Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(helm): add options for hook jobs #2202

Merged
merged 3 commits into from
Aug 5, 2022
Merged

feat(helm): add options for hook jobs #2202

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f0c0fe2
feat(helm): add options for hook jobs (fix #2200)
stek29 Jul 29, 2022
b59cfd0
docs: update Chart README
stek29 Aug 3, 2022
4ace446
Merge branch 'master' into helmaffinity
ritazh Aug 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
docs: update Chart README 
Signed-off-by: Viktor Oreshkin <imselfish@stek29.rocks>
  • Loading branch information
@stek29
stek29 committed Aug 4, 2022
commit b59cfd0e66f5c517be24d40dac251dab56105388
16 changes: 16 additions & 0 deletions cmd/build/helmify/static/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,24 +79,40 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi
| postInstall.probeWebhook.waitTimeout | Total time to wait for the webhook API to become available | `60` |
| postInstall.probeWebhook.httpTimeout | HTTP client timeout | `2` |
| postInstall.probeWebhook.insecureHTTPS | Ignore server SSL certificate | `false` |
| postInstall.affinity | The affinity to use for pod scheduling in postInstall hook jobs | `{}` |
| postInstall.tolerations | The tolerations to use for pod scheduling in postInstall hook jobs | `[]` |
| postInstall.nodeSelector | The node selector to use for pod scheduling in postInstall hook jobs | `kubernetes.io/os: linux` |
| postInstall.resources | The resource request/limits for the container image in postInstall hook jobs | `{}` |
| postInstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| postUpgrade.labelNamespace.enabled | Add labels to the namespace during post upgrade hooks | `false` |
| postUpgrade.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` |
| postUpgrade.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` |
| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.10.0-beta.0` |
| postUpgrade.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| postUpgrade.labelNamespace.image.pullSecrets | Image pullSecrets | `[]`
| postUpgrade.affinity | The affinity to use for pod scheduling in postUpgrade hook jobs | `{}` |
| postUpgrade.tolerations | The tolerations to use for pod scheduling in postUpgrade hook jobs | `[]` |
| postUpgrade.nodeSelector | The node selector to use for pod scheduling in postUpgrade hook jobs | `kubernetes.io/os: linux` |
| postUpgrade.resources | The resource request/limits for the container image in postUpgrade hook jobs | `{}` |
| postUpgrade.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` |
| preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` |
| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.10.0-beta.0` |
| preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` |
| preUninstall.deleteWebhooks.extraRules | Extra rules for the gatekeeper-delete-webhook-configs Role | `[]` |
| preUninstall.affinity | The affinity to use for pod scheduling in preUninstall hook jobs | `{}` |
| preUninstall.tolerations | The tolerations to use for pod scheduling in preUninstall hook jobs | `[]` |
| preUninstall.nodeSelector | The node selector to use for pod scheduling in preUninstall hook jobs | `kubernetes.io/os: linux` |
| preUninstall.resources | The resource request/limits for the container image in preUninstall hook jobs | `{}` |
| preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
| psp.enabled | Enabled PodSecurityPolicy | `true` |
| upgradeCRDs.enabled | Upgrade CRDs using pre-install/pre-upgrade hooks | `true` |
| upgradeCRDs.extraRules | Extra rules for the gatekeeper-admin-upgrade-crds ClusterRole | `[]` |
| crds.affinity | The affinity to use for pod scheduling in crds hook jobs | `{}` |
| crds.tolerations | The tolerations to use for pod scheduling in crds hook jobs | `[]` |
| crds.nodeSelector | The node selector to use for pod scheduling in crds hook jobs | `kubernetes.io/os: linux` |
| crds.resources | The resource request/limits for the container image in crds hook jobs | `{}` |
| crds.securityContext | Security context applied to the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 65532, "runAsNonRoot": true, "runAsUser": 65532 }` |
| auditInterval | The frequency with which audit is run | `60` |
| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` |
Expand Down
Loading