questions: #image configurations - variable: controller.image.repository default: "neuvector/controller" description: controller image repository type: string label: Controller Image Path group: "Container Images" - variable: controller.image.tag default: "" description: image tag for controller type: string label: Controller Image Tag group: "Container Images" - variable: manager.image.repository default: "neuvector/manager" description: manager image repository type: string label: Manager Image Path group: "Container Images" - variable: manager.image.tag default: "" description: image tag for manager type: string label: Manager Image Tag group: "Container Images" - variable: enforcer.image.repository default: "neuvector/enforcer" description: enforcer image repository type: string label: Enforcer Image Path group: "Container Images" - variable: enforcer.image.tag default: "" description: image tag for enforcer type: string label: Enforcer Image Tag group: "Container Images" - variable: cve.scanner.image.repository default: "neuvector/scanner" description: scanner image repository type: string label: Scanner Image Path group: "Container Images" - variable: cve.scanner.image.tag default: "" description: image tag for scanner type: string label: Scanner Image Tag group: "Container Images" - variable: cve.updater.image.repository default: "neuvector/updater" description: cve updater image repository type: string label: CVE Updater Image Path group: "Container Images" - variable: cve.updater.image.tag default: "" description: image tag for updater type: string label: Updater Image Tag group: "Container Images" #Container Runtime configurations - variable: docker.enabled default: true description: Docker runtime. Enable only one runtime type: boolean label: Docker Runtime show_subquestion_if: true group: "Container Runtime" subquestions: - variable: docker.path default: "/var/run/docker.sock" description: "Docker Runtime Path" type: string label: Runtime Path - variable: containerd.enabled default: "false" description: Containerd runtime. Enable only one runtime type: boolean label: Containerd Runtime show_subquestion_if: true group: "Container Runtime" subquestions: - variable: containerd.path default: " /var/run/containerd/containerd.sock" description: "Containerd Runtime Path" type: string label: Runtime Path - variable: crio.enabled default: "false" description: CRI-O runtime. Enable only one runtime type: boolean label: CRI-O Runtime show_subquestion_if: true group: "Container Runtime" subquestions: - variable: crio.path default: "/var/run/crio/crio.sock" description: "CRI-O Runtime Path" type: string label: Runtime Path - variable: k3s.enabled default: "false" description: k3s containerd runtime. Enable only one runtime. Choose this option for RKE2 and K3S based clusters type: boolean label: k3s Containerd Runtime show_subquestion_if: true group: "Container Runtime" subquestions: - variable: k3s.runtimePath default: " /run/k3s/containerd/containerd.sock" description: "k3s Containerd Runtime Path" type: string label: Runtime Path #storage configurations - variable: controller.pvc.enabled default: false description: If true, enable persistence for controller using PVC. PVC should support ReadWriteMany(RWX) type: boolean label: PVC Status group: "PVC Configuration" - variable: controller.pvc.storageClass default: "" description: Storage Class to be used type: string label: Storage Class Name group: "PVC Configuration" #ingress configurations - variable: manager.ingress.enabled default: false description: If true, create ingress, must also set ingress host value type: boolean label: Manager Ingress Status group: "Ingress Configuration" show_subquestion_if: true subquestions: - variable: manager.ingress.host default: "" description: Must set this host value if ingress is enabled type: string label: Manager Ingress Host group: "Ingress Configuration" - variable: manager.ingress.path default: "/" description: Set ingress path type: string label: Manager Ingress Path group: "Ingress Configuration" - variable: manager.ingress.annotations default: "{}" description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation type: string label: Manager Ingress Annotations group: "Ingress Configuration" - variable: controller.ingress.enabled default: false description: If true, create ingress for rest api, must also set ingress host value type: boolean label: Controller Ingress Status group: "Ingress Configuration" show_subquestion_if: true subquestions: - variable: controller.ingress.host default: "" description: Must set this host value if ingress is enabled type: string label: Controller Ingress Host group: "Ingress Configuration" - variable: controller.ingress.path default: "/" description: Set ingress path type: string label: Controller Ingress Path group: "Ingress Configuration" - variable: controller.ingress.annotations default: "{}" description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation type: string label: Controller Ingress Annotations group: "Ingress Configuration" - variable: controller.federation.mastersvc.ingress.enabled default: false description: If true, create ingress for rest api, must also set ingress host value type: boolean label: Controller Federation Master Service Ingress Status group: "Ingress