Skip to content

neuvector values.yaml💣

openshift💣

Type: bool

Default value
false

registry💣

Type: string

Default value
"registry1.dso.mil"

tag💣

Type: string

Default value
"5.1.3"

oem💣

Type: string

Default value
nil

imagePullSecrets💣

Type: string

Default value
"private-registry"

psp💣

Type: bool

Default value
false

rbac💣

Type: bool

Default value
true

serviceAccount💣

Type: string

Default value
"default"

internal.certmanager.enabled💣

Type: bool

Default value
false

internal.certmanager.secretname💣

Type: string

Default value
"neuvector-internal"

controller.enabled💣

Type: bool

Default value
true

controller.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

controller.strategy.type💣

Type: string

Default value
"RollingUpdate"

controller.strategy.rollingUpdate.maxSurge💣

Type: int

Default value
1

controller.strategy.rollingUpdate.maxUnavailable💣

Type: int

Default value
0

controller.image.repository💣

Type: string

Default value
"ironbank/neuvector/neuvector/controller"

controller.image.hash💣

Type: string

Default value
nil

controller.replicas💣

Type: int

Default value
3

controller.disruptionbudget💣

Type: int

Default value
0

controller.schedulerName💣

Type: string

Default value
nil

controller.priorityClassName💣

Type: string

Default value
nil

controller.podLabels💣

Type: object

Default value
{}
Default value (formatted)
{}

controller.podAnnotations💣

Type: object

Default value
{}
Default value (formatted)
{}

controller.containerSecurityContext.privileged💣

Type: bool

Default value
true

controller.containerSecurityContext.runAsUser💣

Type: int

Default value
1000

controller.containerSecurityContext.runAsNonRoot💣

Type: bool

Default value
true

controller.containerSecurityContext.capabilities.drop[0]💣

Type: string

Default value
"ALL"

controller.env💣

Type: list

Default value
[]
Default value (formatted)
[]

controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight💣

Type: int

Default value
100

controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].key💣

Type: string

Default value
"app"

controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operator💣

Type: string

Default value
"In"

controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values[0]💣

Type: string

Default value
"neuvector-controller-pod"

controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey💣

Type: string

Default value
"kubernetes.io/hostname"

controller.tolerations💣

Type: list

Default value
[]
Default value (formatted)
[]

controller.nodeSelector💣

Type: object

Default value
{}
Default value (formatted)
{}

controller.apisvc.type💣

Type: string

Default value
nil

controller.apisvc.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

controller.apisvc.route.enabled💣

Type: bool

Default value
false

controller.apisvc.route.termination💣

Type: string

Default value
"passthrough"

controller.apisvc.route.host💣

Type: string

Default value
nil

controller.apisvc.route.tls💣

Type: string

Default value
nil

controller.ranchersso.enabled💣

Type: bool

Default value
false

controller.sso.certificateAuthority.secretName💣

Type: string

Default value
""

controller.pvc.enabled💣

Type: bool

Default value
false

controller.pvc.existingClaim💣

Type: bool

Default value
false

controller.pvc.accessModes[0]💣

Type: string

Default value
"ReadWriteMany"

controller.pvc.storageClass💣

Type: string

Default value
nil

controller.pvc.capacity💣

Type: string

Default value
nil

controller.azureFileShare.enabled💣

Type: bool

Default value
false

controller.azureFileShare.secretName💣

Type: string

Default value
nil

controller.azureFileShare.shareName💣

Type: string

Default value
nil

controller.certificate.secret💣

Type: string

Default value
nil

controller.certificate.keyFile💣

Type: string

Default value
"tls.key"

controller.certificate.pemFile💣

Type: string

Default value
"tls.pem"

controller.internal.certificate.secret💣

Type: string

Default value
"neuvector-internal"

controller.internal.certificate.keyFile💣

Type: string

Default value
"tls.key"

controller.internal.certificate.pemFile💣

Type: string

Default value
"tls.crt"

controller.internal.certificate.caFile💣

Type: string

Default value
"ca.crt"

controller.federation.mastersvc.type💣

Type: string

Default value
nil

controller.federation.mastersvc.ingress.enabled💣

Type: bool

Default value
false

controller.federation.mastersvc.ingress.host💣

Type: string

Default value
nil

controller.federation.mastersvc.ingress.ingressClassName💣

Type: string

Default value
""

controller.federation.mastersvc.ingress.path💣

Type: string

Default value
"/"

controller.federation.mastersvc.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”💣

