sync default policy values with umbrella

General MR

There are two policies that are enabled in the umbrella that I've left disabled in the chart's default values:

• update-automountserviceaccounttokens-default: This policy will not render properly if its namespaces parameter is not set, and there is no reasonable way to know what namespaces the user would want to apply the policy to. It's going to be up to the user (in this case, the umbrella chart) to provide those values when enabling the policy.
• update-automountserviceaccounttokens: The template for this policy is only rendered when namespaces are provided, and similar to the other, it is impossible to know what namespaces the user would like enabled.

Summary

Set the default values for policies (e.g. enabled and validationFailureAction) in line with those that are specified in the umbrella.

Relevant logs/screenshots

Umbrella pipeline: big-bang/bigbang!7527 (closed)

Helm Releases still install successfully:

Linked Issue

issue

Upgrade Notices

The default enabled and validationFailureAction settings for most policies have been updated to match those set in the bigbang umbrella chart. This change has no impact on those using the chart with bigbang, and only impacts those who may be using the chart independently.

• disallow-image-tags is now enabled and enforced by default.
• disallow-namespaces is now enabled and enforced by default.
• disallow-nodeport-services is now enforced by default.
• require-image-signature is now disabled and not enforced by default.
• require-host-path-mount is now enforced by default.
• require-host-path-mount-pv is now enforced by default.
• require-host-path-write is now enforced by default.
• restrict-image-registries is now enforced by default.