Skip to content

kyverno values.yaml📜

global.image.registry📜

Type: string

Default value
"registry1.dso.mil"

Description: Global value that allows to set a single image registry across all deployments. When set, it will override any values set under .image.registry across the chart.

global.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

global.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

global.resyncPeriod📜

Type: string

Default value
"15m"

kyverno.nameOverride📜

Type: string

Default value
nil

kyverno.fullnameOverride📜

Type: string

Default value
nil

kyverno.namespaceOverride📜

Type: string

Default value
nil

kyverno.upgrade.fromV2📜

Type: bool

Default value
true

Description: Upgrading from v2 to v3 is not allowed by default, set this to true once changes have been reviewed.

kyverno.apiVersionOverride.podDisruptionBudget📜

Type: string

Default value
"policy/v1"

Description: Override api version used to create PodDisruptionBudget`` resources. When not specified the chart will check ifpolicy/v1/PodDisruptionBudget` is available to determine the api version automatically.

kyverno.crds.install📜

Type: bool

Default value
true

kyverno.crds.groups.image.registry📜

Type: string

Default value
nil

kyverno.crds.groups.image.defaultRegistry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.crds.groups.image.repository📜

Type: string

Default value
"ironbank/opensource/kyverno/kyvernocli"

kyverno.crds.groups.image.tag📜

Type: string

Default value
"v1.13.4"

kyverno.crds.groups.image.pullPolicy📜

Type: string

Default value
nil

kyverno.crds.groups.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.crds.migration.enabled📜

Type: bool

Default value
true

kyverno.crds.migration.image.defaultRegistry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.crds.migration.image.repository📜

Type: string

Default value
"ironbank/opensource/kyverno/kyvernocli"

kyverno.crds.migration.image.tag📜

Type: string

Default value
"v1.13.4"

kyverno.crds.migration.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.crds.podSecurityContext📜

Type: object

Default value
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  privileged: false
  readOnlyRootFilesystem: true
  runAsGroup: 65534
  runAsNonRoot: true
  runAsUser: 65534
  seccompProfile:
    type: RuntimeDefault

Description: Security context for the pod

kyverno.config.defaultRegistry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.config.resourceFilters[0]📜

Type: string

Default value
"[Event,*,*]"

kyverno.config.resourceFilters[1]📜

Type: string

Default value
"[*/*,kube-system,*]"

kyverno.config.resourceFilters[2]📜

Type: string

Default value
"[*/*,kube-public,*]"

kyverno.config.resourceFilters[3]📜

Type: string

Default value
"[*/*,kube-node-lease,*]"

kyverno.config.resourceFilters[4]📜

Type: string

Default value
"[Node,*,*]"

kyverno.config.resourceFilters[5]📜

Type: string

Default value
"[Node/*,*,*]"

kyverno.config.resourceFilters[6]📜

Type: string

Default value
"[APIService,*,*]"

kyverno.config.resourceFilters[7]📜

Type: string

Default value
"[APIService/*,*,*]"

kyverno.config.resourceFilters[8]📜

Type: string

Default value
"[TokenReview,*,*]"

kyverno.config.resourceFilters[9]📜

Type: string

Default value
"[SubjectAccessReview,*,*]"

kyverno.config.resourceFilters[10]📜

Type: string

Default value
"[SelfSubjectAccessReview,*,*]"

kyverno.config.resourceFilters[11]📜

Type: string

Default value
"[Binding,*,*]"

kyverno.config.resourceFilters[12]📜

Type: string

Default value
"[Pod/binding,*,*]"

kyverno.config.resourceFilters[13]📜

Type: string

Default value
"[ReplicaSet,*,*]"

kyverno.config.resourceFilters[14]📜

Type: string

Default value
"[ReplicaSet/*,*,*]"

kyverno.config.resourceFilters[15]📜

Type: string

Default value
"[EphemeralReport,*,*]"

kyverno.config.resourceFilters[16]📜

Type: string

Default value
"[ClusterEphemeralReport,*,*]"

kyverno.config.resourceFilters[17]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.admission-controller.roleName\" . }}]"

kyverno.config.resourceFilters[18]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.admission-controller.roleName\" . }}:core]"

kyverno.config.resourceFilters[19]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.admission-controller.roleName\" . }}:additional]"

kyverno.config.resourceFilters[20]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.background-controller.roleName\" . }}]"

kyverno.config.resourceFilters[21]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.background-controller.roleName\" . }}:core]"

kyverno.config.resourceFilters[22]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.background-controller.roleName\" . }}:additional]"

kyverno.config.resourceFilters[23]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.cleanup-controller.roleName\" . }}]"

kyverno.config.resourceFilters[24]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.cleanup-controller.roleName\" . }}:core]"

