diff --git a/charts/kspm-collector/values.yaml b/charts/kspm-collector/values.yaml index 15859f8e1..2ef53240e 100644 --- a/charts/kspm-collector/values.yaml +++ b/charts/kspm-collector/values.yaml @@ -1,20 +1,21 @@ # Can be set to true to show debug logging, useful for troubleshooting. debug: false -httpProxy: null -httpsProxy: null -noProxy: null -sslVerifyCertificate: null +httpProxy: +httpsProxy: +noProxy: +sslVerifyCertificate: natsMaxReconnect: 0 natsMaxReconnectFailures: 60 # Namespace to deploy to (Optional: Will default to release namespace) -namespace: null +namespace: + # Default values for Sysdig KSPM Collector global: clusterConfig: {} sysdig: region: "us1" - sslVerifyCertificate: null + sslVerifyCertificate: proxy: {} kspm: deploy: true @@ -44,15 +45,18 @@ global: # -----END CERTIFICATE----- # Filename that is used when creating the secret. Required if cert is provided. - keyName: null + keyName: + # Provide the name of an existing Secret that contains the CA required - existingCaSecret: null + existingCaSecret: # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. - existingCaSecretKeyName: null + existingCaSecretKeyName: + # Provide the name of an existing ConfigMap that contains the CA required - existingCaConfigMap: null + existingCaConfigMap: # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. - existingCaConfigMapKeyName: null + existingCaConfigMapKeyName: + sysdig: # Required: You need your Sysdig access key before running agents, either specifying 'accessKey' here, or using 'existingAccessKeySecret' accessKey: "" @@ -75,9 +79,10 @@ clusterName: "" image: repository: sysdig/kspm-collector tag: 1.39.7 - digest: null + digest: registry: quay.io - pullPolicy: null + pullPolicy: + # Set image pull secret name # Example # imagePullSecrets: @@ -153,7 +158,8 @@ tolerations: value: arm64 effect: NoSchedule -priorityClassName: null +priorityClassName: + # arch and os will be used to template out a node affinity block matching everything in each list. If affinity is # defined, these fields will be ignored arch: @@ -194,15 +200,18 @@ ssl: # -----END CERTIFICATE----- # Filename that is used when creating the secret. Required if cert is provided. - keyName: null + keyName: + # Provide the name of an existing Secret that contains the CA required - existingCaSecret: null + existingCaSecret: # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. - existingCaSecretKeyName: null + existingCaSecretKeyName: + # Provide the name of an existing ConfigMap that contains the CA required - existingCaConfigMap: null + existingCaConfigMap: # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. - existingCaConfigMapKeyName: null + existingCaConfigMapKeyName: + tests: skip: false timeout: 300s diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml index d9f022b8d..9860f4cf6 100644 --- a/charts/node-analyzer/values.yaml +++ b/charts/node-analyzer/values.yaml @@ -36,21 +36,25 @@ global: # -----END CERTIFICATE----- # Filename that is used when creating the secret. Required if cert is provided. - keyName: null + keyName: + # Provide the name of an existing Secret that contains the CA required - existingCaSecret: null + existingCaSecret: # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. - existingCaSecretKeyName: null + existingCaSecretKeyName: + # Provide the name of an existing ConfigMap that contains the CA required - existingCaConfigMap: null + existingCaConfigMap: # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. - existingCaConfigMapKeyName: null + existingCaConfigMapKeyName: + image: # This is a hack to support RELATED_IMAGE_ feature in Helm based # Operators # # As long as I don't want to people to use this, I will keep it undocumented - overrideValue: null + overrideValue: + registry: quay.io gke: @@ -70,7 +74,8 @@ daemonset: # You can also customize maxUnavailable rollingUpdate: maxUnavailable: 1 - maxSurge: null + maxSurge: + rbac: # true here enables creation of rbac resources create: true @@ -129,9 +134,9 @@ nodeAnalyzer: debug: false # Proxy configuration variables - httpProxy: null - httpsProxy: null - noProxy: null + httpProxy: + httpsProxy: + noProxy: # NATS max reconnect attempts natsMaxReconnect: 0 natsMaxReconnectFailures: 60 @@ -159,9 +164,11 @@ nodeAnalyzer: createPriorityClass: false # Set nodeAnalyzer daemonset priorityClassName - priorityClassName: null + priorityClassName: + # Set the value for the Priority Class (if it is to be created) - priorityClassValue: null + priorityClassValue: + # Allow the DaemonSet to set labels labels: {} # Use this pullSecret to pull images from a private registry @@ -183,12 +190,14 @@ nodeAnalyzer: image: repository: sysdig/node-image-analyzer tag: 0.1.36 - digest: null - pullPolicy: null + digest: + pullPolicy: + # Proxy configuration variables - httpProxy: null - httpsProxy: null - noProxy: null + httpProxy: + httpsProxy: + noProxy: + # The Docker socket path. # If a custom path is specified, ensure it is correctly mounted from the host inside the container. # dockerSocketPath: