Skip to content

Safeguard Trusted Registries Schema

Note

This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.

Return to the root config schema

https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/opa/properties/imageRegistry

Configure constraint to only allow configured registries for container images.

Note

See the dev docs for context.

Abstract Extensible Status Identifiable Custom Properties Additional Properties Access Restrictions Defined In
Can be instantiated No Unknown status No Forbidden Forbidden none config/schemas/config.yaml*

TYPE:

object (Safeguard Trusted Registries)

PROPERTIES:

Property Type Required Nullable Defined by
enabled boolean Optional cannot be null Welkin Apps Config
enforcement string Optional cannot be null Welkin Apps Config
URL array Optional cannot be null Welkin Apps Config

enabled

enabled

TYPE:

boolean (Safeguard Trusted Registries Enabled)

DEFAULTS:

The default value is:

true

enforcement

enforcement

TYPE:

string (Safeguard Trusted Registries Enforcement)

CONSTRAINTS:

enum: the value of this property must be equal to one of the following values:

Value Explanation
"deny" Deny actions violating the constraint.
"warn" Warn actions violating the constraint.
"dryrun" Dryrun actions violating the constraint.

DEFAULTS:

The default value is:

"warn"

URL

Configure the registries that should be trusted by the constraint.

Note

To support issuing certificates with HTTP-01 challenges the registry quay.io/jetstack/cert-manager-acmesolver must be added.

URL

TYPE:

string[] (Safeguard Trusted Registries URL)

Return to the root config schema

Generated Sun Nov 17 03:51:36 UTC 2024 from elastisys/compliantkubernetes-apps@main