Configurations

Configuration

K8Guard comes with tons of configurations, currently the documentation for it is in comments of these files: (better docs will come someday)

Some of the configuration values (as noted in the .env-template file) have a rule format that can used to filter on namespaces, entity types, entity names, and values, in addition to excluding. Examples:

Configuration setting Configuration value Description
K8GUARD_IGNORED_VIOLATIONS mynamespace:*:*:PRIVILEGED will ignore any PRIVILEGED violations for all types within mynamespace.
K8GUARD_IGNORED_VIOLATIONS !mynamespace:daemonset:*:PRIVILEGED will ignore any PRIVILEGED violations for all daemonsets in any namespace but mynamespace.
K8GUARD_IGNORED_VIOLATIONS *:daemonset:kube2iam:PRIVILEGED will ignore any PRIVILEGED violations only for daemonsets named kube2iam across all namespaces.
K8GUARD_REQUIRED_LABELS !kube-system:pod:*:productcode ensures that all pods in all namespaces except kube-system have the label productcode.
K8GUARD_REQUIRED_ENTITIES !kube-system:resourcequota:myquota:* ensures that all namespaces except kube-system have a resourcequota named myquota.