# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
image:
  registry: {{ .Values.global.imageRegistry | default .Values.images.umsOpenPolicyAgent.registry | quote }}
  repository: {{ .Values.images.umsOpenPolicyAgent.repository | quote }}
  pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  tag: {{ .Values.images.umsOpenPolicyAgent.tag | quote }}
  pullSecrets:
    {{- range .Values.global.imagePullSecrets }}
    - name: {{ . | quote }}
    {{- end }}

openPolicyAgent:
  isUniventionAppCenter: 0
  opaDataBundle: "bundles/GuardianDataBundle.tar.gz"
  opaPolicyBundle: "bundles/GuardianPolicyBundle.tar.gz"
  opaPollingMinDelay: 10
  opaPollingMaxDelay: 15
  opaGuardianManagementUrl: "http://ums-guardian-management-api/guardian/management"

resources:
  {{ .Values.resources.umsOpenPolicyAgent | toYaml | nindent 2 }}

securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
    add:
      - "CHOWN"
      - "DAC_OVERRIDE"
      - "FOWNER"
      - "FSETID"
      - "KILL"
      - "SETGID"
      - "SETUID"
      - "SETPCAP"
      - "NET_BIND_SERVICE"
      - "NET_RAW"
      - "SYS_CHROOT"
  privileged: false
  seccompProfile:
    type: "RuntimeDefault"
  readOnlyRootFilesystem: false
  runAsUser: 1000
  runAsGroup: 1000
  runAsNonRoot: true
  seLinuxOptions: {{ .Values.seLinuxOptions.umsOpenPolicyAgent }}

...