kyverno.config.resourceFilters[25]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.cleanup-controller.roleName\" . }}:additional]"

kyverno.config.resourceFilters[26]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.reports-controller.roleName\" . }}]"

kyverno.config.resourceFilters[27]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.reports-controller.roleName\" . }}:core]"

kyverno.config.resourceFilters[28]📜

Type: string

Default value
"[ClusterRole,*,{{ template \"kyverno.reports-controller.roleName\" . }}:additional]"

kyverno.config.resourceFilters[29]📜

Type: string

Default value
"[ClusterRoleBinding,*,{{ template \"kyverno.admission-controller.roleName\" . }}]"

kyverno.config.resourceFilters[30]📜

Type: string

Default value
"[ClusterRoleBinding,*,{{ template \"kyverno.background-controller.roleName\" . }}]"

kyverno.config.resourceFilters[31]📜

Type: string

Default value
"[ClusterRoleBinding,*,{{ template \"kyverno.cleanup-controller.roleName\" . }}]"

kyverno.config.resourceFilters[32]📜

Type: string

Default value
"[ClusterRoleBinding,*,{{ template \"kyverno.reports-controller.roleName\" . }}]"

kyverno.config.resourceFilters[33]📜

Type: string

Default value
"[ServiceAccount,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceAccountName\" . }}]"

kyverno.config.resourceFilters[34]📜

Type: string

Default value
"[ServiceAccount/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceAccountName\" . }}]"

kyverno.config.resourceFilters[35]📜

Type: string

Default value
"[ServiceAccount,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.serviceAccountName\" . }}]"

kyverno.config.resourceFilters[36]📜

Type: string

Default value
"[ServiceAccount/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.serviceAccountName\" . }}]"

kyverno.config.resourceFilters[37]📜

Type: string

Default value
"[ServiceAccount,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.serviceAccountName\" . }}]"

kyverno.config.resourceFilters[38]📜

Type: string

Default value
"[ServiceAccount/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.serviceAccountName\" . }}]"

kyverno.config.resourceFilters[39]📜

Type: string

Default value
"[ServiceAccount,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.serviceAccountName\" . }}]"

kyverno.config.resourceFilters[40]📜

Type: string

Default value
"[ServiceAccount/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.serviceAccountName\" . }}]"

kyverno.config.resourceFilters[41]📜

Type: string

Default value
"[Role,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.roleName\" . }}]"

kyverno.config.resourceFilters[42]📜

Type: string

Default value
"[Role,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.roleName\" . }}]"

kyverno.config.resourceFilters[43]📜

Type: string

Default value
"[Role,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.roleName\" . }}]"

kyverno.config.resourceFilters[44]📜

Type: string

Default value
"[Role,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.roleName\" . }}]"

kyverno.config.resourceFilters[45]📜

Type: string

Default value
"[RoleBinding,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.roleName\" . }}]"

kyverno.config.resourceFilters[46]📜

Type: string

Default value
"[RoleBinding,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.roleName\" . }}]"

kyverno.config.resourceFilters[47]📜

Type: string

Default value
"[RoleBinding,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.roleName\" . }}]"

kyverno.config.resourceFilters[48]📜

Type: string

Default value
"[RoleBinding,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.roleName\" . }}]"

kyverno.config.resourceFilters[49]📜

Type: string

Default value
"[ConfigMap,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.config.configMapName\" . }}]"

kyverno.config.resourceFilters[50]📜

Type: string

Default value
"[ConfigMap,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.config.metricsConfigMapName\" . }}]"

kyverno.config.resourceFilters[51]📜

Type: string

Default value
"[Deployment,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"

kyverno.config.resourceFilters[52]📜

Type: string

Default value
"[Deployment/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"

kyverno.config.resourceFilters[53]📜

Type: string

Default value
"[Deployment,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"

kyverno.config.resourceFilters[54]📜

Type: string

Default value
"[Deployment/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"

kyverno.config.resourceFilters[55]📜

Type: string

Default value
"[Deployment,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"

kyverno.config.resourceFilters[56]📜

Type: string

Default value
"[Deployment/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"

kyverno.config.resourceFilters[57]📜

Type: string

Default value
"[Deployment,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"

kyverno.config.resourceFilters[58]📜

Type: string

Default value
"[Deployment/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"

kyverno.config.resourceFilters[59]📜

Type: string

Default value
"[Pod,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}-*]"

kyverno.config.resourceFilters[60]📜

Type: string

Default value
"[Pod/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}-*]"

kyverno.config.resourceFilters[61]📜

Type: string

Default value
"[Pod,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}-*]"

kyverno.config.resourceFilters[62]📜

Type: string

Default value
"[Pod/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}-*]"

kyverno.config.resourceFilters[63]📜

Type: string

Default value
"[Pod,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}-*]"

