kyverno values.yaml📜
networkPolicies.enabled📜
Type: bool
false
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
networkPolicies.externalRegistries.allowEgress📜
Type: bool
false
networkPolicies.externalRegistries.ports📜
Type: list
[]
networkPolicies.allowExternalRegistryEgress📜
Type: bool
false
networkPolicies.additionalPolicies📜
Type: list
[]
istio.enabled📜
Type: bool
false
openshift📜
Type: bool
false
bbtests.enabled📜
Type: bool
false
bbtests.scripts.image📜
Type: string
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.33.5"
bbtests.scripts.additionalVolumeMounts[0].name📜
Type: string
"kyverno-bbtest-manifest"
bbtests.scripts.additionalVolumeMounts[0].mountPath📜
Type: string
"/yaml"
bbtests.scripts.additionalVolumes[0].name📜
Type: string
"kyverno-bbtest-manifest"
bbtests.scripts.additionalVolumes[0].configMap.name📜
Type: string
"kyverno-bbtest-manifest"
global.image.registry📜
Type: string
"registry1.dso.mil"
Description: Global value that allows to set a single image registry across all deployments. When set, it will override any values set under .image.registry across the chart.
global.image.pullPolicy📜
Type: string
"IfNotPresent"
global.imagePullSecrets[0].name📜
Type: string
"private-registry"
global.resyncPeriod📜
Type: string
"15m"
upstream.upgrade.fromV2📜
Type: bool
true
Description: Upgrading from v2 to v3 is not allowed by default, set this to true once changes have been reviewed.
upstream.apiVersionOverride.podDisruptionBudget📜
Type: string
"policy/v1"
Description: Override api version used to create PodDisruptionBudget`` resources. When not specified the chart will check ifpolicy/v1/PodDisruptionBudget` is available to determine the api version automatically.
upstream.crds.podSecurityContext📜
Type: object
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
Description: Security context for the pod
upstream.existingImagePullSecrets📜
Type: list
- private-registry
Description: Existing Image pull secrets for image verification policies, this will define the --imagePullSecrets argument
upstream.webhooksCleanup.enabled📜
Type: bool
true
Description: Create a helm pre-delete hook to cleanup webhooks.
upstream.policyReportsCleanup.resources📜
Type: object
limits:
cpu: '1'
memory: 512Mi
requests:
cpu: '0.5'
memory: 256Mi
Description: Resource limits for the containers
upstream.cleanupJobs.admissionReports.schedule📜
Type: string
"*/10 * * * *"
Description: Cronjob schedule
upstream.cleanupJobs.admissionReports.threshold📜
Type: int
10000
Description: Reports threshold, if number of reports are above this value the cronjob will start deleting them
upstream.cleanupJobs.admissionReports.history📜
Type: object
failure: 1
success: 1
Description: Cronjob history
upstream.cleanupJobs.admissionReports.podSecurityContext📜
Type: object
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
Description: Security context for the pod
upstream.cleanupJobs.admissionReports.securityContext📜
Type: object
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.cleanupJobs.clusterAdmissionReports.enabled📜
Type: bool
true
Description: Enable cleanup cronjob
upstream.cleanupJobs.clusterAdmissionReports.imagePullSecrets📜
Type: list
- name: private-registry
Description: Image pull secrets
upstream.cleanupJobs.clusterAdmissionReports.schedule📜
Type: string
"*/10 * * * *"
Description: Cronjob schedule
upstream.cleanupJobs.clusterAdmissionReports.threshold📜
Type: int
10000
Description: Reports threshold, if number of reports are above this value the cronjob will start deleting them
upstream.cleanupJobs.clusterAdmissionReports.history📜
Type: object
failure: 1
success: 1
Description: Cronjob history
upstream.cleanupJobs.clusterAdmissionReports.podSecurityContext📜
Type: object
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
Description: Security context for the pod
upstream.cleanupJobs.clusterAdmissionReports.securityContext📜
Type: object
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.cleanupJobs.updateRequests.imagePullSecrets📜
Type: list
- name: private-registry
Description: Image pull secrets
upstream.cleanupJobs.updateRequests.schedule📜
Type: string
"*/10 * * * *"
Description: Cronjob schedule
upstream.cleanupJobs.updateRequests.podSecurityContext📜
Type: object
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
Description: Security context for the pod
upstream.cleanupJobs.updateRequests.securityContext📜
Type: object
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.cleanupJobs.ephemeralReports.podSecurityContext📜
Type: object
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
Description: Security context for the pod
upstream.cleanupJobs.ephemeralReports.securityContext📜
Type: object
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.cleanupJobs.clusterEphemeralReports.schedule📜
Type: string
"*/10 * * * *"
Description: Cronjob schedule
upstream.cleanupJobs.clusterEphemeralReports.threshold📜
Type: int
10000
Description: Reports threshold, if number of reports are above this value the cronjob will start deleting them
upstream.cleanupJobs.clusterEphemeralReports.history📜
Type: object
failure: 1
success: 1
Description: Cronjob history
upstream.cleanupJobs.clusterEphemeralReports.podSecurityContext📜
Type: object
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
Description: Security context for the pod
upstream.cleanupJobs.clusterEphemeralReports.securityContext📜
Type: object
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.admissionController.rbac.clusterRole.extraResources📜
Type: list
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
Description: Extra resource permissions to add in the cluster role
upstream.admissionController.createSelfSignedCert📜
Type: bool
false
Description: Create self-signed certificates at deployment time. The certificates won’t be automatically renewed if this is set to true.
upstream.admissionController.replicas📜
Type: int
3
Description: Desired number of pods
upstream.admissionController.initContainer.resources.limits📜
Type: object
cpu: 1
memory: 1Gi
Description: Pod resource limits
upstream.admissionController.initContainer.resources.requests📜
Type: object
cpu: 10m
memory: 64Mi
Description: Pod resource requests
upstream.admissionController.initContainer.securityContext📜
Type: object
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
seccompProfile:
type: RuntimeDefault
Description: Container security context
upstream.backgroundController.rbac.clusterRole.extraResources📜
Type: list
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- '*'
resources:
- secrets
verbs:
- create
- update
- delete
Description: Extra resource permissions to add in the cluster role
upstream.cleanupController.securityContext📜
Type: object
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.reportsController.rbac.clusterRole.extraResources📜
Type: list
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
Description: Extra resource permissions to add in the cluster role
upstream.test.sleep📜
Type: int
20
Description: Sleep time before running test
upstream.test.resources.limits📜
Type: object
cpu: 100m
memory: 256Mi
Description: Pod resource limits
upstream.test.resources.requests📜
Type: object
cpu: 10m
memory: 64Mi
Description: Pod resource requests
upstream.test.podSecurityContext📜
Type: object
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
Description: Security context for the test pod
upstream.test.securityContext📜
Type: object
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
Description: Security context for the test containers