kyverno values.yaml📜
global.image.registry📜
Type: string
Default value
"registry1.dso.mil"
Description: Global value that allows to set a single image registry across all deployments. When set, it will override any values set under .image.registry across the chart.
global.image.pullPolicy📜
Type: string
Default value
"IfNotPresent"
global.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
global.resyncPeriod📜
Type: string
Default value
"15m"
upstream.nameOverride📜
Type: string
Default value
"kyverno"
upstream.fullnameOverride📜
Type: string
Default value
"kyverno"
upstream.namespaceOverride📜
Type: string
Default value
nil
upstream.upgrade.fromV2📜
Type: bool
Default value
true
Description: Upgrading from v2 to v3 is not allowed by default, set this to true once changes have been reviewed.
upstream.apiVersionOverride.podDisruptionBudget📜
Type: string
Default value
"policy/v1"
Description: Override api version used to create PodDisruptionBudget`` resources. When not specified the chart will check ifpolicy/v1/PodDisruptionBudget` is available to determine the api version automatically.
upstream.crds.install📜
Type: bool
Default value
true
upstream.crds.groups.image.registry📜
Type: string
Default value
nil
upstream.crds.groups.image.defaultRegistry📜
Type: string
Default value
"registry1.dso.mil"
upstream.crds.groups.image.repository📜
Type: string
Default value
"ironbank/opensource/kyverno/kyvernocli"
upstream.crds.groups.image.tag📜
Type: string
Default value
"v1.13.4"
upstream.crds.groups.image.pullPolicy📜
Type: string
Default value
nil
upstream.crds.groups.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.crds.migration.enabled📜
Type: bool
Default value
true
upstream.crds.migration.image.defaultRegistry📜
Type: string
Default value
"registry1.dso.mil"
upstream.crds.migration.image.repository📜
Type: string
Default value
"ironbank/opensource/kyverno/kyvernocli"
upstream.crds.migration.image.tag📜
Type: string
Default value
"v1.13.4"
upstream.crds.migration.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.crds.podSecurityContext📜
Type: object
Default value
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
Description: Security context for the pod
upstream.config.defaultRegistry📜
Type: string
Default value
"registry1.dso.mil"
upstream.config.resourceFilters[0]📜
Type: string
Default value
"[Event,*,*]"
upstream.config.resourceFilters[1]📜
Type: string
Default value
"[*/*,kube-system,*]"
upstream.config.resourceFilters[2]📜
Type: string
Default value
"[*/*,kube-public,*]"
upstream.config.resourceFilters[3]📜
Type: string
Default value
"[*/*,kube-node-lease,*]"
upstream.config.resourceFilters[4]📜
Type: string
Default value
"[Node,*,*]"
upstream.config.resourceFilters[5]📜
Type: string
Default value
"[Node/*,*,*]"
upstream.config.resourceFilters[6]📜
Type: string
Default value
"[APIService,*,*]"
upstream.config.resourceFilters[7]📜
Type: string
Default value
"[APIService/*,*,*]"
upstream.config.resourceFilters[8]📜
Type: string
Default value
"[TokenReview,*,*]"
upstream.config.resourceFilters[9]📜
Type: string
Default value
"[SubjectAccessReview,*,*]"
upstream.config.resourceFilters[10]📜
Type: string
Default value
"[SelfSubjectAccessReview,*,*]"
upstream.config.resourceFilters[11]📜
Type: string
Default value
"[Binding,*,*]"
upstream.config.resourceFilters[12]📜
Type: string
Default value
"[Pod/binding,*,*]"
upstream.config.resourceFilters[13]📜
Type: string
Default value
"[ReplicaSet,*,*]"
upstream.config.resourceFilters[14]📜
Type: string
Default value
"[ReplicaSet/*,*,*]"
upstream.config.resourceFilters[15]📜
Type: string
Default value
"[EphemeralReport,*,*]"
upstream.config.resourceFilters[16]📜
Type: string
Default value
"[ClusterEphemeralReport,*,*]"
upstream.config.resourceFilters[17]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.admission-controller.roleName\" . }}]"
upstream.config.resourceFilters[18]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.admission-controller.roleName\" . }}:core]"
upstream.config.resourceFilters[19]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.admission-controller.roleName\" . }}:additional]"
upstream.config.resourceFilters[20]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.background-controller.roleName\" . }}]"
upstream.config.resourceFilters[21]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.background-controller.roleName\" . }}:core]"
upstream.config.resourceFilters[22]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.background-controller.roleName\" . }}:additional]"
upstream.config.resourceFilters[23]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.cleanup-controller.roleName\" . }}]"
upstream.config.resourceFilters[24]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.cleanup-controller.roleName\" . }}:core]"
upstream.config.resourceFilters[25]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.cleanup-controller.roleName\" . }}:additional]"
upstream.config.resourceFilters[26]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.reports-controller.roleName\" . }}]"
upstream.config.resourceFilters[27]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.reports-controller.roleName\" . }}:core]"
upstream.config.resourceFilters[28]📜
Type: string
Default value
"[ClusterRole,*,{{ template \"kyverno.reports-controller.roleName\" . }}:additional]"
upstream.config.resourceFilters[29]📜
Type: string
Default value
"[ClusterRoleBinding,*,{{ template \"kyverno.admission-controller.roleName\" . }}]"
upstream.config.resourceFilters[30]📜
Type: string
Default value
