Policy Server CLI

This document contains the help content for the policy-server command-line program.

Command overview:

policy-server

Usage: policy-server [OPTIONS] [COMMAND]

Subcommands:

  • docs—Generates the markdown documentation for policy-server commands

Options:

  • --addr <BIND_ADDRESS>—Bind against ADDRESS

      Default value: `0.0.0.0`
* `--always-accept-admission-reviews-on-namespace <NAMESPACE>`—Always accept AdmissionReviews that target the given namespace
* `--cert-file <CERT_FILE>`—Path to an X.509 certificate file for HTTPS
      Default value: ``
* `--daemon`—If set, runs policy-server in detached mode as a daemon
* `--daemon-pid-file <DAEMON-PID-FILE>`—Path to the PID file, used only when running in daemon mode
      Default value: `policy-server.pid`
* `--daemon-stderr-file <DAEMON-STDERR-FILE>`—Path to the file holding stderr, used only when running in daemon mode
* `--daemon-stdout-file <DAEMON-STDOUT-FILE>`—Path to the file holding stdout, used only when running in daemon mode
* `--disable-timeout-protection`—Disable policy timeout protection
* `--docker-config-json-path <DOCKER_CONFIG>`—Path to a Docker config.json-like path. Can be used to indicate registry authentication details
* `--enable-metrics`—Enable metrics
* `--enable-pprof`—Enable pprof profiling
* `--ignore-kubernetes-connection-failure`—Do not exit with an error if the Kubernetes connection fails. This will cause context-aware policies to break when there's no connection with Kubernetes.
* `--key-file <KEY_FILE>`—Path to an X.509 private key file for HTTPS
      Default value: ``
* `--log-fmt <LOG_FMT>`—Log output format
    Default value: `text`
    Possible values: `text`, `json`, `otlp`

  • --log-level <LOG_LEVEL>—Log level

    Default value: `info`
    Possible values: `trace`, `debug`, `info`, `warn`, `error`

  • --log-no-color—Disable colored output for logs

  • --policies <POLICIES_FILE>—YAML file holding the policies to be loaded and their settings

      Default value: `policies.yml`
* `--policies-download-dir <POLICIES_DOWNLOAD_DIR>`—Download path for the policies
      Default value: `.`
* `--policy-timeout <MAXIMUM_EXECUTION_TIME_SECONDS>`—Interrupt policy evaluation after the given time
      Default value: `2`
* `--port <PORT>`—Listen on PORT
      Default value: `3000`
* `--sigstore-cache-dir <SIGSTORE_CACHE_DIR>`—Directory used to cache sigstore data
      Default value: `sigstore-data`
* `--sources-path <SOURCES_PATH>`—YAML file holding source information (https, registry insecure hosts, custom CA's...)
* `--verification-path <VERIFICATION_CONFIG_PATH>`—YAML file holding verification information (URIs, keys, annotations...)
* `--workers <WORKERS_NUMBER>`—Number of worker threads to create

policy-server docs

Generates the markdown documentation for policy-server commands

Usage: policy-server docs --output <FILE>

Options:

  • -o, --output <FILE>—Path where the documentation file will be stored