Allow Dev CRDs Schema¶

Note

This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.

https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/gatekeeper/properties/allowUserCRDs

Configure access to Custom Resource Definitions for application developers.

Abstract	Extensible	Status	Identifiable	Custom Properties	Additional Properties	Access Restrictions	Defined In
Can be instantiated	No	Unknown status	No	Forbidden	Forbidden	none	config/schemas/config.yaml*

TYPE:

PROPERTIES:

Property	Type	Required	Nullable	Defined by
enabled	`boolean`	Optional	cannot be null	Compliant Kubernetes Apps Config
enforcement	`string`	Optional	cannot be null	Compliant Kubernetes Apps Config
adminConfUser	`string`	Optional	cannot be null	Compliant Kubernetes Apps Config
extraCRDs	`array`	Optional	cannot be null	Compliant Kubernetes Apps Config
extraServiceAccounts	`array`	Optional	cannot be null	Compliant Kubernetes Apps Config

enabled¶

enabled

TYPE:

enforcement

TYPE:

CONSTRAINTS:

enum: the value of this property must be equal to one of the following values:

Value	Explanation
`"deny"`	Deny actions violating the constraint.
`"warn"`	Warn actions violating the constraint.
`"dryrun"`	Dryrun actions violating the constraint.

DEFAULTS:

The default value is:

"deny"

Configure the admin config user of the /etc/kubernetes/admin.conf found on the control plane nodes.

This is necessary if Kubespray is used for managing the cluster.

adminConfUser

TYPE:

DEFAULTS:

The default value is:

"kubernetes-admin"

Configure extra CRDs to allow for application developers.

extraCRDs

TYPE:

Configure extra service accounts to allow access to configured CRDs.

extraServiceAccounts

TYPE:

EXAMPLES:

- namespace: example-namespace
  name: example-controller

Generated Sun Jun 23 03:48:25 UTC 2024 from elastisys/compliantkubernetes-apps@main