"[ClusterRoleBinding,*,{{ template \"kyverno.background-controller.roleName\" . }}]"
upstream.config.resourceFilters[31]📜
Type: string
Default value
"[ClusterRoleBinding,*,{{ template \"kyverno.cleanup-controller.roleName\" . }}]"
upstream.config.resourceFilters[32]📜
Type: string
Default value
"[ClusterRoleBinding,*,{{ template \"kyverno.reports-controller.roleName\" . }}]"
upstream.config.resourceFilters[33]📜
Type: string
Default value
"[ServiceAccount,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceAccountName\" . }}]"
upstream.config.resourceFilters[34]📜
Type: string
Default value
"[ServiceAccount/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceAccountName\" . }}]"
upstream.config.resourceFilters[35]📜
Type: string
Default value
"[ServiceAccount,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.serviceAccountName\" . }}]"
upstream.config.resourceFilters[36]📜
Type: string
Default value
"[ServiceAccount/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.serviceAccountName\" . }}]"
upstream.config.resourceFilters[37]📜
Type: string
Default value
"[ServiceAccount,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.serviceAccountName\" . }}]"
upstream.config.resourceFilters[38]📜
Type: string
Default value
"[ServiceAccount/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.serviceAccountName\" . }}]"
upstream.config.resourceFilters[39]📜
Type: string
Default value
"[ServiceAccount,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.serviceAccountName\" . }}]"
upstream.config.resourceFilters[40]📜
Type: string
Default value
"[ServiceAccount/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.serviceAccountName\" . }}]"
upstream.config.resourceFilters[41]📜
Type: string
Default value
"[Role,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.roleName\" . }}]"
upstream.config.resourceFilters[42]📜
Type: string
Default value
"[Role,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.roleName\" . }}]"
upstream.config.resourceFilters[43]📜
Type: string
Default value
"[Role,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.roleName\" . }}]"
upstream.config.resourceFilters[44]📜
Type: string
Default value
"[Role,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.roleName\" . }}]"
upstream.config.resourceFilters[45]📜
Type: string
Default value
"[RoleBinding,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.roleName\" . }}]"
upstream.config.resourceFilters[46]📜
Type: string
Default value
"[RoleBinding,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.roleName\" . }}]"
upstream.config.resourceFilters[47]📜
Type: string
Default value
"[RoleBinding,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.roleName\" . }}]"
upstream.config.resourceFilters[48]📜
Type: string
Default value
"[RoleBinding,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.roleName\" . }}]"
upstream.config.resourceFilters[49]📜
Type: string
Default value
"[ConfigMap,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.config.configMapName\" . }}]"
upstream.config.resourceFilters[50]📜
Type: string
Default value
"[ConfigMap,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.config.metricsConfigMapName\" . }}]"
upstream.config.resourceFilters[51]📜
Type: string
Default value
"[Deployment,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"
upstream.config.resourceFilters[52]📜
Type: string
Default value
"[Deployment/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"
upstream.config.resourceFilters[53]📜
Type: string
Default value
"[Deployment,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"
upstream.config.resourceFilters[54]📜
Type: string
Default value
"[Deployment/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"
upstream.config.resourceFilters[55]📜
Type: string
Default value
"[Deployment,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"
upstream.config.resourceFilters[56]📜
Type: string
Default value
"[Deployment/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"
upstream.config.resourceFilters[57]📜
Type: string
Default value
"[Deployment,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"
upstream.config.resourceFilters[58]📜
Type: string
Default value
"[Deployment/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"
upstream.config.resourceFilters[59]📜
Type: string
Default value
"[Pod,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}-*]"
upstream.config.resourceFilters[60]📜
Type: string
Default value
"[Pod/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}-*]"
upstream.config.resourceFilters[61]📜
Type: string
Default value
"[Pod,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}-*]"
upstream.config.resourceFilters[62]📜
Type: string
Default value
"[Pod/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}-*]"
upstream.config.resourceFilters[63]📜
Type: string
Default value
"[Pod,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}-*]"
upstream.config.resourceFilters[64]📜
Type: string
Default value
"[Pod/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}-*]"
upstream.config.resourceFilters[65]📜
Type: string
Default value
"[Pod,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}-*]"
upstream.config.resourceFilters[66]📜
Type: string
Default value
"[Pod/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}-*]"
upstream.config.resourceFilters[67]📜
Type: string
Default value
"[Job,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.fullname\" . }}-hook-pre-delete]"
upstream.config.resourceFilters[68]📜
Type: string
Default value
"[Job/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.fullname\" . }}-hook-pre-delete]"
