DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update chart version

Browse Source
This commit is contained in:
DeveloperDurp
2024-09-29 07:34:52 -05:00
parent b1c45f939b
commit e6a8aa74b4
1 changed files with 278 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

555
gatekeeper/values.yaml
View File

@@ -1,277 +1,278 @@
gatekeeper: #gatekeeper:
replicas: 3 # replicas: 3
revisionHistoryLimit: 10 # revisionHistoryLimit: 10
auditInterval: 60 # auditInterval: 60
metricsBackends: ["prometheus"] # metricsBackends: ["prometheus"]
auditMatchKindOnly: false # auditMatchKindOnly: false
constraintViolationsLimit: 20 # constraintViolationsLimit: 20
auditFromCache: false # auditFromCache: false
disableMutation: false # disableMutation: false
disableValidatingWebhook: false # disableValidatingWebhook: false
validatingWebhookName: gatekeeper-validating-webhook-configuration # validatingWebhookName: gatekeeper-validating-webhook-configuration
validatingWebhookTimeoutSeconds: 3 # validatingWebhookTimeoutSeconds: 3
validatingWebhookFailurePolicy: Ignore # validatingWebhookFailurePolicy: Ignore
validatingWebhookAnnotations: {} # validatingWebhookAnnotations: {}
validatingWebhookExemptNamespacesLabels: {} # validatingWebhookExemptNamespacesLabels: {}
validatingWebhookObjectSelector: {} # validatingWebhookObjectSelector: {}
validatingWebhookCheckIgnoreFailurePolicy: Fail # validatingWebhookCheckIgnoreFailurePolicy: Fail
validatingWebhookCustomRules: {} # validatingWebhookCustomRules: {}
validatingWebhookURL: null # validatingWebhookURL: null
enableDeleteOperations: false # enableDeleteOperations: false
enableExternalData: true # enableExternalData: true
enableGeneratorResourceExpansion: true # enableGeneratorResourceExpansion: true
enableTLSHealthcheck: false # enableTLSHealthcheck: false
maxServingThreads: -1 # maxServingThreads: -1
mutatingWebhookName: gatekeeper-mutating-webhook-configuration # mutatingWebhookName: gatekeeper-mutating-webhook-configuration
mutatingWebhookFailurePolicy: Ignore # mutatingWebhookFailurePolicy: Ignore
mutatingWebhookReinvocationPolicy: Never # mutatingWebhookReinvocationPolicy: Never
mutatingWebhookAnnotations: {} # mutatingWebhookAnnotations: {}
mutatingWebhookExemptNamespacesLabels: {} # mutatingWebhookExemptNamespacesLabels: {}
mutatingWebhookObjectSelector: {} # mutatingWebhookObjectSelector: {}
mutatingWebhookTimeoutSeconds: 1 # mutatingWebhookTimeoutSeconds: 1
mutatingWebhookCustomRules: {} # mutatingWebhookCustomRules: {}
mutatingWebhookURL: null # mutatingWebhookURL: null
mutationAnnotations: false # mutationAnnotations: false
auditChunkSize: 500 # auditChunkSize: 500
logLevel: INFO # logLevel: INFO
logDenies: false # logDenies: false
logMutations: false # logMutations: false
emitAdmissionEvents: false # emitAdmissionEvents: false
emitAuditEvents: false # emitAuditEvents: false
admissionEventsInvolvedNamespace: false # admissionEventsInvolvedNamespace: false
auditEventsInvolvedNamespace: false # auditEventsInvolvedNamespace: false
resourceQuota: true # resourceQuota: true
externaldataProviderResponseCacheTTL: 3m # externaldataProviderResponseCacheTTL: 3m
image: # image:
repository: openpolicyagent/gatekeeper # repository: openpolicyagent/gatekeeper
crdRepository: openpolicyagent/gatekeeper-crds # crdRepository: openpolicyagent/gatekeeper-crds
release: v3.15.0-beta.0 # release: v3.15.0-beta.0
pullPolicy: Always # pullPolicy: Always
pullSecrets: [] # pullSecrets: []
preInstall: # preInstall:
crdRepository: # crdRepository:
image: # image:
repository: null # repository: null
tag: v3.15.0-beta.0 # tag: v3.15.0-beta.0
postUpgrade: # postUpgrade:
labelNamespace: # labelNamespace:
enabled: false # enabled: false
image: # image:
repository: openpolicyagent/gatekeeper-crds # repository: openpolicyagent/gatekeeper-crds
tag: v3.15.0-beta.0 # tag: v3.15.0-beta.0
