# Supported- baseline/restricted/privileged/custom
# For more info- https://kyverno.io/policies/pod-security
podSecurityStandard: baseline
# Supported- low/medium/high
podSecuritySeverity: medium
# Policies to include when podSecurityStandard is custom
podSecurityPolicies: []
# Additional policies to include from "other"
# Example:
#   includeOtherPolicies:
#   - require-non-root-groups
includeOtherPolicies: []
# Supported values- `audit`, `enforce`
# For more info- https://kyverno.io/docs/writing-policies/validate/
validationFailureAction: audit
# Define validationFailureActionOverrides for specific policies.
# The overrides for 'all' will apply to all policies
# Eg:
# validationFailureActionOverrides:
#   all:
#     - action: audit
#       namespaces:
#         - ingress-nginx
#   disallow-host-path:
#     - action: audit
#       namespaces:
#         - fluent
validationFailureActionOverrides:
  all: []
# Exclude resources from individual policies
# Eg:
# policyExclude:
#   disallow-host-path:
#     any:
#     - resources:
#         kinds:
#         - Pod
#         namespaces:
#         - fluent
#
# Policies with multiple rules can have individual rules excluded:
# policyExclude:
#   adding-capabilities-strict:
#     any:
#     - resources:
#         kinds:
#         - Pod
#         namespaces:
#         - kube-system
policyExclude: {}

nameOverride:
# -- Additional labels
customLabels: {}