upstream.config.resourceFilters[69]📜
Type: string
Default value
"[Job,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.fullname\" . }}-clean-reports]"
upstream.config.resourceFilters[70]📜
Type: string
Default value
"[Job/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.fullname\" . }}-clean-reports]"
upstream.config.resourceFilters[71]📜
Type: string
Default value
"[NetworkPolicy,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"
upstream.config.resourceFilters[72]📜
Type: string
Default value
"[NetworkPolicy/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"
upstream.config.resourceFilters[73]📜
Type: string
Default value
"[NetworkPolicy,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"
upstream.config.resourceFilters[74]📜
Type: string
Default value
"[NetworkPolicy/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"
upstream.config.resourceFilters[75]📜
Type: string
Default value
"[NetworkPolicy,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"
upstream.config.resourceFilters[76]📜
Type: string
Default value
"[NetworkPolicy/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"
upstream.config.resourceFilters[77]📜
Type: string
Default value
"[NetworkPolicy,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"
upstream.config.resourceFilters[78]📜
Type: string
Default value
"[NetworkPolicy/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"
upstream.config.resourceFilters[79]📜
Type: string
Default value
"[PodDisruptionBudget,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"
upstream.config.resourceFilters[80]📜
Type: string
Default value
"[PodDisruptionBudget/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"
upstream.config.resourceFilters[81]📜
Type: string
Default value
"[PodDisruptionBudget,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"
upstream.config.resourceFilters[82]📜
Type: string
Default value
"[PodDisruptionBudget/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"
upstream.config.resourceFilters[83]📜
Type: string
Default value
"[PodDisruptionBudget,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"
upstream.config.resourceFilters[84]📜
Type: string
Default value
"[PodDisruptionBudget/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"
upstream.config.resourceFilters[85]📜
Type: string
Default value
"[PodDisruptionBudget,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"
upstream.config.resourceFilters[86]📜
Type: string
Default value
"[PodDisruptionBudget/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"
upstream.config.resourceFilters[87]📜
Type: string
Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceName\" . }}]"
upstream.config.resourceFilters[88]📜
Type: string
Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceName\" . }}]"
upstream.config.resourceFilters[89]📜
Type: string
Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceName\" . }}-metrics]"
upstream.config.resourceFilters[90]📜
Type: string
Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceName\" . }}-metrics]"
upstream.config.resourceFilters[91]📜
Type: string
Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}-metrics]"
upstream.config.resourceFilters[92]📜
Type: string
Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}-metrics]"
upstream.config.resourceFilters[93]📜
Type: string
Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"
upstream.config.resourceFilters[94]📜
Type: string
Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"
upstream.config.resourceFilters[95]📜
Type: string
Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}-metrics]"
upstream.config.resourceFilters[96]📜
Type: string
Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}-metrics]"
upstream.config.resourceFilters[97]📜
Type: string
Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}-metrics]"
upstream.config.resourceFilters[98]📜
Type: string
Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}-metrics]"
upstream.config.resourceFilters[99]📜
Type: string
Default value
"[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template \"kyverno.namespace\" . }}{{ end }},{{ template \"kyverno.admission-controller.name\" . }}]"
upstream.config.resourceFilters[100]📜
Type: string
Default value
"[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template \"kyverno.namespace\" . }}{{ end }},{{ template \"kyverno.background-controller.name\" . }}]"
upstream.config.resourceFilters[101]📜
Type: string
Default value
"[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template \"kyverno.namespace\" . }}{{ end }},{{ template \"kyverno.cleanup-controller.name\" . }}]"
upstream.config.resourceFilters[102]📜
Type: string
Default value
"[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template \"kyverno.namespace\" . }}{{ end }},{{ template \"kyverno.reports-controller.name\" . }}]"
upstream.config.resourceFilters[103]📜
Type: string
Default value
"[Secret,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceName\" . }}.{{ template \"kyverno.namespace\" . }}.svc.*]"
upstream.config.resourceFilters[104]📜
Type: string
Default value
"[Secret,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}.{{ template \"kyverno.namespace\" . }}.svc.*]"
upstream.existingImagePullSecrets📜
Type: list
Default value
- private-registry
Description: Existing Image pull secrets for image verification policies, this will define the --imagePullSecrets argument
upstream.webhooksCleanup.enabled📜
Type: bool
Default value
true
Description: Create a helm pre-delete hook to cleanup webhooks.