kyverno.config.resourceFilters[64]📜

Type: string

Default value
"[Pod/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}-*]"

kyverno.config.resourceFilters[65]📜

Type: string

Default value
"[Pod,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}-*]"

kyverno.config.resourceFilters[66]📜

Type: string

Default value
"[Pod/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}-*]"

kyverno.config.resourceFilters[67]📜

Type: string

Default value
"[Job,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.fullname\" . }}-hook-pre-delete]"

kyverno.config.resourceFilters[68]📜

Type: string

Default value
"[Job/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.fullname\" . }}-hook-pre-delete]"

kyverno.config.resourceFilters[69]📜

Type: string

Default value
"[Job,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.fullname\" . }}-clean-reports]"

kyverno.config.resourceFilters[70]📜

Type: string

Default value
"[Job/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.fullname\" . }}-clean-reports]"

kyverno.config.resourceFilters[71]📜

Type: string

Default value
"[NetworkPolicy,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"

kyverno.config.resourceFilters[72]📜

Type: string

Default value
"[NetworkPolicy/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"

kyverno.config.resourceFilters[73]📜

Type: string

Default value
"[NetworkPolicy,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"

kyverno.config.resourceFilters[74]📜

Type: string

Default value
"[NetworkPolicy/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"

kyverno.config.resourceFilters[75]📜

Type: string

Default value
"[NetworkPolicy,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"

kyverno.config.resourceFilters[76]📜

Type: string

Default value
"[NetworkPolicy/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"

kyverno.config.resourceFilters[77]📜

Type: string

Default value
"[NetworkPolicy,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"

kyverno.config.resourceFilters[78]📜

Type: string

Default value
"[NetworkPolicy/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"

kyverno.config.resourceFilters[79]📜

Type: string

Default value
"[PodDisruptionBudget,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"

kyverno.config.resourceFilters[80]📜

Type: string

Default value
"[PodDisruptionBudget/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.name\" . }}]"

kyverno.config.resourceFilters[81]📜

Type: string

Default value
"[PodDisruptionBudget,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"

kyverno.config.resourceFilters[82]📜

Type: string

Default value
"[PodDisruptionBudget/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}]"

kyverno.config.resourceFilters[83]📜

Type: string

Default value
"[PodDisruptionBudget,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"

kyverno.config.resourceFilters[84]📜

Type: string

Default value
"[PodDisruptionBudget/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"

kyverno.config.resourceFilters[85]📜

Type: string

Default value
"[PodDisruptionBudget,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"

kyverno.config.resourceFilters[86]📜

Type: string

Default value
"[PodDisruptionBudget/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}]"

kyverno.config.resourceFilters[87]📜

Type: string

Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceName\" . }}]"

kyverno.config.resourceFilters[88]📜

Type: string

Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceName\" . }}]"

kyverno.config.resourceFilters[89]📜

Type: string

Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceName\" . }}-metrics]"

kyverno.config.resourceFilters[90]📜

Type: string

Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceName\" . }}-metrics]"

kyverno.config.resourceFilters[91]📜

Type: string

Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}-metrics]"

kyverno.config.resourceFilters[92]📜

Type: string

Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.background-controller.name\" . }}-metrics]"

kyverno.config.resourceFilters[93]📜

Type: string

Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"

kyverno.config.resourceFilters[94]📜

Type: string

Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}]"

kyverno.config.resourceFilters[95]📜

Type: string

Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}-metrics]"

kyverno.config.resourceFilters[96]📜

Type: string

Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}-metrics]"

kyverno.config.resourceFilters[97]📜

Type: string

Default value
"[Service,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}-metrics]"

kyverno.config.resourceFilters[98]📜

Type: string

Default value
"[Service/*,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.reports-controller.name\" . }}-metrics]"

kyverno.config.resourceFilters[99]📜

Type: string

Default value
"[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template \"kyverno.namespace\" . }}{{ end }},{{ template \"kyverno.admission-controller.name\" . }}]"

kyverno.config.resourceFilters[100]📜

Type: string

Default value
"[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template \"kyverno.namespace\" . }}{{ end }},{{ template \"kyverno.background-controller.name\" . }}]"

kyverno.config.resourceFilters[101]📜

Type: string

Default value
"[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template \"kyverno.namespace\" . }}{{ end }},{{ template \"kyverno.cleanup-controller.name\" . }}]"

kyverno.config.resourceFilters[102]📜

Type: string

Default value
"[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template \"kyverno.namespace\" . }}{{ end }},{{ template \"kyverno.reports-controller.name\" . }}]"

kyverno.config.resourceFilters[103]📜

Type: string

Default value
"[Secret,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.admission-controller.serviceName\" . }}.{{ template \"kyverno.namespace\" . }}.svc.*]"

kyverno.config.resourceFilters[104]📜

Type: string

Default value
"[Secret,{{ include \"kyverno.namespace\" . }},{{ template \"kyverno.cleanup-controller.name\" . }}.{{ template \"kyverno.namespace\" . }}.svc.*]"

kyverno.existingImagePullSecrets📜

Type: list

Default value
- private-registry

Description: Existing Image pull secrets for image verification policies, this will define the --imagePullSecrets argument

kyverno.webhooksCleanup.enabled📜

Type: bool

Default value
true

Description: Create a helm pre-delete hook to cleanup webhooks.

