diff --git a/cmd/build/helmify/kustomize-for-helm.yaml b/cmd/build/helmify/kustomize-for-helm.yaml index 820e2c7ec57..994060d3e94 100644 --- a/cmd/build/helmify/kustomize-for-helm.yaml +++ b/cmd/build/helmify/kustomize-for-helm.yaml @@ -76,7 +76,7 @@ spec: - --logtostderr - --log-denies={{ .Values.logDenies }} - --emit-admission-events={{ .Values.emitAdmissionEvents }} - - --log-level={{ .Values.logLevel }} + - --log-level={{ (.Values.controllerManager.logLevel | empty | not) | ternary .Values.controllerManager.logLevel .Values.logLevel }} - --exempt-namespace={{ .Release.Namespace }} - --operation=webhook - --enable-external-data={{ .Values.enableExternalData }} @@ -149,7 +149,7 @@ spec: - name: manager args: - --audit-interval={{ .Values.auditInterval }} - - --log-level={{ .Values.logLevel }} + - --log-level={{ (.Values.audit.logLevel | empty | not) | ternary .Values.audit.logLevel .Values.logLevel }} - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} - --audit-from-cache={{ .Values.auditFromCache }} - --audit-chunk-size={{ .Values.auditChunkSize }} diff --git a/cmd/build/helmify/static/README.md b/cmd/build/helmify/static/README.md index bc3578e2335..33d47cb7b64 100644 --- a/cmd/build/helmify/static/README.md +++ b/cmd/build/helmify/static/README.md @@ -161,6 +161,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | controllerManager.metricsPort | Metrics port for controller manager | `8888` | | controllerManager.readinessTimeout | Timeout in seconds for the controller manager's readiness probe | `1` | | controllerManager.livenessTimeout | Timeout in seconds for the controller manager's liveness probe | `1` | +| controllerManager.logLevel | The minimum log level for the controller manager, takes precedence over `logLevel` when specified | `null` | controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` | | controllerManager.podSecurityContext | Security context on pod level for controller manager | {fsGroup: 999, suplementalGroups: [999]} | | controllerManager.exemptNamespaces | The exact namespaces to exempt by the admission webhook | `[]` | @@ -179,6 +180,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | audit.metricsPort | Metrics port for audit | `8888` | | audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` | | audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` | +| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` | replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` | | podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | | podLabels | The labels to add to the Gatekeeper pods | `{}` | diff --git a/manifest_staging/charts/gatekeeper/README.md b/manifest_staging/charts/gatekeeper/README.md index bc3578e2335..33d47cb7b64 100644 --- a/manifest_staging/charts/gatekeeper/README.md +++ b/manifest_staging/charts/gatekeeper/README.md @@ -161,6 +161,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | controllerManager.metricsPort | Metrics port for controller manager | `8888` | | controllerManager.readinessTimeout | Timeout in seconds for the controller manager's readiness probe | `1` | | controllerManager.livenessTimeout | Timeout in seconds for the controller manager's liveness probe | `1` | +| controllerManager.logLevel | The minimum log level for the controller manager, takes precedence over `logLevel` when specified | `null` | controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` | | controllerManager.podSecurityContext | Security context on pod level for controller manager | {fsGroup: 999, suplementalGroups: [999]} | | controllerManager.exemptNamespaces | The exact namespaces to exempt by the admission webhook | `[]` | @@ -179,6 +180,7 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | audit.metricsPort | Metrics port for audit | `8888` | | audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` | | audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` | +| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` | replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` | | podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | | podLabels | The labels to add to the Gatekeeper pods | `{}` | diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml index e11ad748713..3409d2f588e 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml @@ -49,7 +49,7 @@ spec: {{- end }} args: - --audit-interval={{ .Values.auditInterval }} - - --log-level={{ .Values.logLevel }} + - --log-level={{ (.Values.audit.logLevel | empty | not) | ternary .Values.audit.logLevel .Values.logLevel }} - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} - --audit-from-cache={{ .Values.auditFromCache }} - --audit-chunk-size={{ .Values.auditChunkSize }} diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml index 0ac934b00cf..ebb1d2559e9 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml @@ -54,7 +54,7 @@ spec: - --logtostderr - --log-denies={{ .Values.logDenies }} - --emit-admission-events={{ .Values.emitAdmissionEvents }} - - --log-level={{ .Values.logLevel }} + - --log-level={{ (.Values.controllerManager.logLevel | empty | not) | ternary .Values.controllerManager.logLevel .Values.logLevel }} - --exempt-namespace={{ .Release.Namespace }} - --operation=webhook - --enable-external-data={{ .Values.enableExternalData }}