neuvector values.yaml
π
openshiftπ
Type: bool
false
registryπ
Type: string
"registry1.dso.mil"
tagπ
Type: string
"5.2.2"
oemπ
Type: string
nil
imagePullSecretsπ
Type: string
"private-registry"
pspπ
Type: bool
false
rbacπ
Type: bool
true
serviceAccountπ
Type: string
"default"
leastPrivilegeπ
Type: bool
false
global.cattle.urlπ
Type: string
nil
global.azure.enabledπ
Type: bool
false
global.azure.identity.clientIdπ
Type: string
"DONOTMODIFY"
global.azure.marketplace.planIdπ
Type: string
"DONOTMODIFY"
global.azure.extension.resourceIdπ
Type: string
"DONOTMODIFY"
global.azure.serviceAccountπ
Type: string
"csp"
global.azure.imagePullSecretsπ
Type: string
nil
global.azure.images.neuvector_csp_pod.digestπ
Type: string
nil
global.azure.images.neuvector_csp_pod.imageπ
Type: string
"neuvector-billing-azure-by-suse-llc"
global.azure.images.neuvector_csp_pod.registryπ
Type: string
"susellcforazuremarketplace.azurecr.io"
global.azure.images.neuvector_csp_pod.imagePullPolicyπ
Type: string
"IfNotPresent"
global.azure.images.controller.digestπ
Type: string
""
global.azure.images.controller.imageπ
Type: string
"neuvector/controller"
global.azure.images.controller.registryπ
Type: string
"docker.io"
global.azure.images.manager.digestπ
Type: string
""
global.azure.images.manager.imageπ
Type: string
"neuvector/manager"
global.azure.images.manager.registryπ
Type: string
"docker.io"
global.azure.images.scanner.digestπ
Type: string
""
global.azure.images.scanner.imageπ
Type: string
"neuvector/scanner"
global.azure.images.scanner.registryπ
Type: string
"docker.io"
global.azure.images.enforcer.digestπ
Type: string
""
global.azure.images.enforcer.imageπ
Type: string
"neuvector/enforcer"
global.azure.images.enforcer.registryπ
Type: string
"docker.io"
global.aws.enabledπ
Type: bool
false
global.aws.accountNumberπ
Type: string
""
global.aws.roleNameπ
Type: string
""
global.aws.serviceAccountπ
Type: string
"csp"
global.aws.annotationsπ
Type: object
{}
Default value (formatted)
{}
global.aws.imagePullSecretsπ
Type: string
nil
global.aws.image.digestπ
Type: string
nil
global.aws.image.repositoryπ
Type: string
"neuvector/neuvector-csp-adapter"
global.aws.image.tagπ
Type: string
"latest"
global.aws.image.imagePullPolicyπ
Type: string
"IfNotPresent"
autoGenerateCertπ
Type: bool
true
defaultValidityPeriodπ
Type: int
365
internal.certmanager.enabledπ
Type: bool
false
internal.certmanager.secretnameπ
Type: string
"neuvector-internal"
controller.enabledπ
Type: bool
true
controller.annotationsπ
Type: object
{}
Default value (formatted)
{}
controller.strategy.typeπ
Type: string
"RollingUpdate"
controller.strategy.rollingUpdate.maxSurgeπ
Type: int
1
controller.strategy.rollingUpdate.maxUnavailableπ
Type: int
0
controller.image.repositoryπ
Type: string
"ironbank/neuvector/neuvector/controller"
controller.image.hashπ
Type: string
nil
controller.replicasπ
Type: int
3
controller.disruptionbudgetπ
Type: int
0
controller.schedulerNameπ
Type: string
nil
controller.priorityClassNameπ
Type: string
nil
controller.podLabelsπ
Type: object
{}
Default value (formatted)
{}
controller.podAnnotationsπ
Type: object
{}
Default value (formatted)
{}
controller.containerSecurityContext.privilegedπ
Type: bool
true
controller.containerSecurityContext.runAsUserπ
Type: int
1000
controller.containerSecurityContext.runAsNonRootπ
Type: bool
true
controller.containerSecurityContext.capabilities.drop[0]π
Type: string
"ALL"
controller.envπ
Type: list
[]
Default value (formatted)
[]
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weightπ
Type: int
100
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].keyπ
Type: string
"app"