unix:///var/run/docker.sock @@ -239,12 +248,14 @@ nodeAnalyzer: image: repository: sysdig/host-analyzer tag: 0.1.23 - digest: null - pullPolicy: null + digest: + pullPolicy: + # Proxy configuration variables - httpProxy: null - httpsProxy: null - noProxy: null + httpProxy: + httpsProxy: + noProxy: + # The scanning schedule specification for the host analyzer expressed as a crontab string such as “5 4 * * *”. # The default value of @dailydefault instructs the analyzer to automatically pick a schedule that will start # shortly after it is deployed and will perform a scan every 24 hours. @@ -273,12 +284,14 @@ nodeAnalyzer: image: repository: sysdig/compliance-benchmark-runner tag: 1.1.1.4 - digest: null - pullPolicy: null + digest: + pullPolicy: + # Proxy configuration variables - httpProxy: null - httpsProxy: null - noProxy: null + httpProxy: + httpsProxy: + noProxy: + resources: requests: cpu: 150m @@ -301,13 +314,15 @@ nodeAnalyzer: image: repository: sysdig/vuln-runtime-scanner tag: "1.8.1" - digest: null - pullPolicy: null + digest: + pullPolicy: + # Proxy configuration variables - httpProxy: null - httpsProxy: null - noProxy: null - storageClassName: null + httpProxy: + httpsProxy: + noProxy: + + storageClassName: extraMounts: [] # example for bottlerocket # extraMounts: @@ -351,9 +366,11 @@ nodeAnalyzer: image: repository: sysdig/eveclient-api tag: 1.1.4 - digest: null - pullPolicy: null - priorityClassName: null + digest: + pullPolicy: + + priorityClassName: + resources: requests: cpu: 100m @@ -390,12 +407,14 @@ nodeAnalyzer: image: repository: sysdig/vuln-host-scanner tag: "0.12.3" - digest: null - pullPolicy: null + digest: + pullPolicy: + # Proxy configuration variables - httpProxy: null - httpsProxy: null - noProxy: null + httpProxy: + httpsProxy: + noProxy: + # Prometheus configuration prometheus: enabled: false @@ -436,15 +455,17 @@ nodeAnalyzer: image: repository: sysdig/kspm-analyzer tag: 1.44.20 - digest: null - pullPolicy: null + digest: + pullPolicy: + # Permissions for OCP4, previously only added for benchmarkrunner includeSensitivePermissions: false # Proxy configuration variables - httpProxy: null - httpsProxy: null - noProxy: null + httpProxy: + httpsProxy: + noProxy: + resources: requests: cpu: 150m @@ -490,15 +511,18 @@ nodeAnalyzer: # -----END CERTIFICATE----- # Filename that is used when creating the secret. Required if cert is provided. - keyName: null + keyName: + # Provide the name of an existing Secret that contains the CA required - existingCaSecret: null + existingCaSecret: # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. - existingCaSecretKeyName: null + existingCaSecretKeyName: + # Provide the name of an existing ConfigMap that contains the CA required - existingCaConfigMap: null + existingCaConfigMap: # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. - existingCaConfigMapKeyName: null + existingCaConfigMapKeyName: + # If Bottlerocket is enabled then the apiclient and api socket will be mounted bottlerocket: enabled: false diff --git a/charts/rapid-response/values.yaml b/charts/rapid-response/values.yaml index 5057a2ad9..4337ae6c0 100644 --- a/charts/rapid-response/values.yaml +++ b/charts/rapid-response/values.yaml @@ -33,13 +33,15 @@ global: keyName: root_ca_file.crt # Provide the name of an existing Secret that contains the CA required - existingCaSecret: null + existingCaSecret: # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. - existingCaSecretKeyName: null + existingCaSecretKeyName: + # Provide the name of an existing ConfigMap that contains the CA required - existingCaConfigMap: null + existingCaConfigMap: # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. - existingCaConfigMapKeyName: null + existingCaConfigMapKeyName: + sysdig: # Required: You need your Sysdig access key before running agents, either specifying 'accessKey' here, or using 'existingAccessKeySecret' accessKey: "" @@ -60,7 +62,7 @@ rapidResponse: image: registry: quay.io - pullPolicy: null + pullPolicy: repository: sysdig/rapid-response-host-component # If unset, .Chart.AppVersion is used to create tag # Note: Image tag must be a string specified in double-quotes @@ -128,15 +130,18 @@ rapidResponse: # -----END CERTIFICATE----- # Filename that is used when creating the secret. Required if cert is provided. - keyName: null + keyName: + # Provide the name of an existing Secret that contains the CA required - existingCaSecret: null + existingCaSecret: # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. - existingCaSecretKeyName: null + existingCaSecretKeyName: + # Provide the name of an existing ConfigMap that contains the CA required - existingCaConfigMap: null + existingCaConfigMap: # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. - existingCaConfigMapKeyName: null + existingCaConfigMapKeyName: + # The privileged flag is necessary for OCP 4.x and other Kubernetes setups that deny host filesystem access to # running containers by default regardless of volume mounts. In those cases, access to the CRI socket would fail. # securityContext: