neuvector values.yaml
📜
openshift📜
Type: bool
false
registry📜
Type: string
"registry1.dso.mil"
tag📜
Type: string
"5.3.3"
oem📜
Type: string
nil
imagePullSecrets📜
Type: string
"private-registry"
psp📜
Type: bool
false
rbac📜
Type: bool
true
serviceAccount📜
Type: string
"default"
leastPrivilege📜
Type: bool
false
global.cattle.url📜
Type: string
nil
global.azure.enabled📜
Type: bool
false
global.azure.identity.clientId📜
Type: string
"DONOTMODIFY"
global.azure.marketplace.planId📜
Type: string
"DONOTMODIFY"
global.azure.extension.resourceId📜
Type: string
"DONOTMODIFY"
global.azure.serviceAccount📜
Type: string
"csp"
global.azure.imagePullSecrets📜
Type: string
nil
global.azure.images.neuvector_csp_pod.tag📜
Type: string
"latest"
global.azure.images.neuvector_csp_pod.image📜
Type: string
"neuvector-billing-azure-by-suse-llc"
global.azure.images.neuvector_csp_pod.registry📜
Type: string
"registry.suse.de/suse/sle-15-sp5/update/pubclouds/images"
global.azure.images.neuvector_csp_pod.imagePullPolicy📜
Type: string
"IfNotPresent"
global.azure.images.controller.tag📜
Type: string
"5.2.4"
global.azure.images.controller.image📜
Type: string
"controller"
global.azure.images.controller.registry📜
Type: string
"docker.io/neuvector"
global.azure.images.manager.tag📜
Type: string
"5.2.4"
global.azure.images.manager.image📜
Type: string
"manager"
global.azure.images.manager.registry📜
Type: string
"docker.io/neuvector"
global.azure.images.enforcer.tag📜
Type: string
"5.2.4"
global.azure.images.enforcer.image📜
Type: string
"enforcer"
global.azure.images.enforcer.registry📜
Type: string
"docker.io/neuvector"
global.aws.enabled📜
Type: bool
false
global.aws.accountNumber📜
Type: string
""
global.aws.roleName📜
Type: string
""
global.aws.serviceAccount📜
Type: string
"csp"
global.aws.annotations📜
Type: object
{}
global.aws.imagePullSecrets📜
Type: string
nil
global.aws.image.digest📜
Type: string
""
global.aws.image.repository📜
Type: string
"neuvector/neuvector-csp-adapter"
global.aws.image.tag📜
Type: string
"latest"
global.aws.image.imagePullPolicy📜
Type: string
"IfNotPresent"
autoGenerateCert📜
Type: bool
true
defaultValidityPeriod📜
Type: int
365
internal.certmanager.enabled📜
Type: bool
false
internal.certmanager.secretname📜
Type: string
"neuvector-internal"
controller.enabled📜
Type: bool
true
controller.annotations📜
Type: object
{}
controller.strategy.type📜
Type: string
"RollingUpdate"
controller.strategy.rollingUpdate.maxSurge📜
Type: int
1
controller.strategy.rollingUpdate.maxUnavailable📜
Type: int
0
controller.image.repository📜
Type: string
"ironbank/neuvector/neuvector/controller"
controller.image.hash📜
Type: string
nil
controller.replicas📜
Type: int
3
controller.disruptionbudget📜
Type: int
0
controller.schedulerName📜
Type: string
nil
controller.priorityClassName📜
Type: string
nil
controller.podLabels📜
Type: object
{}
controller.podAnnotations📜
Type: object
{}
controller.containerSecurityContext.privileged📜
Type: bool
true
controller.containerSecurityContext.runAsUser📜
Type: int
1000
controller.containerSecurityContext.runAsNonRoot📜
Type: bool
true
controller.containerSecurityContext.capabilities.drop[0]📜
Type: string
"ALL"
controller.env📜
Type: list
[]
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight📜
Type: int
100
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].key📜
Type: string
"app"
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operator📜
Type: string
"In"
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values[0]📜
Type: string
"neuvector-controller-pod"
controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey📜
Type: string
"kubernetes.io/hostname"
controller.tolerations📜
Type: list
[]
controller.topologySpreadConstraints📜
Type: list
[]
controller.nodeSelector📜
Type: object