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operatorπ
Type: string
"In"
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values[0]π
Type: string
"neuvector-controller-pod"
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKeyπ
Type: string
"kubernetes.io/hostname"
controller.tolerationsπ
Type: list
[]
Default value (formatted)
[]
controller.nodeSelectorπ
Type: object
{}
Default value (formatted)
{}
controller.apisvc.typeπ
Type: string
nil
controller.apisvc.annotationsπ
Type: object
{}
Default value (formatted)
{}
controller.apisvc.route.enabledπ
Type: bool
false
controller.apisvc.route.terminationπ
Type: string
"passthrough"
controller.apisvc.route.hostπ
Type: string
nil
controller.apisvc.route.tlsπ
Type: string
nil
controller.ranchersso.enabledπ
Type: bool
false
controller.sso.certificateAuthority.secretNameπ
Type: string
""
controller.pvc.enabledπ
Type: bool
false
controller.pvc.existingClaimπ
Type: bool
false
controller.pvc.accessModes[0]π
Type: string
"ReadWriteMany"
controller.pvc.storageClassπ
Type: string
nil
controller.pvc.capacityπ
Type: string
nil
controller.azureFileShare.enabledπ
Type: bool
false
controller.azureFileShare.secretNameπ
Type: string
nil
controller.azureFileShare.shareNameπ
Type: string
nil
controller.certificate.secretπ
Type: string
nil
controller.certificate.keyFileπ
Type: string
"tls.key"
controller.certificate.pemFileπ
Type: string
"tls.pem"
controller.internal.certificate.secretπ
Type: string
"neuvector-internal"
controller.internal.certificate.keyFileπ
Type: string
"tls.key"
controller.internal.certificate.pemFileπ
Type: string
"tls.crt"
controller.internal.certificate.caFileπ
Type: string
"ca.crt"
controller.federation.mastersvc.typeπ
Type: string
nil
controller.federation.mastersvc.ingress.enabledπ
Type: bool
false
controller.federation.mastersvc.ingress.hostπ
Type: string
nil
controller.federation.mastersvc.ingress.ingressClassNameπ
Type: string
""
controller.federation.mastersvc.ingress.pathπ
Type: string
"/"
controller.federation.mastersvc.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”π
Type: string
"HTTPS"
controller.federation.mastersvc.ingress.tlsπ
Type: bool
false
controller.federation.mastersvc.ingress.secretNameπ
Type: string
nil
controller.federation.mastersvc.annotationsπ
Type: object
{}
Default value (formatted)
{}
controller.federation.mastersvc.route.enabledπ
Type: bool
false
controller.federation.mastersvc.route.terminationπ
Type: string
"passthrough"
controller.federation.mastersvc.route.hostπ
Type: string
nil
controller.federation.mastersvc.route.tlsπ
Type: string
nil
controller.federation.managedsvc.typeπ
Type: string
nil
controller.federation.managedsvc.ingress.enabledπ
Type: bool
false
controller.federation.managedsvc.ingress.hostπ
Type: string
nil
controller.federation.managedsvc.ingress.ingressClassNameπ
Type: string
""
controller.federation.managedsvc.ingress.pathπ
Type: string
"/"
controller.federation.managedsvc.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”π
Type: string
"HTTPS"
controller.federation.managedsvc.ingress.tlsπ
Type: bool
false
controller.federation.managedsvc.ingress.secretNameπ
Type: string
nil
controller.federation.managedsvc.annotationsπ
Type: object
{}
Default value (formatted)
{}
controller.federation.managedsvc.route.enabledπ
Type: bool
false
controller.federation.managedsvc.route.terminationπ
Type: string
"passthrough"
controller.federation.managedsvc.route.hostπ
Type: string
nil
controller.federation.managedsvc.route.tlsπ
Type: string
nil
controller.ingress.enabledπ
Type: bool
false
controller.ingress.hostπ
Type: string
nil
controller.ingress.ingressClassNameπ
