŸ’£

Type: string

Default value
"K8sImageDigests2"

violations.imageDigest.namešŸ’£

Type: string

Default value
"image-digest"

violations.imageDigest.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.imageDigest.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.namespacesHaveIstio.enabledšŸ’£

Type: bool

Default value
true

violations.namespacesHaveIstio.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.namespacesHaveIstio.kindšŸ’£

Type: string

Default value
"K8sRequiredLabelValues"

violations.namespacesHaveIstio.namešŸ’£

Type: string

Default value
"namespaces-have-istio"

violations.namespacesHaveIstio.match.namespaceSelector.matchExpressions[0].keyšŸ’£

Type: string

Default value
"admission.gatekeeper.sh/ignore"

violations.namespacesHaveIstio.match.namespaceSelector.matchExpressions[0].operatoršŸ’£

Type: string

Default value
"DoesNotExist"

violations.namespacesHaveIstio.parameters.labels[0].allowedRegexšŸ’£

Type: string

Default value
"^enabled"

violations.namespacesHaveIstio.parameters.labels[0].keyšŸ’£

Type: string

Default value
"istio-injection"

violations.namespacesHaveIstio.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.noBigContainers.enabledšŸ’£

Type: bool

Default value
true

violations.noBigContainers.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.noBigContainers.kindšŸ’£

Type: string

Default value
"K8sContainerLimits"

violations.noBigContainers.namešŸ’£

Type: string

Default value
"no-big-container"

violations.noBigContainers.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.noBigContainers.parameters.cpušŸ’£

Type: string

Default value
"2000m"

violations.noBigContainers.parameters.memoryšŸ’£

Type: string

Default value
"4G"

violations.noBigContainers.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.noHostNamespace.enabledšŸ’£

Type: bool

Default value
true

violations.noHostNamespace.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.noHostNamespace.kindšŸ’£

Type: string

Default value
"K8sPSPHostNamespace2"

violations.noHostNamespace.namešŸ’£

Type: string

Default value
"no-host-namespace"

violations.noHostNamespace.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.noHostNamespace.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.noPrivilegedContainers.enabledšŸ’£

Type: bool

Default value
true

violations.noPrivilegedContainers.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.noPrivilegedContainers.kindšŸ’£

Type: string

Default value
"K8sPSPPrivilegedContainer2"

violations.noPrivilegedContainers.namešŸ’£

Type: string

Default value
"no-privileged-containers"

violations.noPrivilegedContainers.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.noPrivilegedContainers.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.noDefaultServiceAccount.enabledšŸ’£

Type: bool

Default value
true

violations.noDefaultServiceAccount.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.noDefaultServiceAccount.kindšŸ’£

Type: string

Default value
"K8sDenySADefault"

violations.noDefaultServiceAccount.namešŸ’£

Type: string

Default value
"no-default-service-account"

violations.noDefaultServiceAccount.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.noDefaultServiceAccount.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.noPrivilegedEscalation.enabledšŸ’£

Type: bool

Default value
true

violations.noPrivilegedEscalation.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.noPrivilegedEscalation.kindšŸ’£

Type: string

Default value
"K8sPSPAllowPrivilegeEscalationContainer2"

violations.noPrivilegedEscalation.namešŸ’£

Type: string

Default value
"no-privileged-escalation"

violations.noPrivilegedEscalation.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.noPrivilegedEscalation.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.noSysctls.enabledšŸ’£

Type: bool

Default value
true

violations.noSysctls.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.noSysctls.kindšŸ’£

Type: string

Default value
"K8sPSPForbiddenSysctls"

violations.noSysctls.namešŸ’£

Type: string

Default value
"no-sysctls"

violations.noSysctls.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.noSysctls.parameters.forbiddenSysctls[0]šŸ’£

Type: string

Default value
"*"

violations.noSysctls.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.podsHaveIstio.enabledšŸ’£

Type: bool

Default value
true

violations.podsHaveIstio.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.podsHaveIstio.kindšŸ’£

