mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-15 20:20:22 +00:00
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
parent
d3d0eb354f
commit
c073f7c2ba
4 changed files with 37 additions and 0 deletions
|
@ -77,6 +77,8 @@ annotations:
|
||||||
description: added TUF flags for custom sigstore deployments
|
description: added TUF flags for custom sigstore deployments
|
||||||
- kind: fixed
|
- kind: fixed
|
||||||
description: Fix Helm chart to not error when replicas defined
|
description: Fix Helm chart to not error when replicas defined
|
||||||
|
- kind: added
|
||||||
|
description: allow tolerations and affinity settings for reportsCleanup
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: grafana
|
- name: grafana
|
||||||
version: "0.0.0"
|
version: "0.0.0"
|
||||||
|
|
|
@ -722,6 +722,10 @@ The chart values are organised per component.
|
||||||
| policyReportsCleanup.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
|
| policyReportsCleanup.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
|
||||||
| policyReportsCleanup.podSecurityContext | object | `{}` | Security context for the pod |
|
| policyReportsCleanup.podSecurityContext | object | `{}` | Security context for the pod |
|
||||||
| policyReportsCleanup.nodeSelector | object | `{}` | Node labels for pod assignment |
|
| policyReportsCleanup.nodeSelector | object | `{}` | Node labels for pod assignment |
|
||||||
|
| policyReportsCleanup.tolerations | list | `[]` | List of node taints to tolerate |
|
||||||
|
| policyReportsCleanup.podAntiAffinity | object | `{}` | Pod anti affinity constraints. |
|
||||||
|
| policyReportsCleanup.podAffinity | object | `{}` | Pod affinity constraints. |
|
||||||
|
| policyReportsCleanup.nodeAffinity | object | `{}` | Node affinity constraints. |
|
||||||
| policyReportsCleanup.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the hook containers |
|
| policyReportsCleanup.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the hook containers |
|
||||||
|
|
||||||
## TLS Configuration
|
## TLS Configuration
|
||||||
|
|
|
@ -54,9 +54,28 @@ spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml . | nindent 12 }}
|
{{- toYaml . | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- with .Values.policyReportsCleanup.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
{{- with .Values.policyReportsCleanup.nodeSelector }}
|
{{- with .Values.policyReportsCleanup.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if or .Values.policyReportsCleanup.podAntiAffinity .Values.policyReportsCleanup.podAffinity .Values.policyReportsCleanup.nodeAffinity }}
|
||||||
|
affinity:
|
||||||
|
{{- with .Values.policyReportsCleanup.podAntiAffinity }}
|
||||||
|
podAntiAffinity:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.policyReportsCleanup.podAffinity }}
|
||||||
|
podAffinity:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.policyReportsCleanup.nodeAffinity }}
|
||||||
|
nodeAffinity:
|
||||||
|
{{- tpl (toYaml .) $ | nindent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
|
@ -397,6 +397,18 @@ policyReportsCleanup:
|
||||||
# -- Node labels for pod assignment
|
# -- Node labels for pod assignment
|
||||||
nodeSelector: {}
|
nodeSelector: {}
|
||||||
|
|
||||||
|
# -- List of node taints to tolerate
|
||||||
|
tolerations: []
|
||||||
|
|
||||||
|
# -- Pod anti affinity constraints.
|
||||||
|
podAntiAffinity: {}
|
||||||
|
|
||||||
|
# -- Pod affinity constraints.
|
||||||
|
podAffinity: {}
|
||||||
|
|
||||||
|
# -- Node affinity constraints.
|
||||||
|
nodeAffinity: {}
|
||||||
|
|
||||||
# -- Security context for the hook containers
|
# -- Security context for the hook containers
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 65534
|
runAsUser: 65534
|
||||||
|
|
Loading…
Add table
Reference in a new issue