gatekeeper: replicas: 3 revisionHistoryLimit: 10 auditInterval: 60 metricsBackends: ["prometheus"] auditMatchKindOnly: false constraintViolationsLimit: 20 auditFromCache: false disableMutation: false disableValidatingWebhook: false validatingWebhookName: gatekeeper-validating-webhook-configuration validatingWebhookTimeoutSeconds: 3 validatingWebhookFailurePolicy: Ignore validatingWebhookAnnotations: {} validatingWebhookExemptNamespacesLabels: {} validatingWebhookObjectSelector: {} validatingWebhookCheckIgnoreFailurePolicy: Fail validatingWebhookCustomRules: {} validatingWebhookURL: null enableDeleteOperations: false enableExternalData: true enableGeneratorResourceExpansion: true enableTLSHealthcheck: false maxServingThreads: -1 mutatingWebhookName: gatekeeper-mutating-webhook-configuration mutatingWebhookFailurePolicy: Ignore mutatingWebhookReinvocationPolicy: Never mutatingWebhookAnnotations: {} mutatingWebhookExemptNamespacesLabels: {} mutatingWebhookObjectSelector: {} mutatingWebhookTimeoutSeconds: 1 mutatingWebhookCustomRules: {} mutatingWebhookURL: null mutationAnnotations: false auditChunkSize: 500 logLevel: INFO logDenies: false logMutations: false emitAdmissionEvents: false emitAuditEvents: false admissionEventsInvolvedNamespace: false auditEventsInvolvedNamespace: false resourceQuota: true externaldataProviderResponseCacheTTL: 3m image: repository: openpolicyagent/gatekeeper crdRepository: openpolicyagent/gatekeeper-crds release: v3.15.0-beta.0 pullPolicy: Always pullSecrets: [] preInstall: crdRepository: image: repository: null tag: v3.15.0-beta.0 postUpgrade: labelNamespace: enabled: false image: repository: openpolicyagent/gatekeeper-crds tag: v3.15.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] podSecurity: ["pod-security.kubernetes.io/audit=restricted", "pod-security.kubernetes.io/audit-version=latest", "pod-security.kubernetes.io/warn=restricted", "pod-security.kubernetes.io/warn-version=latest", "pod-security.kubernetes.io/enforce=restricted", "pod-security.kubernetes.io/enforce-version=v1.24"] extraAnnotations: {} priorityClassName: "" affinity: {} tolerations: [] nodeSelector: {kubernetes.io/os: linux} resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 999 runAsNonRoot: true runAsUser: 1000 postInstall: labelNamespace: enabled: true extraRules: [] image: repository: openpolicyagent/gatekeeper-crds tag: v3.15.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] extraNamespaces: [] podSecurity: ["pod-security.kubernetes.io/audit=restricted", "pod-security.kubernetes.io/audit-version=latest", "pod-security.kubernetes.io/warn=restricted", "pod-security.kubernetes.io/warn-version=latest", "pod-security.kubernetes.io/enforce=restricted", "pod-security.kubernetes.io/enforce-version=v1.24"] extraAnnotations: {} priorityClassName: "" probeWebhook: enabled: true image: repository: curlimages/curl tag: 7.83.1 pullPolicy: IfNotPresent pullSecrets: [] waitTimeout: 60 httpTimeout: 2 insecureHTTPS: false priorityClassName: "" affinity: {} tolerations: [] nodeSelector: {kubernetes.io/os: linux} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 999 runAsNonRoot: true runAsUser: 1000 preUninstall: deleteWebhookConfigurations: extraRules: [] enabled: false image: repository: openpolicyagent/gatekeeper-crds tag: v3.15.0-beta.0 pullPolicy: IfNotPresent pullSecrets: [] priorityClassName: "" affinity: {} tolerations: [] nodeSelector: {kubernetes.io/os: linux} resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 999 runAsNonRoot: true runAsUser: 1000 podAnnotations: {} auditPodAnnotations: {} podLabels: {} podCountLimit: "100" secretAnnotations: {} enableRuntimeDefaultSeccompProfile: true controllerManager: exemptNamespaces: [] exemptNamespacePrefixes: [] hostNetwork: false dnsPolicy: ClusterFirst port: 8443 metricsPort: 8888 healthPort: 9090 readinessTimeout: 1 livenessTimeout: 1 priorityClassName: system-cluster-critical disableCertRotation: false tlsMinVersion: 1.3 clientCertName: "" strategyType: RollingUpdate affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: gatekeeper.sh/operation operator: In values: - webhook topologyKey: kubernetes.io/hostname weight: 100 topologySpreadConstraints: [] tolerations: [] nodeSelector: {kubernetes.io/os: linux} resources: limits: memory: 512Mi requests: cpu: 100m memory: 512Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 999 runAsNonRoot: true runAsUser: 1000 podSecurityContext: fsGroup: 999 supplementalGroups: - 999 extraRules: [] networkPolicy: enabled: false ingress: { } # - from: # - ipBlock: # cidr: 0.0.0.0/0 audit: enablePubsub: false connection: audit-connection channel: audit-channel hostNetwork: false dnsPolicy: ClusterFirst metricsPort: 8888 healthPort: 9090 readinessTimeout: 1 livenessTimeout: 1 priorityClassName: system-cluster-critical disableCertRotation: false affinity: {} tolerations: [] nodeSelector: {kubernetes.io/os: linux} resources: limits: memory: 512Mi requests: cpu: 100m memory: 512Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 999 runAsNonRoot: true runAsUser: 1000 podSecurityContext: fsGroup: 999 supplementalGroups: - 999 writeToRAMDisk: false extraRules: [] crds: affinity: {} tolerations: [] nodeSelector: {kubernetes.io/os: linux} resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 pdb: controllerManager: minAvailable: 1 service: {} disabledBuiltins: ["{http.send}"] psp: enabled: true upgradeCRDs: enabled: true extraRules: [] priorityClassName: "" rbac: create: true externalCertInjection: enabled: false secretName: gatekeeper-webhook-server-cert