318 lines
11 KiB
YAML
318 lines
11 KiB
YAML
questions:
|
|
#image configurations
|
|
- variable: registry
|
|
default: "docker.io"
|
|
description: image registry
|
|
type: string
|
|
label: Image Registry
|
|
group: "Container Images"
|
|
- variable: tag
|
|
default: "5.0.4"
|
|
description: image tag for controller enforcer manager
|
|
type: string
|
|
label: Image Tag
|
|
group: "Container Images"
|
|
- variable: controller.image.repository
|
|
default: "neuvector/controller"
|
|
description: controller image repository
|
|
type: string
|
|
label: Controller image path
|
|
group: "Container Images"
|
|
- variable: manager.image.repository
|
|
default: "neuvector/manager"
|
|
description: manager image repository
|
|
type: string
|
|
label: Manager image path
|
|
group: "Container Images"
|
|
- variable: enforcer.image.repository
|
|
default: "neuvector/enforcer"
|
|
description: enforcer image repository
|
|
type: string
|
|
label: Enforcer image path
|
|
group: "Container Images"
|
|
- variable: cve.scanner.image.repository
|
|
default: "neuvector/scanner"
|
|
description: scanner image repository
|
|
type: string
|
|
label: Scanner image path
|
|
group: "Container Images"
|
|
- variable: cve.updater.image.repository
|
|
default: "neuvector/updater"
|
|
description: cve updater image repository
|
|
type: string
|
|
label: CVE Updater image path
|
|
group: "Container Images"
|
|
#Container Runtime configurations
|
|
- variable: docker.enabled
|
|
default: true
|
|
description: Docker runtime. Enable only one runtime.
|
|
type: boolean
|
|
label: Docker Runtime
|
|
show_subquestion_if: true
|
|
group: "Container Runtime"
|
|
subquestions:
|
|
- variable: docker.path
|
|
default: "/var/run/docker.sock"
|
|
description: "Docker Runtime Path"
|
|
type: string
|
|
label: Runtime Path
|
|
- variable: containerd.enabled
|
|
default: "false"
|
|
description: Containerd runtime. Enable only one runtime.
|
|
type: boolean
|
|
label: Containerd Runtime
|
|
show_subquestion_if: true
|
|
group: "Container Runtime"
|
|
subquestions:
|
|
- variable: containerd.path
|
|
default: " /var/run/containerd/containerd.sock"
|
|
description: "Containerd Runtime Path"
|
|
type: string
|
|
label: Runtime Path
|
|
- variable: crio.enabled
|
|
default: "false"
|
|
description: CRI-O runtime. Enable only one runtime.
|
|
type: boolean
|
|
label: CRI-O Runtime
|
|
show_subquestion_if: true
|
|
group: "Container Runtime"
|
|
subquestions:
|
|
- variable: crio.path
|
|
default: "/var/run/crio/crio.sock"
|
|
description: "CRI-O Runtime Path"
|
|
type: string
|
|
label: Runtime Path
|
|
- variable: k3s.enabled
|
|
default: "false"
|
|
description: k3s containerd runtime. Enable only one runtime.
|
|
type: boolean
|
|
label: k3s Containerd Runtime
|
|
show_subquestion_if: true
|
|
group: "Container Runtime"
|
|
subquestions:
|
|
- variable: k3s.runtimePath
|
|
default: " /run/k3s/containerd/containerd.sock"
|
|
description: "k3s Containerd Runtime Path"
|
|
type: string
|
|
label: Runtime Path
|
|
#storage configurations
|
|
- variable: controller.pvc.enabled
|
|
default: false
|
|
description: If true, enable persistence for controller using PVC
|
|
type: boolean
|
|
label: PVC status
|
|
group: "PVC Configuration"
|
|
- variable: controller.pvc.storageClass
|
|
default: ""
|
|
description: Storage Class to be used
|
|
type: string
|
|
label: Storage Class Name
|
|
group: "PVC Configuration"
|
|
#ingress configurations
|
|
- variable: manager.ingress.enabled
|
|
default: false
|
|
description: If true, create ingress, must also set ingress host value
|
|
type: boolean
|
|
label: Manager Ingress Status
|
|
group: "Ingress Configuration"
|
|
show_subquestion_if: true
|
|
subquestions:
|
|
- variable: manager.ingress.host
|
|
default: ""
|
|
description: Must set this host value if ingress is enabled
|
|
type: string
|
|
label: Manager Ingress Host
|
|
group: "Ingress Configuration"
|
|
- variable: manager.ingress.path
|
|
default: "/"
|
|
description: Set ingress path
|
|
type: string
|
|
label: Manager Ingress Path
|
|
group: "Ingress Configuration"
|
|
- variable: manager.ingress.annotations
|
|
default: "{}"
|
|
description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
|
|
type: string
|
|
label: Manager Ingress Annotations
|
|
group: "Ingress Configuration"
|
|
- variable: controller.ingress.enabled
|
|
default: false
|
|
description: If true, create ingress for rest api, must also set ingress host value
|
|
type: boolean
|
|
label: Controller Ingress Status
|
|
group: "Ingress Configuration"
|
|
show_subquestion_if: true
|
|
subquestions:
|
|
- variable: controller.ingress.host
|
|
default: ""
|
|
description: Must set this host value if ingress is enabled
|
|
type: string
|
|
label: Controller Ingress Host
|
|
group: "Ingress Configuration"
|
|
- variable: controller.ingress.path
|
|
default: "/"
|
|
description: Set ingress path
|
|
type: string
|
|
label: Controller Ingress Path
|
|
group: "Ingress Configuration"
|
|
- variable: controller.ingress.annotations
|
|
default: "{}"
|
|
description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
|
|
type: string
|
|
label: Controller Ingress Annotations
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.mastersvc.ingress.enabled
|
|
default: false
|
|
description: If true, create ingress for rest api, must also set ingress host value
|
|
type: boolean
|
|
label: Controller Federation Master Service Ingress Status
|
|
group: "Ingress Configuration"
|
|
show_subquestion_if: true