upstream.webhooksCleanup.image.registry📜
Type: string
Default value
"registry1.dso.mil"
upstream.webhooksCleanup.image.repository📜
Type: string
Default value
"ironbank/opensource/kubernetes/kubectl"
upstream.webhooksCleanup.image.tag📜
Type: string
Default value
"v1.30.10"
upstream.webhooksCleanup.image.pullPolicy📜
Type: string
Default value
nil
upstream.webhooksCleanup.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.webhooksCleanup.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.webhooksCleanup.podSecurityContext.runAsUser📜
Type: int
Default value
1001
upstream.webhooksCleanup.podSecurityContext.runAsGroup📜
Type: int
Default value
1001
upstream.webhooksCleanup.podSecurityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.webhooksCleanup.securityContext.runAsUser📜
Type: int
Default value
1001
upstream.webhooksCleanup.securityContext.runAsGroup📜
Type: int
Default value
1001
upstream.webhooksCleanup.securityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.webhooksCleanup.securityContext.privileged📜
Type: bool
Default value
false
upstream.webhooksCleanup.securityContext.allowPrivilegeEscalation📜
Type: bool
Default value
false
upstream.webhooksCleanup.securityContext.readOnlyRootFilesystem📜
Type: bool
Default value
true
upstream.webhooksCleanup.securityContext.capabilities.drop[0]📜
Type: string
Default value
"ALL"
upstream.webhooksCleanup.securityContext.seccompProfile.type📜
Type: string
Default value
"RuntimeDefault"
upstream.webhooksCleanup.resources.limits.cpu📜
Type: string
Default value
"0.5"
upstream.webhooksCleanup.resources.limits.memory📜
Type: string
Default value
"256Mi"
upstream.webhooksCleanup.resources.requests.cpu📜
Type: string
Default value
"0.5"
upstream.webhooksCleanup.resources.requests.memory📜
Type: string
Default value
"256Mi"
upstream.policyReportsCleanup.enabled📜
Type: bool
Default value
false
upstream.policyReportsCleanup.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.policyReportsCleanup.image.registry📜
Type: string
Default value
"registry1.dso.mil"
upstream.policyReportsCleanup.image.repository📜
Type: string
Default value
"ironbank/opensource/kubernetes/kubectl"
upstream.policyReportsCleanup.image.tag📜
Type: string
Default value
"v1.30.10"
upstream.policyReportsCleanup.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.policyReportsCleanup.podSecurityContext.runAsUser📜
Type: int
Default value
1001
upstream.policyReportsCleanup.podSecurityContext.runAsGroup📜
Type: int
Default value
1001
upstream.policyReportsCleanup.podSecurityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.policyReportsCleanup.securityContext.runAsUser📜
Type: int
Default value
1001
upstream.policyReportsCleanup.securityContext.runAsGroup📜
Type: int
Default value
1001
upstream.policyReportsCleanup.securityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.policyReportsCleanup.securityContext.privileged📜
Type: bool
Default value
false
upstream.policyReportsCleanup.securityContext.allowPrivilegeEscalation📜
Type: bool
Default value
false
upstream.policyReportsCleanup.securityContext.readOnlyRootFilesystem📜
Type: bool
Default value
true
upstream.policyReportsCleanup.securityContext.capabilities.drop[0]📜
Type: string
Default value
"ALL"
upstream.policyReportsCleanup.securityContext.seccompProfile.type📜
Type: string
Default value
"RuntimeDefault"
upstream.policyReportsCleanup.resources📜
Type: object
Default value
limits:
cpu: '1'
memory: 512Mi
requests:
cpu: '0.5'
memory: 256Mi
Description: Resource limits for the containers
upstream.grafana.enabled📜
Type: bool
Default value
false
upstream.features.policyExceptions.enabled📜
Type: bool
Default value
false
upstream.features.policyExceptions.namespace📜
Type: string
Default value
"kyverno"
upstream.cleanupJobs.rbac.serviceAccount.automountServiceAccountToken.enabled📜
Type: bool
Default value
false
upstream.cleanupJobs.admissionReports.enabled📜
Type: bool
Default value
true
upstream.cleanupJobs.admissionReports.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.cleanupJobs.admissionReports.backoffLimit📜
Type: int
Default value
3
upstream.cleanupJobs.admissionReports.image.registry📜
Type: string
Default value
"registry1.dso.mil"
upstream.cleanupJobs.admissionReports.image.repository📜
Type: string
Default value
"ironbank/opensource/kubernetes/kubectl"
upstream.cleanupJobs.admissionReports.image.tag📜
Type: string
Default value
"v1.30.10"
upstream.cleanupJobs.admissionReports.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.cleanupJobs.admissionReports.schedule📜
Type: string
Default value
"*/10 * * * *"
Description: Cronjob schedule
upstream.cleanupJobs.admissionReports.threshold📜
Type: int
Default value
10000
Description: Reports threshold, if number of reports are above this value the cronjob will start deleting them
upstream.cleanupJobs.admissionReports.history📜
Type: object
Default value
failure: 1
success: 1
Description: Cronjob history
upstream.cleanupJobs.admissionReports.podSecurityContext📜
Type: object
Default value
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
Description: Security context for the pod
upstream.cleanupJobs.admissionReports.securityContext📜
Type: object
Default value
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.cleanupJobs.clusterAdmissionReports.enabled📜
Type: bool
Default value
true
Description: Enable cleanup cronjob
upstream.cleanupJobs.clusterAdmissionReports.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.cleanupJobs.clusterAdmissionReports.backoffLimit📜
Type: int
Default value
3
upstream.cleanupJobs.clusterAdmissionReports.image.registry📜
Type: string
Default value
"registry1.dso.mil"
upstream.cleanupJobs.clusterAdmissionReports.image.repository📜
Type: string
Default value
"ironbank/opensource/kubernetes/kubectl"
upstream.cleanupJobs.clusterAdmissionReports.image.tag📜
Type: string
Default value
"v1.30.10"
upstream.cleanupJobs.clusterAdmissionReports.image.pullPolicy📜
Type: string
Default value
nil
upstream.cleanupJobs.clusterAdmissionReports.imagePullSecrets📜
Type: list
Default value
- name: private-registry
Description: Image pull secrets
upstream.cleanupJobs.clusterAdmissionReports.schedule📜