kyverno.webhooksCleanup.image.registry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.webhooksCleanup.image.repository📜

Type: string

Default value
"ironbank/opensource/kubernetes/kubectl"

kyverno.webhooksCleanup.image.tag📜

Type: string

Default value
"v1.30.10"

kyverno.webhooksCleanup.image.pullPolicy📜

Type: string

Default value
nil

kyverno.webhooksCleanup.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.webhooksCleanup.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.webhooksCleanup.podSecurityContext.runAsUser📜

Type: int

Default value
1001

kyverno.webhooksCleanup.podSecurityContext.runAsGroup📜

Type: int

Default value
1001

kyverno.webhooksCleanup.podSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.webhooksCleanup.securityContext.runAsUser📜

Type: int

Default value
1001

kyverno.webhooksCleanup.securityContext.runAsGroup📜

Type: int

Default value
1001

kyverno.webhooksCleanup.securityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.webhooksCleanup.securityContext.privileged📜

Type: bool

Default value
false

kyverno.webhooksCleanup.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

kyverno.webhooksCleanup.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

kyverno.webhooksCleanup.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

kyverno.webhooksCleanup.securityContext.seccompProfile.type📜

Type: string

Default value
"RuntimeDefault"

kyverno.webhooksCleanup.resources.limits.cpu📜

Type: string

Default value
"0.5"

kyverno.webhooksCleanup.resources.limits.memory📜

Type: string

Default value
"256Mi"

kyverno.webhooksCleanup.resources.requests.cpu📜

Type: string

Default value
"0.5"

kyverno.webhooksCleanup.resources.requests.memory📜

Type: string

Default value
"256Mi"

kyverno.policyReportsCleanup.enabled📜

Type: bool

Default value
false

kyverno.policyReportsCleanup.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.policyReportsCleanup.image.registry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.policyReportsCleanup.image.repository📜

Type: string

Default value
"ironbank/opensource/kubernetes/kubectl"

kyverno.policyReportsCleanup.image.tag📜

Type: string

Default value
"v1.30.10"

kyverno.policyReportsCleanup.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.policyReportsCleanup.podSecurityContext.runAsUser📜

Type: int

Default value
1001

kyverno.policyReportsCleanup.podSecurityContext.runAsGroup📜

Type: int

Default value
1001

kyverno.policyReportsCleanup.podSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.policyReportsCleanup.securityContext.runAsUser📜

Type: int

Default value
1001

kyverno.policyReportsCleanup.securityContext.runAsGroup📜

Type: int

Default value
1001

kyverno.policyReportsCleanup.securityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.policyReportsCleanup.securityContext.privileged📜

Type: bool

Default value
false

kyverno.policyReportsCleanup.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

kyverno.policyReportsCleanup.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

kyverno.policyReportsCleanup.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

kyverno.policyReportsCleanup.securityContext.seccompProfile.type📜

Type: string

Default value
"RuntimeDefault"

kyverno.policyReportsCleanup.resources📜

Type: object

Default value
limits:
  cpu: '1'
  memory: 512Mi
requests:
  cpu: '0.5'
  memory: 256Mi

Description: Resource limits for the containers

kyverno.grafana.enabled📜

Type: bool

Default value
false

kyverno.features.policyExceptions.enabled📜

Type: bool

Default value
false

kyverno.features.policyExceptions.namespace📜

Type: string

Default value
"kyverno"

kyverno.cleanupJobs.rbac.serviceAccount.automountServiceAccountToken.enabled📜

Type: bool

Default value
false

kyverno.cleanupJobs.admissionReports.enabled📜

Type: bool

Default value
true

kyverno.cleanupJobs.admissionReports.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.cleanupJobs.admissionReports.backoffLimit📜

Type: int

Default value
3

kyverno.cleanupJobs.admissionReports.image.registry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.cleanupJobs.admissionReports.image.repository📜

Type: string

Default value
"ironbank/opensource/kubernetes/kubectl"

kyverno.cleanupJobs.admissionReports.image.tag📜

Type: string

Default value
"v1.30.10"

kyverno.cleanupJobs.admissionReports.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.cleanupJobs.admissionReports.schedule📜

Type: string

Default value
"*/10 * * * *"