Type: string

Default value
"K8sNoAnnotationValues"

violations.podsHaveIstio.namešŸ’£

Type: string

Default value
"pods-have-istio"

violations.podsHaveIstio.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.podsHaveIstio.parameters.annotations[0].disallowedRegexšŸ’£

Type: string

Default value
"^false"

violations.podsHaveIstio.parameters.annotations[0].keyšŸ’£

Type: string

Default value
"sidecar.istio.io/inject"

violations.podsHaveIstio.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.readOnlyRoot.enabledšŸ’£

Type: bool

Default value
true

violations.readOnlyRoot.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.readOnlyRoot.kindšŸ’£

Type: string

Default value
"K8sPSPReadOnlyRootFilesystem2"

violations.readOnlyRoot.namešŸ’£

Type: string

Default value
"read-only-root"

violations.readOnlyRoot.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.readOnlyRoot.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.requiredLabels.enabledšŸ’£

Type: bool

Default value
true

violations.requiredLabels.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.requiredLabels.kindšŸ’£

Type: string

Default value
"K8sRequiredLabelValues"

violations.requiredLabels.namešŸ’£

Type: string

Default value
"required-labels"

violations.requiredLabels.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.requiredLabels.parameters.labels[0].allowedRegexšŸ’£

Type: string

Default value
""

violations.requiredLabels.parameters.labels[0].keyšŸ’£

Type: string

Default value
"app.kubernetes.io/name"

violations.requiredLabels.parameters.labels[1].allowedRegexšŸ’£

Type: string

Default value
""

violations.requiredLabels.parameters.labels[1].keyšŸ’£

Type: string

Default value
"app.kubernetes.io/instance"

violations.requiredLabels.parameters.labels[2].allowedRegexšŸ’£

Type: string

Default value
""

violations.requiredLabels.parameters.labels[2].keyšŸ’£

Type: string

Default value
"app.kubernetes.io/version"

violations.requiredLabels.parameters.labels[3].allowedRegexšŸ’£

Type: string

Default value
""

violations.requiredLabels.parameters.labels[3].keyšŸ’£

Type: string

Default value
"app.kubernetes.io/component"

violations.requiredLabels.parameters.labels[4].allowedRegexšŸ’£

Type: string

Default value
""

violations.requiredLabels.parameters.labels[4].keyšŸ’£

Type: string

Default value
"app.kubernetes.io/part-of"

violations.requiredLabels.parameters.labels[5].allowedRegexšŸ’£

Type: string

Default value
""

violations.requiredLabels.parameters.labels[5].keyšŸ’£

Type: string

Default value
"app.kubernetes.io/managed-by"

violations.requiredLabels.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.requiredProbes.enabledšŸ’£

Type: bool

Default value
true

violations.requiredProbes.enforcementActionšŸ’£

Type: string

Default value
"dryrun"

violations.requiredProbes.kindšŸ’£

Type: string

Default value
"K8sRequiredProbes"

violations.requiredProbes.namešŸ’£

Type: string

Default value
"required-probes"

violations.requiredProbes.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.requiredProbes.parameters.probeTypes[0]šŸ’£

Type: string

Default value
"tcpSocket"

violations.requiredProbes.parameters.probeTypes[1]šŸ’£

Type: string

Default value
"httpGet"

violations.requiredProbes.parameters.probeTypes[2]šŸ’£

Type: string

Default value
"exec"

violations.requiredProbes.parameters.probes[0]šŸ’£

Type: string

Default value
"readinessProbe"

violations.requiredProbes.parameters.probes[1]šŸ’£

Type: string

Default value
"livenessProbe"

violations.requiredProbes.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.restrictedTaint.enabledšŸ’£

Type: bool

Default value
true

violations.restrictedTaint.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.restrictedTaint.kindšŸ’£

Type: string

Default value
"RestrictedTaintToleration"

violations.restrictedTaint.namešŸ’£

Type: string

Default value
"restricted-taint"

violations.restrictedTaint.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.restrictedTaint.parameters.allowGlobalTolerationšŸ’£

