Safeguard Trusted Registries Schema¶
Note
This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.
Return to the root config schema
https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/v0.41.0/config/schemas/config.yaml#/properties/opa/properties/imageRegistry
Configure constraint to only allow configured registries for container images.
Note
See the dev docs for context.
Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
---|---|---|---|---|---|---|---|
Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | config/schemas/config.yaml* |
TYPE:
object
(Safeguard Trusted Registries)
PROPERTIES:
Property | Type | Required | Nullable | Defined by |
---|---|---|---|---|
enabled | boolean |
Optional | cannot be null | Compliant Kubernetes Apps Config |
enforcement | string |
Optional | cannot be null | Compliant Kubernetes Apps Config |
URL | array |
Optional | cannot be null | Compliant Kubernetes Apps Config |
enabled¶
enabled
-
is optional
-
Type:
boolean
(Safeguard Trusted Registries Enabled) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
boolean
(Safeguard Trusted Registries Enabled)
DEFAULTS:
The default value is:
true
enforcement¶
enforcement
-
is optional
-
Type:
string
(Safeguard Trusted Registries Enforcement) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
string
(Safeguard Trusted Registries Enforcement)
CONSTRAINTS:
enum: the value of this property must be equal to one of the following values:
Value | Explanation |
---|---|
"deny" |
Deny actions violating the constraint. |
"warn" |
Warn actions violating the constraint. |
"dryrun" |
Dryrun actions violating the constraint. |
DEFAULTS:
The default value is:
"warn"
URL¶
Configure the registries that should be trusted by the constraint.
Note
To support issuing certificates with HTTP-01 challenges the registry quay.io/jetstack/cert-manager-acmesolver
must be added.
URL
-
is optional
-
Type:
string[]
(Safeguard Trusted Registries URL) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
string[]
(Safeguard Trusted Registries URL)
Return to the root config schema
Generated Thu Nov 14 16:21:55 UTC 2024 from elastisys/compliantkubernetes-apps@v0.41.0