Skip to content

policy values.yaml📜

upstream.replicas📜

Type: int

Default value
3

upstream.revisionHistoryLimit📜

Type: int

Default value
10

upstream.auditInterval📜

Type: int

Default value
60

upstream.metricsBackends[0]📜

Type: string

Default value
"prometheus"

upstream.auditMatchKindOnly📜

Type: bool

Default value
true

upstream.constraintViolationsLimit📜

Type: int

Default value
1000

upstream.auditFromCache📜

Type: bool

Default value
false

upstream.disableMutation📜

Type: bool

Default value
true

upstream.disableAudit📜

Type: bool

Default value
false

upstream.disableValidatingWebhook📜

Type: bool

Default value
false

upstream.validatingWebhookName📜

Type: string

Default value
"gatekeeper-validating-webhook-configuration"

upstream.validatingWebhookTimeoutSeconds📜

Type: int

Default value
15

upstream.validatingWebhookFailurePolicy📜

Type: string

Default value
"Ignore"

upstream.validatingWebhookAnnotations📜

Type: object

Default value
{}

upstream.validatingWebhookExemptNamespacesLabels📜

Type: object

Default value
{}

upstream.validatingWebhookObjectSelector📜

Type: object

Default value
{}

upstream.validatingWebhookMatchConditions📜

Type: list

Default value
[]

upstream.validatingWebhookCheckIgnoreFailurePolicy📜

Type: string

Default value
"Fail"

upstream.validatingWebhookCustomRules📜

Type: object

Default value
{}

upstream.validatingWebhookSubResources[0]📜

Type: string

Default value
"pods/ephemeralcontainers"

upstream.validatingWebhookSubResources[1]📜

Type: string

Default value
"pods/exec"

upstream.validatingWebhookSubResources[2]📜

Type: string

Default value
"pods/log"

upstream.validatingWebhookSubResources[3]📜

Type: string

Default value
"pods/eviction"

upstream.validatingWebhookSubResources[4]📜

Type: string

Default value
"pods/portforward"

upstream.validatingWebhookSubResources[5]📜

Type: string

Default value
"pods/proxy"

upstream.validatingWebhookSubResources[6]📜

Type: string

Default value
"pods/attach"

upstream.validatingWebhookSubResources[7]📜

Type: string

Default value
"pods/binding"

upstream.validatingWebhookSubResources[8]📜

Type: string

Default value
"pods/resize"

upstream.validatingWebhookSubResources[9]📜

Type: string

Default value
"deployments/scale"

upstream.validatingWebhookSubResources[10]📜

Type: string

Default value
"replicasets/scale"

upstream.validatingWebhookSubResources[11]📜

Type: string

Default value
"statefulsets/scale"

upstream.validatingWebhookSubResources[12]📜

Type: string

Default value
"replicationcontrollers/scale"

upstream.validatingWebhookSubResources[13]📜

Type: string

Default value
"services/proxy"

upstream.validatingWebhookSubResources[14]📜

Type: string

Default value
"nodes/proxy"

upstream.validatingWebhookSubResources[15]📜

Type: string

Default value
"services/status"

upstream.validatingWebhookURL📜

Type: string

Default value
nil

upstream.validatingWebhookScope📜

Type: string

Default value
"*"

upstream.enableDeleteOperations📜

Type: bool

Default value
false

upstream.enableConnectOperations📜

Type: bool

Default value
false

upstream.enableExternalData📜

Type: bool

Default value
true

upstream.enableGeneratorResourceExpansion📜

Type: bool

Default value
true

upstream.enableTLSHealthcheck📜

Type: bool

Default value
false

upstream.maxServingThreads📜

Type: int

Default value
-1

upstream.mutatingWebhookName📜

Type: string

Default value
"gatekeeper-mutating-webhook-configuration"

upstream.mutatingWebhookFailurePolicy📜

Type: string

Default value
"Ignore"

upstream.mutatingWebhookReinvocationPolicy📜

Type: string

Default value
"Never"

upstream.mutatingWebhookAnnotations📜

Type: object

Default value
{}

upstream.mutatingWebhookExemptNamespacesLabels📜

Type: object

Default value
{}

upstream.mutatingWebhookObjectSelector📜

Type: object

Default value
{}

upstream.mutatingWebhookMatchConditions📜

Type: list

Default value
[]

upstream.mutatingWebhookTimeoutSeconds📜

Type: int

Default value
1

upstream.mutatingWebhookCustomRules📜

Type: object

Default value
{}

upstream.mutatingWebhookSubResources[0]📜

Type: string

Default value
"pods/ephemeralcontainers"

upstream.mutatingWebhookSubResources[1]📜

Type: string

Default value
"pods/exec"

upstream.mutatingWebhookSubResources[2]📜

Type: string

Default value
"pods/log"

upstream.mutatingWebhookSubResources[3]📜

Type: string

Default value
"pods/eviction"

upstream.mutatingWebhookSubResources[4]📜

Type: string

Default value
"pods/portforward"

upstream.mutatingWebhookSubResources[5]📜

Type: string

Default value
"pods/proxy"

upstream.mutatingWebhookSubResources[6]📜

Type: string

Default value
"pods/attach"

upstream.mutatingWebhookSubResources[7]📜

Type: string

Default value
"pods/binding"

upstream.mutatingWebhookSubResources[8]📜

Type: string

Default value
"deployments/scale"

upstream.mutatingWebhookSubResources[9]📜

Type: string

Default value
"replicasets/scale"

upstream.mutatingWebhookSubResources[10]📜

Type: string

Default value
"statefulsets/scale"

upstream.mutatingWebhookSubResources[11]📜

Type: string

Default value
"replicationcontrollers/scale"

upstream.mutatingWebhookSubResources[12]📜

Type: string

Default value
"services/proxy"

upstream.mutatingWebhookSubResources[13]📜

Type: string

Default value
"nodes/proxy"

upstream.mutatingWebhookSubResources[14]📜

Type: string

Default value
"services/status"