Description: Cronjob schedule

kyverno.cleanupJobs.admissionReports.threshold📜

Type: int

Default value
10000

Description: Reports threshold, if number of reports are above this value the cronjob will start deleting them

kyverno.cleanupJobs.admissionReports.history📜

Type: object

Default value
failure: 1
success: 1

Description: Cronjob history

kyverno.cleanupJobs.admissionReports.podSecurityContext📜

Type: object

Default value
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000

Description: Security context for the pod

kyverno.cleanupJobs.admissionReports.securityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
  type: RuntimeDefault

Description: Security context for the containers

kyverno.cleanupJobs.clusterAdmissionReports.enabled📜

Type: bool

Default value
true

Description: Enable cleanup cronjob

kyverno.cleanupJobs.clusterAdmissionReports.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.cleanupJobs.clusterAdmissionReports.backoffLimit📜

Type: int

Default value
3

kyverno.cleanupJobs.clusterAdmissionReports.image.registry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.cleanupJobs.clusterAdmissionReports.image.repository📜

Type: string

Default value
"ironbank/opensource/kubernetes/kubectl"

kyverno.cleanupJobs.clusterAdmissionReports.image.tag📜

Type: string

Default value
"v1.30.10"

kyverno.cleanupJobs.clusterAdmissionReports.image.pullPolicy📜

Type: string

Default value
nil

kyverno.cleanupJobs.clusterAdmissionReports.imagePullSecrets📜

Type: list

Default value
- name: private-registry

Description: Image pull secrets

kyverno.cleanupJobs.clusterAdmissionReports.schedule📜

Type: string

Default value
"*/10 * * * *"

Description: Cronjob schedule

kyverno.cleanupJobs.clusterAdmissionReports.threshold📜

Type: int

Default value
10000

Description: Reports threshold, if number of reports are above this value the cronjob will start deleting them

kyverno.cleanupJobs.clusterAdmissionReports.history📜

Type: object

Default value
failure: 1
success: 1

Description: Cronjob history

kyverno.cleanupJobs.clusterAdmissionReports.podSecurityContext📜

Type: object

Default value
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000

Description: Security context for the pod

kyverno.cleanupJobs.clusterAdmissionReports.securityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
  type: RuntimeDefault

Description: Security context for the containers

kyverno.cleanupJobs.updateRequests.enabled📜

Type: bool

Default value
true

kyverno.cleanupJobs.updateRequests.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.cleanupJobs.updateRequests.backoffLimit📜

Type: int

Default value
3

kyverno.cleanupJobs.updateRequests.ttlSecondsAfterFinished📜

Type: string

Default value
""

kyverno.cleanupJobs.updateRequests.image.registry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.cleanupJobs.updateRequests.image.repository📜

Type: string

Default value
"ironbank/opensource/kubernetes/kubectl"

kyverno.cleanupJobs.updateRequests.image.tag📜

Type: string

Default value
"v1.30.10"

kyverno.cleanupJobs.updateRequests.image.pullPolicy📜

Type: string

Default value
nil

kyverno.cleanupJobs.updateRequests.imagePullSecrets📜

Type: list

Default value
- name: private-registry

Description: Image pull secrets

kyverno.cleanupJobs.updateRequests.schedule📜

Type: string

Default value
"*/10 * * * *"

Description: Cronjob schedule

kyverno.cleanupJobs.updateRequests.podSecurityContext📜

Type: object

Default value
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000

Description: Security context for the pod

kyverno.cleanupJobs.updateRequests.securityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
  type: RuntimeDefault

Description: Security context for the containers

kyverno.cleanupJobs.ephemeralReports.enabled📜

Type: bool

Default value
true

kyverno.cleanupJobs.ephemeralReports.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.cleanupJobs.ephemeralReports.backoffLimit📜

Type: int

Default value
3

kyverno.cleanupJobs.ephemeralReports.ttlSecondsAfterFinished📜

Type: string

Default value
""

kyverno.cleanupJobs.ephemeralReports.image.registry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.cleanupJobs.ephemeralReports.image.repository📜

Type: string

Default value
"ironbank/opensource/kubernetes/kubectl"

kyverno.cleanupJobs.ephemeralReports.image.tag📜

Type: string

Default value
"v1.30.10"

kyverno.cleanupJobs.ephemeralReports.image.pullPolicy📜

Type: string

Default value
nil

kyverno.cleanupJobs.ephemeralReports.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.cleanupJobs.ephemeralReports.schedule📜

Type: string

Default value
"*/10 * * * *"

kyverno.cleanupJobs.ephemeralReports.threshold📜

Type: int

Default value
10000

kyverno.cleanupJobs.ephemeralReports.podSecurityContext📜

Type: object

Default value
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001

Description: Security context for the pod

kyverno.cleanupJobs.ephemeralReports.securityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
  type: RuntimeDefault

