Skip to content

neuvector values.yaml📜

openshift📜

Type: bool

Default value
false

registry📜

Type: string

Default value
"registry1.dso.mil"

tag📜

Type: string

Default value
"5.4.1"

oem📜

Type: string

Default value
nil

imagePullSecrets📜

Type: string

Default value
"private-registry"

psp📜

Type: bool

Default value
false

rbac📜

Type: bool

Default value
true

serviceAccount📜

Type: string

Default value
"default"

leastPrivilege📜

Type: bool

Default value
false

global.cattle.url📜

Type: string

Default value
nil

global.azure.enabled📜

Type: bool

Default value
false

global.azure.identity.clientId📜

Type: string

Default value
"DONOTMODIFY"

global.azure.marketplace.planId📜

Type: string

Default value
"DONOTMODIFY"

global.azure.extension.resourceId📜

Type: string

Default value
"DONOTMODIFY"

global.azure.serviceAccount📜

Type: string

Default value
"csp"

global.azure.imagePullSecrets📜

Type: string

Default value
nil

global.azure.images.neuvector_csp_pod.tag📜

Type: string

Default value
"latest"

global.azure.images.neuvector_csp_pod.image📜

Type: string

Default value
"neuvector-billing-azure-by-suse-llc"

global.azure.images.neuvector_csp_pod.registry📜

Type: string

Default value
"registry.suse.de/suse/sle-15-sp5/update/pubclouds/images"

global.azure.images.neuvector_csp_pod.imagePullPolicy📜

Type: string

Default value
"IfNotPresent"

global.azure.images.controller.tag📜

Type: string

Default value
"5.3.4"

global.azure.images.controller.image📜

Type: string

Default value
"controller"

global.azure.images.controller.registry📜

Type: string

Default value
"registry1.dso.mil/ironbank/neuvector/neuvector"

global.azure.images.manager.tag📜

Type: string

Default value
"5.3.4"

global.azure.images.manager.image📜

Type: string

Default value
"manager"

global.azure.images.manager.registry📜

Type: string

Default value
"registry1.dso.mil/ironbank/neuvector/neuvector"

global.azure.images.enforcer.tag📜

Type: string

Default value
"5.3.4"

global.azure.images.enforcer.image📜

Type: string

Default value
"enforcer"

global.azure.images.enforcer.registry📜

Type: string

Default value
"registry1.dso.mil/ironbank/neuvector/neuvector"

global.aws.enabled📜

Type: bool

Default value
false

global.aws.accountNumber📜

Type: string

Default value
""

global.aws.roleName📜

Type: string

Default value
""

global.aws.serviceAccount📜

Type: string

Default value
"csp"

global.aws.annotations📜

Type: object

Default value
{}

global.aws.imagePullSecrets📜

Type: string

Default value
nil

global.aws.image.digest📜

Type: string

Default value
""

global.aws.image.repository📜

Type: string

Default value
"neuvector/neuvector-csp-adapter"

global.aws.image.tag📜

Type: string

Default value
"latest"

global.aws.image.imagePullPolicy📜

Type: string

Default value
"IfNotPresent"

bootstrapPassword📜

Type: string

Default value
""

autoGenerateCert📜

Type: bool

Default value
true

defaultValidityPeriod📜

Type: int

Default value
365

internal.certmanager.enabled📜

Type: bool

Default value
false

internal.certmanager.secretname📜

Type: string

Default value
"neuvector-internal"

internal.autoGenerateCert📜

Type: bool

Default value
true

internal.autoRotateCert📜

Type: bool

Default value
false

controller.enabled📜

Type: bool

Default value
true

controller.annotations📜

Type: object

Default value
{}

controller.strategy.type📜

Type: string

Default value
"RollingUpdate"

controller.strategy.rollingUpdate.maxSurge📜

Type: int

Default value
1

controller.strategy.rollingUpdate.maxUnavailable📜

Type: int

Default value
0

controller.image.repository📜

Type: string

Default value
"ironbank/neuvector/neuvector/controller"

controller.image.hash📜

Type: string

Default value
nil

controller.replicas📜

Type: int

Default value
3

controller.disruptionbudget📜

Type: int

Default value
0

controller.schedulerName📜

Type: string

Default value
nil

controller.priorityClassName📜

Type: string

Default value
nil

controller.podLabels📜

Type: object

Default value
{}

controller.podAnnotations📜

Type: object

Default value
{}

controller.containerSecurityContext.privileged📜

Type: bool

Default value
true

controller.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

controller.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

controller.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

controller.searchRegistries📜

Type: string

Default value
nil

controller.env📜

Type: list

Default value
[]

controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight📜

Type: int

Default value
100

controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].key📜

Type: string

Default value
"app"

controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operator📜

Type: string

Default value
"In"

controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values[0]📜

Type: string

Default value
"neuvector-controller-pod"

controller.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey📜

Type: string

Default value
"kubernetes.io/hostname"

controller.tolerations📜

Type: list

Default value
[]

controller.topologySpreadConstraints📜

Type: list

Default value
[]

controller.nodeSelector📜

Type: object

Default value
{}

controller.apisvc.type📜

Type: string

Default value
nil

controller.apisvc.annotations📜

Type: object

Default value
{}

controller.apisvc.route.enabled📜

Type: bool

Default value
false

controller.apisvc.route.termination📜

Type: string

Default value
"passthrough"

controller.apisvc.route.host📜

Type: string

Default value
nil

controller.apisvc.route.tls📜

Type: string

Default value
nil

controller.ranchersso.enabled📜

Type: bool

Default value
false

controller.sso.certificateAuthority.secretName📜

Type: string

Default value
""

controller.pvc.enabled📜

Type: bool

Default value
false

controller.pvc.existingClaim📜

Type: bool

Default value
false

controller.pvc.accessModes[0]📜

Type: string

Default value
"ReadWriteMany"

controller.pvc.storageClass📜

Type: string

Default value
nil

controller.pvc.capacity📜

Type: string

Default value
nil

controller.azureFileShare.enabled📜

Type: bool

Default value
false

controller.azureFileShare.secretName📜

Type: string

Default value
nil

controller.azureFileShare.shareName📜

Type: string

Default value
nil

controller.certificate.secret📜

Type: string

Default value
""

controller.certificate.keyFile📜

Type: string

Default value
"tls.key"

controller.certificate.pemFile📜

Type: string

Default value
"tls.pem"

controller.internal.certificate.secret📜

Type: string

Default value
""

controller.internal.certificate.keyFile📜

Type: string

Default value
"tls.key"

controller.internal.certificate.pemFile📜

Type: string

Default value
"tls.crt"

controller.internal.certificate.caFile📜

Type: string

Default value
"ca.crt"

controller.federation.mastersvc.type📜

Type: string

Default value
nil

controller.federation.mastersvc.loadBalancerIP📜

Type: string

Default value
nil

controller.federation.mastersvc.clusterIP📜

Type: string

Default value
nil

controller.federation.mastersvc.nodePort📜

Type: string

Default value
nil

controller.federation.mastersvc.externalTrafficPolicy📜

Type: string

Default value
nil

controller.federation.mastersvc.internalTrafficPolicy📜

Type: string

Default value
nil

controller.federation.mastersvc.ingress.enabled📜

Type: bool

Default value
false

controller.federation.mastersvc.ingress.host📜

Type: string

Default value
nil

controller.federation.mastersvc.ingress.ingressClassName📜

Type: string

Default value
""

controller.federation.mastersvc.ingress.path📜

Type: string

Default value
"/"

controller.federation.mastersvc.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”📜

Type: string

Default value
"HTTPS"

controller.federation.mastersvc.ingress.tls📜

Type: bool

Default value
false

controller.federation.mastersvc.ingress.secretName📜

Type: string

Default value
nil

controller.federation.mastersvc.annotations📜

Type: object

Default value
{}

controller.federation.mastersvc.route.enabled📜

Type: bool

Default value
false

controller.federation.mastersvc.route.termination📜

Type: string

Default value
"passthrough"

controller.federation.mastersvc.route.host📜

Type: string

Default value
nil

controller.federation.mastersvc.route.tls📜

Type: string

Default value
nil

controller.federation.managedsvc.type📜

Type: string

Default value
nil

controller.federation.managedsvc.loadBalancerIP📜

Type: string

Default value
nil

controller.federation.managedsvc.clusterIP📜

Type: string

Default value
nil

controller.federation.managedsvc.nodePort📜

Type: string

Default value
nil

controller.federation.managedsvc.externalTrafficPolicy📜

Type: string

Default value
nil

controller.federation.managedsvc.internalTrafficPolicy📜

Type: string

Default value
nil

controller.federation.managedsvc.ingress.enabled📜

Type: bool

Default value
false

controller.federation.managedsvc.ingress.host📜

Type: string

Default value
nil

controller.federation.managedsvc.ingress.ingressClassName📜

Type: string

Default value
""

controller.federation.managedsvc.ingress.path📜

Type: string

Default value
"/"

controller.federation.managedsvc.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”📜