upstream.mutatingWebhookURL📜

Type: string

Default value
nil

upstream.mutatingWebhookScope📜

Type: string

Default value
"*"

upstream.mutationAnnotations📜

Type: bool

Default value
false

upstream.auditChunkSize📜

Type: int

Default value
500

upstream.logLevel📜

Type: string

Default value
"INFO"

upstream.logDenies📜

Type: bool

Default value
true

upstream.logMutations📜

Type: bool

Default value
true

upstream.emitAdmissionEvents📜

Type: bool

Default value
false

upstream.emitAuditEvents📜

Type: bool

Default value
false

upstream.admissionEventsInvolvedNamespace📜

Type: bool

Default value
false

upstream.auditEventsInvolvedNamespace📜

Type: bool

Default value
false

upstream.resourceQuota📜

Type: bool

Default value
true

upstream.externaldataProviderResponseCacheTTL📜

Type: string

Default value
"3m"

upstream.enableK8sNativeValidation📜

Type: bool

Default value
true

upstream.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper"

upstream.image.release📜

Type: string

Default value
"v3.21.0"

upstream.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

upstream.image.pullSecrets[0].name📜

Type: string

Default value
"private-registry"

upstream.image.crdRepository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

upstream.image.crdRelease📜

Type: string

Default value
"v1.33"

upstream.preInstall.crdRepository.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

upstream.preInstall.crdRepository.image.tag📜

Type: string

Default value
"v1.33"

upstream.preInstall.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.preInstall.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.preInstall.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.preInstall.securityContext.runAsGroup📜

Type: int

Default value
999

upstream.preInstall.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.preInstall.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.postUpgrade.labelNamespace.serviceAccount.name📜

Type: string

Default value
"gatekeeper-update-namespace-label-post-upgrade"

upstream.postUpgrade.labelNamespace.serviceAccount.create📜

Type: bool

Default value
false

upstream.postUpgrade.labelNamespace.enabled📜

Type: bool

Default value
false

upstream.postUpgrade.labelNamespace.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

upstream.postUpgrade.labelNamespace.image.tag📜

Type: string

Default value
"v1.33"

upstream.postUpgrade.labelNamespace.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

upstream.postUpgrade.labelNamespace.image.pullSecrets📜

Type: list

Default value
[]

upstream.postUpgrade.labelNamespace.extraNamespaces📜

Type: list

Default value
[]

upstream.postUpgrade.labelNamespace.podSecurity📜

Type: list

Default value
[]

upstream.postUpgrade.labelNamespace.extraAnnotations📜

Type: object

Default value
{}

upstream.postUpgrade.labelNamespace.priorityClassName📜

Type: string

Default value
""

upstream.postUpgrade.affinity📜

Type: object

Default value
{}

upstream.postUpgrade.tolerations📜

Type: list

Default value
[]

upstream.postUpgrade.nodeSelector.”kubernetes.io/os”📜

Type: string

Default value
"linux"

upstream.postUpgrade.resources📜

Type: object

Default value
{}

upstream.postUpgrade.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.postUpgrade.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.postUpgrade.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.postUpgrade.securityContext.runAsGroup📜

Type: int

Default value
999

upstream.postUpgrade.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.postUpgrade.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.postInstall.labelNamespace.serviceAccount.name📜

Type: string

Default value
"gatekeeper-update-namespace-label"

upstream.postInstall.labelNamespace.serviceAccount.create📜

Type: bool

Default value
false

upstream.postInstall.labelNamespace.enabled📜

Type: bool

Default value
false

upstream.postInstall.labelNamespace.extraRules📜

Type: list

Default value
[]

upstream.postInstall.labelNamespace.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

upstream.postInstall.labelNamespace.image.tag📜

Type: string

Default value
"v1.33"

upstream.postInstall.labelNamespace.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

upstream.postInstall.labelNamespace.image.pullSecrets📜

Type: list

Default value
[]

upstream.postInstall.labelNamespace.extraNamespaces📜

Type: list

Default value
[]

upstream.postInstall.labelNamespace.podSecurity📜

Type: list

Default value
[]

upstream.postInstall.labelNamespace.extraAnnotations📜

Type: object

Default value
{}

upstream.postInstall.labelNamespace.priorityClassName📜

Type: string

Default value
""

upstream.postInstall.probeWebhook.enabled📜

Type: bool

Default value
true

upstream.postInstall.probeWebhook.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/big-bang/base"

upstream.postInstall.probeWebhook.image.tag📜

Type: string

Default value
"2.1.0"

upstream.postInstall.probeWebhook.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

upstream.postInstall.probeWebhook.image.pullSecrets📜

Type: list

Default value
[]

upstream.postInstall.probeWebhook.waitTimeout📜

Type: int

Default value
60

upstream.postInstall.probeWebhook.httpTimeout📜

Type: int

Default value
2

upstream.postInstall.probeWebhook.insecureHTTPS📜

Type: bool

Default value
false

upstream.postInstall.probeWebhook.priorityClassName📜

Type: string

Default value
""

upstream.postInstall.affinity📜

Type: object

Default value
{}

upstream.postInstall.tolerations📜

Type: list

Default value
[]

upstream.postInstall.nodeSelector.”kubernetes.io/os”📜

Type: string

Default value
"linux"

upstream.postInstall.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.postInstall.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.postInstall.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.postInstall.securityContext.runAsGroup📜

Type: int

Default value
999

upstream.postInstall.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.postInstall.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.preUninstall.deleteWebhookConfigurations.serviceAccount.name📜