Configuration" show_subquestion_if: true subquestions: - variable: controller.federation.mastersvc.ingress.tls default: false description: If true, TLS is enabled for controller federation master ingress service type: boolean label: Controller Federation Master Service Ingress TLS Status group: "Ingress Configuration" - variable: controller.federation.mastersvc.ingress.host default: "" description: Must set this host value if ingress is enabled type: string label: Controller Federation Master Service Ingress Host group: "Ingress Configuration" - variable: controller.federation.mastersvc.ingress.path default: "/" description: Set ingress path type: string label: Controller Federation Master Service Ingress Path group: "Ingress Configuration" - variable: controller.federation.mastersvc.ingress.ingressClassName default: "" description: To be used instead of the ingress.class annotation if an IngressClass is provisioned type: string label: Controller Federation Master Service Ingress IngressClassName group: "Ingress Configuration" - variable: controller.federation.mastersvc.ingress.secretName default: "" description: Name of the secret to be used for TLS-encryption type: string label: Controller Federation Master Service Ingress SecretName group: "Ingress Configuration" - variable: controller.federation.mastersvc.ingress.annotations default: "{}" description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation type: string label: Controller Federation Master Service Ingress Annotations group: "Ingress Configuration" - variable: controller.federation.managedsvc.ingress.enabled default: false description: If true, create ingress for rest api, must also set ingress host value type: boolean label: Controller Federation Managed Service Ingress Status group: "Ingress Configuration" show_subquestion_if: true subquestions: - variable: controller.federation.managedsvc.ingress.tls default: false description: If true, TLS is enabled for controller federation managed ingress service type: boolean label: Controller Federation Managed Service Ingress TLS Status group: "Ingress Configuration" - variable: controller.federation.managedsvc.ingress.host default: "" description: Must set this host value if ingress is enabled type: string label: Controller Federation Managed Service Ingress Host group: "Ingress Configuration" - variable: controller.federation.managedsvc.ingress.path default: "/" description: Set ingress path type: string label: Controller Federation Managed Service Ingress Path group: "Ingress Configuration" - variable: controller.federation.managedsvc.ingress.ingressClassName default: "" description: To be used instead of the ingress.class annotation if an IngressClass is provisioned type: string label: Controller Federation Managed Service Ingress IngressClassName group: "Ingress Configuration" - variable: controller.federation.managedsvc.ingress.secretName default: "" description: Name of the secret to be used for TLS-encryption type: string label: Controller Federation Managed Service Ingress SecretName group: "Ingress Configuration" - variable: controller.federation.managedsvc.ingress.annotations default: "{}" description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation type: string label: Controller Federation Managed Service Ingress Annotations group: "Ingress Configuration" #service configurations - variable: manager.svc.type default: "NodePort" description: Set manager service type for native Kubernetes type: enum label: Manager Service Type group: "Service Configuration" options: - "NodePort" - "ClusterIP" - "LoadBalancer" - variable: controller.federation.mastersvc.type default: "" description: Multi-cluster master cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and ClusterIP type: enum label: Fed Master Service Type group: "Service Configuration" options: - "NodePort" - "ClusterIP" - "LoadBalancer" - variable: controller.federation.managedsvc.type default: "" description: Multi-cluster managed cluster service type. If specified, the deployment will be managed by the master clsuter. Possible values include NodePort, LoadBalancer and ClusterIP type: enum label: Fed Managed Service Type group: "Service Configuration" options: - "NodePort" - "ClusterIP" - "LoadBalancer" - variable: controller.apisvc.type default: "NodePort" description: Controller REST API service type type: enum label: Controller REST API Service Type group: "Service Configuration" options: - "NodePort" - "ClusterIP" - "LoadBalancer" #Security Settings - variable: global.cattle.psp.enabled default: "false" description: "Flag to enable or disable the installation of PodSecurityPolicies by this chart in the target cluster. If the cluster is running Kubernetes 1.25+, you must update this value to false." label: "Enable PodSecurityPolicies" default: "false" type: boolean group: "Security Settings" - variable: manager.runAsUser default: "" description: Specify the run as User ID type: int label: Manager runAsUser ID group: "Security Settings" - variable: cve.scanner.runAsUser default: "" description: Specify the run as User ID type: int label: Scanner runAsUser ID group: "Security Settings" - variable: cve.updater.runAsUser default: "" description: Specify the run as User ID type: int label: Updater runAsUser ID group: "Security Settings"