Type: string
""
controller.ingress.pathπ
Type: string
"/"
controller.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”π
Type: string
"HTTPS"
controller.ingress.tlsπ
Type: bool
false
controller.ingress.secretNameπ
Type: string
nil
controller.resourcesπ
Type: object
{}
Default value (formatted)
{}
controller.configmap.enabledπ
Type: bool
false
controller.configmap.dataπ
Type: string
nil
controller.secret.enabledπ
Type: bool
false
controller.secret.data.”userinitcfg.yaml”.users[0].Fullnameπ
Type: string
"admin"
controller.secret.data.”userinitcfg.yaml”.users[0].Passwordπ
Type: string
nil
controller.secret.data.”userinitcfg.yaml”.users[0].Roleπ
Type: string
"admin"
enforcer.enabledπ
Type: bool
true
enforcer.image.repositoryπ
Type: string
"ironbank/neuvector/neuvector/enforcer"
enforcer.image.hashπ
Type: string
nil
enforcer.updateStrategy.typeπ
Type: string
"RollingUpdate"
enforcer.priorityClassNameπ
Type: string
nil
enforcer.podLabelsπ
Type: object
{}
Default value (formatted)
{}
enforcer.podAnnotationsπ
Type: object
{}
Default value (formatted)
{}
enforcer.containerSecurityContext.privilegedπ
Type: bool
true
enforcer.containerSecurityContext.runAsGroupπ
Type: int
1000
enforcer.containerSecurityContext.capabilities.drop[0]π
Type: string
"ALL"
enforcer.envπ
Type: list
[]
Default value (formatted)
[]
enforcer.tolerations[0].effectπ
Type: string
"NoSchedule"
enforcer.tolerations[0].keyπ
Type: string
"node-role.kubernetes.io/master"
enforcer.tolerations[1].effectπ
Type: string
"NoSchedule"
enforcer.tolerations[1].keyπ
Type: string
"node-role.kubernetes.io/control-plane"
enforcer.resourcesπ
Type: object
{}
Default value (formatted)
{}
enforcer.internal.certificate.secretπ
Type: string
"neuvector-internal"
enforcer.internal.certificate.keyFileπ
Type: string
"tls.key"
enforcer.internal.certificate.pemFileπ
Type: string
"tls.crt"
enforcer.internal.certificate.caFileπ
Type: string
"ca.crt"
manager.enabledπ
Type: bool
true
manager.image.repositoryπ
Type: string
"ironbank/neuvector/neuvector/manager"
manager.image.hashπ
Type: string
nil
manager.priorityClassNameπ
Type: string
nil
manager.env.sslπ
Type: bool
false
manager.env.envs[0].nameπ
Type: string
"JDK_JAVA_OPTIONS"
manager.env.envs[0].valueπ
Type: string
"-Dcom.redhat.fips=false"
manager.svc.typeπ
Type: string
"ClusterIP"
manager.svc.loadBalancerIPπ
Type: string
nil
manager.svc.annotationsπ
Type: object
{}
Default value (formatted)
{}
manager.route.enabledπ
Type: bool
true
manager.route.terminationπ
Type: string
"passthrough"
manager.route.hostπ
Type: string
nil
manager.route.tlsπ
Type: string
nil
manager.certificate.secretπ
Type: string
nil
manager.certificate.keyFileπ
Type: string
"tls.key"
manager.certificate.pemFileπ
Type: string
"tls.pem"
manager.ingress.enabledπ
Type: bool
false
manager.ingress.hostπ
Type: string
nil
manager.ingress.ingressClassNameπ
Type: string
""
manager.ingress.pathπ
Type: string
"/"
manager.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”π
Type: string
"HTTPS"
manager.ingress.tlsπ
Type: bool
false
manager.ingress.secretNameπ
Type: string
nil
manager.resourcesπ
Type: object
{}
Default value (formatted)
{}
manager.affinityπ
Type: object
{}
Default value (formatted)
{}
manager.podLabelsπ
Type: object
{}
Default value (formatted)
{}
manager.podAnnotationsπ
Type: object
{}
Default value (formatted)
{}
manager.containerSecurityContext.runAsUserπ
Type: int
1000
manager.containerSecurityContext.runAsGroupπ
Type: int
1000
manager.containerSecurityContext.runAsNonRootπ
Type: bool
true
manager.containerSecurityContext.capabilities.drop[0]π
Type: string
"ALL"
manager.tolerationsπ
Type: list