Type: string

Default value
"gatekeeper-delete-webhook-configs"

upstream.preUninstall.deleteWebhookConfigurations.serviceAccount.create📜

Type: bool

Default value
true

upstream.preUninstall.deleteWebhookConfigurations.extraRules📜

Type: list

Default value
[]

upstream.preUninstall.deleteWebhookConfigurations.enabled📜

Type: bool

Default value
false

upstream.preUninstall.deleteWebhookConfigurations.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

upstream.preUninstall.deleteWebhookConfigurations.image.tag📜

Type: string

Default value
"v1.33"

upstream.preUninstall.deleteWebhookConfigurations.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

upstream.preUninstall.deleteWebhookConfigurations.image.pullSecrets📜

Type: list

Default value
[]

upstream.preUninstall.deleteWebhookConfigurations.priorityClassName📜

Type: string

Default value
""

upstream.preUninstall.affinity📜

Type: object

Default value
{}

upstream.preUninstall.tolerations📜

Type: list

Default value
[]

upstream.preUninstall.nodeSelector.”kubernetes.io/os”📜

Type: string

Default value
"linux"

upstream.preUninstall.resources📜

Type: object

Default value
{}

upstream.preUninstall.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.preUninstall.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.preUninstall.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.preUninstall.securityContext.runAsGroup📜

Type: int

Default value
999

upstream.preUninstall.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.preUninstall.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.podAnnotations.”container.seccomp.security.alpha.kubernetes.io/manager”📜

Type: string

Default value
"runtime/default"

upstream.auditPodAnnotations📜

Type: object

Default value
{}

upstream.podLabels📜

Type: object

Default value
{}

upstream.podCountLimit📜

Type: string

Default value
"100"

upstream.secretAnnotations📜

Type: object

Default value
{}

upstream.enableRuntimeDefaultSeccompProfile📜

Type: bool

Default value
true

upstream.controllerManager.serviceAccount.name📜

Type: string

Default value
"gatekeeper-admin"

upstream.controllerManager.containerName📜

Type: string

Default value
"manager"

upstream.controllerManager.exemptNamespaces📜

Type: list

Default value
[]

upstream.controllerManager.exemptNamespacePrefixes📜

Type: list

Default value
[]

upstream.controllerManager.hostNetwork📜

Type: bool

Default value
false

upstream.controllerManager.dnsPolicy📜

Type: string

Default value
"ClusterFirst"

upstream.controllerManager.port📜

Type: int

Default value
8443

upstream.controllerManager.metricsPort📜

Type: int

Default value
8888

upstream.controllerManager.healthPort📜

Type: int

Default value
9090

upstream.controllerManager.readinessTimeout📜

Type: int

Default value
1

upstream.controllerManager.livenessTimeout📜

Type: int

Default value
1

upstream.controllerManager.priorityClassName📜

Type: string

Default value
"system-cluster-critical"

upstream.controllerManager.disableCertRotation📜

Type: bool

Default value
false

upstream.controllerManager.tlsMinVersion📜

Type: float

Default value
1.3

upstream.controllerManager.clientCertName📜

Type: string

Default value
""

upstream.controllerManager.strategyType📜

Type: string

Default value
"RollingUpdate"

upstream.controllerManager.strategyRollingUpdate📜

Type: object

Default value
{}

upstream.controllerManager.podLabels📜

Type: object

Default value
{}

upstream.controllerManager.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].key📜

Type: string

Default value
"gatekeeper.sh/operation"

upstream.controllerManager.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operator📜

Type: string

Default value
"In"

upstream.controllerManager.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values[0]📜

Type: string

Default value
"webhook"

upstream.controllerManager.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey📜

Type: string

Default value
"kubernetes.io/hostname"

upstream.controllerManager.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight📜

Type: int

Default value
100

upstream.controllerManager.topologySpreadConstraints📜

Type: list

Default value
[]

upstream.controllerManager.tolerations📜

Type: list

Default value
[]

upstream.controllerManager.nodeSelector.”kubernetes.io/os”📜

Type: string

Default value
"linux"

upstream.controllerManager.resources.limits.cpu📜

Type: string

Default value
"175m"

upstream.controllerManager.resources.limits.memory📜

Type: string

Default value
"512Mi"

upstream.controllerManager.resources.requests.cpu📜

Type: string

Default value
"175m"

upstream.controllerManager.resources.requests.memory📜

Type: string

Default value
"512Mi"

upstream.controllerManager.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.controllerManager.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.controllerManager.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.controllerManager.securityContext.runAsGroup📜

Type: int

Default value
999

upstream.controllerManager.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.controllerManager.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.controllerManager.podSecurityContext.fsGroup📜

Type: int

Default value
999

upstream.controllerManager.podSecurityContext.supplementalGroups[0]📜

Type: int

Default value
999

upstream.controllerManager.extraRules📜

Type: list

Default value
[]

upstream.controllerManager.networkPolicy.enabled📜

Type: bool

Default value
false

upstream.controllerManager.networkPolicy.ingress📜

Type: list

Default value
[]

upstream.controllerManager.disableWebhookOperation📜

Type: bool

Default value
false

upstream.controllerManager.disableGenerateOperation📜

Type: bool

Default value
true

upstream.exportBackend📜

Type: string

Default value
""

upstream.audit.exportConnection.path📜

Type: string

Default value
"/tmp/violations/topics"

upstream.audit.exportConnection.maxAuditResults📜

Type: int

Default value
3

upstream.audit.exportVolumeMount.path📜

Type: string

Default value
"/tmp/violations"

upstream.audit.exportVolume.name📜

Type: string

Default value
"tmp-violations"

upstream.audit.exportVolume.emptyDir📜

Type: object

Default value
{}

upstream.audit.exportSidecar.name📜

Type: string

Default value
"reader"

upstream.audit.exportSidecar.image📜

Type: string

Default value
"ghcr.io/open-policy-agent/fake-reader:latest"

upstream.audit.exportSidecar.imagePullPolicy📜

Type: string

Default value
"Always"

upstream.audit.exportSidecar.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.audit.exportSidecar.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.audit.exportSidecar.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.audit.exportSidecar.securityContext.runAsGroup📜

Type: int

Default value
999

upstream.audit.exportSidecar.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.audit.exportSidecar.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.audit.exportSidecar.securityContext.seccompProfile.type📜