Type: string

Default value
"HTTPS"

controller.federation.managedsvc.ingress.tls📜

Type: bool

Default value
false

controller.federation.managedsvc.ingress.secretName📜

Type: string

Default value
nil

controller.federation.managedsvc.annotations📜

Type: object

Default value
{}

controller.federation.managedsvc.route.enabled📜

Type: bool

Default value
false

controller.federation.managedsvc.route.termination📜

Type: string

Default value
"passthrough"

controller.federation.managedsvc.route.host📜

Type: string

Default value
nil

controller.federation.managedsvc.route.tls📜

Type: string

Default value
nil

controller.ingress.enabled📜

Type: bool

Default value
false

controller.ingress.host📜

Type: string

Default value
nil

controller.ingress.ingressClassName📜

Type: string

Default value
""

controller.ingress.path📜

Type: string

Default value
"/"

controller.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”📜

Type: string

Default value
"HTTPS"

controller.ingress.tls📜

Type: bool

Default value
false

controller.ingress.secretName📜

Type: string

Default value
nil

controller.resources📜

Type: object

Default value
{}

controller.configmap.enabled📜

Type: bool

Default value
false

controller.configmap.data📜

Type: string

Default value
nil

controller.secret.enabled📜

Type: bool

Default value
false

controller.secret.data.”userinitcfg.yaml”.users[0].Fullname📜

Type: string

Default value
"admin"

controller.secret.data.”userinitcfg.yaml”.users[0].Password📜

Type: string

Default value
nil

controller.secret.data.”userinitcfg.yaml”.users[0].Role📜

Type: string

Default value
"admin"

controller.certupgrader.env📜

Type: list

Default value
[]

controller.certupgrader.schedule📜

Type: string

Default value
""

controller.certupgrader.imagePullPolicy📜

Type: string

Default value
"IfNotPresent"

controller.certupgrader.timeout📜

Type: int

Default value
3600

controller.certupgrader.priorityClassName📜

Type: string

Default value
nil

controller.certupgrader.podLabels📜

Type: object

Default value
{}

controller.certupgrader.podAnnotations📜

Type: object

Default value
{}

controller.certupgrader.nodeSelector📜

Type: object

Default value
{}

controller.certupgrader.securityContext.runAsNonRoot📜

Type: bool

Default value
true

controller.certupgrader.securityContext.runAsUser📜

Type: int

Default value
1000

controller.certupgrader.securityContext.runAsGroup📜

Type: int

Default value
1000

controller.certupgrader.securityContext.fsGroup📜

Type: int

Default value
1000

controller.certupgrader.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

controller.certupgrader.containerSecurityContext.runAsGroup📜

Type: int

Default value
1000

controller.certupgrader.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

controller.certupgrader.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

controller.prime.enabled📜

Type: bool

Default value
false

controller.prime.image.repository📜

Type: string

Default value
"neuvector/compliance-config"

controller.prime.image.tag📜

Type: string

Default value
"latest"

controller.prime.image.hash📜

Type: string

Default value
nil

enforcer.enabled📜

Type: bool

Default value
true

enforcer.image.repository📜

Type: string

Default value
"ironbank/neuvector/neuvector/enforcer"

enforcer.image.hash📜

Type: string

Default value
nil

enforcer.updateStrategy.type📜

Type: string

Default value
"RollingUpdate"

enforcer.priorityClassName📜

Type: string

Default value
nil

enforcer.podLabels📜

Type: object

Default value
{}

enforcer.podAnnotations📜

Type: object

Default value
{}

enforcer.containerSecurityContext.privileged📜

Type: bool

Default value
true

enforcer.containerSecurityContext.runAsGroup📜

Type: int

Default value
1000

enforcer.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

enforcer.env📜

Type: list

Default value
[]

enforcer.tolerations[0].effect📜

Type: string

Default value
"NoSchedule"

enforcer.tolerations[0].key📜

Type: string

Default value
"node-role.kubernetes.io/master"

enforcer.tolerations[1].effect📜

Type: string

Default value
"NoSchedule"

enforcer.tolerations[1].key📜

Type: string

Default value
"node-role.kubernetes.io/control-plane"

enforcer.resources📜

Type: object

Default value
{}

enforcer.internal.certificate.secret📜

Type: string

Default value
""

enforcer.internal.certificate.keyFile📜

Type: string

Default value
"tls.key"