Type: string

Default value
"HTTPS"

controller.federation.mastersvc.ingress.tls💣

Type: bool

Default value
false

controller.federation.mastersvc.ingress.secretName💣

Type: string

Default value
nil

controller.federation.mastersvc.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

controller.federation.mastersvc.route.enabled💣

Type: bool

Default value
false

controller.federation.mastersvc.route.termination💣

Type: string

Default value
"passthrough"

controller.federation.mastersvc.route.host💣

Type: string

Default value
nil

controller.federation.mastersvc.route.tls💣

Type: string

Default value
nil

controller.federation.managedsvc.type💣

Type: string

Default value
nil

controller.federation.managedsvc.ingress.enabled💣

Type: bool

Default value
false

controller.federation.managedsvc.ingress.host💣

Type: string

Default value
nil

controller.federation.managedsvc.ingress.ingressClassName💣

Type: string

Default value
""

controller.federation.managedsvc.ingress.path💣

Type: string

Default value
"/"

controller.federation.managedsvc.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”💣

Type: string

Default value
"HTTPS"

controller.federation.managedsvc.ingress.tls💣

Type: bool

Default value
false

controller.federation.managedsvc.ingress.secretName💣

Type: string

Default value
nil

controller.federation.managedsvc.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

controller.federation.managedsvc.route.enabled💣

Type: bool

Default value
false

controller.federation.managedsvc.route.termination💣

Type: string

Default value
"passthrough"

controller.federation.managedsvc.route.host💣

Type: string

Default value
nil

controller.federation.managedsvc.route.tls💣

Type: string

Default value
nil

controller.ingress.enabled💣

Type: bool

Default value
false

controller.ingress.host💣

Type: string

Default value
nil

controller.ingress.ingressClassName💣

Type: string

Default value
""

controller.ingress.path💣

Type: string

Default value
"/"

controller.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”💣

Type: string

Default value
"HTTPS"

controller.ingress.tls💣

Type: bool

Default value
false

controller.ingress.secretName💣

Type: string

Default value
nil

controller.resources💣

Type: object

Default value
{}
Default value (formatted)
{}

controller.configmap.enabled💣

Type: bool

Default value
false

controller.configmap.data💣

Type: string

Default value
nil

controller.secret.enabled💣

Type: bool

Default value
false

controller.secret.data💣

Type: object

Default value
{}
Default value (formatted)
{}

enforcer.enabled💣

Type: bool

Default value
true

enforcer.image.repository💣

Type: string

Default value
"ironbank/neuvector/neuvector/enforcer"

enforcer.image.hash💣

Type: string

Default value
nil

enforcer.updateStrategy.type💣

Type: string

Default value
"RollingUpdate"

enforcer.priorityClassName💣

Type: string

Default value
nil

enforcer.podLabels💣

Type: object

Default value
{}
Default value (formatted)
{}

enforcer.podAnnotations💣

Type: object

Default value
{}
Default value (formatted)
{}

enforcer.securityContext.runAsNonRoot💣

Type: bool

Default value
true

enforcer.securityContext.runAsUser💣

Type: int

Default value
1000

enforcer.containerSecurityContext.privileged💣

Type: bool

Default value
true

enforcer.containerSecurityContext.capabilities.drop[0]💣

Type: string

Default value
"ALL"

enforcer.env💣

Type: list

Default value
[]
Default value (formatted)
[]

enforcer.tolerations[0].effect💣

Type: string

Default value
"NoSchedule"

enforcer.tolerations[0].key💣

Type: string

Default value
"node-role.kubernetes.io/master"

enforcer.tolerations[1].effect💣

Type: string

Default value
"NoSchedule"

enforcer.tolerations[1].key💣

Type: string

Default value
"node-role.kubernetes.io/control-plane"

enforcer.resources💣

Type: object

Default value
{}
Default value (formatted)
{}

enforcer.internal.certificate.secret💣

Type: string

Default value
"neuvector-internal"

enforcer.internal.certificate.keyFile💣

Type: string

Default value
"tls.key"