Description: Security context for the containers

kyverno.cleanupJobs.clusterEphemeralReports.enabled📜

Type: bool

Default value
true

kyverno.cleanupJobs.clusterEphemeralReports.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.cleanupJobs.clusterEphemeralReports.backoffLimit📜

Type: int

Default value
3

kyverno.cleanupJobs.clusterEphemeralReports.ttlSecondsAfterFinished📜

Type: string

Default value
""

kyverno.cleanupJobs.clusterEphemeralReports.image.registry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.cleanupJobs.clusterEphemeralReports.image.repository📜

Type: string

Default value
"ironbank/opensource/kubernetes/kubectl"

kyverno.cleanupJobs.clusterEphemeralReports.image.tag📜

Type: string

Default value
"v1.30.10"

kyverno.cleanupJobs.clusterEphemeralReports.image.pullPolicy📜

Type: string

Default value
nil

kyverno.cleanupJobs.clusterEphemeralReports.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.cleanupJobs.clusterEphemeralReports.schedule📜

Type: string

Default value
"*/10 * * * *"

Description: Cronjob schedule

kyverno.cleanupJobs.clusterEphemeralReports.threshold📜

Type: int

Default value
10000

Description: Reports threshold, if number of reports are above this value the cronjob will start deleting them

kyverno.cleanupJobs.clusterEphemeralReports.history📜

Type: object

Default value
failure: 1
success: 1

Description: Cronjob history

kyverno.cleanupJobs.clusterEphemeralReports.podSecurityContext📜

Type: object

Default value
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001

Description: Security context for the pod

kyverno.cleanupJobs.clusterEphemeralReports.securityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
  type: RuntimeDefault

Description: Security context for the containers

kyverno.admissionController.rbac.serviceAccount.automountServiceAccountToken.enabled📜

Type: bool

Default value
false

kyverno.admissionController.rbac.deployment.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.admissionController.rbac.coreClusterRole.extraResources[0].apiGroups[0]📜

Type: string

Default value
"*"

kyverno.admissionController.rbac.coreClusterRole.extraResources[0].resources[0]📜

Type: string

Default value
"*"

kyverno.admissionController.rbac.coreClusterRole.extraResources[0].verbs[0]📜

Type: string

Default value
"get"

kyverno.admissionController.rbac.coreClusterRole.extraResources[0].verbs[1]📜

Type: string

Default value
"list"

kyverno.admissionController.rbac.coreClusterRole.extraResources[0].verbs[2]📜

Type: string

Default value
"watch"

kyverno.admissionController.rbac.clusterRole.extraResources📜

Type: list

Default value
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - get
  - list
  - watch

Description: Extra resource permissions to add in the cluster role

kyverno.admissionController.createSelfSignedCert📜

Type: bool

Default value
false

Description: Create self-signed certificates at deployment time. The certificates won’t be automatically renewed if this is set to true.

kyverno.admissionController.replicas📜

Type: int

Default value
3

Description: Desired number of pods

kyverno.admissionController.podSecurityContext.runAsUser📜

Type: int

Default value
10001

kyverno.admissionController.podSecurityContext.runAsGroup📜

Type: int

Default value
10001

kyverno.admissionController.podSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.admissionController.podDisruptionBudget.enabled📜

Type: bool

Default value
false

kyverno.admissionController.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.admissionController.initContainer.image.registry📜

Type: string

Default value
nil

kyverno.admissionController.initContainer.image.defaultRegistry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.admissionController.initContainer.image.repository📜

Type: string

Default value
"ironbank/opensource/kyverno/kyvernopre"

kyverno.admissionController.initContainer.image.tag📜

Type: string

Default value
"v1.13.4"

kyverno.admissionController.initContainer.image.pullPolicy📜

Type: string

Default value
nil

kyverno.admissionController.initContainer.resources.limits📜

Type: object

Default value
cpu: 1
memory: 1Gi

Description: Pod resource limits

kyverno.admissionController.initContainer.resources.requests📜

Type: object

Default value
cpu: 10m
memory: 64Mi

Description: Pod resource requests

kyverno.admissionController.initContainer.securityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
seccompProfile:
  type: RuntimeDefault

Description: Container security context

kyverno.admissionController.container.image.defaultRegistry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.admissionController.container.image.repository📜

Type: string

Default value
"ironbank/opensource/kyverno"

kyverno.admissionController.container.image.tag📜

Type: string

Default value
"v1.13.4"

kyverno.admissionController.container.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

kyverno.admissionController.container.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.admissionController.container.resources.limits.cpu📜