Type: string

Default value
"RuntimeDefault"

upstream.audit.exportSidecar.volumeMounts[0].mountPath📜

Type: string

Default value
"/tmp/violations"

upstream.audit.exportSidecar.volumeMounts[0].name📜

Type: string

Default value
"tmp-violations"

upstream.audit.serviceAccount.name📜

Type: string

Default value
"gatekeeper-admin"

upstream.audit.enablePubsub📜

Type: bool

Default value
false

upstream.audit.containerName📜

Type: string

Default value
"manager"

upstream.audit.hostNetwork📜

Type: bool

Default value
false

upstream.audit.dnsPolicy📜

Type: string

Default value
"ClusterFirst"

upstream.audit.metricsPort📜

Type: int

Default value
8888

upstream.audit.healthPort📜

Type: int

Default value
9090

upstream.audit.readinessTimeout📜

Type: int

Default value
1

upstream.audit.livenessTimeout📜

Type: int

Default value
1

upstream.audit.priorityClassName📜

Type: string

Default value
"system-cluster-critical"

upstream.audit.disableCertRotation📜

Type: bool

Default value
false

upstream.audit.podLabels📜

Type: object

Default value
{}

upstream.audit.affinity📜

Type: object

Default value
{}

upstream.audit.tolerations📜

Type: list

Default value
[]

upstream.audit.nodeSelector.”kubernetes.io/os”📜

Type: string

Default value
"linux"

upstream.audit.resources.limits.cpu📜

Type: float

Default value
1.2

upstream.audit.resources.limits.memory📜

Type: string

Default value
"768Mi"

upstream.audit.resources.requests.cpu📜

Type: float

Default value
1.2

upstream.audit.resources.requests.memory📜

Type: string

Default value
"768Mi"

upstream.audit.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.audit.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.audit.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.audit.securityContext.runAsGroup📜

Type: int

Default value
999

upstream.audit.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.audit.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.audit.podSecurityContext.fsGroup📜

Type: int

Default value
999

upstream.audit.podSecurityContext.supplementalGroups[0]📜

Type: int

Default value
999

upstream.audit.writeToRAMDisk📜

Type: bool

Default value
false

upstream.audit.extraRules📜

Type: list

Default value
[]

upstream.audit.disableGenerateOperation📜

Type: bool

Default value
false

upstream.audit.disableAuditOperation📜

Type: bool

Default value
false

upstream.audit.disableStatusOperation📜

Type: bool

Default value
false

upstream.crds.affinity📜

Type: object

Default value
{}

upstream.crds.tolerations📜

Type: list

Default value
[]

upstream.crds.nodeSelector.”kubernetes.io/os”📜

Type: string

Default value
"linux"

upstream.crds.resources📜

Type: object

Default value
{}

upstream.crds.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.crds.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.crds.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.crds.securityContext.runAsGroup📜

Type: int

Default value
65532

upstream.crds.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.crds.securityContext.runAsUser📜

Type: int

Default value
65532

upstream.pdb.controllerManager.minAvailable📜

Type: int

Default value
1

upstream.service📜

Type: object

Default value
{}

upstream.disabledBuiltins[0]📜

Type: string

Default value
"{http.send}"

upstream.psp.enabled📜

Type: bool

Default value
false

upstream.upgradeCRDs.serviceAccount.create📜

Type: bool

Default value
true

upstream.upgradeCRDs.serviceAccount.name📜

Type: string

Default value
"gatekeeper-admin-upgrade-crds"

upstream.upgradeCRDs.enabled📜

Type: bool

Default value
true

upstream.upgradeCRDs.extraRules📜

Type: list

Default value
[]

upstream.upgradeCRDs.priorityClassName📜

Type: string

Default value
""

upstream.cleanupCRDs.enabled📜

Type: bool

Default value
true

upstream.cleanupCRDs.containerSecurityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.cleanupCRDs.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.cleanupCRDs.containerSecurityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.cleanupCRDs.containerSecurityContext.runAsGroup📜

Type: int

Default value
999

upstream.cleanupCRDs.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.cleanupCRDs.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

upstream.cleanupCRDs.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.cleanupCRDs.securityContext.runAsGroup📜

Type: int

Default value
999

upstream.cleanupCRDs.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.cleanupCRDs.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.cleanupCRDs.securityContext.fsGroup📜

Type: int

Default value
999

upstream.cleanupCRDs.securityContext.supplementalGroups[0]📜

Type: int

Default value
999

upstream.rbac.create📜

Type: bool

Default value
true

upstream.externalCertInjection.enabled📜

Type: bool

Default value
false

upstream.externalCertInjection.secretName📜

Type: string

Default value
"gatekeeper-webhook-server-cert"

upstream.serviceAccount.gatekeeperAdmin.create📜

Type: bool

Default value
false

violations.allowedAppArmorProfiles.enabled📜

Type: bool

Default value
false

violations.allowedAppArmorProfiles.enforcementAction📜

Type: string

Default value
"dryrun"

violations.allowedAppArmorProfiles.kind📜

Type: string

Default value
"K8sPSPAppArmor"

violations.allowedAppArmorProfiles.name📜

Type: string

Default value
"allowed-app-armor-profiles"

violations.allowedAppArmorProfiles.match📜

Type: object

Default value
{}

violations.allowedAppArmorProfiles.parameters.allowedProfiles[0]📜

Type: string

Default value
"runtime/default"

violations.allowedAppArmorProfiles.parameters.excludedResources📜

Type: list

Default value
[]

violations.allowedCapabilities.enabled📜

Type: bool

Default value
true

violations.allowedCapabilities.enforcementAction📜

Type: string

Default value
"dryrun"

violations.allowedCapabilities.kind📜

Type: string

Default value
"K8sPSPCapabilities"

violations.allowedCapabilities.name📜

Type: string

Default value
"allowed-capabilities"

violations.allowedCapabilities.match📜

Type: object

Default value
{}

violations.allowedCapabilities.parameters.allowedCapabilities📜

Type: list

Default value
[]

violations.allowedCapabilities.parameters.requiredDropCapabilities[0]📜

Type: string

Default value
"all"