pullPolicy: IfNotPresent # pullPolicy: IfNotPresent
pullSecrets: [] # pullSecrets: []
extraNamespaces: [] # extraNamespaces: []
podSecurity: ["pod-security.kubernetes.io/audit=restricted", # podSecurity: ["pod-security.kubernetes.io/audit=restricted",
"pod-security.kubernetes.io/audit-version=latest", # "pod-security.kubernetes.io/audit-version=latest",
"pod-security.kubernetes.io/warn=restricted", # "pod-security.kubernetes.io/warn=restricted",
"pod-security.kubernetes.io/warn-version=latest", # "pod-security.kubernetes.io/warn-version=latest",
"pod-security.kubernetes.io/enforce=restricted", # "pod-security.kubernetes.io/enforce=restricted",
"pod-security.kubernetes.io/enforce-version=v1.24"] # "pod-security.kubernetes.io/enforce-version=v1.24"]
extraAnnotations: {} # extraAnnotations: {}
priorityClassName: "" # priorityClassName: ""
affinity: {} # affinity: {}
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
resources: {} # resources: {}
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 999 # runAsGroup: 999
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1000 # runAsUser: 1000
postInstall: # postInstall:
labelNamespace: # labelNamespace:
enabled: true # enabled: true
extraRules: [] # extraRules: []
image: # image:
repository: openpolicyagent/gatekeeper-crds # repository: openpolicyagent/gatekeeper-crds
tag: v3.15.0-beta.0 # tag: v3.15.0-beta.0
pullPolicy: IfNotPresent # pullPolicy: IfNotPresent
pullSecrets: [] # pullSecrets: []
extraNamespaces: [] # extraNamespaces: []
podSecurity: ["pod-security.kubernetes.io/audit=restricted", # podSecurity: ["pod-security.kubernetes.io/audit=restricted",
"pod-security.kubernetes.io/audit-version=latest", # "pod-security.kubernetes.io/audit-version=latest",
"pod-security.kubernetes.io/warn=restricted", # "pod-security.kubernetes.io/warn=restricted",
"pod-security.kubernetes.io/warn-version=latest", # "pod-security.kubernetes.io/warn-version=latest",
"pod-security.kubernetes.io/enforce=restricted", # "pod-security.kubernetes.io/enforce=restricted",
"pod-security.kubernetes.io/enforce-version=v1.24"] # "pod-security.kubernetes.io/enforce-version=v1.24"]
extraAnnotations: {} # extraAnnotations: {}
priorityClassName: "" # priorityClassName: ""
probeWebhook: # probeWebhook:
enabled: true # enabled: true
image: # image:
repository: curlimages/curl # repository: curlimages/curl
tag: 7.83.1 # tag: 7.83.1
pullPolicy: IfNotPresent # pullPolicy: IfNotPresent
pullSecrets: [] # pullSecrets: []
waitTimeout: 60 # waitTimeout: 60
httpTimeout: 2 # httpTimeout: 2
insecureHTTPS: false # insecureHTTPS: false
priorityClassName: "" # priorityClassName: ""
affinity: {} # affinity: {}
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 999 # runAsGroup: 999
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1000 # runAsUser: 1000
preUninstall: # preUninstall:
deleteWebhookConfigurations: # deleteWebhookConfigurations:
extraRules: [] # extraRules: []
enabled: false # enabled: false
image: # image:
repository: openpolicyagent/gatekeeper-crds # repository: openpolicyagent/gatekeeper-crds
tag: v3.15.0-beta.0 # tag: v3.15.0-beta.0
pullPolicy: IfNotPresent # pullPolicy: IfNotPresent
pullSecrets: [] # pullSecrets: []
priorityClassName: "" # priorityClassName: ""
affinity: {} # affinity: {}
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
resources: {} # resources: {}
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 999 # runAsGroup: 999
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1000 # runAsUser: 1000
podAnnotations: {} # podAnnotations: {}
auditPodAnnotations: {} # auditPodAnnotations: {}
podLabels: {} # podLabels: {}
podCountLimit: "100" # podCountLimit: "100"
secretAnnotations: {} # secretAnnotations: {}
enableRuntimeDefaultSeccompProfile: true # enableRuntimeDefaultSeccompProfile: true
controllerManager: # controllerManager:
exemptNamespaces: [] # exemptNamespaces: []
