forked from aquasecurity/aqua-helm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
144 lines (125 loc) · 3.85 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
# in case of openshift will apply SCC
platform: ""
# Specifies the secret data for imagePullSecrets needed to fetch the private docker images
imageCredentials:
create: false
name: aqua-registry-secret ## When create is false please specify
repositoryUriPrefix: registry.aquasec.com # for dockerhub - "docker.io"
registry: registry.aquasec.com #REQUIRED only if create is true, for dockerhub - "index.docker.io/v1/"
username: ""
password: ""
serviceaccount:
create: false
name: aqua-sa
image:
repository: "aqua-cloud-connector"
tag: "2022.4"
pullPolicy: "Always"
replicaCount: 1
securityContext:
runAsUser: 11431
runAsGroup: 11433
fsGroup: 11433
container_securityContext:
privileged: false
gateway:
host: "aqua-gateway-svc.aqua" # Gateway Host Address
port: "8443" # Gateway Port
# Cloud-Connector can authenticate using 2 ways, Token_based authentication and User/Password
authType:
tokenAuth: true # Boolean Value(true/false) to enable/disable token based authentication
userCreds: false # Boolean Value(true/false) to enable/disable user/password authentication
## Token-based authentication
# Add plain text value of cloud connector token generated from aqua ui
token: ""
# ( or )
# To load token from existing secret
tokenFromSecret:
enable: false
secretName: ""
tokenKey: ""
## User/Password authentication
# creates username and password secret using below provided pain-text values.
userCreds:
username: "" # Add plain text value of the Aqua username
password: "" # Add plain text value of the Aqua password
# ( or )
# To load username and password from existing secret
userCredsFromSecret:
enable: false
secretName: ""
userkey: ""
passwordKey: ""
healthPort:
port: "8080" # default is 8080
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
resources: {}
# Note: For recommendations please check the official sizing guide.
# requests:
# cpu: 500m
# memory: 0.5Gi
# limits:
# cpu: 2000m
# memory: 2Gi
# change it to "1" to enable tls_verify b/w Gateway and Cloud-Connector
tls_verify:
value: "0"
# nodeSelector -- Allows to schedule Aqua Cloud Connector on specific nodes
nodeSelector: {}
# tolerations -- Allows to schedule Aqua Cloud Connector on tainted nodes
tolerations: []
# affinity -- Allows to specify affinity for Aqua Cloud Connector PODs
affinity: {}
# podAnnotations -- Allows setting additional annotations for Aqua Cloud Connector PODs
podAnnotations: {}
# Allows you to specify the API version for the PodDisruptionBudget
# This is useful where .Capabilities.APIVersions.Has does not work e.g. Helm template & ArgoCD
# For example: policy/v1beta1 or policy/v1
pdbApiVersion:
# The variables could be provided via values.yaml file as shown below
# or using cli command, for example: --set extraEnvironmentVars.http_proxy="1.1.1.1",extraEnvironmentVars.https_proxy="2.2.2.2"
extraEnvironmentVars: {}
# http_proxy:
# https_proxy:
# no_proxy:
# ENV_NAME: value
# extraSecretEnvironmentVars is a list of extra environment variables to set in the cloud-connector Deployment.
# These variables take value from existing Secret objects.
extraSecretEnvironmentVars: []
# - envName: ENV_NAME
# secretName: name
# secretKey: key
tunnels:
# Host endpoints for Azure Functions
azure_functions:
host: ""
port: ""
# ACR - Azure Container Registry
azure:
registryHost: ""
registryPort: ""
# ECR - Amazon Elastic Container Registry
aws:
registryHost: ""
registryPort: ""
type: ""
region: ""
# GCR - Google Container Registry
gcp:
registryHost: ""
registryPort: ""
# JFrog Container Registry
jfrog:
registryHost: ""
registryPort: ""
# Onprem Container Registry
onprem:
registryHost: ""
registryPort: ""