|
|
subquestions:
|
|
- variable: controller.federation.mastersvc.ingress.tls
|
|
default: false
|
|
description: If true, TLS is enabled for controller federation master ingress service
|
|
type: boolean
|
|
label: Controller Federation Master Service Ingress TLS Status
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.mastersvc.ingress.host
|
|
default: ""
|
|
description: Must set this host value if ingress is enabled
|
|
type: string
|
|
label: Controller Federation Master Service Ingress Host
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.mastersvc.ingress.path
|
|
default: "/"
|
|
description: Set ingress path
|
|
type: string
|
|
label: Controller Federation Master Service Ingress Path
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.mastersvc.ingress.ingressClassName
|
|
default: ""
|
|
description: To be used instead of the ingress.class annotation if an IngressClass is provisioned
|
|
type: string
|
|
label: Controller Federation Master Service Ingress IngressClassName
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.mastersvc.ingress.secretName
|
|
default: ""
|
|
description: Name of the secret to be used for TLS-encryption
|
|
type: string
|
|
label: Controller Federation Master Service Ingress SecretName
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.mastersvc.ingress.annotations
|
|
default: "{}"
|
|
description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
|
|
type: string
|
|
label: Controller Federation Master Service Ingress Annotations
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.managedsvc.ingress.enabled
|
|
default: false
|
|
description: If true, create ingress for rest api, must also set ingress host value
|
|
type: boolean
|
|
label: Controller Federation Managed Service Ingress Status
|
|
group: "Ingress Configuration"
|
|
show_subquestion_if: true
|
|
subquestions:
|
|
- variable: controller.federation.managedsvc.ingress.tls
|
|
default: false
|
|
description: If true, TLS is enabled for controller federation managed ingress service
|
|
type: boolean
|
|
label: Controller Federation Managed Service Ingress TLS Status
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.managedsvc.ingress.host
|
|
default: ""
|
|
description: Must set this host value if ingress is enabled
|
|
type: string
|
|
label: Controller Federation Managed Service Ingress Host
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.managedsvc.ingress.path
|
|
default: "/"
|
|
description: Set ingress path
|
|
type: string
|
|
label: Controller Federation Managed Service Ingress Path
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.managedsvc.ingress.ingressClassName
|
|
default: ""
|
|
description: To be used instead of the ingress.class annotation if an IngressClass is provisioned
|
|
type: string
|
|
label: Controller Federation Managed Service Ingress IngressClassName
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.managedsvc.ingress.secretName
|
|
default: ""
|
|
description: Name of the secret to be used for TLS-encryption
|
|
type: string
|
|
label: Controller Federation Managed Service Ingress SecretName
|
|
group: "Ingress Configuration"
|
|
- variable: controller.federation.managedsvc.ingress.annotations
|
|
default: "{}"
|
|
description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
|
|
type: string
|
|
label: Controller Federation Managed Service Ingress Annotations
|
|
group: "Ingress Configuration"
|
|
#service configurations
|
|
- variable: manager.svc.type
|
|
default: "NodePort"
|
|
description: Set manager service type for native Kubernetes
|
|
type: enum
|
|
label: Manager service type
|
|
group: "Service Configuration"
|
|
options:
|
|
- "NodePort"
|
|
- "ClusterIP"
|
|
- "LoadBalancer"
|
|
- variable: controller.federation.mastersvc.type
|
|
default: ""
|
|
description: Multi-cluster master cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and ClusterIP
|
|
type: enum
|
|
label: Fed Master Service Type
|
|
group: "Service Configuration"
|
|
options:
|
|
- "NodePort"
|
|
- "ClusterIP"
|
|
- "LoadBalancer"
|
|
- variable: controller.federation.managedsvc.type
|
|
default: ""
|
|
description: Multi-cluster managed cluster service type. If specified, the deployment will be managed by the master clsuter. Possible values include NodePort, LoadBalancer and ClusterIP
|
|
type: enum
|
|
label: Fed Managed service type
|
|
group: "Service Configuration"
|
|
options:
|
|
- "NodePort"
|
|
- "ClusterIP"
|
|
- "LoadBalancer"
|
|
- variable: controller.apisvc.type
|
|
default: "NodePort"
|
|
description: Controller REST API service type
|
|
type: enum
|
|
label: Controller REST API Service Type
|
|
group: "Service Configuration"
|
|
options:
|
|
- "NodePort"
|
|
- "ClusterIP"
|
|
- "LoadBalancer"
|
|
#Other Configuration
|
|
- variable: psp
|
|
default: "false"
|
|
description: NeuVector Pod Security Policy when psp policy is enabled
|
|
type: boolean
|
|
label: Pod Security Policy
|
|
group: "Other Configuration"
|
|
- variable: manager.runAsUser
|
|
default: ""
|
|
description: Specify the run as User ID
|
|
type: int
|
|
label: Manager runAsUser ID
|
|
group: "Other Configuration"
|
|
- variable: cve.scanner.runAsUser
|
|
default: ""
|
|
description: Specify the run as User ID
|
|
type: int
|
|
label: Scanner runAsUser ID
|
|
group: "Other Configuration"
|
|
- variable: cve.updater.runAsUser
|
|
default: ""
|
|
description: Specify the run as User ID
|
|
type: int
|
|
label: Updater runAsUser ID
|
|
group: "Other Configuration"
|