mirror of https://git.rancher.io/charts
40 lines
8.5 KiB
Markdown
40 lines
8.5 KiB
Markdown
# Gatekeeper Helm Chart
|
|
|
|
## Parameters
|
|
|
|
| Parameter | Description | Default |
|
|
| :---------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ |
|
|
| auditInterval | The frequency with which audit is run | `300` |
|
|
| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` |
|
|
| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` |
|
|
| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` |
|
|
| disableValidatingWebhook | Disable the validating webhook | `false` |
|
|
| validatingWebhookTimeoutSeconds | The timeout for the validating webhook in seconds | `3` |
|
|
| enableDeleteOperations | Enable validating webhook for delete operations | `false` |
|
|
| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` |
|
|
| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` |
|
|
| logLevel | Minimum log level | `INFO` |
|
|
| image.pullPolicy | The image pull policy | `IfNotPresent` |
|
|
| image.repository | Image repository | `openpolicyagent/gatekeeper` |
|
|
| image.release | The image release tag to use | Current release version: `v3.3.0` |
|
|
| image.pullSecrets | Specify an array of imagePullSecrets | `[]` |
|
|
| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi |
|
|
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
|
|
| affinity | The node affinity to use for pod scheduling | `{}` |
|
|
| tolerations | The tolerations to use for pod scheduling | `[]` |
|
|
| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` |
|
|
| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` |
|
|
| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` |
|
|
| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
|
|
| secretAnnotations | The annotations to add to the Gatekeeper secrets | `{}` |
|
|
| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` |
|
|
|
|
## Contributing Changes
|
|
|
|
This Helm chart is autogenerated from the Gatekeeper static manifest. The
|
|
generator code lives under `cmd/build/helmify`. To make modifications to this
|
|
template, please edit `kustomization.yaml` and `replacements.go` under that
|
|
directory and then run `make manifests`. Your changes will show up in the
|
|
`manifest_staging` directory and will be promoted to the root `charts` directory
|
|
the next time a Gatekeeper release is cut.
|