Type: string

Default value
"500m"

kyverno.admissionController.container.resources.limits.memory📜

Type: string

Default value
"512Mi"

kyverno.admissionController.container.resources.requests.cpu📜

Type: string

Default value
"500m"

kyverno.admissionController.container.resources.requests.memory📜

Type: string

Default value
"512Mi"

kyverno.admissionController.container.securityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.admissionController.container.securityContext.runAsUser📜

Type: int

Default value
10001

kyverno.admissionController.container.securityContext.runAsGroup📜

Type: int

Default value
10001

kyverno.admissionController.container.securityContext.privileged📜

Type: bool

Default value
false

kyverno.admissionController.container.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

kyverno.admissionController.container.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

kyverno.admissionController.container.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

kyverno.admissionController.container.securityContext.seccompProfile.type📜

Type: string

Default value
"RuntimeDefault"

kyverno.backgroundController.enabled📜

Type: bool

Default value
true

kyverno.backgroundController.rbac.create📜

Type: bool

Default value
true

kyverno.backgroundController.rbac.serviceAccount.automountServiceAccountToken.enabled📜

Type: bool

Default value
false

kyverno.backgroundController.rbac.deployment.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.backgroundController.rbac.coreClusterRole.extraResources[0].apiGroups[0]📜

Type: string

Default value
"networking.k8s.io"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[0].resources[0]📜

Type: string

Default value
"ingresses"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[0].resources[1]📜

Type: string

Default value
"ingressclasses"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[0].resources[2]📜

Type: string

Default value
"networkpolicies"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[0].verbs[0]📜

Type: string

Default value
"create"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[0].verbs[1]📜

Type: string

Default value
"update"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[0].verbs[2]📜

Type: string

Default value
"patch"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[0].verbs[3]📜

Type: string

Default value
"delete"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[1].apiGroups[0]📜

Type: string

Default value
"rbac.authorization.k8s.io"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[1].resources[0]📜

Type: string

Default value
"rolebindings"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[1].resources[1]📜

Type: string

Default value
"roles"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[1].verbs[0]📜

Type: string

Default value
"create"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[1].verbs[1]📜

Type: string

Default value
"update"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[1].verbs[2]📜

Type: string

Default value
"patch"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[1].verbs[3]📜

Type: string

Default value
"delete"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[2].apiGroups[0]📜

Type: string

Default value
"*"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[2].resources[0]📜

Type: string

Default value
"configmaps"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[2].resources[1]📜

Type: string

Default value
"resourcequotas"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[2].resources[2]📜

Type: string

Default value
"limitranges"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[2].verbs[0]📜

Type: string

Default value
"create"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[2].verbs[1]📜

Type: string

Default value
"update"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[2].verbs[2]📜

Type: string

Default value
"patch"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[2].verbs[3]📜

Type: string

Default value
"delete"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[3].apiGroups[0]📜

Type: string

Default value
"*"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[3].resources[0]📜

Type: string

Default value
"serviceaccounts"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[3].verbs[0]📜

Type: string

Default value
"get"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[3].verbs[1]📜

Type: string

Default value
"list"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[3].verbs[2]📜

Type: string

Default value
"watch"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[3].verbs[3]📜

Type: string

Default value
"update"

kyverno.backgroundController.rbac.coreClusterRole.extraResources[3].verbs[4]📜

Type: string

Default value
"patch"

kyverno.backgroundController.rbac.clusterRole.extraResources📜

Type: list

Default value
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - '*'
  resources:
  - secrets
  verbs:
  - create
  - update
  - delete

Description: Extra resource permissions to add in the cluster role

kyverno.backgroundController.image.defaultRegistry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.backgroundController.image.repository📜

Type: string

Default value
"ironbank/opensource/kyverno/kyverno/background-controller"

kyverno.backgroundController.image.tag📜

Type: string

Default value
"v1.13.4"

kyverno.backgroundController.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.backgroundController.podSecurityContext.runAsUser📜

Type: int

Default value
1000

kyverno.backgroundController.podSecurityContext.runAsGroup📜

Type: int

Default value
1000

kyverno.backgroundController.podSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.backgroundController.securityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.backgroundController.securityContext.runAsUser📜

Type: int

Default value
1000

kyverno.backgroundController.securityContext.runAsGroup📜

Type: int

Default value
1000

kyverno.backgroundController.securityContext.privileged📜

Type: bool

Default value
false

kyverno.backgroundController.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

kyverno.backgroundController.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

kyverno.backgroundController.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

kyverno.backgroundController.securityContext.seccompProfile.type📜

Type: string

Default value
"RuntimeDefault"

kyverno.cleanupController.enabled📜

Type: bool

Default value
true

kyverno.cleanupController.rbac.create📜

Type: bool

Default value
true

kyverno.cleanupController.rbac.serviceAccount.automountServiceAccountToken.enabled📜