violations.allowedCapabilities.parameters.excludedResources📜

Type: list

Default value
[]

violations.allowedDockerRegistries.enabled📜

Type: bool

Default value
true

violations.allowedDockerRegistries.enforcementAction📜

Type: string

Default value
"deny"

violations.allowedDockerRegistries.kind📜

Type: string

Default value
"K8sAllowedRepos"

violations.allowedDockerRegistries.name📜

Type: string

Default value
"allowed-docker-registries"

violations.allowedDockerRegistries.match📜

Type: object

Default value
{}

violations.allowedDockerRegistries.parameters.repos[0]📜

Type: string

Default value
"registry1.dso.mil"

violations.allowedDockerRegistries.parameters.excludedResources📜

Type: list

Default value
[]

violations.allowedFlexVolumes.enabled📜

Type: bool

Default value
true

violations.allowedFlexVolumes.enforcementAction📜

Type: string

Default value
"deny"

violations.allowedFlexVolumes.kind📜

Type: string

Default value
"K8sPSPFlexVolumes"

violations.allowedFlexVolumes.name📜

Type: string

Default value
"allowed-flex-volumes"

violations.allowedFlexVolumes.match📜

Type: object

Default value
{}

violations.allowedFlexVolumes.parameters.allowedFlexVolumes📜

Type: list

Default value
[]

violations.allowedFlexVolumes.parameters.excludedResources📜

Type: list

Default value
[]

violations.allowedHostFilesystem.enabled📜

Type: bool

Default value
true

violations.allowedHostFilesystem.enforcementAction📜

Type: string

Default value
"deny"

violations.allowedHostFilesystem.kind📜

Type: string

Default value
"K8sPSPHostFilesystem"

violations.allowedHostFilesystem.name📜

Type: string

Default value
"allowed-host-filesystem"

violations.allowedHostFilesystem.match📜

Type: object

Default value
{}

violations.allowedHostFilesystem.parameters.allowedHostPaths📜

Type: list

Default value
[]

violations.allowedHostFilesystem.parameters.excludedResources📜

Type: list

Default value
[]

violations.allowedIPs.enabled📜

Type: bool

Default value
true

violations.allowedIPs.enforcementAction📜

Type: string

Default value
"deny"

violations.allowedIPs.kind📜

Type: string

Default value
"K8sExternalIPs"

violations.allowedIPs.name📜

Type: string

Default value
"allowed-ips"

violations.allowedIPs.match📜

Type: object

Default value
{}

violations.allowedIPs.parameters.allowedIPs📜

Type: list

Default value
[]

violations.allowedIPs.parameters.excludedResources📜

Type: list

Default value
[]

violations.allowedProcMount.enabled📜

Type: bool

Default value
true

violations.allowedProcMount.enforcementAction📜

Type: string

Default value
"deny"

violations.allowedProcMount.kind📜

Type: string

Default value
"K8sPSPProcMount"

violations.allowedProcMount.name📜

Type: string

Default value
"allowed-proc-mount"

violations.allowedProcMount.match📜

Type: object

Default value
{}

violations.allowedProcMount.parameters.procMount📜

Type: string

Default value
"Default"

violations.allowedProcMount.parameters.excludedResources📜

Type: list

Default value
[]

violations.allowedSecCompProfiles.enabled📜

Type: bool

Default value
true

violations.allowedSecCompProfiles.enforcementAction📜

Type: string

Default value
"dryrun"

violations.allowedSecCompProfiles.kind📜

Type: string

Default value
"K8sPSPSeccomp"

violations.allowedSecCompProfiles.name📜

Type: string

Default value
"allowed-sec-comp-profiles"

violations.allowedSecCompProfiles.match📜

Type: object

Default value
{}

violations.allowedSecCompProfiles.parameters.allowedProfiles[0]📜

Type: string

Default value
"runtime/default"

violations.allowedSecCompProfiles.parameters.excludedResources📜

Type: list

Default value
[]

violations.allowedUsers.enabled📜

Type: bool

Default value
true

violations.allowedUsers.enforcementAction📜

Type: string

Default value
"dryrun"

violations.allowedUsers.kind📜

Type: string

Default value
"K8sPSPAllowedUsers"

violations.allowedUsers.name📜

Type: string

Default value
"allowed-users"

violations.allowedUsers.match📜

Type: object

Default value
{}

violations.allowedUsers.parameters.runAsUser.rule📜

Type: string

Default value
"MustRunAsNonRoot"

violations.allowedUsers.parameters.fsGroup.rule📜

Type: string

Default value
"MustRunAs"

violations.allowedUsers.parameters.fsGroup.ranges[0].min📜

Type: int

Default value
1000

violations.allowedUsers.parameters.fsGroup.ranges[0].max📜

Type: int

Default value
65535

violations.allowedUsers.parameters.runAsGroup.rule📜

Type: string

Default value
"MustRunAs"

violations.allowedUsers.parameters.runAsGroup.ranges[0].min📜

Type: int

Default value
1000

violations.allowedUsers.parameters.runAsGroup.ranges[0].max📜

Type: int

Default value
65535

violations.allowedUsers.parameters.supplementalGroups.rule📜

Type: string

Default value
"MustRunAs"

violations.allowedUsers.parameters.supplementalGroups.ranges[0].min📜

Type: int

Default value
1000

violations.allowedUsers.parameters.supplementalGroups.ranges[0].max📜

Type: int

Default value
65535

violations.allowedUsers.parameters.excludedResources📜

Type: list

Default value
[]

violations.bannedImageTags.enabled📜

Type: bool

Default value
true

violations.bannedImageTags.enforcementAction📜

Type: string

Default value
"deny"

violations.bannedImageTags.kind📜

Type: string

Default value
"K8sBannedImageTags"

violations.bannedImageTags.name📜

Type: string

Default value
"banned-image-tags"

violations.bannedImageTags.match📜

Type: object

Default value
{}

violations.bannedImageTags.parameters.tags[0]📜

Type: string

Default value
"latest"