Type: string
Default value
"*/10 * * * *"
Description: Cronjob schedule
upstream.cleanupJobs.clusterAdmissionReports.threshold📜
Type: int
Default value
10000
Description: Reports threshold, if number of reports are above this value the cronjob will start deleting them
upstream.cleanupJobs.clusterAdmissionReports.history📜
Type: object
Default value
failure: 1
success: 1
Description: Cronjob history
upstream.cleanupJobs.clusterAdmissionReports.podSecurityContext📜
Type: object
Default value
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
Description: Security context for the pod
upstream.cleanupJobs.clusterAdmissionReports.securityContext📜
Type: object
Default value
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.cleanupJobs.updateRequests.enabled📜
Type: bool
Default value
true
upstream.cleanupJobs.updateRequests.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.cleanupJobs.updateRequests.backoffLimit📜
Type: int
Default value
3
upstream.cleanupJobs.updateRequests.ttlSecondsAfterFinished📜
Type: string
Default value
""
upstream.cleanupJobs.updateRequests.image.registry📜
Type: string
Default value
"registry1.dso.mil"
upstream.cleanupJobs.updateRequests.image.repository📜
Type: string
Default value
"ironbank/opensource/kubernetes/kubectl"
upstream.cleanupJobs.updateRequests.image.tag📜
Type: string
Default value
"v1.30.10"
upstream.cleanupJobs.updateRequests.image.pullPolicy📜
Type: string
Default value
nil
upstream.cleanupJobs.updateRequests.imagePullSecrets📜
Type: list
Default value
- name: private-registry
Description: Image pull secrets
upstream.cleanupJobs.updateRequests.schedule📜
Type: string
Default value
"*/10 * * * *"
Description: Cronjob schedule
upstream.cleanupJobs.updateRequests.podSecurityContext📜
Type: object
Default value
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
Description: Security context for the pod
upstream.cleanupJobs.updateRequests.securityContext📜
Type: object
Default value
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.cleanupJobs.ephemeralReports.enabled📜
Type: bool
Default value
true
upstream.cleanupJobs.ephemeralReports.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.cleanupJobs.ephemeralReports.backoffLimit📜
Type: int
Default value
3
upstream.cleanupJobs.ephemeralReports.ttlSecondsAfterFinished📜
Type: string
Default value
""
upstream.cleanupJobs.ephemeralReports.image.registry📜
Type: string
Default value
"registry1.dso.mil"
upstream.cleanupJobs.ephemeralReports.image.repository📜
Type: string
Default value
"ironbank/opensource/kubernetes/kubectl"
upstream.cleanupJobs.ephemeralReports.image.tag📜
Type: string
Default value
"v1.30.10"
upstream.cleanupJobs.ephemeralReports.image.pullPolicy📜
Type: string
Default value
nil
upstream.cleanupJobs.ephemeralReports.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.cleanupJobs.ephemeralReports.schedule📜
Type: string
Default value
"*/10 * * * *"
upstream.cleanupJobs.ephemeralReports.threshold📜
Type: int
Default value
10000
upstream.cleanupJobs.ephemeralReports.podSecurityContext📜
Type: object
Default value
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
Description: Security context for the pod
upstream.cleanupJobs.ephemeralReports.securityContext📜
Type: object
Default value
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.cleanupJobs.clusterEphemeralReports.enabled📜
Type: bool
Default value
true
upstream.cleanupJobs.clusterEphemeralReports.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.cleanupJobs.clusterEphemeralReports.backoffLimit📜
Type: int
Default value
3
upstream.cleanupJobs.clusterEphemeralReports.ttlSecondsAfterFinished📜
Type: string
Default value
""
upstream.cleanupJobs.clusterEphemeralReports.image.registry📜
Type: string
Default value
"registry1.dso.mil"
upstream.cleanupJobs.clusterEphemeralReports.image.repository📜
Type: string
Default value
"ironbank/opensource/kubernetes/kubectl"
upstream.cleanupJobs.clusterEphemeralReports.image.tag📜
Type: string
Default value
"v1.30.10"
upstream.cleanupJobs.clusterEphemeralReports.image.pullPolicy📜
Type: string
Default value
nil
upstream.cleanupJobs.clusterEphemeralReports.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.cleanupJobs.clusterEphemeralReports.schedule📜
Type: string
Default value
"*/10 * * * *"
Description: Cronjob schedule
upstream.cleanupJobs.clusterEphemeralReports.threshold📜
Type: int
Default value
10000
Description: Reports threshold, if number of reports are above this value the cronjob will start deleting them
upstream.cleanupJobs.clusterEphemeralReports.history📜
Type: object
Default value
failure: 1
success: 1
Description: Cronjob history
upstream.cleanupJobs.clusterEphemeralReports.podSecurityContext📜
Type: object
Default value
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
Description: Security context for the pod
upstream.cleanupJobs.clusterEphemeralReports.securityContext📜
Type: object
Default value
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.admissionController.rbac.serviceAccount.automountServiceAccountToken.enabled📜
Type: bool
Default value
false
upstream.admissionController.rbac.deployment.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.admissionController.rbac.coreClusterRole.extraResources[0].apiGroups[0]📜
Type: string
Default value
"*"
upstream.admissionController.rbac.coreClusterRole.extraResources[0].resources[0]📜
Type: string
Default value
"*"
upstream.admissionController.rbac.coreClusterRole.extraResources[0].verbs[0]📜
Type: string
Default value
"get"
upstream.admissionController.rbac.coreClusterRole.extraResources[0].verbs[1]📜
Type: string
Default value
"list"
upstream.admissionController.rbac.coreClusterRole.extraResources[0].verbs[2]📜
Type: string
Default value
"watch"
upstream.admissionController.rbac.clusterRole.extraResources📜
Type: list
Default value
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
Description: Extra resource permissions to add in the cluster role
upstream.admissionController.createSelfSignedCert📜
Type: bool
Default value
false
Description: Create self-signed certificates at deployment time. The certificates won’t be automatically renewed if this is set to true.