{}
controller.apisvc.type📜
Type: string
nil
controller.apisvc.annotations📜
Type: object
{}
controller.apisvc.route.enabled📜
Type: bool
false
controller.apisvc.route.termination📜
Type: string
"passthrough"
controller.apisvc.route.host📜
Type: string
nil
controller.apisvc.route.tls📜
Type: string
nil
controller.ranchersso.enabled📜
Type: bool
false
controller.sso.certificateAuthority.secretName📜
Type: string
""
controller.pvc.enabled📜
Type: bool
false
controller.pvc.existingClaim📜
Type: bool
false
controller.pvc.accessModes[0]📜
Type: string
"ReadWriteMany"
controller.pvc.storageClass📜
Type: string
nil
controller.pvc.capacity📜
Type: string
nil
controller.azureFileShare.enabled📜
Type: bool
false
controller.azureFileShare.secretName📜
Type: string
nil
controller.azureFileShare.shareName📜
Type: string
nil
controller.certificate.secret📜
Type: string
""
controller.certificate.keyFile📜
Type: string
"tls.key"
controller.certificate.pemFile📜
Type: string
"tls.pem"
controller.internal.certificate.secret📜
Type: string
""
controller.internal.certificate.keyFile📜
Type: string
"tls.key"
controller.internal.certificate.pemFile📜
Type: string
"tls.crt"
controller.internal.certificate.caFile📜
Type: string
"ca.crt"
controller.federation.mastersvc.type📜
Type: string
nil
controller.federation.mastersvc.loadBalancerIP📜
Type: string
nil
controller.federation.mastersvc.clusterIP📜
Type: string
nil
controller.federation.mastersvc.nodePort📜
Type: string
nil
controller.federation.mastersvc.externalTrafficPolicy📜
Type: string
nil
controller.federation.mastersvc.internalTrafficPolicy📜
Type: string
nil
controller.federation.mastersvc.ingress.enabled📜
Type: bool
false
controller.federation.mastersvc.ingress.host📜
Type: string
nil
controller.federation.mastersvc.ingress.ingressClassName📜
Type: string
""
controller.federation.mastersvc.ingress.path📜
Type: string
"/"
controller.federation.mastersvc.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”📜
Type: string
"HTTPS"
controller.federation.mastersvc.ingress.tls📜
Type: bool
false
controller.federation.mastersvc.ingress.secretName📜
Type: string
nil
controller.federation.mastersvc.annotations📜
Type: object
{}
controller.federation.mastersvc.route.enabled📜
Type: bool
false
controller.federation.mastersvc.route.termination📜
Type: string
"passthrough"
controller.federation.mastersvc.route.host📜
Type: string
nil
controller.federation.mastersvc.route.tls📜
Type: string
nil
controller.federation.managedsvc.type📜
Type: string
nil
controller.federation.managedsvc.loadBalancerIP📜
Type: string
nil
controller.federation.managedsvc.clusterIP📜
Type: string
nil
controller.federation.managedsvc.nodePort📜
Type: string
nil
controller.federation.managedsvc.externalTrafficPolicy📜
Type: string
nil
controller.federation.managedsvc.internalTrafficPolicy📜
Type: string
nil
controller.federation.managedsvc.ingress.enabled📜
Type: bool
false
controller.federation.managedsvc.ingress.host📜
Type: string
nil
controller.federation.managedsvc.ingress.ingressClassName📜
Type: string
""
controller.federation.managedsvc.ingress.path📜
Type: string
"/"
controller.federation.managedsvc.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”📜
Type: string
"HTTPS"
controller.federation.managedsvc.ingress.tls📜
Type: bool
false
controller.federation.managedsvc.ingress.secretName📜
Type: string
nil
controller.federation.managedsvc.annotations📜
Type: object
{}
controller.federation.managedsvc.route.enabled📜
Type: bool
false
controller.federation.managedsvc.route.termination📜
Type: string
"passthrough"
controller.federation.managedsvc.route.host📜
Type: string
nil
controller.federation.managedsvc.route.tls📜
Type: string
nil
controller.ingress.enabled📜
Type: bool
false
controller.ingress.host📜
Type: string
nil
controller.ingress.ingressClassName📜
Type: string
""
controller.ingress.path📜
Type: string
"/"
controller.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”📜
Type: string
"HTTPS"
controller.ingress.tls📜
Type: bool
false
controller.ingress.secretName📜
Type: string
nil
controller.resources📜
Type: object
{}
controller.configmap.enabled📜
Type: bool
false
controller.configmap.data📜
Type: string
nil
controller.secret.enabled📜
Type: bool
false
controller.secret.data.”userinitcfg.yaml”.users[0].Fullname📜
Type: string
"admin"
controller.secret.data.”userinitcfg.yaml”.users[0].Password📜
Type: string
nil
controller.secret.data.”userinitcfg.yaml”.users[0].Role📜
Type: string
"admin"
enforcer.enabled📜
Type: bool
true
enforcer.image.repository📜
Type: string
"ironbank/neuvector/neuvector/enforcer"
enforcer.image.hash📜
Type: string
nil
enforcer.updateStrategy.type📜
Type: string
"RollingUpdate"
enforcer.priorityClassName📜
Type: string
nil
enforcer.podLabels📜
Type: object
{}
enforcer.podAnnotations📜
Type: object
{}
enforcer.containerSecurityContext.privileged📜
Type: bool
true
enforcer.containerSecurityContext.runAsGroup📜
Type: int
1000
enforcer.containerSecurityContext.capabilities.drop[0]📜
Type: string
"ALL"
enforcer.env📜
Type: list
[]
enforcer.tolerations[0].effect📜
Type: string
"NoSchedule"
enforcer.tolerations[0].key📜
Type: string
"node-role.kubernetes.io/master"
enforcer.tolerations[1].effect📜
Type: string
"NoSchedule"
enforcer.tolerations[1].key📜
Type: string
"node-role.kubernetes.io/control-plane"
enforcer.resources📜
Type: object
{}
enforcer.internal.certificate.secret📜
Type: string
""
enforcer.internal.certificate.keyFile📜
Type: string
"tls.key"
enforcer.internal.certificate.pemFile📜
Type: string
"tls.crt"
enforcer.internal.certificate.caFile📜
Type: string
"ca.crt"
manager.enabled📜
Type: bool
true
manager.image.repository📜
Type: string
"ironbank/neuvector/neuvector/manager"
manager.image.hash📜
Type: string
nil
manager.priorityClassName📜
Type: string
nil
manager.env.ssl📜
Type: bool
false
manager.env.envs[0].name📜
Type: string
"JDK_JAVA_OPTIONS"
manager.env.envs[0].value📜
Type: string
"-Dcom.redhat.fips=false"
manager.svc.type📜
Type: string
"ClusterIP"
manager.svc.loadBalancerIP📜
Type: string
nil
manager.svc.annotations📜
Type: object
{}
manager.route.enabled📜
Type: bool
true
manager.route.termination📜
Type: string
"passthrough"
manager.route.host📜
Type: string
nil
manager.route.tls📜
Type: string
nil
manager.certificate.secret📜
Type: string
""
manager.certificate.keyFile📜
Type: string
"tls.key"
manager.certificate.pemFile📜
Type: string
"tls.pem"
manager.ingress.enabled📜
Type: bool
false
manager.ingress.host📜
Type: string
nil
manager.ingress.ingressClassName📜
Type: string
""
manager.ingress.path📜
Type: string
"/"
manager.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”📜
Type: string
"HTTPS"
manager.ingress.tls📜
Type: bool
false
manager.ingress.secretName📜
Type: string
nil
manager.resources📜
Type: object
{}
manager.topologySpreadConstraints📜
Type: list
[]
manager.affinity📜
Type: object
{}
manager.podLabels📜
Type: object
{}
manager.podAnnotations📜
Type: object
{}
manager.containerSecurityContext.runAsUser📜
Type: int
1000
manager.containerSecurityContext.runAsGroup📜
Type: int
1000
manager.containerSecurityContext.runAsNonRoot📜
Type: bool
true
manager.containerSecurityContext.capabilities.drop[0]📜
Type: string
"ALL"
manager.tolerations📜
Type: list
[]
manager.nodeSelector📜
Type: object
{}
manager.securityContext.runAsNonRoot📜
Type: bool
true
manager.securityContext.runAsUser📜
Type: int
1000
manager.securityContext.runAsGroup📜
Type: int
1000
manager.securityContext.fsGroup📜
Type: int
1000
cve.adapter.enabled📜
Type: bool
false
cve.adapter.image.repository📜
Type: string
