rancher-partner-charts/charts/sysdig/values.yaml

# Default values for Sysdig Monitor and Secure Helm package.

image:
  # This is a hack to support RELATED_IMAGE_<identifier> feature in Helm based
  # Operators
  #
  # As long as I don't want to people to use this, I will keep it undocumented
  overrideValue:

  registry: docker.io
  repository: sysdig/agent
  tag: 10.3.0
  # Specify a imagePullPolicy
  # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  pullPolicy: IfNotPresent
  # Optionally specify an array of imagePullSecrets.
  # Secrets must be manually created in the namespace.
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  #
  # pullSecrets:
  #   - name: myRegistrKeySecretName

resources:
  # Although resources needed are subjective on the actual workload we provide
  # a sane defaults ones. If you have more questions or concerns, please refer
  # to Sysdig Support for more info about it
  requests:
    cpu: 600m
    memory: 512Mi
  limits:
    cpu: 2000m
    memory: 1536Mi

rbac:
  # true here enables creation of rbac resources
  create: true

scc:
  # true here enabled creation of Security Context Constraints in Openshift
  create: true

serviceAccount:
  # Create and use serviceAccount resources
  create: true
  # Use this value as serviceAccountName
  name:

daemonset:
  # Perform rolling updates by default in the DaemonSet agent
  # ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
  updateStrategy:
    # You can also customize maxUnavailable, maxSurge or minReadySeconds if you
    # need it
    type: RollingUpdate
  ## Extra environment variables that will be pass onto deployment pods
  env: {}
  # Allow the DaemonSet to schedule using affinity rules
  # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/arch
            operator: In
            values:
              - amd64
          - key: kubernetes.io/os
            operator: In
            values:
              - linux
        - matchExpressions:
          - key: beta.kubernetes.io/arch
            operator: In
            values:
              - amd64
          - key: beta.kubernetes.io/os
            operator: In
            values:
              - linux
  # Allow the DaemonSet to set annotations
  annotations: {}

# If is behind a proxy you can set the proxy server
proxy:
  httpProxy:
  httpsProxy:
  noProxy:

# Set daemonset timezone
timezone:

# Set daemonset priorityClassName
priorityClassName:

ebpf:
  # Enable eBPF support for Sysdig Agent
  enabled: false

  settings:
    # Needed to correctly detect the kernel version for the eBPF program
    # Set to false if not running on Google COS
    mountEtcVolume: true

slim:
  # Uses a slim version of the Sysdig Agent
  enabled: false
  # When using slim the kernel module is built in other container, which
  # contains the toolchain required to build the kernel module.
  kmoduleImage:
    repository: sysdig/agent-kmodule

  resources:
    # Resources required by the kernel module builder image. These are some
    # a sane defaults ones, but you can tweak or ask Sysdig Support for more
    # info about this
    requests:
      cpu: 1000m
      memory: 348Mi
    limits:
      memory: 512Mi

# For Sysdig On-Prem installations or for custom collector settings, set the following fields
collectorSettings:
  collectorHost:
  collectorPort:
  ssl:
  sslVerifyCertificate:

# Setting a cluster name allows you to filter events from this cluster using kubernetes.cluster.name
clusterName: ""

sysdig:
  # Required: You need your Sysdig Agent access key before running agents.
  accessKey: ""

  # Disable capture functionality (see https://docs.sysdig.com/en/disable-captures.html)
  disableCaptures: false

  # Advanced settings. Any option in here will be directly translated into dragent.yaml in the Configmap
  settings: {}
    ### Agent tags
    # tags: linux:ubuntu,dept:dev,local:nyc

secure:
  # true here enables Sysdig Secure: container run-time security & forensics
  enabled: true

auditLog:
  # true here activates the K8s Audit Log feature for Sysdig Secure
  enabled: false
  auditServerUrl: 0.0.0.0
  auditServerPort: 7765

  dynamicBackend:
    # true here configures an AuditSink who will receive the K8s audit logs
    enabled: false

nodeImageAnalyzer:
  deploy: false
  image:
    repository: sysdig/node-image-analyzer
    tag: 0.1.0
    pullPolicy: IfNotPresent
    # pullSecrets:
    #   - name: myRegistrKeySecretName
  resources:
    requests:
      cpu: 250m
      memory: 512Mi
    limits:
      cpu: 500m
      memory: 1024Mi

  # Additional advanced settings
  settings: {}

customAppChecks: {}
  # Allow passing custom app checks for Sysdig Agent.
  # Example:
  #
  # sample.py: |-
  #   from checks import AgentCheck
  #
  #   class MyCustomCheck(AgentCheck):
  #       def check(self, instance):
  #           self.gauge("testhelm", 1)

# Promscrape prometheus.yaml not configured by default
prometheus:
  file: false
  yaml: {}

extraVolumes:
  volumes: []
  mounts: []
  # Allow passing extra volumes to the agent to mount secrets or certificates
  # to authenticate in different services.
  # Any kind of volume can be passed. Example:
  #
  # extraVolumes:
  #   volumes:
  #     - name: sysdig-new-cm
  #       configMap:
  #         name: my-cm
  #         optional: true
  #     - name: sysdig-new-secret
  #       secret:
  #         secretName: my-secret
  #   mounts:
  #     - mountPath: /opt/draios/cm
  #       name: sysdig-new-cm
  #     - mountPath: /opt/draios/secret
  #       name: sysdig-new-secret

# Allow sysdig to run on Kubernetes 1.6 masters.
tolerations:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master