[]
Default value (formatted)
[]
manager.nodeSelectorπ
Type: object
{}
Default value (formatted)
{}
manager.securityContext.runAsNonRootπ
Type: bool
true
manager.securityContext.runAsUserπ
Type: int
1000
manager.securityContext.runAsGroupπ
Type: int
1000
manager.securityContext.fsGroupπ
Type: int
1000
cve.adapter.enabledπ
Type: bool
false
cve.adapter.image.repositoryπ
Type: string
"neuvector/registry-adapter"
cve.adapter.image.tagπ
Type: string
"0.1.0"
cve.adapter.image.hashπ
Type: string
nil
cve.adapter.priorityClassNameπ
Type: string
nil
cve.adapter.resourcesπ
Type: object
{}
Default value (formatted)
{}
cve.adapter.affinityπ
Type: object
{}
Default value (formatted)
{}
cve.adapter.podLabelsπ
Type: object
{}
Default value (formatted)
{}
cve.adapter.podAnnotationsπ
Type: object
{}
Default value (formatted)
{}
cve.adapter.envπ
Type: list
[]
Default value (formatted)
[]
cve.adapter.tolerationsπ
Type: list
[]
Default value (formatted)
[]
cve.adapter.nodeSelectorπ
Type: object
{}
Default value (formatted)
{}
cve.adapter.runAsUserπ
Type: string
nil
cve.adapter.certificate.secretπ
Type: string
nil
cve.adapter.certificate.keyFileπ
Type: string
"tls.key"
cve.adapter.certificate.pemFileπ
Type: string
"tls.pem"
cve.adapter.harbor.protocolπ
Type: string
"https"
cve.adapter.harbor.secretNameπ
Type: string
nil
cve.adapter.svc.typeπ
Type: string
"NodePort"
cve.adapter.svc.loadBalancerIPπ
Type: string
nil
cve.adapter.svc.annotationsπ
Type: object
{}
Default value (formatted)
{}
cve.adapter.route.enabledπ
Type: bool
true
cve.adapter.route.terminationπ
Type: string
"passthrough"
cve.adapter.route.hostπ
Type: string
nil
cve.adapter.route.tlsπ
Type: string
nil
cve.adapter.ingress.enabledπ
Type: bool
false
cve.adapter.ingress.hostπ
Type: string
nil
cve.adapter.ingress.ingressClassNameπ
Type: string
""
cve.adapter.ingress.pathπ
Type: string
"/"
cve.adapter.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”π
Type: string
"HTTPS"
cve.adapter.ingress.tlsπ
Type: bool
false
cve.adapter.ingress.secretNameπ
Type: string
nil
cve.adapter.internal.certificate.secretπ
Type: string
"neuvector-internal"
cve.adapter.internal.certificate.keyFileπ
Type: string
"tls.key"
cve.adapter.internal.certificate.pemFileπ
Type: string
"tls.crt"
cve.adapter.internal.certificate.caFileπ
Type: string
"ca.crt"
cve.updater.enabledπ
Type: bool
true
cve.updater.secureπ
Type: bool
false
cve.updater.cacertπ
Type: string
"/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
cve.updater.image.repositoryπ
Type: string
"ironbank/big-bang/base"
cve.updater.image.tagπ
Type: string
"2.1.0"
cve.updater.image.hashπ
Type: string
nil
cve.updater.scheduleπ
Type: string
"0 0 * * *"
cve.updater.priorityClassNameπ
Type: string
nil
cve.updater.podLabelsπ
Type: object
{}
Default value (formatted)
{}
cve.updater.podAnnotationsπ
Type: object
{}
Default value (formatted)
{}
cve.updater.nodeSelectorπ
Type: object
{}
Default value (formatted)
{}
cve.updater.securityContext.runAsUserπ
Type: int
1000
cve.updater.securityContext.runAsGroupπ
Type: int
1000
cve.updater.securityContext.fsGroupπ
Type: int
1000
cve.updater.securityContext.runAsNonRootπ
Type: bool
true
cve.updater.containerSecurityContext.runAsUserπ
Type: int
1000
cve.updater.containerSecurityContext.runAsGroupπ
Type: int
1000
cve.updater.containerSecurityContext.runAsNonRootπ
Type: bool
true
cve.updater.containerSecurityContext.capabilities.drop[0]π
Type: string
"ALL"
cve.scanner.enabledπ
Type: bool
true
cve.scanner.replicasπ
Type: int
3
cve.scanner.dockerPathπ
Type: string
""
cve.scanner.strategy.typeπ
Type: string
"RollingUpdate"
cve.scanner.strategy.rollingUpdate.maxSurgeπ
