-
Notifications
You must be signed in to change notification settings - Fork 33
/
values.yaml
179 lines (158 loc) · 5.12 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# Default values for gatekeeper-policy-manager.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: quay.io/sighup/gatekeeper-policy-manager
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v1.0.13"
# # Override gatekeeper-policy-manager container entrypoint/args
# # See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/
command:
# - gunicorn
args:
# - --bind=:8080
# - --workers=2
# - --threads=4
# - --worker-class=gthread
# - app:app
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: "gatekeeper-policy-manager"
podAnnotations: {}
podLabels: {}
# Specify security settings for the gatekeeper-policy-manager pod
# See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
podSecurityContext:
runAsNonRoot: true
# Set the security context for the main gatekeeper-policy-manager container,
# which override settings made at the Pod level when there is overlap
# See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
# and https://kubernetes.io/docs/concepts/security/pod-security-standards/
securityContext:
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
service:
annotations: {}
type: ClusterIP
port: 80
ingress:
enabled: false
# ingressClassName: "nginx"
annotations:
{}
#kubernetes.io/ingress.class: "nginx"
#nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
#nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=https://$host$request_uri$is_args$args
#nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
#nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
#nginx.ingress.kubernetes.io/secure-backends: "true"
#nginx.ingress.kubernetes.io/configuration-snippet: |
# auth_request_set $token $upstream_http_authorization;
# proxy_set_header Authorization $token;
#forecastle.stakater.com/expose: "true"
#forecastle.stakater.com/appName: "Gatekeeper Policy Manager"
#forecastle.stakater.com/icon: "https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/master/app/static-content/logo.svg"
labels: {}
hosts:
- host: gpm.local
paths: []
# pathType: ImplementationSpecific
tls: []
# - secretName: gpm-tls
# hosts:
# - gpm.local
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
behavior: {}
metrics: []
nodeSelector: {}
tolerations: []
affinity: {}
topologySpreadConstraints: []
config:
preferredURLScheme: http
logLevel: info
# secret in plain text
secretKey: null
# name of the secret containing the secret key. if set, config.secretKey should be null!
# supported fields: secretKey
secretRef: null
multiCluster:
enabled: false
kubeconfig: |
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://127.0.0.1:54216
name: kind-kind
contexts:
- context:
cluster: kind-kind
user: kind-kind
name: kind-kind
current-context: kind-kind
kind: Config
preferences: {}
users:
- name: kind-kind
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
oidc:
enabled: false
issuer:
redirectDomain:
clientID:
clientSecret:
authorizationEndpoint:
jwksURI:
tokenEndpoint:
introspectionEndpoint:
userinfoEndpoint:
endSessionEndpoint:
# Extra env variables to pass to the gatekeeper-policy-manager container
# Uncomment and add OIDC variables for enabling OIDC
extraEnvs: []
rbac:
# Specifies whether RBAC resources should be created
create: true
# If create is `false` the Helm Operator will be restricted to the namespace
# where it is deployed, and no ClusterRole or ClusterRoleBinding will be created.
# Additionally, the kubeconfig default context will be set to that namespace.
clusterRole:
create: true
# The name of a cluster role to bind to; if not set and create is
# true, a name based on fullname is generated
name: "gatekeeper-policy-manager-crd-view"