neuvector values.yaml
💣
openshift💣
Type: bool
false
registry💣
Type: string
"registry1.dso.mil"
tag💣
Type: string
"5.1.3"
oem💣
Type: string
nil
imagePullSecrets💣
Type: string
"private-registry"
psp💣
Type: bool
false
rbac💣
Type: bool
true
serviceAccount💣
Type: string
"default"
internal.certmanager.enabled💣
Type: bool
false
internal.certmanager.secretname💣
Type: string
"neuvector-internal"
controller.enabled💣
Type: bool
true
controller.annotations💣
Type: object
{}
Default value (formatted)
{}
controller.strategy.type💣
Type: string
"RollingUpdate"
controller.strategy.rollingUpdate.maxSurge💣
Type: int
1
controller.strategy.rollingUpdate.maxUnavailable💣
Type: int
0
controller.image.repository💣
Type: string
"ironbank/neuvector/neuvector/controller"
controller.image.hash💣
Type: string
nil
controller.replicas💣
Type: int
3
controller.disruptionbudget💣
Type: int
0
controller.schedulerName💣
Type: string
nil
controller.priorityClassName💣
Type: string
nil
controller.podLabels💣
Type: object
{}
Default value (formatted)
{}
controller.podAnnotations💣
Type: object
{}
Default value (formatted)
{}
controller.containerSecurityContext.privileged💣
Type: bool
true
controller.containerSecurityContext.runAsUser💣
Type: int
1000
controller.containerSecurityContext.runAsNonRoot💣
Type: bool
true
controller.containerSecurityContext.capabilities.drop[0]💣
Type: string
"ALL"
controller.env💣
Type: list
[]
Default value (formatted)
[]
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight💣
Type: int
100
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].key💣
Type: string
"app"
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operator💣
Type: string
"In"
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values[0]💣
Type: string
"neuvector-controller-pod"
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey💣
Type: string
"kubernetes.io/hostname"
controller.tolerations💣
Type: list
[]
Default value (formatted)
[]
controller.nodeSelector💣
Type: object
{}
Default value (formatted)
{}
controller.apisvc.type💣
Type: string
nil
controller.apisvc.annotations💣
Type: object
{}
Default value (formatted)
{}
controller.apisvc.route.enabled💣
Type: bool
false
controller.apisvc.route.termination💣
Type: string
"passthrough"
controller.apisvc.route.host💣
Type: string
nil
controller.apisvc.route.tls💣
Type: string
nil
controller.ranchersso.enabled💣
Type: bool
false
controller.sso.certificateAuthority.secretName💣
Type: string
""
controller.pvc.enabled💣
Type: bool
false
controller.pvc.existingClaim💣
Type: bool
false
controller.pvc.accessModes[0]💣
Type: string
"ReadWriteMany"
controller.pvc.storageClass💣
Type: string
nil
controller.pvc.capacity💣
Type: string
nil
controller.azureFileShare.enabled💣
Type: bool
false
controller.azureFileShare.secretName💣
Type: string
nil
controller.azureFileShare.shareName💣
Type: string
nil
controller.certificate.secret💣
Type: string
nil
controller.certificate.keyFile💣
Type: string
"tls.key"
controller.certificate.pemFile💣
Type: string
"tls.pem"
controller.internal.certificate.secret💣
Type: string
"neuvector-internal"
controller.internal.certificate.keyFile💣
Type: string
"tls.key"
controller.internal.certificate.pemFile💣
Type: string
"tls.crt"
controller.internal.certificate.caFile💣
Type: string
"ca.crt"
controller.federation.mastersvc.type💣
Type: string
nil
controller.federation.mastersvc.ingress.enabled💣
Type: bool
false
controller.federation.mastersvc.ingress.host💣
Type: string
nil
controller.federation.mastersvc.ingress.ingressClassName💣
Type: string
""
controller.federation.mastersvc.ingress.path💣
Type: string
"/"
controller.federation.mastersvc.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”💣
Type: string
"HTTPS"
controller.federation.mastersvc.ingress.tls💣
Type: bool
false
controller.federation.mastersvc.ingress.secretName💣
Type: string
nil
controller.federation.mastersvc.annotations💣
Type: object
{}
Default value (formatted)
{}
controller.federation.mastersvc.route.enabled💣
Type: bool
false
controller.federation.mastersvc.route.termination💣
Type: string
"passthrough"
controller.federation.mastersvc.route.host💣
Type: string
nil
controller.federation.mastersvc.route.tls💣
Type: string
nil
controller.federation.managedsvc.type💣
Type: string
nil
controller.federation.managedsvc.ingress.enabled💣
Type: bool
false
controller.federation.managedsvc.ingress.host💣
Type: string
nil