Type: int
1
cve.scanner.strategy.rollingUpdate.maxUnavailableπ
Type: int
0
cve.scanner.image.repositoryπ
Type: string
"ironbank/neuvector/neuvector/scanner"
cve.scanner.image.tagπ
Type: int
5
cve.scanner.image.hashπ
Type: string
nil
cve.scanner.priorityClassNameπ
Type: string
nil
cve.scanner.resourcesπ
Type: object
{}
Default value (formatted)
{}
cve.scanner.affinityπ
Type: object
{}
Default value (formatted)
{}
cve.scanner.podLabelsπ
Type: object
{}
Default value (formatted)
{}
cve.scanner.podAnnotationsπ
Type: object
{}
Default value (formatted)
{}
cve.scanner.envπ
Type: list
[]
Default value (formatted)
[]
cve.scanner.tolerationsπ
Type: list
[]
Default value (formatted)
[]
cve.scanner.nodeSelectorπ
Type: object
{}
Default value (formatted)
{}
cve.scanner.securityContext.runAsNonRootπ
Type: bool
true
cve.scanner.securityContext.runAsUserπ
Type: int
1000
cve.scanner.securityContext.runAsGroupπ
Type: int
1000
cve.scanner.securityContext.fsGroupπ
Type: int
1000
cve.scanner.internal.certificate.secretπ
Type: string
"neuvector-internal"
cve.scanner.internal.certificate.keyFileπ
Type: string
"tls.key"
cve.scanner.internal.certificate.pemFileπ
Type: string
"tls.crt"
cve.scanner.internal.certificate.caFileπ
Type: string
"ca.crt"
cve.scanner.containerSecurityContext.runAsUserπ
Type: int
1000
cve.scanner.containerSecurityContext.runAsGroupπ
Type: int
1000
cve.scanner.containerSecurityContext.runAsNonRootπ
Type: bool
true
cve.scanner.containerSecurityContext.capabilities.drop[0]π
Type: string
"ALL"
docker.pathπ
Type: string
"/var/run/docker.sock"
resourcesπ
Type: object
{}
Default value (formatted)
{}
k3s.enabledπ
Type: bool
false
k3s.runtimePathπ
Type: string
"/run/k3s/containerd/containerd.sock"
bottlerocket.enabledπ
Type: bool
false
bottlerocket.runtimePathπ
Type: string
"/run/dockershim.sock"
containerd.enabledπ
Type: bool
false
containerd.pathπ
Type: string
"/var/run/containerd/containerd.sock"
crio.enabledπ
Type: bool
false
crio.pathπ
Type: string
"/var/run/crio/crio.sock"
admissionwebhook.typeπ
Type: string
"ClusterIP"
crdwebhook.enabledπ
Type: bool
true
crdwebhook.typeπ
Type: string
"ClusterIP"
domainπ
Type: string
"bigbang.dev"
istio.enabledπ
Type: bool
false
istio.injectionπ
Type: string
"enabled"
istio.hardened.enabledπ
Type: bool
false
istio.hardened.matchLabelsπ
Type: object
{}
Default value (formatted)
{}
istio.hardened.customAuthorizationPoliciesπ
Type: list
[]
Default value (formatted)
[]
istio.neuvector.enabledπ
Type: bool
true
istio.neuvector.annotationsπ
Type: object
{}
Default value (formatted)
{}
istio.neuvector.labelsπ
Type: object
{}
Default value (formatted)
{}
istio.neuvector.gateways[0]π
Type: string
"istio-system/main"
istio.neuvector.hosts[0]π
Type: string
"neuvector.{{ .Values.domain }}"
istio.mtlsπ
Type: object
{"mode":"STRICT"}
Default value (formatted)
{
"mode": "STRICT"
}
Description: Default neuvector peer authentication
istio.mtls.modeπ
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
monitoring.enabledπ
Type: bool
false
monitoring.namespaceπ
Type: string
"monitoring"
networkPolicies.enabledπ
Type: bool
false
networkPolicies.ingressLabels.appπ
Type: string
"istio-ingressgateway"
networkPolicies.ingressLabels.istioπ
Type: string
"ingressgateway"
networkPolicies.controlPlaneCidrπ
Type: string
"0.0.0.0/0"
monitor.imagePullSecretsπ
Type: string
"private-registry"
bbtests.enabledπ
Type: bool
false
bbtests.cypress.artifactsπ
Type: bool
true
bbtests.cypress.envs.cypress_urlπ
Type: string
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"
bbtests.scripts.envs.URLπ
Type: string
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"