violations.bannedImageTags.parameters.excludedResources📜

Type: list

Default value
[]

violations.blockNodePort.enabled📜

Type: bool

Default value
true

violations.blockNodePort.enforcementAction📜

Type: string

Default value
"dryrun"

violations.blockNodePort.kind📜

Type: string

Default value
"K8sBlockNodePort"

violations.blockNodePort.name📜

Type: string

Default value
"block-node-ports"

violations.blockNodePort.match📜

Type: object

Default value
{}

violations.blockNodePort.parameters.excludedResources📜

Type: list

Default value
[]

violations.containerRatio.enabled📜

Type: bool

Default value
true

violations.containerRatio.enforcementAction📜

Type: string

Default value
"dryrun"

violations.containerRatio.kind📜

Type: string

Default value
"K8sContainerRatios"

violations.containerRatio.name📜

Type: string

Default value
"container-ratios"

violations.containerRatio.match📜

Type: object

Default value
{}

violations.containerRatio.parameters.ratio📜

Type: string

Default value
"2"

violations.containerRatio.parameters.excludedResources📜

Type: list

Default value
[]

violations.hostNetworking.enabled📜

Type: bool

Default value
true

violations.hostNetworking.enforcementAction📜

Type: string

Default value
"deny"

violations.hostNetworking.kind📜

Type: string

Default value
"K8sPSPHostNetworkingPorts"

violations.hostNetworking.name📜

Type: string

Default value
"host-networking"

violations.hostNetworking.match📜

Type: object

Default value
{}

violations.hostNetworking.parameters.hostNetwork📜

Type: bool

Default value
false

violations.hostNetworking.parameters.min📜

Type: int

Default value
0

violations.hostNetworking.parameters.max📜

Type: int

Default value
0

violations.hostNetworking.parameters.excludedResources📜

Type: list

Default value
[]

violations.httpsOnly.enabled📜

Type: bool

Default value
true

violations.httpsOnly.enforcementAction📜

Type: string

Default value
"deny"

violations.httpsOnly.kind📜

Type: string

Default value
"K8sHttpsOnly2"

violations.httpsOnly.name📜

Type: string

Default value
"https-only"

violations.httpsOnly.match📜

Type: object

Default value
{}

violations.httpsOnly.parameters.excludedResources📜

Type: list

Default value
[]

violations.imageDigest.enabled📜

Type: bool

Default value
true

violations.imageDigest.enforcementAction📜

Type: string

Default value
"dryrun"

violations.imageDigest.kind📜

Type: string

Default value
"K8sImageDigests2"

violations.imageDigest.name📜

Type: string

Default value
"image-digest"

violations.imageDigest.match📜

Type: object

Default value
{}

violations.imageDigest.parameters.excludedResources📜

Type: list

Default value
[]

violations.namespacesHaveIstio.enabled📜

Type: bool

Default value
true

violations.namespacesHaveIstio.enforcementAction📜

Type: string

Default value
"dryrun"

violations.namespacesHaveIstio.kind📜

Type: string

Default value
"K8sRequiredLabelValues"

violations.namespacesHaveIstio.name📜

Type: string

Default value
"namespaces-have-istio"

violations.namespacesHaveIstio.match.namespaceSelector.matchExpressions[0].key📜

Type: string

Default value
"admission.gatekeeper.sh/ignore"

violations.namespacesHaveIstio.match.namespaceSelector.matchExpressions[0].operator📜

Type: string

Default value
"DoesNotExist"

violations.namespacesHaveIstio.parameters.labels[0].allowedRegex📜

Type: string

Default value
"^enabled"

violations.namespacesHaveIstio.parameters.labels[0].key📜

Type: string

Default value
"istio-injection"

violations.namespacesHaveIstio.parameters.excludedResources📜

Type: list

Default value
[]

violations.noBigContainers.enabled📜

Type: bool

Default value
true

violations.noBigContainers.enforcementAction📜

Type: string

Default value
"dryrun"

violations.noBigContainers.kind📜

Type: string

Default value
"K8sContainerLimits"

violations.noBigContainers.name📜

Type: string

Default value
"no-big-container"

violations.noBigContainers.match📜

Type: object

Default value
{}

violations.noBigContainers.parameters.cpu📜

Type: string

Default value
"2000m"

violations.noBigContainers.parameters.memory📜

Type: string

Default value
"4G"

violations.noBigContainers.parameters.excludedResources📜

Type: list

Default value
[]

violations.noHostNamespace.enabled📜

Type: bool

Default value
true

violations.noHostNamespace.enforcementAction📜

Type: string

Default value
"deny"

violations.noHostNamespace.kind📜

Type: string

Default value
"K8sPSPHostNamespace2"

violations.noHostNamespace.name📜

Type: string

Default value
"no-host-namespace"

violations.noHostNamespace.match📜

Type: object

Default value
{}

violations.noHostNamespace.parameters.excludedResources📜

Type: list

Default value
[]

violations.noPrivilegedContainers.enabled📜

Type: bool

Default value
true

violations.noPrivilegedContainers.enforcementAction📜

Type: string

Default value
"deny"

violations.noPrivilegedContainers.kind📜

Type: string

Default value
"K8sPSPPrivilegedContainer2"

violations.noPrivilegedContainers.name📜

Type: string

Default value
"no-privileged-containers"

violations.noPrivilegedContainers.match📜

Type: object

Default value
{}

violations.noPrivilegedContainers.parameters.excludedResources📜

Type: list

Default value
[]

violations.noDefaultServiceAccount.enabled📜

Type: bool

Default value
true

violations.noDefaultServiceAccount.enforcementAction📜

Type: string

Default value
"dryrun"

violations.noDefaultServiceAccount.kind📜

Type: string

Default value
"K8sDenySADefault"

violations.noDefaultServiceAccount.name📜

Type: string

Default value
"no-default-service-account"

violations.noDefaultServiceAccount.match📜

Type: object

Default value
{}

violations.noDefaultServiceAccount.parameters.excludedResources📜

Type: list

Default value
[]

