replicas: 3
auditInterval: 60
auditMatchKindOnly: false
constraintViolationsLimit: 20
auditFromCache: false
disableMutation: false
disableValidatingWebhook: false
validatingWebhookTimeoutSeconds: 3
validatingWebhookFailurePolicy: Ignore
validatingWebhookExemptNamespacesLabels: {}
validatingWebhookCheckIgnoreFailurePolicy: Fail
validatingWebhookCustomRules: {}
enableDeleteOperations: false
enableExternalData: false
enableTLSHealthcheck: false
mutatingWebhookFailurePolicy: Ignore
mutatingWebhookReinvocationPolicy: Never
mutatingWebhookExemptNamespacesLabels: {}
mutatingWebhookTimeoutSeconds: 1
mutatingWebhookCustomRules: {}
mutationAnnotations: false
auditChunkSize: 500
logLevel: INFO
logDenies: false
logMutations: false
emitAdmissionEvents: false
emitAuditEvents: false
resourceQuota: true
postInstall:
  labelNamespace:
    enabled: true
    image:
      repository: rancher/kubectl
      tag: v1.20.2
      pullPolicy: IfNotPresent
      pullSecrets: []
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - all
    readOnlyRootFilesystem: true
    runAsGroup: 999
    runAsNonRoot: true
    runAsUser: 1000
preUninstall:
  deleteWebhookConfigurations:
    enabled: false
    image:
      repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
      tag: v3.8.1
      pullPolicy: IfNotPresent
      pullSecrets: []
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - all
    readOnlyRootFilesystem: true
    runAsGroup: 999
    runAsNonRoot: true
    runAsUser: 1000
images:
  gatekeeper:
    repository: rancher/mirrored-openpolicyagent-gatekeeper
    tag: v3.8.1
  gatekeepercrd:
    repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
    tag: v3.8.1
  pullPolicy: IfNotPresent
  pullSecrets: []
podAnnotations:
  {container.seccomp.security.alpha.kubernetes.io/manager: runtime/default}
podLabels: {}
podCountLimit: 100
secretAnnotations: {}
controllerManager:
  exemptNamespaces: []
  exemptNamespacePrefixes: []
  hostNetwork: false
  dnsPolicy: ClusterFirst
  port: 8443
  metricsPort: 8888
  healthPort: 9090
  priorityClassName: system-cluster-critical
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - podAffinityTerm:
            labelSelector:
              matchExpressions:
                - key: gatekeeper.sh/operation
                  operator: In
                  values:
                    - webhook
            topologyKey: kubernetes.io/hostname
          weight: 100
  tolerations: []
  nodeSelector: {}
  resources:
    limits:
      cpu: 1000m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - all
    readOnlyRootFilesystem: true
    runAsGroup: 999
    runAsNonRoot: true
    runAsUser: 1000
audit:
  hostNetwork: false
  dnsPolicy: ClusterFirst
  metricsPort: 8888
  healthPort: 9090
  priorityClassName: system-cluster-critical
  affinity: {}
  tolerations: []
  nodeSelector: {}
  writeToRAMDisk: false
  resources:
    limits:
      cpu: 1000m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - all
    readOnlyRootFilesystem: true
    runAsGroup: 999
    runAsNonRoot: true
    runAsUser: 1000
crds:
  resources: {}
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - all
    readOnlyRootFilesystem: true
    runAsGroup: 65532
    runAsNonRoot: true
    runAsUser: 65532
pdb:
  controllerManager:
    minAvailable: 1
global:
  cattle:
    systemDefaultRegistry: ""
  kubectl:
    repository: rancher/kubectl
    tag: v1.20.2
service: {}
disabledBuiltins: ["{http.send}"]
psp:
  enabled: true
upgradeCRDs:
  enabled: true
rbac:
  create: true