mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-29 02:45:06 +00:00
Helm chart README fixes (#2062)
* fix link to PR doc
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* fix description
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* chart README fixes
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* Helm chart README clean-up
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* linting
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* Revert "fix description"
This reverts commit e128152cd7.
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
This commit is contained in:
Chip Zoller
GitHub
parent
c479517c53
commit
436d44050b
1 changed files with 14 additions and 15 deletions
|
|
@ -67,11 +67,11 @@ The following table lists the configurable parameters of the kyverno chart and t
|
|||
| `affinity` | node/pod affinities | `nil` |
|
||||
| `createSelfSignedCert` | generate a self signed cert and certificate authority. Kyverno defaults to using kube-controller-manager CA-signed certificate or existing cert secret if false. | `false` |
|
||||
| `config.existingConfig` | existing Kubernetes configmap to use for the resource filters configuration | `nil` |
|
||||
| `config.resourceFilters` | list of filter of resource types to be skipped by kyverno policy engine. See [documentation](https://github.com/kyverno/kyverno/blob/master/documentation/installation.md#filter-kubernetes-resources-that-admission-webhook-should-not-process) for details | `["[Event,*,*]","[*,kube-system,*]","[*,kube-public,*]","[*,kube-node-lease,*]","[Node,*,*]","[APIService,*,*]","[TokenReview,*,*]","[SubjectAccessReview,*,*]","[*,kyverno,*]"]` |
|
||||
| `config.webhooks` | customize webhook configurations for both MutatingWebhookConfiguration and ValidatingWebhookConfiguration of Kubernetes resources, only `namesapceSelector` can be configured with Kyverno v1.4.0 | `nil` |
|
||||
| customLabels | object | `{}` | Additional labels |
|
||||
| `dnsPolicy` | Sets the DNS Policy which determines the manner in which DNS resolution happens across the cluster. For further reference, see [the official docs](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) | `ClusterFirst` |
|
||||
| envVars | Extra environment variables to pass to kyverno | {} |
|
||||
| `config.resourceFilters` | list of resource types to be skipped by kyverno policy engine. See [documentation](https://kyverno.io/docs/installation/#resource-filters) for details | `[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][SelfSubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*]` |
|
||||
| `config.webhooks` | customize webhook configurations for both MutatingWebhookConfiguration and ValidatingWebhookConfiguration of Kubernetes resources, only `namespaceSelector` can be configured with Kyverno v1.4.0 | `nil` |
|
||||
| `customLabels` | Additional labels | `{}`
|
||||
| `dnsPolicy` | Sets the DNS Policy which determines the manner in which DNS resolution happens across the cluster. For further reference, see [the official Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) | `ClusterFirst` |
|
||||
| `envVars` | Extra environment variables to pass to Kyverno | {} |
|
||||
| `extraArgs` | list of extra arguments to give the binary | `[]` |
|
||||
| `fullnameOverride` | override the expanded name of the chart | `nil` |
|
||||
| `generatecontrollerExtraResources` | extra resource type Kyverno is allowed to generate | `[]` |
|
||||
|
|
@ -91,23 +91,23 @@ The following table lists the configurable parameters of the kyverno chart and t
|
|||
| `podLabels` | additional labels to add to each pod | `{}` |
|
||||
| `podSecurityContext` | security context for the pod | `{}` |
|
||||
| `priorityClassName` | priorityClassName | `nil` |
|
||||
| `rbac.create` | create cluster roles, cluster role bindings, and service account | `true` |
|
||||
| `rbac.serviceAccount.create` | create a service account | `true` |
|
||||
| `rbac.serviceAccount.name` | the service account name | `nil` |
|
||||
| `rbac.serviceAccount.annotations` | annotations for the service account | `{}` |
|
||||
| `rbac.create` | create ClusterRoles, ClusterRoleBindings, and ServiceAccount | `true` |
|
||||
| `rbac.serviceAccount.create` | create a ServiceAccount | `true` |
|
||||
| `rbac.serviceAccount.name` | the ServiceAccount name | `nil` |
|
||||
| `rbac.serviceAccount.annotations` | annotations for the ServiceAccount | `{}` |
|
||||
| `readinessProbe` | readiness probe configuration | `{}` |
|
||||
| `replicaCount` | desired number of pods | `1` |
|
||||
| `resources` | pod resource requests & limits | `{}` |
|
||||
| `resources` | pod resource requests and limits | `{}` |
|
||||
| `service.annotations` | annotations to add to the service | `{}` |
|
||||
| `service.nodePort` | node port | `nil` |
|
||||
| `service.port` | port for the service | `443` |
|
||||
| `service.type` | type of service | `ClusterIP` |
|
||||
| `tolerations` | list of node taints to tolerate | `[]` |
|
||||
| `securityContext` | security context configuration | `{}` |
|
||||
| `podSecurityStandard` | set desired pod security level `privileged`, `baseline`, `restricted`, `custom`. Set to `restricted` for maximum security for your cluster. See: https://kyverno.io/policies/pod-security/ | `baseline` |
|
||||
| `podSecurityStandard` | set desired pod security level `privileged`, `default`, `restricted`, `custom`. Set to `restricted` for maximum security for your cluster. See: https://kyverno.io/policies/pod-security/ | `baseline` |
|
||||
| `podSecuritySeverity` | set desired pod security severity `low`, `medium`, `high`. Used severity level in PolicyReportResults for the selected pod security policies. | `medium` |
|
||||
| `podSecurityPolicies` | Policies to include when `podSecurityStandard` is set to `custom` | `[]` |
|
||||
| `validationFailureAction` | set to get response in failed validation check. Supported values- `audit`, `enforce`. See: https://kyverno.io/docs/writing-policies/validate/ | `audit` |
|
||||
| `validationFailureAction` | set to get response in failed validation check. Supported values are `audit` and `enforce`. See: https://kyverno.io/docs/writing-policies/validate/ | `audit` |
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
|
|
@ -126,11 +126,10 @@ $ helm install --namespace kyverno kyverno ./charts/kyverno -f values.yaml
|
|||
|
||||
## TLS Configuration
|
||||
|
||||
If `createSelfSignedCert` is `true`, Helm will take care of the steps of creating an external self-signed certificate describe in option 2 of the [installation documentation](https://github.com/kyverno/kyverno/blob/master/documentation/installation.md#option-2-use-your-own-ca-signed-certificate)
|
||||
If `createSelfSignedCert` is `true`, Helm will take care of the steps of creating an external self-signed certificate described in option 2 of the [installation documentation](https://kyverno.io/docs/installation/#option-2-use-your-own-ca-signed-certificate)
|
||||
|
||||
If `createSelfSignedCert` is `false`, Kyverno will generate a self-signed CA and a certificate, or you can provide your own TLS CA and signed-key pair and create the secret yourself as described in the documentation.
|
||||
If `createSelfSignedCert` is `false`, Kyverno will generate a self-signed CA and a certificate, or you can provide your own TLS CA and signed-key pair and create the secret yourself as described in the [documentation](https://kyverno.io/docs/installation/#customize-the-installation-of-kyverno).
|
||||
|
||||
## Kyverno CLI
|
||||
|
||||
See: https://kyverno.io/docs/kyverno-cli/
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue