|
|
|
|
@ -5,7 +5,7 @@
|
|
|
|
|
`controller.affinity` | controller affinity rules | ... | spread controllers to different nodes |
|
|
|
|
|
`controller.tolerations` | List of node taints to tolerate | `nil` |
|
|
|
|
|
-`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml)
|
|
|
|
|
+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
|
|
|
|
|
+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/5.0.0/charts/core/values.yaml)
|
|
|
|
|
`controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
|
|
|
|
|
`controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` |
|
|
|
|
|
`controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
|
|
|
|
|
@ -14,7 +14,7 @@
|
|
|
|
|
`controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
|
|
|
|
|
`controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
|
|
|
|
|
-`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](values.yaml)
|
|
|
|
|
+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
|
|
|
|
|
+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/5.0.0/charts/core/values.yaml)
|
|
|
|
|
`controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
|
|
|
|
|
`controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
|
|
|
|
|
`controller.federation.managedsvc.route.host` | Set OpenShift route host for manageed service | `nil` |
|
|
|
|
|
@ -23,14 +23,14 @@
|
|
|
|
|
`controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
|
|
|
|
|
`controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
|
|
|
|
|
-`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](values.yaml)
|
|
|
|
|
+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
|
|
|
|
|
+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/5.0.0/charts/core/values.yaml)
|
|
|
|
|
`controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
|
|
|
|
|
`controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`.
|
|
|
|
|
`controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
|
|
|
|
|
`controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
|
|
|
|
|
`controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
|
|
|
|
|
-`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](values.yaml)
|
|
|
|
|
+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
|
|
|
|
|
+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/5.0.0/charts/core/values.yaml)
|
|
|
|
|
`controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false`
|
|
|
|
|
`controller.configmap.data` | NeuVector configuration in YAML format | `{}`
|
|
|
|
|
`controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false`
|
|
|
|
|
@ -39,7 +39,7 @@
|
|
|
|
|
`enforcer.priorityClassName` | enforcer priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
|
|
|
|
|
`enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`<br>`key: node-role.kubernetes.io/master` | other taints can be added after the default
|
|
|
|
|
-`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml)
|
|
|
|
|
+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
|
|
|
|
|
+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/5.0.0/charts/core/values.yaml)
|
|
|
|
|
`manager.enabled` | If true, create manager | `true` |
|
|
|
|
|
`manager.image.repository` | manager image repository | `neuvector/manager` |
|
|
|
|
|
`manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
|
|
|
|
|
@ -48,7 +48,7 @@
|
|
|
|
|
`manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
|
|
|
|
|
`manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
|
|
|
|
|
-`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml)
|
|
|
|
|
+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
|
|
|
|
|
+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/5.0.0/charts/core/values.yaml)
|
|
|
|
|
`manager.route.enabled` | If true, create a OpenShift route to expose the management consol service | `true` |
|
|
|
|
|
`manager.route.host` | Set OpenShift route host for management consol service | `nil` |
|
|
|
|
|
`manager.route.termination` | Specify TLS termination for OpenShift route for management consol service. Possible passthrough, edge, reencrypt | `passthrough` |
|
|
|
|
|
@ -57,11 +57,11 @@
|
|
|
|
|
`manager.ingress.host` | Must set this host value if ingress is enabled | `nil` |
|
|
|
|
|
`manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
|
|
|
|
|
-`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `{}` | see examples in [values.yaml](values.yaml)
|
|
|
|
|
+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
|
|
|
|
|
+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/5.0.0/charts/core/values.yaml)
|
|
|
|
|
`manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`.
|
|
|
|
|
`manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
|
|
|
|
|
-`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml)
|
|
|
|
|
+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
|
|
|
|
|
+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/5.0.0/charts/core/values.yaml)
|
|
|
|
|
`manager.affinity` | manager affinity rules | `{}` |
|
|
|
|
|
`manager.tolerations` | List of node taints to tolerate | `nil` |
|
|
|
|
|
`manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
|
|
|
|
|
@ -70,7 +70,13 @@
|
|
|
|
|
`cve.scanner.replicas` | external scanner replicas | `3` |
|
|
|
|
|
`cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
|
|
|
|
|
-`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) |
|
|
|
|
|
+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) |
|
|
|
|
|
+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/5.0.0/charts/core/values.yaml) |
|
|
|
|
|
`cve.scanner.affinity` | scanner affinity rules | `{}` |
|
|
|
|
|
`cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
|
|
|
|
|
`cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
|
|
|
|
|
@@ -195,5 +195,4 @@
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
-Contact <support@neuvector.com> for access to container registry and docs.
|
|
|
|
|
|
|
|
|
|
|
selvamt94