Type: bool

Default value
false

kyverno.cleanupController.rbac.deployment.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.cleanupController.image.defaultRegistry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.cleanupController.image.repository📜

Type: string

Default value
"ironbank/opensource/kyverno/kyverno/cleanup-controller"

kyverno.cleanupController.image.tag📜

Type: string

Default value
"v1.13.4"

kyverno.cleanupController.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

kyverno.cleanupController.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.cleanupController.podSecurityContext.runAsUser📜

Type: int

Default value
1000

kyverno.cleanupController.podSecurityContext.runAsGroup📜

Type: int

Default value
1000

kyverno.cleanupController.podSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.cleanupController.securityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
  type: RuntimeDefault

Description: Security context for the containers

kyverno.reportsController.enabled📜

Type: bool

Default value
true

kyverno.reportsController.rbac.create📜

Type: bool

Default value
true

kyverno.reportsController.rbac.serviceAccount.automountServiceAccountToken.enabled📜

Type: bool

Default value
false

kyverno.reportsController.rbac.deployment.automountServiceAccountToken.enabled📜

Type: bool

Default value
true

kyverno.reportsController.rbac.coreClusterRole.extraResources[0].apiGroups[0]📜

Type: string

Default value
"*"

kyverno.reportsController.rbac.coreClusterRole.extraResources[0].resources[0]📜

Type: string

Default value
"*"

kyverno.reportsController.rbac.coreClusterRole.extraResources[0].verbs[0]📜

Type: string

Default value
"get"

kyverno.reportsController.rbac.coreClusterRole.extraResources[0].verbs[1]📜

Type: string

Default value
"list"

kyverno.reportsController.rbac.coreClusterRole.extraResources[0].verbs[2]📜

Type: string

Default value
"watch"

kyverno.reportsController.rbac.clusterRole.extraResources📜

Type: list

Default value
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - get
  - list
  - watch

Description: Extra resource permissions to add in the cluster role

kyverno.reportsController.image.defaultRegistry📜

Type: string

Default value
"registry1.dso.mil"

kyverno.reportsController.image.repository📜

Type: string

Default value
"ironbank/opensource/kyverno/kyverno/reports-controller"

kyverno.reportsController.image.tag📜

Type: string

Default value
"v1.13.4"

kyverno.reportsController.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

kyverno.reportsController.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

kyverno.reportsController.podSecurityContext.runAsUser📜

Type: int

Default value
1000

kyverno.reportsController.podSecurityContext.runAsGroup📜

Type: int

Default value
1000

kyverno.reportsController.podSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.reportsController.securityContext.runAsNonRoot📜

Type: bool

Default value
true

kyverno.reportsController.securityContext.runAsUser📜

Type: int

Default value
1000

kyverno.reportsController.securityContext.runAsGroup📜

Type: int

Default value
1000

kyverno.reportsController.securityContext.privileged📜

Type: bool

Default value
false

kyverno.reportsController.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

kyverno.reportsController.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

kyverno.reportsController.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

kyverno.reportsController.securityContext.seccompProfile.type📜

Type: string

Default value
"RuntimeDefault"

test.sleep📜

Type: int

Default value
20

Description: Sleep time before running test

test.image.registry📜

Type: string

Default value
"registry1.dso.mil"

test.image.repository📜

Type: string

Default value
"ironbank/redhat/ubi/ubi9-minimal"

test.image.tag📜

Type: string

Default value
"9.5"

test.image.pullPolicy📜

Type: string

Default value
nil

test.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

test.resources.limits📜

Type: object

Default value
cpu: 100m
memory: 256Mi

Description: Pod resource limits

test.resources.requests📜

Type: object

Default value
cpu: 10m
memory: 64Mi

Description: Pod resource requests

test.podSecurityContext📜

Type: object

Default value
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534

Description: Security context for the test pod

test.securityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
  type: RuntimeDefault

Description: Security context for the test containers

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.externalRegistries.allowEgress📜

Type: bool

Default value
false

networkPolicies.externalRegistries.ports📜

Type: list

Default value
[]

networkPolicies.allowExternalRegistryEgress📜

Type: bool

Default value
false

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

istio.enabled📜

Type: bool

Default value
false

openshift📜

Type: bool

Default value
false

bbtests.enabled📜

Type: bool

Default value
false

bbtests.scripts.image📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.10"

bbtests.scripts.additionalVolumeMounts[0].name📜

Type: string

Default value
"kyverno-bbtest-manifest"

bbtests.scripts.additionalVolumeMounts[0].mountPath📜

Type: string

Default value
"/yaml"

bbtests.scripts.additionalVolumes[0].name📜

Type: string

Default value
"kyverno-bbtest-manifest"

bbtests.scripts.additionalVolumes[0].configMap.name📜

Type: string

Default value
"kyverno-bbtest-manifest"