enforcer.internal.certificate.pemFile💣

Type: string

Default value
"tls.crt"

enforcer.internal.certificate.caFile💣

Type: string

Default value
"ca.crt"

manager.enabled💣

Type: bool

Default value
true

manager.image.repository💣

Type: string

Default value
"ironbank/neuvector/neuvector/manager"

manager.image.hash💣

Type: string

Default value
nil

manager.priorityClassName💣

Type: string

Default value
nil

manager.env.ssl💣

Type: bool

Default value
false

manager.env.disableFipsInJava💣

Type: bool

Default value
true

manager.svc.type💣

Type: string

Default value
"ClusterIP"

manager.svc.loadBalancerIP💣

Type: string

Default value
nil

manager.svc.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

manager.route.enabled💣

Type: bool

Default value
true

manager.route.termination💣

Type: string

Default value
"passthrough"

manager.route.host💣

Type: string

Default value
nil

manager.route.tls💣

Type: string

Default value
nil

manager.certificate.secret💣

Type: string

Default value
nil

manager.certificate.keyFile💣

Type: string

Default value
"tls.key"

manager.certificate.pemFile💣

Type: string

Default value
"tls.pem"

manager.ingress.enabled💣

Type: bool

Default value
false

manager.ingress.host💣

Type: string

Default value
nil

manager.ingress.ingressClassName💣

Type: string

Default value
""

manager.ingress.path💣

Type: string

Default value
"/"

manager.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”💣

Type: string

Default value
"HTTPS"

manager.ingress.tls💣

Type: bool

Default value
false

manager.ingress.secretName💣

Type: string

Default value
nil

manager.resources💣

Type: object

Default value
{}
Default value (formatted)
{}

manager.affinity💣

Type: object

Default value
{}
Default value (formatted)
{}

manager.podLabels💣

Type: object

Default value
{}
Default value (formatted)
{}

manager.podAnnotations💣

Type: object

Default value
{}
Default value (formatted)
{}

manager.containerSecurityContext.runAsUser💣

Type: int

Default value
1000

manager.containerSecurityContext.runAsNonRoot💣

Type: bool

Default value
true

manager.containerSecurityContext.capabilities.drop[0]💣

Type: string

Default value
"ALL"

manager.tolerations💣

Type: list

Default value
[]
Default value (formatted)
[]

manager.nodeSelector💣

Type: object

Default value
{}
Default value (formatted)
{}

manager.securityContext.runAsNonRoot💣

Type: bool

Default value
true

manager.securityContext.runAsUser💣

Type: int

Default value
1000

cve.updater.enabled💣

Type: bool

Default value
true

cve.updater.secure💣

Type: bool

Default value
false

cve.updater.image.repository💣

Type: string

Default value
"ironbank/big-bang/base"

cve.updater.image.tag💣

Type: string

Default value
"2.0.0"

cve.updater.image.hash💣

Type: string

Default value
nil

cve.updater.schedule💣

Type: string

Default value
"0 0 * * *"

cve.updater.priorityClassName💣

Type: string

Default value
nil

cve.updater.podLabels💣

Type: object

Default value
{}
Default value (formatted)
{}

cve.updater.podAnnotations💣

Type: object

Default value
{}
Default value (formatted)
{}

cve.updater.nodeSelector💣

Type: object

Default value
{}
Default value (formatted)
{}

cve.updater.securityContext.runAsUser💣

Type: int

Default value
1000

cve.updater.securityContext.runAsNonRoot💣

Type: bool

Default value
true

cve.updater.containerSecurityContext.runAsUser💣

Type: int

Default value
1000

cve.updater.containerSecurityContext.runAsNonRoot💣

Type: bool

Default value
true

cve.updater.containerSecurityContext.capabilities.drop[0]💣

Type: string

Default value
"ALL"

cve.scanner.enabled💣

Type: bool

Default value
true

cve.scanner.replicas💣

Type: int

Default value
3

cve.scanner.dockerPath💣

Type: string

Default value
""

cve.scanner.strategy.type💣

Type: string

Default value
"RollingUpdate"

cve.scanner.strategy.rollingUpdate.maxSurge💣

Type: int

Default value
1

cve.scanner.strategy.rollingUpdate.maxUnavailable💣

Type: int

Default value
0

cve.scanner.image.repository💣

Type: string

Default value
"ironbank/neuvector/neuvector/scanner"