violations.noPrivilegedEscalation.enabled📜

Type: bool

Default value
true

violations.noPrivilegedEscalation.enforcementAction📜

Type: string

Default value
"dryrun"

violations.noPrivilegedEscalation.kind📜

Type: string

Default value
"K8sPSPAllowPrivilegeEscalationContainer2"

violations.noPrivilegedEscalation.name📜

Type: string

Default value
"no-privileged-escalation"

violations.noPrivilegedEscalation.match📜

Type: object

Default value
{}

violations.noPrivilegedEscalation.parameters.excludedResources📜

Type: list

Default value
[]

violations.noSysctls.enabled📜

Type: bool

Default value
true

violations.noSysctls.enforcementAction📜

Type: string

Default value
"deny"

violations.noSysctls.kind📜

Type: string

Default value
"K8sPSPForbiddenSysctls"

violations.noSysctls.name📜

Type: string

Default value
"no-sysctls"

violations.noSysctls.match📜

Type: object

Default value
{}

violations.noSysctls.parameters.forbiddenSysctls[0]📜

Type: string

Default value
"*"

violations.noSysctls.parameters.excludedResources📜

Type: list

Default value
[]

violations.podsHaveIstio.enabled📜

Type: bool

Default value
true

violations.podsHaveIstio.enforcementAction📜

Type: string

Default value
"dryrun"

violations.podsHaveIstio.kind📜

Type: string

Default value
"K8sNoAnnotationValues"

violations.podsHaveIstio.name📜

Type: string

Default value
"pods-have-istio"

violations.podsHaveIstio.match📜

Type: object

Default value
{}

violations.podsHaveIstio.parameters.annotations[0].disallowedRegex📜

Type: string

Default value
"^false"

violations.podsHaveIstio.parameters.annotations[0].key📜

Type: string

Default value
"sidecar.istio.io/inject"

violations.podsHaveIstio.parameters.excludedResources📜

Type: list

Default value
[]

violations.readOnlyRoot.enabled📜

Type: bool

Default value
true

violations.readOnlyRoot.enforcementAction📜

Type: string

Default value
"dryrun"

violations.readOnlyRoot.kind📜

Type: string

Default value
"K8sPSPReadOnlyRootFilesystem2"

violations.readOnlyRoot.name📜

Type: string

Default value
"read-only-root"

violations.readOnlyRoot.match📜

Type: object

Default value
{}

violations.readOnlyRoot.parameters.excludedResources📜

Type: list

Default value
[]

violations.requiredLabels.enabled📜

Type: bool

Default value
true

violations.requiredLabels.enforcementAction📜

Type: string

Default value
"dryrun"

violations.requiredLabels.kind📜

Type: string

Default value
"K8sRequiredLabelValues"

violations.requiredLabels.name📜

Type: string

Default value
"required-labels"

violations.requiredLabels.match📜

Type: object

Default value
{}

violations.requiredLabels.parameters.labels[0].allowedRegex📜

Type: string

Default value
""

violations.requiredLabels.parameters.labels[0].key📜

Type: string

Default value
"app.kubernetes.io/name"

violations.requiredLabels.parameters.labels[1].allowedRegex📜

Type: string

Default value
""

violations.requiredLabels.parameters.labels[1].key📜

Type: string

Default value
"app.kubernetes.io/instance"

violations.requiredLabels.parameters.labels[2].allowedRegex📜

Type: string

Default value
""

violations.requiredLabels.parameters.labels[2].key📜

Type: string

Default value
"app.kubernetes.io/version"

violations.requiredLabels.parameters.labels[3].allowedRegex📜

Type: string

Default value
""

violations.requiredLabels.parameters.labels[3].key📜

Type: string

Default value
"app.kubernetes.io/component"

violations.requiredLabels.parameters.labels[4].allowedRegex📜

Type: string

Default value
""

violations.requiredLabels.parameters.labels[4].key📜

Type: string

Default value
"app.kubernetes.io/part-of"

violations.requiredLabels.parameters.labels[5].allowedRegex📜

Type: string

Default value
""

violations.requiredLabels.parameters.labels[5].key📜

Type: string

Default value
"app.kubernetes.io/managed-by"

violations.requiredLabels.parameters.excludedResources📜

Type: list

Default value
[]

violations.requiredProbes.enabled📜

Type: bool

Default value
true

violations.requiredProbes.enforcementAction📜

Type: string

Default value
"dryrun"

violations.requiredProbes.kind📜

Type: string

Default value
"K8sRequiredProbes"

violations.requiredProbes.name📜

Type: string

Default value
"required-probes"

violations.requiredProbes.match📜

Type: object

Default value
{}

violations.requiredProbes.parameters.probeTypes[0]📜

Type: string

Default value
"tcpSocket"

violations.requiredProbes.parameters.probeTypes[1]📜

Type: string

Default value
"httpGet"

violations.requiredProbes.parameters.probeTypes[2]📜

Type: string

Default value
"exec"

violations.requiredProbes.parameters.probes[0]📜

Type: string

Default value
"readinessProbe"

violations.requiredProbes.parameters.probes[1]📜

Type: string

Default value
"livenessProbe"

violations.requiredProbes.parameters.excludedResources📜

Type: list

Default value
[]

violations.restrictedTaint.enabled📜

Type: bool

Default value
true

violations.restrictedTaint.enforcementAction📜

Type: string

Default value
"deny"

violations.restrictedTaint.kind📜

Type: string

Default value
"RestrictedTaintToleration"

violations.restrictedTaint.name📜

Type: string

Default value
"restricted-taint"

violations.restrictedTaint.match📜

Type: object

Default value
{}

violations.restrictedTaint.parameters.allowGlobalToleration📜

Type: bool

Default value
false

violations.restrictedTaint.parameters.restrictedTaint.effect📜

Type: string

Default value
"NoSchedule"

violations.restrictedTaint.parameters.restrictedTaint.key📜

Type: string

Default value
"privileged"

violations.restrictedTaint.parameters.restrictedTaint.value📜

Type: string

Default value
"true"