upstream.admissionController.replicas📜
Type: int
Default value
3
Description: Desired number of pods
upstream.admissionController.podSecurityContext.runAsUser📜
Type: int
Default value
10001
upstream.admissionController.podSecurityContext.runAsGroup📜
Type: int
Default value
10001
upstream.admissionController.podSecurityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.admissionController.podDisruptionBudget.enabled📜
Type: bool
Default value
false
upstream.admissionController.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.admissionController.initContainer.image.registry📜
Type: string
Default value
nil
upstream.admissionController.initContainer.image.defaultRegistry📜
Type: string
Default value
"registry1.dso.mil"
upstream.admissionController.initContainer.image.repository📜
Type: string
Default value
"ironbank/opensource/kyverno/kyvernopre"
upstream.admissionController.initContainer.image.tag📜
Type: string
Default value
"v1.13.4"
upstream.admissionController.initContainer.image.pullPolicy📜
Type: string
Default value
nil
upstream.admissionController.initContainer.resources.limits📜
Type: object
Default value
cpu: 1
memory: 1Gi
Description: Pod resource limits
upstream.admissionController.initContainer.resources.requests📜
Type: object
Default value
cpu: 10m
memory: 64Mi
Description: Pod resource requests
upstream.admissionController.initContainer.securityContext📜
Type: object
Default value
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
seccompProfile:
type: RuntimeDefault
Description: Container security context
upstream.admissionController.container.image.defaultRegistry📜
Type: string
Default value
"registry1.dso.mil"
upstream.admissionController.container.image.repository📜
Type: string
Default value
"ironbank/opensource/kyverno"
upstream.admissionController.container.image.tag📜
Type: string
Default value
"v1.13.4"
upstream.admissionController.container.image.pullPolicy📜
Type: string
Default value
"IfNotPresent"
upstream.admissionController.container.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.admissionController.container.resources.limits.cpu📜
Type: string
Default value
"500m"
upstream.admissionController.container.resources.limits.memory📜
Type: string
Default value
"512Mi"
upstream.admissionController.container.resources.requests.cpu📜
Type: string
Default value
"500m"
upstream.admissionController.container.resources.requests.memory📜
Type: string
Default value
"512Mi"
upstream.admissionController.container.securityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.admissionController.container.securityContext.runAsUser📜
Type: int
Default value
10001
upstream.admissionController.container.securityContext.runAsGroup📜
Type: int
Default value
10001
upstream.admissionController.container.securityContext.privileged📜
Type: bool
Default value
false
upstream.admissionController.container.securityContext.allowPrivilegeEscalation📜
Type: bool
Default value
false
upstream.admissionController.container.securityContext.readOnlyRootFilesystem📜
Type: bool
Default value
true
upstream.admissionController.container.securityContext.capabilities.drop[0]📜
Type: string
Default value
"ALL"
upstream.admissionController.container.securityContext.seccompProfile.type📜
Type: string
Default value
"RuntimeDefault"
upstream.backgroundController.enabled📜
Type: bool
Default value
true
upstream.backgroundController.rbac.create📜
Type: bool
Default value
true
upstream.backgroundController.rbac.serviceAccount.automountServiceAccountToken.enabled📜
Type: bool
Default value
false
upstream.backgroundController.rbac.deployment.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.backgroundController.rbac.coreClusterRole.extraResources[0].apiGroups[0]📜
Type: string
Default value
"networking.k8s.io"
upstream.backgroundController.rbac.coreClusterRole.extraResources[0].resources[0]📜
Type: string
Default value
"ingresses"
upstream.backgroundController.rbac.coreClusterRole.extraResources[0].resources[1]📜
Type: string
Default value
"ingressclasses"
upstream.backgroundController.rbac.coreClusterRole.extraResources[0].resources[2]📜
Type: string
Default value
"networkpolicies"
upstream.backgroundController.rbac.coreClusterRole.extraResources[0].verbs[0]📜
Type: string
Default value
"create"
upstream.backgroundController.rbac.coreClusterRole.extraResources[0].verbs[1]📜
Type: string
Default value
"update"
upstream.backgroundController.rbac.coreClusterRole.extraResources[0].verbs[2]📜
Type: string
Default value
"patch"
upstream.backgroundController.rbac.coreClusterRole.extraResources[0].verbs[3]📜
Type: string
Default value
"delete"
upstream.backgroundController.rbac.coreClusterRole.extraResources[1].apiGroups[0]📜
Type: string
Default value
"rbac.authorization.k8s.io"
upstream.backgroundController.rbac.coreClusterRole.extraResources[1].resources[0]📜
Type: string
Default value
"rolebindings"
upstream.backgroundController.rbac.coreClusterRole.extraResources[1].resources[1]📜
