rancher-charts/charts/rancher-gatekeeper/102.1.0+up3.12.0/values.yaml

replicas: 3
auditInterval: 60
metricsBackends: ["prometheus"]
auditMatchKindOnly: false
constraintViolationsLimit: 20
auditFromCache: false
disableMutation: false
disableValidatingWebhook: false
validatingWebhookName: gatekeeper-validating-webhook-configuration
validatingWebhookTimeoutSeconds: 3
validatingWebhookFailurePolicy: Ignore
validatingWebhookAnnotations: {}
validatingWebhookExemptNamespacesLabels: {}
validatingWebhookObjectSelector: {}
validatingWebhookCheckIgnoreFailurePolicy: Fail
validatingWebhookCustomRules: {}
enableDeleteOperations: false
enableExternalData: true
enableGeneratorResourceExpansion: false
enableTLSHealthcheck: false
maxServingThreads: -1
mutatingWebhookName: gatekeeper-mutating-webhook-configuration
mutatingWebhookFailurePolicy: Ignore
mutatingWebhookReinvocationPolicy: Never
mutatingWebhookAnnotations: {}
mutatingWebhookExemptNamespacesLabels: {}
mutatingWebhookObjectSelector: {}
mutatingWebhookTimeoutSeconds: 1
mutatingWebhookCustomRules: {}
mutationAnnotations: false
auditChunkSize: 500
logLevel: INFO
logDenies: false
logMutations: false
emitAdmissionEvents: false
emitAuditEvents: false
admissionEventsInvolvedNamespace: false
auditEventsInvolvedNamespace: false
resourceQuota: true
images:
  gatekeeper:
    repository: rancher/mirrored-openpolicyagent-gatekeeper
    tag: v3.12.0
  gatekeepercrd:
    repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
    tag: v3.12.0
  pullPolicy: IfNotPresent
  pullSecrets: []
preInstall:
  crdRepository:
    image:
      repository: null
      tag: v3.12.0
postUpgrade:
  labelNamespace:
    enabled: false
    image:
      repository: rancher/kubectl
      tag: v1.20.2
      pullPolicy: IfNotPresent
      pullSecrets: []
    extraNamespaces: []
    podSecurity: ["pod-security.kubernetes.io/audit=restricted",
      "pod-security.kubernetes.io/audit-version=latest",
      "pod-security.kubernetes.io/warn=restricted",
      "pod-security.kubernetes.io/warn-version=latest",
      "pod-security.kubernetes.io/enforce=restricted",
      "pod-security.kubernetes.io/enforce-version=v1.24"]
    extraAnnotations: {}
  affinity: {}
  tolerations: []
  nodeSelector: {kubernetes.io/os: linux}
  resources: {}
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - ALL
    readOnlyRootFilesystem: true
    runAsGroup: 999
    runAsNonRoot: true
    runAsUser: 1000
postInstall:
  labelNamespace:
    enabled: true
    extraRules: []
    image:
      repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
      tag: v3.12.0
      pullPolicy: IfNotPresent
      pullSecrets: []
    extraNamespaces: []
    podSecurity: ["pod-security.kubernetes.io/audit=restricted",
      "pod-security.kubernetes.io/audit-version=latest",
      "pod-security.kubernetes.io/warn=restricted",
      "pod-security.kubernetes.io/warn-version=latest",
      "pod-security.kubernetes.io/enforce=restricted",
      "pod-security.kubernetes.io/enforce-version=v1.24"]
    extraAnnotations: {}
  probeWebhook:
    enabled: true
    image:
      repository: rancher/mirrored-curlimages-curl
      tag: 7.83.1
      pullPolicy: IfNotPresent
      pullSecrets: []
    waitTimeout: 60
    httpTimeout: 2
    insecureHTTPS: false
  affinity: {}
  tolerations: []
  nodeSelector: {kubernetes.io/os: linux}
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - ALL
