enabled: false # Override the chart name used for all resources nameOverride: "" priorityClassName: "" image: registry: ghcr.io repository: kyverno/policy-reporter-ui pullPolicy: IfNotPresent tag: 1.9.2 # possible default displayModes: light/dark displayMode: "" # default refreshInterval, set 0 to disable it refreshInterval: 10000 # Key/value pairs that are attached to all resources. annotations: {} log: # holds the latest 200 validation results in the UI Log size: 200 # enable/disable views as needed in the Policy Reporter UI # disabled log view will also disable the UI as push target views: dashboard: policyReports: true clusterPolicyReports: true logs: true policyReports: true clusterPolicyReports: true kyvernoPolicies: true kyvernoVerifyImages: true plugins: kyverno: false # Custom Cluster Name which is used in the ClusterSelect, if you configured additional clusters below. clusterName: "" # Attention: be sure that your APIs are not accessable for the outside world # Use tools like VPN, private Networks or internal Network Load Balancer to expose your APIs in a secure way to the UI clusters: [] # - name: External Cluster # api: https://policy-reporter.external.cluster # reachable external Policy Reporter REST API # kyvernoApi: https://policy-reporter-kyverno-plugin.external.cluster # (optional) reachable external Policy Reporter Kyverno Plugin REST API # skipTLS: false # certificate: "/app/certs/root.ca" # secreRef: "" # name of an existing secret to read the clusterconfiguration from, supported keys: api, kyvernoApi, username, password, skipTLS, certificate # basicAuth: # added as HTTP BasicAuthentication Header for all requests against api and kyvernoApi # username: "" # password: "" # define custom filter for policy report results based on (Cluster)PolicyReport labels # exmaple - use a owner label on all reports belonging to a dedicated team and add the label as additional custom filter # # apiVersion: wgpolicyk8s.io/v1alpha2 # kind: PolicyReport # metadata: # labels: # app.kubernetes.io/managed-by: kyverno # owner: team-a # name: cpol-disallow-capabilities # namespace: default # results: [...] # # labelFilter: ["owner"] labelFilter: [] # Proxy request logging logging: encoding: console # possible encodings are console and json logLevel: 0 # default info development: false # more human readable structure, removes log sampling api: logging: false # enables access logging for proxy requests, sets log level to debug overwriteHost: true # overwrites request host and sets X-Forwarded--Host and X-Origin-Host headers # use redis as external log storage instead of an in memory store # recommended when using a HA setup with more then one replica # to get all logs on each instance redis: enabled: false address: "" database: 0 prefix: "policy-reporter-ui" username: "" password: "" # configurations related to the PolicyReporter API policyReporter: port: 8080 # configurations related to the RolicyReporter KyvernoPlugin API kyvernoPlugin: port: 8080 # configure additional volumes to e.g. mount custom certificate for proxy TLS volumes: [] volumeMounts: [] imagePullSecrets: [] replicaCount: 1 revisionHistoryLimit: 10 deploymentStrategy: {} # rollingUpdate: # maxSurge: 25% # maxUnavailable: 25% # type: RollingUpdate securityContext: runAsUser: 1234 runAsNonRoot: true privileged: false allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL seccompProfile: type: RuntimeDefault # Key/value pairs that are attached to pods. podAnnotations: {} # Key/value pairs that are attached to pods. podLabels: {} # Allow additional env variables to be added envVars: [] resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # memory: 100Mi # cpu: 50m # requests: # memory: 50Mi # cpu: 10m serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # Create secret reader role and rolebinding rbac: enabled: true service: enabled: true ## configuration of service # key/value annotations: {} # key/value labels: {} type: ClusterIP # integer nubmer. This is port for service port: 8080 # enabled if replicaCount > 1 podDisruptionBudget: # -- Configures the minimum available pods for policy-reporter-ui disruptions. # Cannot be used if `maxUnavailable` is set. minAvailable: 1 # -- Configures the maximum unavailable pods for policy-reporter-ui disruptions. # Cannot be used if `minAvailable` is set. maxUnavailable: ## Set to true to enable ingress record generation # ref to: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: enabled: false className: "" # key/value labels: {} # key/value annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: [] tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local # Node labels for pod assignment # ref: https://kubernetes.io/docs/user-guide/node-selection/ nodeSelector: {} # Tolerations for pod assignment # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] # Anti-affinity to disallow deploying client and master nodes on the same worker node affinity: {} # Topology Spread Constraints to better spread pods topologySpreadConstraints: [] # enable a NetworkPolicy for this chart. Useful on clusters where Network Policies are # used and configured in a default-deny fashion. networkPolicy: enabled: false egress: [] # Should be set in the parent chart only global: # available plugins plugins: # enable kyverno for Policy Reporter UI and monitoring kyverno: false # overwrite the fullname of all resources including subcharts fullnameOverride: "" # configure the namespace of all resources including subcharts namespace: "" # additional labels added on each resource labels: {} # basicAuth for APIs and metrics basicAuth: # HTTP BasicAuth username username: "" # HTTP BasicAuth password password: "" # read credentials from secret secretRef: ""