Skip to content

kyverno values.yaml📜

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.ingress.defaults.allowPrometheusToIstioSidecar.enabled📜

Type: bool

Default value
false

networkPolicies.ingress.definitions.kubeAPI.from[0].ipBlock.cidr📜

Type: string

Default value
"192.168.0.0/16"

networkPolicies.ingress.definitions.kubeAPI.from[1].ipBlock.cidr📜

Type: string

Default value
"172.16.0.0/12"

networkPolicies.ingress.definitions.kubeAPI.from[2].ipBlock.cidr📜

Type: string

Default value
"10.0.0.0/8"

networkPolicies.ingress.to.kyverno-admission-controller:9443.podSelector.matchLabels.”app.kubernetes.io/component”📜

Type: string

Default value
"admission-controller"

networkPolicies.ingress.to.kyverno-admission-controller:9443.from.definition.kubeAPI📜

Type: bool

Default value
true

networkPolicies.ingress.to.kyverno:8000.podSelector.matchLabels.”app.kubernetes.io/instance”📜

Type: string

Default value
"kyverno-kyverno"

networkPolicies.ingress.to.kyverno:8000.from.k8s.monitoring/prometheus📜

Type: bool

Default value
true

networkPolicies.egress.defaults.allowIstiod.enabled📜

Type: bool

Default value
false

networkPolicies.egress.definitions.private-registry.to[0].ipBlock.cidr📜

Type: string

Default value
"15.205.173.153/32"

networkPolicies.egress.definitions.private-registry.ports[0].port📜

Type: int

Default value
443

networkPolicies.egress.definitions.private-registry.ports[0].protocol📜

Type: string

Default value
"TCP"

networkPolicies.egress.from.kyverno-admission-controller.podSelector.matchLabels.”app.kubernetes.io/component”📜

Type: string

Default value
"admission-controller"

networkPolicies.egress.from.kyverno-admission-controller.to.definition.private-registry📜

Type: bool

Default value
true

networkPolicies.egress.from.kyverno-admission-controller.to.definition.kubeAPI📜

Type: bool

Default value
true

networkPolicies.egress.from.kyverno-migrate-resources.podSelector.matchLabels.”batch.kubernetes.io/job-name”📜

Type: string

Default value
"kyverno-kyverno-migrate-resources"

networkPolicies.egress.from.kyverno-migrate-resources.to.definition.kubeAPI📜

Type: bool

Default value
true

networkPolicies.externalRegistries📜

Type: object

Default value
allowEgress: false
ports: []

Description: This section will be deprecated in the next major release in favor of the bb-common definition

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

istio.enabled📜

Type: bool

Default value
false

openshift📜

Type: bool

Default value
false

bbtests.enabled📜

Type: bool

Default value
false

bbtests.scripts.image📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.35.5"

bbtests.scripts.additionalVolumeMounts[0].name📜

Type: string

Default value
"kyverno-bbtest-manifest"

bbtests.scripts.additionalVolumeMounts[0].mountPath📜

Type: string

Default value
"/yaml"

bbtests.scripts.additionalVolumes[0].name📜

Type: string

Default value
"kyverno-bbtest-manifest"

bbtests.scripts.additionalVolumes[0].configMap.name📜

Type: string

Default value
"kyverno-bbtest-manifest"

global.image.registry📜

Type: string

Default value
"registry1.dso.mil"

Description: Global value that allows to set a single image registry across all deployments. When set, it will override any values set under .image.registry across the chart.

global.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

global.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

global.resyncPeriod📜

Type: string

Default value
"15m"

global.templating.enabled📜

Type: bool

Default value
false

global.templating.debug📜

Type: bool

Default value
false

global.templating.version📜

Type: string

Default value
nil