Skip to content

Network Policies Config Schema

Note

This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.

Return to the root config schema

https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/networkPolicies

Configure Network Policies.

Most common Network Policy rules can be updated by running ./bin/ck8s update-ips <both|sc|wc>.

Abstract Extensible Status Identifiable Custom Properties Additional Properties Access Restrictions Defined In
Can be instantiated No Unknown status No Forbidden Forbidden none config/schemas/config.yaml*

TYPE:

object (Network Policies Config)

PROPERTIES:

Property Type Required Nullable Defined by
enabled boolean Optional cannot be null Welkin Apps Config
enableAlerting boolean Optional cannot be null Welkin Apps Config
global object Optional cannot be null Welkin Apps Config
ingressNginx object Optional cannot be null Welkin Apps Config
certManager object Optional cannot be null Welkin Apps Config
externalDns object Optional cannot be null Welkin Apps Config
dex object Optional cannot be null Welkin Apps Config
gatekeeper object Optional cannot be null Welkin Apps Config
harbor object Optional cannot be null Welkin Apps Config
fluentd object Optional cannot be null Welkin Apps Config
opensearch object Optional cannot be null Welkin Apps Config
monitoring object Optional cannot be null Welkin Apps Config
alertmanager object Optional cannot be null Welkin Apps Config
prometheus object Optional cannot be null Welkin Apps Config
s3Exporter object Optional cannot be null Welkin Apps Config
tektonPipelines object Optional cannot be null Welkin Apps Config
thanos object Optional cannot be null Welkin Apps Config
falco object Optional cannot be null Welkin Apps Config
kured object Optional cannot be null Welkin Apps Config
rclone object Optional cannot be null Welkin Apps Config
velero object Optional cannot be null Welkin Apps Config
kubeSystem object Optional cannot be null Welkin Apps Config
dnsAutoscaler object Optional cannot be null Welkin Apps Config
coredns object Optional cannot be null Welkin Apps Config
rookCeph object Optional cannot be null Welkin Apps Config
defaultDeny boolean Optional cannot be null Welkin Apps Config
allowedNameSpaces array Optional cannot be null Welkin Apps Config
additionalEgressPolicies array Optional cannot be null Welkin Apps Config
additionalIngressPolicies array Optional cannot be null Welkin Apps Config
additional string Optional cannot be null Welkin Apps Config

enabled

enabled

TYPE:

boolean (Network Policies Enabled)

DEFAULTS:

The default value is:

true

enableAlerting

enableAlerting

TYPE:

boolean (Network Policies Alerting Enabled)

DEFAULTS:

The default value is:

true

global

Configure global network policy rules.

global

TYPE:

object (Network Policies Global)

ingressNginx

Configure Ingress NGINX network policy rules.

ingressNginx

TYPE:

object (Network Policies Ingress NGINX)

certManager

Configure cert-manager network policy rules.

certManager

TYPE:

object (Network Policies cert-manager)

externalDns

Configure ExternalDNS network policy rules.

externalDns

TYPE:

object (Network Policies ExternalDNS)

dex

Configure Dex network policy rules.

dex

TYPE:

object (Network Policies Dex)

gatekeeper

Configure Gatekeeper network policy rules.

gatekeeper

TYPE:

object (Network Policies Gatekeeper)

harbor

Configure Harbor network policy rules.

harbor

TYPE:

object (Network Policies Harbor)

fluentd

Configure Fluentd network policy rules.

fluentd

TYPE:

object (Network Policies Fluentd)

opensearch

Configure OpenSearch network policy rules.

opensearch

TYPE:

object (Network Policies OpenSearch)

monitoring

Configure monitoring network policy rules.

monitoring

TYPE:

object (Network Policies Monitoring)

alertmanager

Configure Alertmanager network policy rules.

alertmanager

TYPE:

object (Network Policies Alertmanager)

prometheus

Configure Prometheus network policy rules.

prometheus

TYPE:

object (Network Policies Prometheus)

s3Exporter

Configure S3 exporter network policy rules.

s3Exporter

TYPE:

object (Network Policies S3 Exporter)

tektonPipelines

Enable network policies for tekton and the pipeline.

tektonPipelines

TYPE:

object (Network Policies Tekton Pipeline)

thanos

Configure Thanos network policy rules.

thanos

TYPE:

object (Network Policies Thanos)

falco

Configure Falco network policy rules.

falco

TYPE:

object (Network Policies Falco)

kured

Configure Kured network policy rules.

kured

TYPE:

object (Network Policies Kured)

rclone

Configure Rclone network policy rules.

rclone

TYPE:

object (Network Policies Rclone)

velero

Configure Velero network policy rules.

velero

TYPE:

object (Network Policies Velero)

kubeSystem

Configure kube-system network policy rules.

kubeSystem

TYPE:

object (Network Policies Kube System)

dnsAutoscaler

Configure DNS Autoscaler network policy rules.

dnsAutoscaler

TYPE:

object (Network Policies DNS Autoscaler)

coredns

Configure CoreDNS network policy rules.

coredns

TYPE:

object (Network Policies CoreDNS)

rookCeph

Configure Rook Ceph network policy rules.

rookCeph

TYPE:

object (Network Policies Rook Ceph)

defaultDeny

defaultDeny

TYPE:

boolean

allowedNameSpaces

allowedNameSpaces

TYPE:

array (Network Policies Allowed Namespaces)

additionalEgressPolicies

additionalEgressPolicies

TYPE:

array (Network Policies Egress Policies)

additionalIngressPolicies

additionalIngressPolicies

TYPE:

array (Network Policies Ingress Policies)

additional

Configure additional network policies.

additional

TYPE:

string (Network Policies Additional Policies)

CONSTRAINTS:

unknown format: the value of this string must follow the format: yaml

Return to the root config schema


Generated Thu Dec 19 03:51:01 UTC 2024 from elastisys/compliantkubernetes-apps@main