enforcer.internal.certificate.pemFile📜

Type: string

Default value
"tls.crt"

enforcer.internal.certificate.caFile📜

Type: string

Default value
"ca.crt"

manager.enabled📜

Type: bool

Default value
true

manager.image.repository📜

Type: string

Default value
"ironbank/neuvector/neuvector/manager"

manager.image.hash📜

Type: string

Default value
nil

manager.priorityClassName📜

Type: string

Default value
nil

manager.env.ssl📜

Type: bool

Default value
false

manager.env.envs[0].name📜

Type: string

Default value
"JDK_JAVA_OPTIONS"

manager.env.envs[0].value📜

Type: string

Default value
"-Dcom.redhat.fips=false"

manager.svc.type📜

Type: string

Default value
"ClusterIP"

manager.svc.loadBalancerIP📜

Type: string

Default value
nil

manager.svc.annotations📜

Type: object

Default value
{}

manager.route.enabled📜

Type: bool

Default value
true

manager.route.termination📜

Type: string

Default value
"passthrough"

manager.route.host📜

Type: string

Default value
nil

manager.route.tls📜

Type: string

Default value
nil

manager.certificate.secret📜

Type: string

Default value
""

manager.certificate.keyFile📜

Type: string

Default value
"tls.key"

manager.certificate.pemFile📜

Type: string

Default value
"tls.pem"

manager.ingress.enabled📜

Type: bool

Default value
false

manager.ingress.host📜

Type: string

Default value
nil

manager.ingress.ingressClassName📜

Type: string

Default value
""

manager.ingress.path📜

Type: string

Default value
"/"

manager.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”📜

Type: string

Default value
"HTTPS"

manager.ingress.tls📜

Type: bool

Default value
false

manager.ingress.secretName📜

Type: string

Default value
nil

manager.resources📜

Type: object

Default value
{}

manager.topologySpreadConstraints📜

Type: list

Default value
[]

manager.affinity📜

Type: object

Default value
{}

manager.podLabels📜

Type: object

Default value
{}

manager.podAnnotations📜

Type: object

Default value
{}

manager.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

manager.containerSecurityContext.runAsGroup📜

Type: int

Default value
1000

manager.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

manager.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

manager.tolerations📜

Type: list

Default value
[]

manager.nodeSelector📜

Type: object

Default value
{}

manager.securityContext.runAsNonRoot📜

Type: bool

Default value
true

manager.securityContext.runAsUser📜

Type: int

Default value
1000

manager.securityContext.runAsGroup📜

Type: int

Default value
1000

manager.securityContext.fsGroup📜

Type: int

Default value
1000

manager.probes.enabled📜

Type: bool

Default value
false

manager.probes.timeout📜

Type: int

Default value
1

manager.probes.periodSeconds📜

Type: int

Default value
10

manager.probes.startupFailureThreshold📜

Type: int

Default value
30

cve.adapter.enabled📜

Type: bool

Default value
false

cve.adapter.image.repository📜

Type: string

Default value
"neuvector/registry-adapter"

cve.adapter.image.tag📜

Type: string

Default value
"0.1.3"

cve.adapter.image.hash📜

Type: string

Default value
nil

cve.adapter.priorityClassName📜

Type: string

Default value
nil

cve.adapter.resources📜

Type: object

Default value
{}

cve.adapter.affinity📜

Type: object

Default value
{}

cve.adapter.podLabels📜

Type: object

Default value
{}

cve.adapter.podAnnotations📜

Type: object

Default value
{}

cve.adapter.env📜

Type: list

Default value
[]

cve.adapter.tolerations📜

Type: list

Default value
[]

cve.adapter.nodeSelector📜

Type: object

Default value
{}

cve.adapter.securityContext.runAsUser📜

Type: int

Default value
1000

cve.adapter.securityContext.runAsGroup📜

Type: int

Default value
1000

cve.adapter.securityContext.fsGroup📜

Type: int

Default value
1000

cve.adapter.securityContext.runAsNonRoot📜

Type: bool

Default value
true

cve.adapter.certificate.secret📜

Type: string

Default value
""

cve.adapter.certificate.keyFile📜

Type: string

Default value
"tls.key"

cve.adapter.certificate.pemFile📜

Type: string

Default value
"tls.crt"

cve.adapter.harbor.protocol📜

Type: string

Default value
"https"

cve.adapter.harbor.secretName📜

Type: string

Default value
nil

cve.adapter.svc.type📜

Type: string

Default value
"NodePort"

