image:
  registry: ghcr.io
  repository: kyverno/policy-reporter-kyverno-plugin
  pullPolicy: IfNotPresent
  tag: 1.6.3

imagePullSecrets: []

priorityClassName: ""

replicaCount: 1

revisionHistoryLimit: 10

deploymentStrategy: {}
  # rollingUpdate:
  #  maxSurge: 25%
  #  maxUnavailable: 25%
  # type: RollingUpdate

# When using a custom port together with the PolicyReporter UI
# the port has also to be changed in the UI subchart as well because it can't access values of other subcharts.
# You can change the port under `ui.kyvernoPlugin.port`
port:
  name: rest
  number: 8080

# Key/value pairs that are attached to all resources.
annotations: {}

# Create cluster role policies
rbac:
  enabled: true

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

service:
  enabled: true
  ## configuration of service
  # key/value
  annotations: {}
  # key/value
  labels: {}
  port: 8080
  type: ClusterIP

## Set to true to enable ingress record generation
# ref to: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
  enabled: false
  className: ""
  # key/value
  labels: {}
  # key/value
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths: []
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
podSecurityContext:
  runAsUser: 1234
  runAsGroup: 1234

securityContext:
  runAsUser: 1234
  runAsNonRoot: true
  privileged: false
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  capabilities:
    drop:
      - ALL
  seccompProfile:
    type: RuntimeDefault

# Key/value pairs that are attached to pods.
podAnnotations: {}

# Key/value pairs that are attached to pods.
podLabels: {}

# Allow additional env variables to be added
envVars: []

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   memory: 30Mi
  #   cpu: 10m
  # requests:
  #   memory: 20Mi
  #   cpu: 5m

# Node labels for pod assignment
# ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}

# Tolerations for pod assignment
# ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []

# Anti-affinity to disallow deploying client and master nodes on the same worker node
affinity: {}

# Topology Spread Constraints to better spread pods
topologySpreadConstraints: []

# livenessProbe for policy-reporter-kyverno-plugin
livenessProbe:
  httpGet:
    path: /healthz
    port: rest

# readinessProbe for policy-reporter-kyverno-plugin
readinessProbe:
  httpGet:
    path: /ready
    port: rest

# REST API
rest:
  enabled: true

# Prometheus Metrics API
metrics:
  enabled: true

logging:
  encoding: console # possible encodings are console and json
  logLevel: 0 # default info
  development: false # more human readable structure, enables stacktraces and removes log sampling

api:
  logging: false # enable debug API access logging, sets logLevel to debug

# create PolicyReports for enforce policies,
# based on Events created by Kyverno (>= v1.7.0)
blockReports:
  enabled: false
  eventNamespace: default
  results:
    maxPerReport: 200
    keepOnlyLatest: false

# required if policy-reporter-kyverno-plugin should run in HA mode and the "blockReports" feature is enabled
# if "blockReports" is disabled, leaderElection is also disabled automatically
# will be enabled when replicaCount > 1
leaderElection:
  enabled: false
  releaseOnCancel: true
  leaseDuration: 15
  renewDeadline: 10
  retryPeriod: 2

# enabled if replicaCount > 1
podDisruptionBudget:
  # -- Configures the minimum available pods for kyvernoPlugin disruptions.
  # Cannot be used if `maxUnavailable` is set.
  minAvailable: 1
  # -- Configures the maximum unavailable pods for kyvernoPlugin disruptions.
  # Cannot be used if `minAvailable` is set.
  maxUnavailable:

# Enable a NetworkPolicy for this chart. Useful on clusters where Network Policies are
# used and configured in a default-deny fashion.
networkPolicy:
  enabled: false
  # Kubernetes API Server
  egress:
  - to:
    ports:
    - protocol: TCP
      port: 6443
  ingress: []

# Should be set in the parent chart only
global:
  # available plugins
  plugins:
    # enable kyverno for Policy Reporter UI and monitoring
    kyverno: false
  # overwrite the fullname of all resources including subcharts
  fullnameOverride: ""
  # configure the namespace of all resources including subcharts
  namespace: ""
  # additional labels added on each resource
  labels: {}
  # basicAuth for APIs and metrics
  basicAuth:
    # HTTP BasicAuth username
    username: ""
    # HTTP BasicAuth password
    password: ""
    # read credentials from secret
    secretRef: ""