controller.federation.managedsvc.ingress.ingressClassName💣
Type: string
""
controller.federation.managedsvc.ingress.path💣
Type: string
"/"
controller.federation.managedsvc.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”💣
Type: string
"HTTPS"
controller.federation.managedsvc.ingress.tls💣
Type: bool
false
controller.federation.managedsvc.ingress.secretName💣
Type: string
nil
controller.federation.managedsvc.annotations💣
Type: object
{}
Default value (formatted)
{}
controller.federation.managedsvc.route.enabled💣
Type: bool
false
controller.federation.managedsvc.route.termination💣
Type: string
"passthrough"
controller.federation.managedsvc.route.host💣
Type: string
nil
controller.federation.managedsvc.route.tls💣
Type: string
nil
controller.ingress.enabled💣
Type: bool
false
controller.ingress.host💣
Type: string
nil
controller.ingress.ingressClassName💣
Type: string
""
controller.ingress.path💣
Type: string
"/"
controller.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”💣
Type: string
"HTTPS"
controller.ingress.tls💣
Type: bool
false
controller.ingress.secretName💣
Type: string
nil
controller.resources💣
Type: object
{}
Default value (formatted)
{}
controller.configmap.enabled💣
Type: bool
false
controller.configmap.data💣
Type: string
nil
controller.secret.enabled💣
Type: bool
false
controller.secret.data💣
Type: object
{}
Default value (formatted)
{}
enforcer.enabled💣
Type: bool
true
enforcer.image.repository💣
Type: string
"ironbank/neuvector/neuvector/enforcer"
enforcer.image.hash💣
Type: string
nil
enforcer.updateStrategy.type💣
Type: string
"RollingUpdate"
enforcer.priorityClassName💣
Type: string
nil
enforcer.podLabels💣
Type: object
{}
Default value (formatted)
{}
enforcer.podAnnotations💣
Type: object
{}
Default value (formatted)
{}
enforcer.securityContext.runAsNonRoot💣
Type: bool
true
enforcer.securityContext.runAsUser💣
Type: int
1000
enforcer.containerSecurityContext.privileged💣
Type: bool
true
enforcer.containerSecurityContext.capabilities.drop[0]💣
Type: string
"ALL"
enforcer.env💣
Type: list
[]
Default value (formatted)
[]
enforcer.tolerations[0].effect💣
Type: string
"NoSchedule"
enforcer.tolerations[0].key💣
Type: string
"node-role.kubernetes.io/master"
enforcer.tolerations[1].effect💣
Type: string
"NoSchedule"
enforcer.tolerations[1].key💣
Type: string
"node-role.kubernetes.io/control-plane"
enforcer.resources💣
Type: object
{}
Default value (formatted)
{}
enforcer.internal.certificate.secret💣
Type: string
"neuvector-internal"
enforcer.internal.certificate.keyFile💣
Type: string
"tls.key"
enforcer.internal.certificate.pemFile💣
Type: string
"tls.crt"
enforcer.internal.certificate.caFile💣
Type: string
"ca.crt"
manager.enabled💣
Type: bool
true
manager.image.repository💣
Type: string
"ironbank/neuvector/neuvector/manager"
manager.image.hash💣
Type: string
nil
manager.priorityClassName💣
Type: string
nil
manager.env.ssl💣
Type: bool
false
manager.env.disableFipsInJava💣
Type: bool
true
manager.svc.type💣
Type: string
"ClusterIP"
manager.svc.loadBalancerIP💣
Type: string
nil
manager.svc.annotations💣
Type: object
{}
Default value (formatted)
{}
manager.route.enabled💣
Type: bool
true
manager.route.termination💣
Type: string
"passthrough"
manager.route.host💣
Type: string
nil
manager.route.tls💣
Type: string
nil
manager.certificate.secret💣
Type: string
nil
manager.certificate.keyFile💣
Type: string
"tls.key"
manager.certificate.pemFile💣
Type: string
"tls.pem"
manager.ingress.enabled💣
Type: bool
false
manager.ingress.host💣
Type: string
nil
manager.ingress.ingressClassName💣
Type: string
""
manager.ingress.path💣
Type: string
"/"
manager.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”💣
Type: string
"HTTPS"
manager.ingress.tls💣
Type: bool
false
manager.ingress.secretName💣
Type: string
nil
manager.resources💣
Type: object
{}
Default value (formatted)
{}
manager.affinity💣
Type: object
{}
Default value (formatted)
{}
manager.podLabels💣
Type: object
{}
Default value (formatted)
{}
manager.podAnnotations💣
Type: object
{}
Default value (formatted)
{}
manager.containerSecurityContext.runAsUser💣
Type: int
1000
manager.containerSecurityContext.runAsNonRoot💣
Type: bool
true
manager.containerSecurityContext.capabilities.drop[0]💣
Type: string
"ALL"
manager.tolerations💣
Type: list
[]
Default value (formatted)
[]
manager.nodeSelector💣
Type: object
{}
Default value (formatted)
{}
manager.securityContext.runAsNonRoot💣
Type: bool
true