Type: string
Default value
"roles"
upstream.backgroundController.rbac.coreClusterRole.extraResources[1].verbs[0]📜
Type: string
Default value
"create"
upstream.backgroundController.rbac.coreClusterRole.extraResources[1].verbs[1]📜
Type: string
Default value
"update"
upstream.backgroundController.rbac.coreClusterRole.extraResources[1].verbs[2]📜
Type: string
Default value
"patch"
upstream.backgroundController.rbac.coreClusterRole.extraResources[1].verbs[3]📜
Type: string
Default value
"delete"
upstream.backgroundController.rbac.coreClusterRole.extraResources[2].apiGroups[0]📜
Type: string
Default value
"*"
upstream.backgroundController.rbac.coreClusterRole.extraResources[2].resources[0]📜
Type: string
Default value
"configmaps"
upstream.backgroundController.rbac.coreClusterRole.extraResources[2].resources[1]📜
Type: string
Default value
"resourcequotas"
upstream.backgroundController.rbac.coreClusterRole.extraResources[2].resources[2]📜
Type: string
Default value
"limitranges"
upstream.backgroundController.rbac.coreClusterRole.extraResources[2].verbs[0]📜
Type: string
Default value
"create"
upstream.backgroundController.rbac.coreClusterRole.extraResources[2].verbs[1]📜
Type: string
Default value
"update"
upstream.backgroundController.rbac.coreClusterRole.extraResources[2].verbs[2]📜
Type: string
Default value
"patch"
upstream.backgroundController.rbac.coreClusterRole.extraResources[2].verbs[3]📜
Type: string
Default value
"delete"
upstream.backgroundController.rbac.coreClusterRole.extraResources[3].apiGroups[0]📜
Type: string
Default value
"*"
upstream.backgroundController.rbac.coreClusterRole.extraResources[3].resources[0]📜
Type: string
Default value
"serviceaccounts"
upstream.backgroundController.rbac.coreClusterRole.extraResources[3].verbs[0]📜
Type: string
Default value
"get"
upstream.backgroundController.rbac.coreClusterRole.extraResources[3].verbs[1]📜
Type: string
Default value
"list"
upstream.backgroundController.rbac.coreClusterRole.extraResources[3].verbs[2]📜
Type: string
Default value
"watch"
upstream.backgroundController.rbac.coreClusterRole.extraResources[3].verbs[3]📜
Type: string
Default value
"update"
upstream.backgroundController.rbac.coreClusterRole.extraResources[3].verbs[4]📜
Type: string
Default value
"patch"
upstream.backgroundController.rbac.clusterRole.extraResources📜
Type: list
Default value
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- '*'
resources:
- secrets
verbs:
- create
- update
- delete
Description: Extra resource permissions to add in the cluster role
upstream.backgroundController.image.defaultRegistry📜
Type: string
Default value
"registry1.dso.mil"
upstream.backgroundController.image.repository📜
Type: string
Default value
"ironbank/opensource/kyverno/kyverno/background-controller"
upstream.backgroundController.image.tag📜
Type: string
Default value
"v1.13.4"
upstream.backgroundController.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.backgroundController.podSecurityContext.runAsUser📜
Type: int
Default value
1000
upstream.backgroundController.podSecurityContext.runAsGroup📜
Type: int
Default value
1000
upstream.backgroundController.podSecurityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.backgroundController.securityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.backgroundController.securityContext.runAsUser📜
Type: int
Default value
1000
upstream.backgroundController.securityContext.runAsGroup📜
Type: int
Default value
1000
upstream.backgroundController.securityContext.privileged📜
Type: bool
Default value
false
upstream.backgroundController.securityContext.allowPrivilegeEscalation📜
Type: bool
Default value
false
upstream.backgroundController.securityContext.readOnlyRootFilesystem📜
Type: bool
Default value
true
upstream.backgroundController.securityContext.capabilities.drop[0]📜
Type: string
Default value
"ALL"
upstream.backgroundController.securityContext.seccompProfile.type📜
Type: string
Default value
"RuntimeDefault"
upstream.cleanupController.enabled📜
Type: bool
Default value
true
upstream.cleanupController.rbac.create📜
Type: bool
Default value
true
upstream.cleanupController.rbac.serviceAccount.automountServiceAccountToken.enabled📜
Type: bool
Default value
false
upstream.cleanupController.rbac.deployment.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.cleanupController.image.defaultRegistry📜
Type: string
Default value
"registry1.dso.mil"
upstream.cleanupController.image.repository📜
Type: string
Default value
"ironbank/opensource/kyverno/kyverno/cleanup-controller"
upstream.cleanupController.image.tag📜
Type: string
Default value
"v1.13.4"
upstream.cleanupController.image.pullPolicy📜
Type: string
Default value
"IfNotPresent"
upstream.cleanupController.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.cleanupController.podSecurityContext.runAsUser📜
Type: int
Default value
1000
upstream.cleanupController.podSecurityContext.runAsGroup📜
Type: int
Default value
1000