    readOnlyRootFilesystem: true
    runAsGroup: 999
    runAsNonRoot: true
    runAsUser: 1000
preUninstall:
  deleteWebhookConfigurations:
    extraRules: []
    enabled: false
    image:
      repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
      tag: v3.12.0
      pullPolicy: IfNotPresent
      pullSecrets: []
  affinity: {}
  tolerations: []
  nodeSelector: {kubernetes.io/os: linux}
  resources: {}
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - ALL
    readOnlyRootFilesystem: true
    runAsGroup: 999
    runAsNonRoot: true
    runAsUser: 1000
podAnnotations: {}
podLabels: {}
podCountLimit: "100"
secretAnnotations: {}
enableRuntimeDefaultSeccompProfile: true
controllerManager:
  exemptNamespaces: []
  exemptNamespacePrefixes: []
  hostNetwork: false
  dnsPolicy: ClusterFirst
  port: 8443
  metricsPort: 8888
  healthPort: 9090
  readinessTimeout: 1
  livenessTimeout: 1
  priorityClassName: system-cluster-critical
  disableCertRotation: false
  tlsMinVersion: 1.3
  clientCertName: ""
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - podAffinityTerm:
            labelSelector:
              matchExpressions:
                - key: gatekeeper.sh/operation
                  operator: In
                  values:
                    - webhook
            topologyKey: kubernetes.io/hostname
          weight: 100
  topologySpreadConstraints: []
  tolerations: []
  nodeSelector: {}
  resources:
    limits:
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 512Mi
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - ALL
    readOnlyRootFilesystem: true
    runAsGroup: 999
    runAsNonRoot: true
    runAsUser: 1000
  podSecurityContext:
    fsGroup: 999
    supplementalGroups:
      - 999
  extraRules: []
  networkPolicy:
    enabled: false
    ingress: { }
      # - from:
      #   - ipBlock:
      #       cidr: 0.0.0.0/0
audit:
  hostNetwork: false
  dnsPolicy: ClusterFirst
  metricsPort: 8888
  healthPort: 9090
  readinessTimeout: 1
  livenessTimeout: 1
  priorityClassName: system-cluster-critical
  disableCertRotation: true
  affinity: {}
  tolerations: []
  nodeSelector: {}
  resources:
    limits:
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 512Mi
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - ALL
    readOnlyRootFilesystem: true
    runAsGroup: 999
    runAsNonRoot: true
    runAsUser: 1000
  podSecurityContext:
    fsGroup: 999
    supplementalGroups:
      - 999
  writeToRAMDisk: false
  extraRules: []
crds:
  affinity: {}
  tolerations: []
  nodeSelector: {kubernetes.io/os: linux}
  resources: {}
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - ALL
    readOnlyRootFilesystem: true
    runAsGroup: 65532
    runAsNonRoot: true
    runAsUser: 65532
pdb:
  controllerManager:
    minAvailable: 1
global:
  cattle:
    systemDefaultRegistry: ""
    psp:
      enabled: false
  kubectl:
    repository: rancher/kubectl
    tag: v1.20.2
service: {}
disabledBuiltins: ["{http.send}"]
upgradeCRDs:
  enabled: true
  extraRules: []
rbac:
  create: true
externalCertInjection:
  enabled: false
  secretName: gatekeeper-webhook-server-cert
make charts 2023-04-25 21:57:43 +00:00			`replicas: 3`
			`auditInterval: 60`
			`metricsBackends: ["prometheus"]`
			`auditMatchKindOnly: false`
			`constraintViolationsLimit: 20`
			`auditFromCache: false`