cve.adapter.svc.loadBalancerIP📜

Type: string

Default value
nil

cve.adapter.svc.annotations📜

Type: object

Default value
{}

cve.adapter.route.enabled📜

Type: bool

Default value
true

cve.adapter.route.termination📜

Type: string

Default value
"passthrough"

cve.adapter.route.host📜

Type: string

Default value
nil

cve.adapter.route.tls📜

Type: string

Default value
nil

cve.adapter.ingress.enabled📜

Type: bool

Default value
false

cve.adapter.ingress.host📜

Type: string

Default value
nil

cve.adapter.ingress.ingressClassName📜

Type: string

Default value
""

cve.adapter.ingress.path📜

Type: string

Default value
"/"

cve.adapter.ingress.annotations.”nginx.ingress.kubernetes.io/backend-protocol”📜

Type: string

Default value
"HTTPS"

cve.adapter.ingress.tls📜

Type: bool

Default value
false

cve.adapter.ingress.secretName📜

Type: string

Default value
nil

cve.adapter.internal.certificate.secret📜

Type: string

Default value
""

cve.adapter.internal.certificate.keyFile📜

Type: string

Default value
"tls.key"

cve.adapter.internal.certificate.pemFile📜

Type: string

Default value
"tls.crt"

cve.adapter.internal.certificate.caFile📜

Type: string

Default value
"ca.crt"

cve.updater.enabled📜

Type: bool

Default value
true

cve.updater.secure📜

Type: bool

Default value
false

cve.updater.cacert📜

Type: string

Default value
"/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"

cve.updater.image.registry📜

Type: string

Default value
"registry1.dso.mil"

cve.updater.image.repository📜

Type: string

Default value
"ironbank/big-bang/base"

cve.updater.image.tag📜

Type: string

Default value
"2.1.0"

cve.updater.image.hash📜

Type: string

Default value
nil

cve.updater.schedule📜

Type: string

Default value
"0 0 * * *"

cve.updater.priorityClassName📜

Type: string

Default value
nil

cve.updater.resources📜

Type: object

Default value
{}

cve.updater.podLabels📜

Type: object

Default value
{}

cve.updater.podAnnotations📜

Type: object

Default value
{}

cve.updater.nodeSelector📜

Type: object

Default value
{}

cve.updater.securityContext.runAsUser📜

Type: int

Default value
1000

cve.updater.securityContext.runAsGroup📜

Type: int

Default value
1000

cve.updater.securityContext.fsGroup📜

Type: int

Default value
1000

cve.updater.securityContext.runAsNonRoot📜

Type: bool

Default value
true

cve.updater.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

cve.updater.containerSecurityContext.runAsGroup📜

Type: int

Default value
1000

cve.updater.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

cve.updater.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

cve.scanner.enabled📜

Type: bool

Default value
true

cve.scanner.replicas📜

Type: int

Default value
3

cve.scanner.dockerPath📜

Type: string

Default value
""

cve.scanner.strategy.type📜

Type: string

Default value
"RollingUpdate"

cve.scanner.strategy.rollingUpdate.maxSurge📜

Type: int

Default value
1

cve.scanner.strategy.rollingUpdate.maxUnavailable📜

Type: int

Default value
0

cve.scanner.image.repository📜

Type: string

Default value
"ironbank/neuvector/neuvector/scanner"

cve.scanner.image.tag📜

Type: string

Default value
"5"

cve.scanner.image.hash📜

Type: string

Default value
nil

cve.scanner.priorityClassName📜

Type: string

Default value
nil

cve.scanner.resources📜

Type: object

Default value
{}

cve.scanner.topologySpreadConstraints📜

Type: list

Default value
[]

cve.scanner.affinity📜

Type: object

Default value
{}

cve.scanner.podLabels📜

Type: object

Default value
{}

cve.scanner.podAnnotations📜

Type: object

Default value
{}

cve.scanner.env📜

Type: list

Default value
[]

cve.scanner.tolerations📜

Type: list

Default value
[]

cve.scanner.nodeSelector📜

Type: object

Default value
{}

cve.scanner.securityContext.runAsNonRoot📜

Type: bool

Default value
true

cve.scanner.securityContext.runAsUser📜

Type: int

Default value
1000

cve.scanner.securityContext.runAsGroup📜

Type: int

Default value
1000

cve.scanner.securityContext.fsGroup📜

Type: int

Default value
1000

cve.scanner.internal.certificate.secret📜

Type: string

Default value
""