cve.scanner.image.tag💣

Type: int

Default value
5

cve.scanner.image.hash💣

Type: string

Default value
nil

cve.scanner.priorityClassName💣

Type: string

Default value
nil

cve.scanner.resources💣

Type: object

Default value
{}
Default value (formatted)
{}

cve.scanner.affinity💣

Type: object

Default value
{}
Default value (formatted)
{}

cve.scanner.podLabels💣

Type: object

Default value
{}
Default value (formatted)
{}

cve.scanner.podAnnotations💣

Type: object

Default value
{}
Default value (formatted)
{}

cve.scanner.env💣

Type: list

Default value
[]
Default value (formatted)
[]

cve.scanner.tolerations💣

Type: list

Default value
[]
Default value (formatted)
[]

cve.scanner.nodeSelector💣

Type: object

Default value
{}
Default value (formatted)
{}

cve.scanner.securityContext.runAsNonRoot💣

Type: bool

Default value
true

cve.scanner.securityContext.runAsUser💣

Type: int

Default value
1000

cve.scanner.internal.certificate.secret💣

Type: string

Default value
"neuvector-internal"

cve.scanner.internal.certificate.keyFile💣

Type: string

Default value
"tls.key"

cve.scanner.internal.certificate.pemFile💣

Type: string

Default value
"tls.crt"

cve.scanner.internal.certificate.caFile💣

Type: string

Default value
"ca.crt"

cve.scanner.containerSecurityContext.runAsUser💣

Type: int

Default value
1000

cve.scanner.containerSecurityContext.runAsNonRoot💣

Type: bool

Default value
true

cve.scanner.containerSecurityContext.capabilities.drop[0]💣

Type: string

Default value
"ALL"

docker.path💣

Type: string

Default value
"/var/run/docker.sock"

resources💣

Type: object

Default value
{}
Default value (formatted)
{}

k3s.enabled💣

Type: bool

Default value
false

k3s.runtimePath💣

Type: string

Default value
"/run/k3s/containerd/containerd.sock"

bottlerocket.enabled💣

Type: bool

Default value
false

bottlerocket.runtimePath💣

Type: string

Default value
"/run/dockershim.sock"

containerd.enabled💣

Type: bool

Default value
false

containerd.path💣

Type: string

Default value
"/var/run/containerd/containerd.sock"

crio.enabled💣

Type: bool

Default value
false

crio.path💣

Type: string

Default value
"/var/run/crio/crio.sock"

admissionwebhook.type💣

Type: string

Default value
"ClusterIP"

crdwebhook.enabled💣

Type: bool

Default value
true

crdwebhook.type💣

Type: string

Default value
"ClusterIP"

domain💣

Type: string

Default value
"bigbang.dev"

istio.enabled💣

Type: bool

Default value
false

istio.injection💣

Type: string

Default value
"disabled"

istio.neuvector.enabled💣

Type: bool

Default value
true

istio.neuvector.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

istio.neuvector.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

istio.neuvector.gateways[0]💣

Type: string

Default value
"istio-system/main"

istio.neuvector.hosts[0]💣

Type: string

Default value
"neuvector.{{ .Values.domain }}"

istio.mtls💣

Type: object

Default value
{"mode":"STRICT"}
Default value (formatted)
{
  "mode": "STRICT"
}

Description: Default neuvector peer authentication

istio.mtls.mode💣

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic

monitoring.enabled💣

Type: bool

Default value
false

monitoring.namespace💣

Type: string

Default value
"monitoring"

networkPolicies.enabled💣

Type: bool

Default value
false

networkPolicies.ingressLabels.app💣

Type: string

Default value
"istio-ingressgateway"

networkPolicies.ingressLabels.istio💣

Type: string

Default value
"ingressgateway"

networkPolicies.controlPlaneCidr💣

Type: string

Default value
"0.0.0.0/0"

monitor.imagePullSecrets💣

Type: string

Default value
"private-registry"

bbtests.enabled💣

Type: bool

Default value
false

bbtests.cypress.artifacts💣

Type: bool

Default value
true

bbtests.cypress.envs.cypress_url💣

Type: string

Default value
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"

bbtests.scripts.envs.URL💣

Type: string

Default value
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"