			`disableMutation: false`
			`disableValidatingWebhook: false`
			`validatingWebhookName: gatekeeper-validating-webhook-configuration`
			`validatingWebhookTimeoutSeconds: 3`
			`validatingWebhookFailurePolicy: Ignore`
			`validatingWebhookAnnotations: {}`
			`validatingWebhookExemptNamespacesLabels: {}`
			`validatingWebhookObjectSelector: {}`
			`validatingWebhookCheckIgnoreFailurePolicy: Fail`
			`validatingWebhookCustomRules: {}`
			`enableDeleteOperations: false`
			`enableExternalData: true`
			`enableGeneratorResourceExpansion: false`
			`enableTLSHealthcheck: false`
			`maxServingThreads: -1`
			`mutatingWebhookName: gatekeeper-mutating-webhook-configuration`
			`mutatingWebhookFailurePolicy: Ignore`
			`mutatingWebhookReinvocationPolicy: Never`
			`mutatingWebhookAnnotations: {}`
			`mutatingWebhookExemptNamespacesLabels: {}`
			`mutatingWebhookObjectSelector: {}`
			`mutatingWebhookTimeoutSeconds: 1`
			`mutatingWebhookCustomRules: {}`
			`mutationAnnotations: false`
			`auditChunkSize: 500`
			`logLevel: INFO`
			`logDenies: false`
			`logMutations: false`
			`emitAdmissionEvents: false`
			`emitAuditEvents: false`
			`admissionEventsInvolvedNamespace: false`
			`auditEventsInvolvedNamespace: false`
			`resourceQuota: true`
			`images:`
			`gatekeeper:`
			`repository: rancher/mirrored-openpolicyagent-gatekeeper`
			`tag: v3.12.0`
			`gatekeepercrd:`
			`repository: rancher/mirrored-openpolicyagent-gatekeeper-crds`
			`tag: v3.12.0`
			`pullPolicy: IfNotPresent`
			`pullSecrets: []`
			`preInstall:`
			`crdRepository:`
			`image:`
			`repository: null`
			`tag: v3.12.0`
			`postUpgrade:`
			`labelNamespace:`
			`enabled: false`
			`image:`
			`repository: rancher/kubectl`
			`tag: v1.20.2`
			`pullPolicy: IfNotPresent`
			`pullSecrets: []`
			`extraNamespaces: []`
			`podSecurity: ["pod-security.kubernetes.io/audit=restricted",`
			`"pod-security.kubernetes.io/audit-version=latest",`
			`"pod-security.kubernetes.io/warn=restricted",`
			`"pod-security.kubernetes.io/warn-version=latest",`
			`"pod-security.kubernetes.io/enforce=restricted",`
			`"pod-security.kubernetes.io/enforce-version=v1.24"]`
			`extraAnnotations: {}`
			`affinity: {}`
			`tolerations: []`
			`nodeSelector: {kubernetes.io/os: linux}`
			`resources: {}`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`readOnlyRootFilesystem: true`
			`runAsGroup: 999`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`postInstall:`
			`labelNamespace:`
			`enabled: true`
			`extraRules: []`
			`image:`
			`repository: rancher/mirrored-openpolicyagent-gatekeeper-crds`
			`tag: v3.12.0`
			`pullPolicy: IfNotPresent`
			`pullSecrets: []`
			`extraNamespaces: []`
			`podSecurity: ["pod-security.kubernetes.io/audit=restricted",`
			`"pod-security.kubernetes.io/audit-version=latest",`
			`"pod-security.kubernetes.io/warn=restricted",`
			`"pod-security.kubernetes.io/warn-version=latest",`
			`"pod-security.kubernetes.io/enforce=restricted",`
			`"pod-security.kubernetes.io/enforce-version=v1.24"]`
			`extraAnnotations: {}`
			`probeWebhook:`
			`enabled: true`
			`image:`
			`repository: rancher/mirrored-curlimages-curl`
			`tag: 7.83.1`
			`pullPolicy: IfNotPresent`
			`pullSecrets: []`
			`waitTimeout: 60`
			`httpTimeout: 2`
			`insecureHTTPS: false`
			`affinity: {}`
			`tolerations: []`