violations.restrictedTaint.parameters.excludedResources📜

Type: list

Default value
[]

violations.selinuxPolicy.enabled📜

Type: bool

Default value
true

violations.selinuxPolicy.enforcementAction📜

Type: string

Default value
"deny"

violations.selinuxPolicy.kind📜

Type: string

Default value
"K8sPSPSELinuxV2"

violations.selinuxPolicy.name📜

Type: string

Default value
"selinux-policy"

violations.selinuxPolicy.match📜

Type: object

Default value
{}

violations.selinuxPolicy.parameters.allowedSELinuxOptions[0].level📜

Type: string

Default value
nil

violations.selinuxPolicy.parameters.allowedSELinuxOptions[0].role📜

Type: string

Default value
nil

violations.selinuxPolicy.parameters.allowedSELinuxOptions[0].type📜

Type: string

Default value
nil

violations.selinuxPolicy.parameters.allowedSELinuxOptions[0].user📜

Type: string

Default value
nil

violations.selinuxPolicy.parameters.excludedResources📜

Type: list

Default value
[]

violations.uniqueIngressHost.enabled📜

Type: bool

Default value
true

violations.uniqueIngressHost.enforcementAction📜

Type: string

Default value
"deny"

violations.uniqueIngressHost.kind📜

Type: string

Default value
"K8sUniqueIngressHost"

violations.uniqueIngressHost.name📜

Type: string

Default value
"unique-ingress-hosts"

violations.uniqueIngressHost.match📜

Type: object

Default value
{}

violations.uniqueIngressHost.parameters.excludedResources📜

Type: list

Default value
[]

violations.volumeTypes.enabled📜

Type: bool

Default value
true

violations.volumeTypes.enforcementAction📜

Type: string

Default value
"deny"

violations.volumeTypes.kind📜

Type: string

Default value
"K8sPSPVolumeTypes"

violations.volumeTypes.name📜

Type: string

Default value
"volume-types"

violations.volumeTypes.match📜

Type: object

Default value
{}

violations.volumeTypes.parameters.volumes[0]📜

Type: string

Default value
"configMap"

violations.volumeTypes.parameters.volumes[1]📜

Type: string

Default value
"emptyDir"

violations.volumeTypes.parameters.volumes[2]📜

Type: string

Default value
"projected"

violations.volumeTypes.parameters.volumes[3]📜

Type: string

Default value
"secret"

violations.volumeTypes.parameters.volumes[4]📜

Type: string

Default value
"downwardAPI"

violations.volumeTypes.parameters.volumes[5]📜

Type: string

Default value
"persistentVolumeClaim"

violations.volumeTypes.parameters.excludedResources📜

Type: list

Default value
[]

cleanupCRDs.enabled📜

Type: bool

Default value
true

cleanupCRDs.containerSecurityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

cleanupCRDs.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

cleanupCRDs.containerSecurityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

cleanupCRDs.containerSecurityContext.runAsGroup📜

Type: int

Default value
999

cleanupCRDs.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

cleanupCRDs.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

cleanupCRDs.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

cleanupCRDs.securityContext.runAsGroup📜

Type: int

Default value
999

cleanupCRDs.securityContext.runAsNonRoot📜

Type: bool

Default value
true

cleanupCRDs.securityContext.runAsUser📜

Type: int

Default value
1000

cleanupCRDs.securityContext.fsGroup📜

Type: int

Default value
999

cleanupCRDs.securityContext.supplementalGroups[0]📜

Type: int

Default value
999

image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

image.pullSecrets[0].name📜

Type: string

Default value
"private-registry"

image.crdRepository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl"

image.crdRelease📜

Type: string

Default value
"v1.33"

monitoring.enabled📜

Type: bool

Default value
false

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.vpcCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

bbtests.enabled📜

Type: bool

Default value
false

bbtests.scripts.image📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.33"

bbtests.scripts.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

bbtests.scripts.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

bbtests.scripts.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

bbtests.scripts.securityContext.runAsGroup📜

Type: int

Default value
999

bbtests.scripts.securityContext.runAsNonRoot📜

Type: bool

Default value
true

bbtests.scripts.securityContext.runAsUser📜

Type: int

Default value
1000

bbtests.scripts.additionalVolumeMounts[0].name📜

Type: string

Default value
"{{ .Chart.Name }}-test-config"

bbtests.scripts.additionalVolumeMounts[0].mountPath📜

Type: string

Default value
"/yaml"

bbtests.scripts.additionalVolumeMounts[1].name📜

Type: string

Default value
"{{ .Chart.Name }}-kube-cache"

bbtests.scripts.additionalVolumeMounts[1].mountPath📜

Type: string

Default value
"/.kube/cache"

bbtests.scripts.additionalVolumes[0].name📜

Type: string

Default value
"{{ .Chart.Name }}-test-config"

bbtests.scripts.additionalVolumes[0].configMap.name📜

Type: string

Default value
"{{ .Chart.Name }}-test-config"

bbtests.scripts.additionalVolumes[1].name📜

Type: string

Default value
"{{ .Chart.Name }}-kube-cache"

bbtests.scripts.additionalVolumes[1].emptyDir📜

Type: object

Default value
{}

bbtests.openshift📜

Type: bool

Default value
false

serviceAccount.gatekeeperAdmin.create📜

Type: bool

Default value
false

postInstall.labelNamespace.serviceAccount.name📜

Type: string

Default value
"gatekeeper-update-namespace-label"

postInstall.labelNamespace.serviceAccount.create📜

Type: bool

Default value
true

postInstall.labelNamespace.enabled📜

Type: bool

Default value
true

rbac.create📜

Type: bool

Default value
false

postUpgrade.labelNamespace.serviceAccount.name📜

Type: string

Default value
"gatekeeper-update-namespace-label-post-upgrade"

postUpgrade.labelNamespace.serviceAccount.create📜

Type: bool

Default value
true

postUpgrade.labelNamespace.enabled📜

Type: bool

Default value
true