upstream.cleanupController.podSecurityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.cleanupController.securityContext📜
Type: object
Default value
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
Description: Security context for the containers
upstream.reportsController.enabled📜
Type: bool
Default value
true
upstream.reportsController.rbac.create📜
Type: bool
Default value
true
upstream.reportsController.rbac.serviceAccount.automountServiceAccountToken.enabled📜
Type: bool
Default value
false
upstream.reportsController.rbac.deployment.automountServiceAccountToken.enabled📜
Type: bool
Default value
true
upstream.reportsController.rbac.coreClusterRole.extraResources[0].apiGroups[0]📜
Type: string
Default value
"*"
upstream.reportsController.rbac.coreClusterRole.extraResources[0].resources[0]📜
Type: string
Default value
"*"
upstream.reportsController.rbac.coreClusterRole.extraResources[0].verbs[0]📜
Type: string
Default value
"get"
upstream.reportsController.rbac.coreClusterRole.extraResources[0].verbs[1]📜
Type: string
Default value
"list"
upstream.reportsController.rbac.coreClusterRole.extraResources[0].verbs[2]📜
Type: string
Default value
"watch"
upstream.reportsController.rbac.clusterRole.extraResources📜
Type: list
Default value
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
Description: Extra resource permissions to add in the cluster role
upstream.reportsController.image.defaultRegistry📜
Type: string
Default value
"registry1.dso.mil"
upstream.reportsController.image.repository📜
Type: string
Default value
"ironbank/opensource/kyverno/kyverno/reports-controller"
upstream.reportsController.image.tag📜
Type: string
Default value
"v1.13.4"
upstream.reportsController.image.pullPolicy📜
Type: string
Default value
"IfNotPresent"
upstream.reportsController.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.reportsController.podSecurityContext.runAsUser📜
Type: int
Default value
1000
upstream.reportsController.podSecurityContext.runAsGroup📜
Type: int
Default value
1000
upstream.reportsController.podSecurityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.reportsController.securityContext.runAsNonRoot📜
Type: bool
Default value
true
upstream.reportsController.securityContext.runAsUser📜
Type: int
Default value
1000
upstream.reportsController.securityContext.runAsGroup📜
Type: int
Default value
1000
upstream.reportsController.securityContext.privileged📜
Type: bool
Default value
false
upstream.reportsController.securityContext.allowPrivilegeEscalation📜
Type: bool
Default value
false
upstream.reportsController.securityContext.readOnlyRootFilesystem📜
Type: bool
Default value
true
upstream.reportsController.securityContext.capabilities.drop[0]📜
Type: string
Default value
"ALL"
upstream.reportsController.securityContext.seccompProfile.type📜
Type: string
Default value
"RuntimeDefault"
upstream.test.sleep📜
Type: int
Default value
20
Description: Sleep time before running test
upstream.test.image.registry📜
Type: string
Default value
"registry1.dso.mil"
upstream.test.image.repository📜
Type: string
Default value
"ironbank/frontiertechnology/cortex/busybox"
upstream.test.image.tag📜
Type: string
Default value
"v1.37.0"
upstream.test.image.pullPolicy📜
Type: string
Default value
nil
upstream.test.imagePullSecrets[0].name📜
Type: string
Default value
"private-registry"
upstream.test.resources.limits📜
Type: object
Default value
cpu: 100m
memory: 256Mi
Description: Pod resource limits
upstream.test.resources.requests📜
Type: object
Default value
cpu: 10m
memory: 64Mi
Description: Pod resource requests
upstream.test.podSecurityContext📜
Type: object
Default value
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
Description: Security context for the test pod
upstream.test.securityContext📜
Type: object
Default value
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
Description: Security context for the test containers
networkPolicies.enabled📜
Type: bool
Default value
false
networkPolicies.controlPlaneCidr📜
Type: string
Default value
"0.0.0.0/0"
networkPolicies.externalRegistries.allowEgress📜
Type: bool
Default value
false
networkPolicies.externalRegistries.ports📜
Type: list
Default value
[]
networkPolicies.allowExternalRegistryEgress📜
Type: bool
Default value
false
networkPolicies.additionalPolicies📜
Type: list
Default value
[]
istio.enabled📜
Type: bool
Default value
false
openshift📜
Type: bool
Default value
false
bbtests.enabled📜
Type: bool
Default value
false
bbtests.scripts.image📜
Type: string
Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.10"
bbtests.scripts.additionalVolumeMounts[0].name📜
Type: string
Default value
"kyverno-bbtest-manifest"
bbtests.scripts.additionalVolumeMounts[0].mountPath📜
Type: string
Default value
"/yaml"
bbtests.scripts.additionalVolumes[0].name📜
Type: string
Default value
"kyverno-bbtest-manifest"
bbtests.scripts.additionalVolumes[0].configMap.name📜
Type: string
Default value
"kyverno-bbtest-manifest"