exemptNamespacePrefixes: [] # exemptNamespacePrefixes: []
hostNetwork: false # hostNetwork: false
dnsPolicy: ClusterFirst # dnsPolicy: ClusterFirst
port: 8443 # port: 8443
metricsPort: 8888 # metricsPort: 8888
healthPort: 9090 # healthPort: 9090
readinessTimeout: 1 # readinessTimeout: 1
livenessTimeout: 1 # livenessTimeout: 1
priorityClassName: system-cluster-critical # priorityClassName: system-cluster-critical
disableCertRotation: false # disableCertRotation: false
tlsMinVersion: 1.3 # tlsMinVersion: 1.3
clientCertName: "" # clientCertName: ""
strategyType: RollingUpdate # strategyType: RollingUpdate
affinity: # affinity:
podAntiAffinity: # podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution: # preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm: # - podAffinityTerm:
labelSelector: # labelSelector:
matchExpressions: # matchExpressions:
- key: gatekeeper.sh/operation # - key: gatekeeper.sh/operation
operator: In # operator: In
values: # values:
- webhook # - webhook
topologyKey: kubernetes.io/hostname # topologyKey: kubernetes.io/hostname
weight: 100 # weight: 100
topologySpreadConstraints: [] # topologySpreadConstraints: []
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
resources: # resources:
limits: # limits:
memory: 512Mi # memory: 512Mi
requests: # requests:
cpu: 100m # cpu: 100m
memory: 512Mi # memory: 512Mi
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 999 # runAsGroup: 999
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1000 # runAsUser: 1000
podSecurityContext: # podSecurityContext:
fsGroup: 999 # fsGroup: 999
supplementalGroups: # supplementalGroups:
- 999 # - 999
extraRules: [] # extraRules: []
networkPolicy: # networkPolicy:
enabled: false # enabled: false
ingress: { } # ingress: { }
# - from: # # - from:
# - ipBlock: # # - ipBlock:
# cidr: 0.0.0.0/0 # # cidr: 0.0.0.0/0
audit: # audit:
enablePubsub: false # enablePubsub: false
connection: audit-connection # connection: audit-connection
channel: audit-channel # channel: audit-channel
hostNetwork: false # hostNetwork: false
dnsPolicy: ClusterFirst # dnsPolicy: ClusterFirst
metricsPort: 8888 # metricsPort: 8888
healthPort: 9090 # healthPort: 9090
readinessTimeout: 1 # readinessTimeout: 1
livenessTimeout: 1 # livenessTimeout: 1
priorityClassName: system-cluster-critical # priorityClassName: system-cluster-critical
disableCertRotation: false # disableCertRotation: false
affinity: {} # affinity: {}
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
resources: # resources:
limits: # limits:
memory: 512Mi # memory: 512Mi
requests: # requests:
cpu: 100m # cpu: 100m
memory: 512Mi # memory: 512Mi
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 999 # runAsGroup: 999
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1000 # runAsUser: 1000
podSecurityContext: # podSecurityContext:
fsGroup: 999 # fsGroup: 999
supplementalGroups: # supplementalGroups:
- 999 # - 999
writeToRAMDisk: false # writeToRAMDisk: false
extraRules: [] # extraRules: []
crds: # crds:
affinity: {} # affinity: {}
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
resources: {} # resources: {}
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 65532 # runAsGroup: 65532
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 65532 # runAsUser: 65532
pdb: # pdb:
controllerManager: # controllerManager:
minAvailable: 1 # minAvailable: 1
service: {} # service: {}
disabledBuiltins: ["{http.send}"] # disabledBuiltins: ["{http.send}"]
psp: # psp:
enabled: true # enabled: true
upgradeCRDs: # upgradeCRDs:
enabled: true # enabled: true
extraRules: [] # extraRules: []
priorityClassName: "" # priorityClassName: ""
rbac: # rbac:
create: true # create: true
externalCertInjection: # externalCertInjection:
enabled: false # enabled: false
secretName: gatekeeper-webhook-server-cert # secretName: gatekeeper-webhook-server-cert
#