Type: bool

Default value
false

violations.restrictedTaint.parameters.restrictedTaint.effectšŸ’£

Type: string

Default value
"NoSchedule"

violations.restrictedTaint.parameters.restrictedTaint.keyšŸ’£

Type: string

Default value
"privileged"

violations.restrictedTaint.parameters.restrictedTaint.valuešŸ’£

Type: string

Default value
"true"

violations.restrictedTaint.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.selinuxPolicy.enabledšŸ’£

Type: bool

Default value
true

violations.selinuxPolicy.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.selinuxPolicy.kindšŸ’£

Type: string

Default value
"K8sPSPSELinuxV2"

violations.selinuxPolicy.namešŸ’£

Type: string

Default value
"selinux-policy"

violations.selinuxPolicy.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.selinuxPolicy.parameters.allowedSELinuxOptionsšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.selinuxPolicy.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.uniqueIngressHost.enabledšŸ’£

Type: bool

Default value
true

violations.uniqueIngressHost.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.uniqueIngressHost.kindšŸ’£

Type: string

Default value
"K8sUniqueIngressHost"

violations.uniqueIngressHost.namešŸ’£

Type: string

Default value
"unique-ingress-hosts"

violations.uniqueIngressHost.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.uniqueIngressHost.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

violations.volumeTypes.enabledšŸ’£

Type: bool

Default value
true

violations.volumeTypes.enforcementActionšŸ’£

Type: string

Default value
"deny"

violations.volumeTypes.kindšŸ’£

Type: string

Default value
"K8sPSPVolumeTypes"

violations.volumeTypes.namešŸ’£

Type: string

Default value
"volume-types"

violations.volumeTypes.matchšŸ’£

Type: object

Default value
{}
Default value (formatted)
{}

violations.volumeTypes.parameters.volumes[0]šŸ’£

Type: string

Default value
"configMap"

violations.volumeTypes.parameters.volumes[1]šŸ’£

Type: string

Default value
"emptyDir"

violations.volumeTypes.parameters.volumes[2]šŸ’£

Type: string

Default value
"projected"

violations.volumeTypes.parameters.volumes[3]šŸ’£

Type: string

Default value
"secret"

violations.volumeTypes.parameters.volumes[4]šŸ’£

Type: string

Default value
"downwardAPI"

violations.volumeTypes.parameters.volumes[5]šŸ’£

Type: string

Default value
"persistentVolumeClaim"

violations.volumeTypes.parameters.excludedResourcesšŸ’£

Type: list

Default value
[]
Default value (formatted)
[]

monitoring.enabledšŸ’£

Type: bool

Default value
false

networkPolicies.enabledšŸ’£

Type: bool

Default value
false

networkPolicies.controlPlaneCidršŸ’£

Type: string

Default value
"0.0.0.0/0"

bbtests.enabledšŸ’£

Type: bool

Default value
false

bbtests.scripts.imagešŸ’£

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.26.3"

bbtests.scripts.additionalVolumeMounts[0].namešŸ’£

Type: string

Default value
"{{ .Chart.Name }}-test-config"

bbtests.scripts.additionalVolumeMounts[0].mountPathšŸ’£

Type: string

Default value
"/yaml"

bbtests.scripts.additionalVolumeMounts[1].namešŸ’£

Type: string

Default value
"{{ .Chart.Name }}-kube-cache"

bbtests.scripts.additionalVolumeMounts[1].mountPathšŸ’£

Type: string

Default value
"/.kube/cache"

bbtests.scripts.additionalVolumes[0].namešŸ’£

Type: string

Default value
"{{ .Chart.Name }}-test-config"

bbtests.scripts.additionalVolumes[0].configMap.namešŸ’£

Type: string

Default value
"{{ .Chart.Name }}-test-config"

bbtests.scripts.additionalVolumes[1].namešŸ’£

Type: string

Default value
"{{ .Chart.Name }}-kube-cache"

bbtests.scripts.additionalVolumes[1].emptyDiršŸ’£

Type: object

Default value
{}
Default value (formatted)
{}