manager.securityContext.runAsUser💣
Type: int
1000
cve.updater.enabled💣
Type: bool
true
cve.updater.secure💣
Type: bool
false
cve.updater.image.repository💣
Type: string
"ironbank/big-bang/base"
cve.updater.image.tag💣
Type: string
"2.0.0"
cve.updater.image.hash💣
Type: string
nil
cve.updater.schedule💣
Type: string
"0 0 * * *"
cve.updater.priorityClassName💣
Type: string
nil
cve.updater.podLabels💣
Type: object
{}
Default value (formatted)
{}
cve.updater.podAnnotations💣
Type: object
{}
Default value (formatted)
{}
cve.updater.nodeSelector💣
Type: object
{}
Default value (formatted)
{}
cve.updater.securityContext.runAsUser💣
Type: int
1000
cve.updater.securityContext.runAsNonRoot💣
Type: bool
true
cve.updater.containerSecurityContext.runAsUser💣
Type: int
1000
cve.updater.containerSecurityContext.runAsNonRoot💣
Type: bool
true
cve.updater.containerSecurityContext.capabilities.drop[0]💣
Type: string
"ALL"
cve.scanner.enabled💣
Type: bool
true
cve.scanner.replicas💣
Type: int
3
cve.scanner.dockerPath💣
Type: string
""
cve.scanner.strategy.type💣
Type: string
"RollingUpdate"
cve.scanner.strategy.rollingUpdate.maxSurge💣
Type: int
1
cve.scanner.strategy.rollingUpdate.maxUnavailable💣
Type: int
0
cve.scanner.image.repository💣
Type: string
"ironbank/neuvector/neuvector/scanner"
cve.scanner.image.tag💣
Type: int
5
cve.scanner.image.hash💣
Type: string
nil
cve.scanner.priorityClassName💣
Type: string
nil
cve.scanner.resources💣
Type: object
{}
Default value (formatted)
{}
cve.scanner.affinity💣
Type: object
{}
Default value (formatted)
{}
cve.scanner.podLabels💣
Type: object
{}
Default value (formatted)
{}
cve.scanner.podAnnotations💣
Type: object
{}
Default value (formatted)
{}
cve.scanner.env💣
Type: list
[]
Default value (formatted)
[]
cve.scanner.tolerations💣
Type: list
[]
Default value (formatted)
[]
cve.scanner.nodeSelector💣
Type: object
{}
Default value (formatted)
{}
cve.scanner.securityContext.runAsNonRoot💣
Type: bool
true
cve.scanner.securityContext.runAsUser💣
Type: int
1000
cve.scanner.internal.certificate.secret💣
Type: string
"neuvector-internal"
cve.scanner.internal.certificate.keyFile💣
Type: string
"tls.key"
cve.scanner.internal.certificate.pemFile💣
Type: string
"tls.crt"
cve.scanner.internal.certificate.caFile💣
Type: string
"ca.crt"
cve.scanner.containerSecurityContext.runAsUser💣
Type: int
1000
cve.scanner.containerSecurityContext.runAsNonRoot💣
Type: bool
true
cve.scanner.containerSecurityContext.capabilities.drop[0]💣
Type: string
"ALL"
docker.path💣
Type: string
"/var/run/docker.sock"
resources💣
Type: object
{}
Default value (formatted)
{}
k3s.enabled💣
Type: bool
false
k3s.runtimePath💣
Type: string
"/run/k3s/containerd/containerd.sock"
bottlerocket.enabled💣
Type: bool
false
bottlerocket.runtimePath💣
Type: string
"/run/dockershim.sock"
containerd.enabled💣
Type: bool
false
containerd.path💣
Type: string
"/var/run/containerd/containerd.sock"
crio.enabled💣
Type: bool
false
crio.path💣
Type: string
"/var/run/crio/crio.sock"
admissionwebhook.type💣
Type: string
"ClusterIP"
crdwebhook.enabled💣
Type: bool
true
crdwebhook.type💣
Type: string
"ClusterIP"
domain💣
Type: string
"bigbang.dev"
istio.enabled💣
Type: bool
false
istio.injection💣
Type: string
"disabled"
istio.neuvector.enabled💣
Type: bool
true
istio.neuvector.annotations💣
Type: object
{}
Default value (formatted)
{}
istio.neuvector.labels💣
Type: object
{}
Default value (formatted)
{}
istio.neuvector.gateways[0]💣
Type: string
"istio-system/main"
istio.neuvector.hosts[0]💣
Type: string
"neuvector.{{ .Values.domain }}"
istio.mtls💣
Type: object
{"mode":"STRICT"}
Default value (formatted)
{
"mode": "STRICT"
}
Description: Default neuvector peer authentication
istio.mtls.mode💣
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
monitoring.enabled💣
Type: bool
false
monitoring.namespace💣
Type: string
"monitoring"
networkPolicies.enabled💣
Type: bool
false
networkPolicies.ingressLabels.app💣
Type: string
"istio-ingressgateway"
networkPolicies.ingressLabels.istio💣
Type: string
"ingressgateway"
networkPolicies.controlPlaneCidr💣
Type: string
"0.0.0.0/0"
monitor.imagePullSecrets💣
Type: string
"private-registry"
bbtests.enabled💣
Type: bool
false
bbtests.cypress.artifacts💣
Type: bool
true
bbtests.cypress.envs.cypress_url💣
Type: string
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"
bbtests.scripts.envs.URL💣
Type: string
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"