Difference between revisions of "Helm show values sentinelone/s1-agent"

From wikieduonline
Jump to navigation Jump to search
 
Line 152: Line 152:
 
             values:
 
             values:
 
             - linux
 
             - linux
           - key: eks.amazonaws.com/compute-type
+
           - key: [[eks.amazonaws.com/compute-type]]
 
             operator: NotIn
 
             operator: NotIn
 
             values:
 
             values:

Latest revision as of 16:39, 23 January 2024

helm show values sentinelone/s1-agent
# For the simplest of deployments, where you use your own package registry and create all secrets in this deployment, all values
# that you typically need to edit are shown under "configuration"
#
configuration:
  cluster:
    name: "" # set the name of your cluster
  image:
    agent: "" # Leave empty to use agent repositories and tags values below, or provide a full image (with repo:tag) value to override them
    helper: "" # Leave empty to use helper repositories and tags values below, or provide a full image (with repo:tag) value to override them
  repositories:
    agent: "cwpp_agent/s1agent" # Edit and add your own registry paths
    helper: "cwpp_agent/s1helper" # Edit and add your own registry paths
  tag:
    agent: "23.4.1" # IF you want to use a different tag for the agent (only do so if advised by support), please replace this with the relevant tag for the agent image
    helper: "23.4.1" # IF you want to use a different tag for the helper (only do so if advised by support), please replace this with the relevant tag for the helper image
  proxy: "" # specify a proxy server (in URL format), if needed
  dv_proxy: "" # specify a proxy server for Deep-Visibility (in URL format), if needed
  env:
    agent:
      host_mount_path: # leave default unless host path is mounted elsewhere in your environment
      persistent_dir: # path on the node to a directory that will be used for persistent storage (logs, configuration, etc.)
      heap_trimming_enable: # to enable/disable heap trimming, set to 'true'/'false'
      heap_trimming_interval: # heap trimming default interval (s)
      log_level: "" # info, error, warning, debug, trace (defaults to 'info')
      pod_uid: 1000 # uid of the default pod user
      pod_gid: 1000 # gid of the default pod group
      watchdog_healthcheck_timeout: 15 # watchdog healthcheck timeout before exiting the pod entrypoint. (seconds, 0=disabled)
      helper_healthcheck_retry: 60 # amount of tries to verify the helper service is running before starting the agent.
      helper_healthcheck_interval: 5 # time to wait between each try. (seconds)
      fips_enabled: # to enable/disable FIPS mode, set to 'true'/'false'
    helper:
      log_level: "" # info, error, warning, debug, trace (defaults to 'info')
    injection:
      enabled: false # to enable agent injection mode on AWS Fargate, set to 'true'
  # If you are using an on-prem console with an un-trusted CA, you need to provide the CA
  # certificate(s) and intermediaries, if needed, under files/*.pem in PEM format
  custom_ca: false
  custom_ca_path:
  imagePullPolicy: "" # defaults to IfNotPresent
  platform:
    type: kubernetes # platform-specific support: defaults to kubernetes. possible values: kubernetes, openshift and
                     # serverless for kubernetes cluster without nodes (currently Fargate only). For serverless
                     # cluster with nodes as well, use kubernetes type.
    # optional settings, used with OpenShift only:
    openshift:
      scc:
        create: true # enable only if you are using OpenShift; this enables creation of a SecurityContextConstraint required to run on OpenShift

secrets:
  imagePullSecret: "" # you need to specify the name of the image pull secret (created outside this chart)
  helper_certificate: "" # you need to specify the name of the helper signed certificate secret (created outside this chart)
  helper_token: "" # you need to specify the name of the helper token secret (created outside this chart)
  site_key: # if neither were supplied, the agent will work offline mode
    value: "" # set site token if you want a secret to be crated with that value.
    name: "" # set the name of a pre-existing secret to use

# Most users will not want to make changes below this line.

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: sentinelone

agentInjection:
  selector:
    namespaceSelector:
      matchLabels:
        agent-injection-enabled: "true"
  resources:
    limits:
      cpu: 900m
      memory: 1500Mi
    requests:
      cpu: 100m
      memory: 800Mi

helper:
  fullnameOverride: ""
  nameOverride: ""
  labels: {}
  nodeSelector: {}
  priorityClassName: ""
  tolerations: {}
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/os
            operator: In
            values:
            - linux
  probe: false
  # Default values for the helper security context
  securityContext:
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    limits:
      cpu: 900m
      memory: 1945Mi # Almost equals to 1.9Gi but isn't fractional
    requests:
      cpu: 100m
      memory: 100Mi
  # Specifies whether cluster role and cluster role bindings should be created
  rbac:
    create: true

agent:
  capabilities:
    - DAC_OVERRIDE
    - DAC_READ_SEARCH
    - FOWNER
    - SETGID
    - SETUID
    - SYS_ADMIN
    - SYS_PTRACE
    - SYS_RESOURCE
    - SYSLOG
    - SYS_CHROOT
    - CHOWN
    - SYS_MODULE
    - KILL
    - NET_ADMIN
    - NET_RAW
  fullnameOverride: ""
  nameOverride: ""
  updateStrategy: ""
  labels: {}
  nodeSelector: {}
  priorityClassName: ""
  podAnnotations: ""
  apparmorAnnotation: container.apparmor.security.beta.kubernetes.io/s1-agent
  apparmorPolicy: unconfined
  tolerations:
    - effect: NoExecute
      operator: Exists
    - effect: NoSchedule
      operator: Exists
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/os
            operator: In
            values:
            - linux
          - key: eks.amazonaws.com/compute-type
            operator: NotIn
            values:
            - fargate
  resources:
    limits:
      cpu: 900m
      memory: 1945Mi # Almost equals to 1.9Gi but isn't fractional
    requests:
      cpu: 100m
      memory: 800Mi

service:
  annotations: {}

fullnameOverride: ""
nameOverride: ""



helm search repo sentinelone


Advertising: