Skip to content

neuvector values.yaml📜

domain📜

Type: string

Default value
"dev.bigbang.mil"

istio.enabled📜

Type: bool

Default value
false

istio.injection📜

Type: string

Default value
"enabled"

istio.hardened.enabled📜

Type: bool

Default value
false

istio.hardened.customAuthorizationPolicies📜

Type: list

Default value
[]

istio.hardened.outboundTrafficPolicyMode📜

Type: string

Default value
"REGISTRY_ONLY"

istio.hardened.monitoring.enabled📜

Type: bool

Default value
true

istio.hardened.monitoring.namespaces[0]📜

Type: string

Default value
"monitoring"

istio.hardened.monitoring.principals[0]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-grafana"

istio.hardened.monitoring.principals[1]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"

istio.hardened.monitoring.principals[2]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"

istio.hardened.monitoring.principals[3]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"

istio.hardened.monitoring.principals[4]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"

istio.hardened.monitoring.principals[5]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"

istio.hardened.customServiceEntries📜

Type: list

Default value
[]

istio.neuvector.enabled📜

Type: bool

Default value
true

istio.neuvector.annotations📜

Type: object

Default value
{}

istio.neuvector.labels📜

Type: object

Default value
{}

istio.neuvector.gateways[0]📜

Type: string

Default value
"istio-system/main"

istio.neuvector.hosts[0]📜

Type: string

Default value
"neuvector.{{ .Values.domain }}"

istio.mtls📜

Type: object

Default value
mode: STRICT

Description: Default neuvector peer authentication

istio.mtls.mode📜

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.ingressLabels.app📜

Type: string

Default value
"public-ingressgateway"

networkPolicies.ingressLabels.istio📜

Type: string

Default value
"ingressgateway"

networkPolicies.istioNamespaceSelector.ingress📜

Type: string

Default value
"istio-gateway"

networkPolicies.istioNamespaceSelector.egress📜

Type: string

Default value
"istio-gateway"

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

monitoring.enabled📜

Type: bool

Default value
false

monitoring.namespace📜

Type: string

Default value
"monitoring"

bbtests.enabled📜

Type: bool

Default value
false

bbtests.cypress.artifacts📜

Type: bool

Default value
true

bbtests.cypress.envs.cypress_url📜

Type: string

Default value
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"

bbtests.cypress.resources.requests.cpu📜

Type: string

Default value
"2"

bbtests.cypress.resources.requests.memory📜

Type: string

Default value
"4Gi"

bbtests.cypress.resources.limits.cpu📜

Type: string

Default value
"2"

bbtests.cypress.resources.limits.memory📜

Type: string

Default value
"4Gi"

bbtests.scripts.envs.URL📜

Type: string

Default value
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"

global.imagePullSecrets📜

Type: string

Default value
nil

global.images.neuvector_csp_pod.tag📜

Type: string

Default value
"latest"

global.images.neuvector_csp_pod.image📜

Type: string

Default value
"neuvector-billing-azure-by-suse-llc"

global.images.neuvector_csp_pod.registry📜

Type: string

Default value
"registry.suse.de/suse/sle-15-sp5/update/pubclouds/images"

global.images.neuvector_csp_pod.imagePullPolicy📜

Type: string

Default value
"Always"

global.images.controller.tag📜

Type: string

Default value
"5.4.3"

global.images.controller.image📜

Type: string

Default value
"controller"

global.images.controller.registry📜

Type: string

Default value
"registry1.dso.mil/ironbank/neuvector/neuvector"

global.images.manager.tag📜

Type: string

Default value
"5.4.3"

global.images.manager.image📜

Type: string

Default value
"manager"

global.images.manager.registry📜

Type: string

Default value
"registry1.dso.mil/ironbank/neuvector/neuvector"

global.images.enforcer.tag📜

Type: string

Default value
"5.4.3"

global.images.enforcer.image📜

Type: string

Default value
"enforcer"

global.images.enforcer.registry📜

Type: string

Default value
"registry1.dso.mil/ironbank/neuvector/neuvector"

upstream.nameOverride📜

Type: string

Default value
"neuvector"

upstream.fullnameOverride📜

Type: string

Default value
"neuvector-neuvector"

upstream.openshift📜

Type: bool

Default value
false

upstream.registry📜

Type: string

Default value
"registry1.dso.mil"

upstream.tag📜

Type: string

Default value
"5.4.4"

upstream.imagePullSecrets📜

Type: string

Default value
"private-registry"

upstream.crdwebhook.enabled📜

Type: bool

Default value
false

upstream.controller.enabled📜

Type: bool

Default value
true

upstream.controller.image.repository📜

Type: string

Default value
"ironbank/neuvector/neuvector/controller"

upstream.controller.image.imagePullPolicy📜

Type: string

Default value
"Always"

upstream.controller.podAnnotations.”traffic.sidecar.istio.io/excludeInboundPorts”📜

Type: string

Default value
"18500"

upstream.controller.containerSecurityContext.privileged📜

Type: bool

Default value
true

upstream.controller.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

upstream.controller.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.controller.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.controller.certupgrader.imagePullPolicy📜

Type: string

Default value
"Always"

upstream.controller.certupgrader.podAnnotations.”traffic.sidecar.istio.io/excludeInboundPorts”📜

Type: string

Default value
"18500"

upstream.controller.certupgrader.podAnnotations.”traffic.sidecar.istio.io/excludeOutboundPorts”📜

Type: string

Default value
"18500"

upstream.controller.certupgrader.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.controller.certupgrader.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.controller.certupgrader.securityContext.runAsGroup📜

Type: int

Default value
1000

upstream.controller.certupgrader.securityContext.fsGroup📜

Type: int

Default value
1000

upstream.controller.certupgrader.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

upstream.controller.certupgrader.containerSecurityContext.runAsGroup📜

Type: int

Default value
1000

upstream.controller.certupgrader.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.controller.certupgrader.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.controller.apisvc.type📜

Type: string

Default value
"ClusterIP"

upstream.controller.apisvc.annotations📜

Type: object

Default value
{}

upstream.controller.apisvc.nodePort📜

Type: string

Default value
nil

upstream.controller.prime.enabled📜

Type: bool

Default value
false

upstream.controller.prime.image.repository📜

Type: string

Default value
"neuvector/compliance-config"

upstream.controller.prime.image.tag📜

Type: string

Default value
"1.0.5"

upstream.enforcer.enabled📜

Type: bool

Default value
true

upstream.enforcer.image.repository📜

Type: string

Default value
"ironbank/neuvector/neuvector/enforcer"

upstream.enforcer.image.imagePullPolicy📜

Type: string

Default value
"Always"

upstream.enforcer.podAnnotations.”traffic.sidecar.istio.io/excludeInboundPorts”📜

Type: string

Default value
"18500"

upstream.enforcer.containerSecurityContext.privileged📜

Type: bool

Default value
true

upstream.enforcer.containerSecurityContext.runAsGroup📜

Type: int

Default value
1000

upstream.enforcer.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.manager.enabled📜

Type: bool

Default value
true

upstream.manager.image.repository📜

Type: string

Default value
"ironbank/neuvector/neuvector/manager"

upstream.manager.image.imagePullPolicy📜

Type: string

Default value
"Always"

upstream.manager.env.ssl📜

Type: bool

Default value
false

upstream.manager.podAnnotations.”traffic.sidecar.istio.io/excludeInboundPorts”📜

Type: string

Default value
"18500"

upstream.manager.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

upstream.manager.containerSecurityContext.runAsGroup📜

Type: int

Default value
1000

upstream.manager.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.manager.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.manager.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.manager.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.manager.securityContext.runAsGroup📜

Type: int

Default value
1000

upstream.manager.securityContext.fsGroup📜

Type: int

Default value
1000

upstream.cve.adapter.enabled📜

Type: bool

Default value
false

upstream.cve.adapter.image.repository📜

Type: string

Default value
"neuvector/registry-adapter"

upstream.cve.adapter.image.tag📜

Type: string

Default value
"0.1.7"

upstream.cve.adapter.image.”traffic.sidecar.istio.io/excludeInboundPorts”📜

Type: string

Default value
"18500"

upstream.cve.adapter.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.cve.adapter.securityContext.runAsGroup📜

Type: int

Default value
1000

upstream.cve.adapter.securityContext.fsGroup📜

Type: int

Default value
1000

upstream.cve.adapter.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.cve.updater.enabled📜

Type: bool

Default value
true

upstream.cve.updater.secure📜

Type: bool

Default value
false

upstream.cve.updater.cacert📜

Type: string

Default value
"/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"

upstream.cve.updater.image.registry📜

Type: string

Default value
"registry1.dso.mil"

upstream.cve.updater.image.repository📜

Type: string

Default value
"ironbank/big-bang/base"

upstream.cve.updater.image.imagePullPolicy📜

Type: string

Default value
"Always"

upstream.cve.updater.image.tag📜

Type: string

Default value
"2.1.0"

upstream.cve.updater.podAnnotations.”traffic.sidecar.istio.io/excludeInboundPorts”📜

Type: string

Default value
"18500"

upstream.cve.updater.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.cve.updater.securityContext.runAsGroup📜

Type: int

Default value
1000

upstream.cve.updater.securityContext.fsGroup📜

Type: int

Default value
1000

upstream.cve.updater.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.cve.updater.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

upstream.cve.updater.containerSecurityContext.runAsGroup📜

Type: int

Default value
1000

upstream.cve.updater.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.cve.updater.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.cve.scanner.enabled📜

Type: bool

Default value
true

upstream.cve.scanner.image.repository📜

Type: string

Default value
"ironbank/neuvector/neuvector/scanner"

upstream.cve.scanner.image.imagePullPolicy📜

Type: string

Default value
"Always"

upstream.cve.scanner.image.tag📜

Type: string

Default value
"6"

upstream.cve.scanner.podAnnotations.”traffic.sidecar.istio.io/excludeInboundPorts”📜

Type: string

Default value
"18500"

upstream.cve.scanner.runAsUser📜

Type: string

Default value
nil

upstream.cve.scanner.securityContext.runAsUser📜

Type: int

Default value
1000

upstream.cve.scanner.securityContext.runAsGroup📜

Type: int

Default value
1000

upstream.cve.scanner.securityContext.fsGroup📜

Type: int

Default value
1000

upstream.cve.scanner.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.cve.scanner.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

upstream.cve.scanner.containerSecurityContext.runAsGroup📜

Type: int

Default value
1000

upstream.cve.scanner.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.cve.scanner.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

monitor.imagePullSecrets📜

Type: string

Default value
"private-registry"

monitor.install📜

Type: bool

Default value
false

monitor.serviceAccount📜

Type: string

Default value
"default"

monitor.registry📜

Type: string

Default value
"registry1.dso.mil"

monitor.exporter.enabled📜

Type: bool

Default value
false

monitor.exporter.serviceMonitor.enabled📜

Type: bool

Default value
false

monitor.exporter.svc.enabled📜

Type: bool

Default value
false

monitor.exporter.image.repository📜

Type: string

Default value
"ironbank/neuvector/neuvector/prometheus-exporter"

monitor.exporter.image.tag📜

Type: string

Default value
"1-1.0.0"

monitor.exporter.image.imagePullPolicy📜

Type: string

Default value
"Always"

monitor.exporter.containerSecurityContext.runAsUser📜

Type: int

Default value
1001

monitor.exporter.containerSecurityContext.runAsGroup📜

Type: int

Default value
1001

monitor.exporter.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"