"neuvector/registry-adapter"
cve.adapter.image.tag📜
Type: string
"0.1.2"
cve.adapter.image.hash📜
Type: string
nil
cve.adapter.priorityClassName📜
Type: string
nil
cve.adapter.resources📜
Type: object
{}
cve.adapter.affinity📜
Type: object
{}
cve.adapter.podLabels📜
Type: object
{}
cve.adapter.podAnnotations📜
Type: object
{}
cve.adapter.env📜
Type: list
[]
cve.adapter.tolerations📜
Type: list
[]
cve.adapter.nodeSelector📜
Type: object
{}
cve.adapter.runAsUser📜
Type: string
nil
cve.adapter.certificate.secret📜
Type: string
""
cve.adapter.certificate.keyFile📜
Type: string
"tls.key"
cve.adapter.certificate.pemFile📜
Type: string
"tls.crt"
cve.adapter.harbor.protocol📜
Type: string
"https"
cve.adapter.harbor.secretName📜
Type: string
nil
cve.adapter.svc.type📜
Type: string
"NodePort"
cve.adapter.svc.loadBalancerIP📜
Type: string
nil
cve.adapter.svc.annotations📜
Type: object
{}
cve.adapter.route.enabled📜
Type: bool
true
cve.adapter.route.termination📜
Type: string
"passthrough"
cve.adapter.route.host📜
Type: string
nil
cve.adapter.route.tls📜
Type: string
nil
cve.adapter.ingress.enabled📜
Type: bool
false
cve.adapter.ingress.host📜
Type: string
nil
cve.adapter.ingress.ingressClassName📜
Type: string
""
cve.adapter.ingress.path📜
Type: string
"/"
cve.adapter.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”📜
Type: string
"HTTPS"
cve.adapter.ingress.tls📜
Type: bool
false
cve.adapter.ingress.secretName📜
Type: string
nil
cve.adapter.internal.certificate.secret📜
Type: string
""
cve.adapter.internal.certificate.keyFile📜
Type: string
"tls.key"
cve.adapter.internal.certificate.pemFile📜
Type: string
"tls.crt"
cve.adapter.internal.certificate.caFile📜
Type: string
"ca.crt"
cve.updater.enabled📜
Type: bool
true
cve.updater.secure📜
Type: bool
false
cve.updater.cacert📜
Type: string
"/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
cve.updater.image.repository📜
Type: string
"ironbank/big-bang/base"
cve.updater.image.tag📜
Type: string
"2.1.0"
cve.updater.image.hash📜
Type: string
nil
cve.updater.schedule📜
Type: string
"0 0 * * *"
cve.updater.priorityClassName📜
Type: string
nil
cve.updater.resources📜
Type: object
{}
cve.updater.podLabels📜
Type: object
{}
cve.updater.podAnnotations📜
Type: object
{}
cve.updater.nodeSelector📜
Type: object
{}
cve.updater.securityContext.runAsUser📜
Type: int
1000
cve.updater.securityContext.runAsGroup📜
Type: int
1000
cve.updater.securityContext.fsGroup📜
Type: int
1000
cve.updater.securityContext.runAsNonRoot📜
Type: bool
true
cve.updater.containerSecurityContext.runAsUser📜
Type: int
1000
cve.updater.containerSecurityContext.runAsGroup📜
Type: int
1000
cve.updater.containerSecurityContext.runAsNonRoot📜
Type: bool
true
cve.updater.containerSecurityContext.capabilities.drop[0]📜
Type: string
"ALL"
cve.scanner.enabled📜
Type: bool
true
cve.scanner.replicas📜
Type: int
3
cve.scanner.dockerPath📜
Type: string
""
cve.scanner.strategy.type📜
Type: string
"RollingUpdate"
cve.scanner.strategy.rollingUpdate.maxSurge📜
Type: int
1
cve.scanner.strategy.rollingUpdate.maxUnavailable📜
Type: int
0
cve.scanner.image.repository📜
Type: string
"ironbank/neuvector/neuvector/scanner"
cve.scanner.image.tag📜
Type: string
"5"
cve.scanner.image.hash📜
Type: string
nil
cve.scanner.priorityClassName📜
Type: string
nil
cve.scanner.resources📜
Type: object
{}
cve.scanner.topologySpreadConstraints📜
Type: list
[]
cve.scanner.affinity📜
Type: object
{}
cve.scanner.podLabels📜
Type: object
{}
cve.scanner.podAnnotations📜
Type: object
{}
cve.scanner.env📜
Type: list
[]
cve.scanner.tolerations📜
Type: list
[]
cve.scanner.nodeSelector📜
Type: object
{}
cve.scanner.securityContext.runAsNonRoot📜
Type: bool
true
cve.scanner.securityContext.runAsUser📜
Type: int
1000
cve.scanner.securityContext.runAsGroup📜
Type: int
1000