cve.scanner.internal.certificate.keyFile📜

Type: string

Default value
"tls.key"

cve.scanner.internal.certificate.pemFile📜

Type: string

Default value
"tls.crt"

cve.scanner.internal.certificate.caFile📜

Type: string

Default value
"ca.crt"

cve.scanner.containerSecurityContext.runAsUser📜

Type: int

Default value
1000

cve.scanner.containerSecurityContext.runAsGroup📜

Type: int

Default value
1000

cve.scanner.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

cve.scanner.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

resources📜

Type: object

Default value
{}

runtimePath📜

Type: string

Default value
nil

docker.path📜

Type: string

Default value
"/var/run/docker.sock"

k3s.enabled📜

Type: bool

Default value
false

k3s.runtimePath📜

Type: string

Default value
"/run/k3s/containerd/containerd.sock"

bottlerocket.enabled📜

Type: bool

Default value
false

bottlerocket.runtimePath📜

Type: string

Default value
"/run/dockershim.sock"

containerd.enabled📜

Type: bool

Default value
false

containerd.path📜

Type: string

Default value
"/var/run/containerd/containerd.sock"

crio.enabled📜

Type: bool

Default value
false

crio.path📜

Type: string

Default value
"/var/run/crio/crio.sock"

admissionwebhook.type📜

Type: string

Default value
"ClusterIP"

crdwebhooksvc.enabled📜

Type: bool

Default value
true

crdwebhook.enabled📜

Type: bool

Default value
true

crdwebhook.type📜

Type: string

Default value
"ClusterIP"

domain📜

Type: string

Default value
"dev.bigbang.mil"

istio.enabled📜

Type: bool

Default value
false

istio.injection📜

Type: string

Default value
"enabled"

istio.hardened.enabled📜

Type: bool

Default value
false

istio.hardened.customAuthorizationPolicies📜

Type: list

Default value
[]

istio.hardened.outboundTrafficPolicyMode📜

Type: string

Default value
"REGISTRY_ONLY"

istio.hardened.monitoring.enabled📜

Type: bool

Default value
true

istio.hardened.monitoring.namespaces[0]📜

Type: string

Default value
"monitoring"

istio.hardened.monitoring.principals[0]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-grafana"

istio.hardened.monitoring.principals[1]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"

istio.hardened.monitoring.principals[2]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"

istio.hardened.monitoring.principals[3]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"

istio.hardened.monitoring.principals[4]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"

istio.hardened.monitoring.principals[5]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"

istio.hardened.customServiceEntries📜

Type: list

Default value
[]

istio.neuvector.enabled📜

Type: bool

Default value
true

istio.neuvector.annotations📜

Type: object

Default value
{}

istio.neuvector.labels📜

Type: object

Default value
{}

istio.neuvector.gateways[0]📜

Type: string

Default value
"istio-system/main"

istio.neuvector.hosts[0]📜

Type: string

Default value
"neuvector.{{ .Values.domain }}"

istio.mtls📜

Type: object

Default value
mode: STRICT

Description: Default neuvector peer authentication

istio.mtls.mode📜

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic

monitoring.enabled📜

Type: bool

Default value
false

monitoring.namespace📜

Type: string

Default value
"monitoring"

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.ingressLabels.app📜

Type: string

Default value
"istio-ingressgateway"

networkPolicies.ingressLabels.istio📜

Type: string

Default value
"ingressgateway"

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

monitor.imagePullSecrets📜

Type: string

Default value
"private-registry"

monitor.install📜

Type: bool

Default value
false

monitor.exporter.enabled📜

Type: bool

Default value
false

monitor.exporter.serviceMonitor.enabled📜

Type: bool

Default value
false

monitor.exporter.svc.enabled📜

Type: bool

Default value
false

bbtests.enabled📜

Type: bool

Default value
false

bbtests.cypress.artifacts📜

Type: bool

Default value
true

bbtests.cypress.envs.cypress_url📜

Type: string

Default value
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"

bbtests.cypress.resources.requests.cpu📜

Type: string

Default value
"2"

bbtests.cypress.resources.requests.memory📜

Type: string

Default value
"4Gi"

bbtests.cypress.resources.limits.cpu📜

Type: string

Default value
"2"

bbtests.cypress.resources.limits.memory📜

Type: string

Default value
"4Gi"

bbtests.scripts.envs.URL📜

Type: string

Default value
"http://neuvector-service-webui.{{ .Release.Namespace }}.svc.cluster.local:8443"

exporter.enabled📜

Type: bool

Default value
false