			`nodeSelector: {kubernetes.io/os: linux}`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`readOnlyRootFilesystem: true`
			`runAsGroup: 999`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`preUninstall:`
			`deleteWebhookConfigurations:`
			`extraRules: []`
			`enabled: false`
			`image:`
			`repository: rancher/mirrored-openpolicyagent-gatekeeper-crds`
			`tag: v3.12.0`
			`pullPolicy: IfNotPresent`
			`pullSecrets: []`
			`affinity: {}`
			`tolerations: []`
			`nodeSelector: {kubernetes.io/os: linux}`
			`resources: {}`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`readOnlyRootFilesystem: true`
			`runAsGroup: 999`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`podAnnotations: {}`
			`podLabels: {}`
			`podCountLimit: "100"`
			`secretAnnotations: {}`
			`enableRuntimeDefaultSeccompProfile: true`
			`controllerManager:`
			`exemptNamespaces: []`
			`exemptNamespacePrefixes: []`
			`hostNetwork: false`
			`dnsPolicy: ClusterFirst`
			`port: 8443`
			`metricsPort: 8888`
			`healthPort: 9090`
			`readinessTimeout: 1`
			`livenessTimeout: 1`
			`priorityClassName: system-cluster-critical`
			`disableCertRotation: false`
			`tlsMinVersion: 1.3`
			`clientCertName: ""`
			`affinity:`
			`podAntiAffinity:`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- podAffinityTerm:`
			`labelSelector:`
			`matchExpressions:`
			`- key: gatekeeper.sh/operation`
			`operator: In`
			`values:`
			`- webhook`
			`topologyKey: kubernetes.io/hostname`
			`weight: 100`
			`topologySpreadConstraints: []`
			`tolerations: []`
			`nodeSelector: {}`
			`resources:`
			`limits:`
			`memory: 512Mi`
			`requests:`
			`cpu: 100m`
			`memory: 512Mi`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`readOnlyRootFilesystem: true`
			`runAsGroup: 999`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`podSecurityContext:`
			`fsGroup: 999`
			`supplementalGroups:`
			`- 999`
			`extraRules: []`
			`networkPolicy:`
			`enabled: false`
			`ingress: { }`
			`# - from:`
			`# - ipBlock:`
			`# cidr: 0.0.0.0/0`
			`audit:`
			`hostNetwork: false`
			`dnsPolicy: ClusterFirst`
			`metricsPort: 8888`
			`healthPort: 9090`
			`readinessTimeout: 1`
			`livenessTimeout: 1`
			`priorityClassName: system-cluster-critical`
			`disableCertRotation: true`
			`affinity: {}`
			`tolerations: []`
			`nodeSelector: {}`
			`resources:`
			`limits:`
			`memory: 512Mi`
			`requests:`
			`cpu: 100m`
			`memory: 512Mi`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`readOnlyRootFilesystem: true`
			`runAsGroup: 999`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`podSecurityContext:`
			`fsGroup: 999`
			`supplementalGroups:`
			`- 999`
			`writeToRAMDisk: false`
			`extraRules: []`
			`crds:`
			`affinity: {}`
			`tolerations: []`
			`nodeSelector: {kubernetes.io/os: linux}`
			`resources: {}`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`
			`readOnlyRootFilesystem: true`
			`runAsGroup: 65532`
			`runAsNonRoot: true`
			`runAsUser: 65532`
			`pdb:`
			`controllerManager:`
			`minAvailable: 1`
			`global:`
			`cattle:`
			`systemDefaultRegistry: ""`
			`psp:`
			`enabled: false`
			`kubectl:`
			`repository: rancher/kubectl`
			`tag: v1.20.2`
			`service: {}`
			`disabledBuiltins: ["{http.send}"]`
			`upgradeCRDs:`
			`enabled: true`
			`extraRules: []`
			`rbac:`
			`create: true`
			`externalCertInjection:`
			`enabled: false`
			`secretName: gatekeeper-webhook-server-cert`