cve.scanner.securityContext.fsGroup📜
Type: int
1000
cve.scanner.internal.certificate.secret📜
Type: string
""
cve.scanner.internal.certificate.keyFile📜
Type: string
"tls.key"
cve.scanner.internal.certificate.pemFile📜
Type: string
"tls.crt"
cve.scanner.internal.certificate.caFile📜
Type: string
"ca.crt"
cve.scanner.containerSecurityContext.runAsUser📜
Type: int
1000
cve.scanner.containerSecurityContext.runAsGroup📜
Type: int
1000
cve.scanner.containerSecurityContext.runAsNonRoot📜
Type: bool
true
cve.scanner.containerSecurityContext.capabilities.drop[0]📜
Type: string
"ALL"
resources📜
Type: object
{}
runtimePath📜
Type: string
nil
docker.path📜
Type: string
"/var/run/docker.sock"
k3s.enabled📜
Type: bool
false
k3s.runtimePath📜
Type: string
"/run/k3s/containerd/containerd.sock"
bottlerocket.enabled📜
Type: bool
false
bottlerocket.runtimePath📜
Type: string
"/run/dockershim.sock"
containerd.enabled📜
Type: bool
false
containerd.path📜
Type: string
"/var/run/containerd/containerd.sock"
crio.enabled📜
Type: bool
false
crio.path📜
Type: string
"/var/run/crio/crio.sock"
admissionwebhook.type📜
Type: string
"ClusterIP"
crdwebhook.enabled📜
Type: bool
true
crdwebhook.type📜
Type: string
"ClusterIP"
domain📜
Type: string
"dev.bigbang.mil"
istio.enabled📜
Type: bool
false
istio.injection📜
Type: string
"enabled"
istio.hardened.enabled📜
Type: bool
false
istio.hardened.customAuthorizationPolicies📜
Type: list
[]
istio.hardened.outboundTrafficPolicyMode📜
Type: string
"REGISTRY_ONLY"
istio.hardened.monitoring.enabled📜
Type: bool
true
istio.hardened.monitoring.namespaces[0]📜
Type: string
"monitoring"
istio.hardened.monitoring.principals[0]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-grafana"
istio.hardened.monitoring.principals[1]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"
istio.hardened.monitoring.principals[2]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"
istio.hardened.monitoring.principals[3]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"
istio.hardened.monitoring.principals[4]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"
istio.hardened.monitoring.principals[5]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"
istio.hardened.customServiceEntries📜
Type: list
[]
istio.neuvector.enabled📜
Type: bool
true
istio.neuvector.annotations📜
Type: object
{}
istio.neuvector.labels📜
Type: object
{}
istio.neuvector.gateways[0]📜
Type: string
"istio-system/main"
istio.neuvector.hosts[0]📜
Type: string
"neuvector.{{ .Values.domain }}"
istio.mtls📜
Type: object
mode: STRICT
Description: Default neuvector peer authentication
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
monitoring.enabled📜
Type: bool
false
monitoring.namespace📜
Type: string
"monitoring"
networkPolicies.enabled📜
Type: bool
false
networkPolicies.ingressLabels.app📜
Type: string
"istio-ingressgateway"
networkPolicies.ingressLabels.istio📜
Type: string
"ingressgateway"
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
networkPolicies.additionalPolicies📜
Type: list
[]
monitor.imagePullSecrets📜
Type: string
"private-registry"
monitor.install📜
Type: bool
false
monitor.exporter.enabled📜
Type: bool
false
monitor.exporter.serviceMonitor.enabled📜
Type: bool
false
monitor.exporter.svc.enabled📜
Type: bool
false
bbtests.enabled📜
Type: bool
false
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_url📜
Type: string
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"
bbtests.cypress.resources.requests.cpu📜
Type: string
"2"
bbtests.cypress.resources.requests.memory📜
Type: string
"4Gi"
bbtests.cypress.resources.limits.cpu📜
Type: string
"2"
bbtests.cypress.resources.limits.memory📜
Type: string
"4Gi"
bbtests.scripts.envs.URL📜
Type: string
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"
exporter.enabled📜
Type: bool
false