Difference between revisions of "Helm show values sentinelone/s1-agent"
Jump to navigation
Jump to search
Line 152: | Line 152: | ||
values: | values: | ||
- linux | - linux | ||
− | - key: eks.amazonaws.com/compute-type | + | - key: [[eks.amazonaws.com/compute-type]] |
operator: NotIn | operator: NotIn | ||
values: | values: |
Latest revision as of 16:39, 23 January 2024
helm show values sentinelone/s1-agent
# For the simplest of deployments, where you use your own package registry and create all secrets in this deployment, all values # that you typically need to edit are shown under "configuration" # configuration: cluster: name: "" # set the name of your cluster image: agent: "" # Leave empty to use agent repositories and tags values below, or provide a full image (with repo:tag) value to override them helper: "" # Leave empty to use helper repositories and tags values below, or provide a full image (with repo:tag) value to override them repositories: agent: "cwpp_agent/s1agent" # Edit and add your own registry paths helper: "cwpp_agent/s1helper" # Edit and add your own registry paths tag: agent: "23.4.1" # IF you want to use a different tag for the agent (only do so if advised by support), please replace this with the relevant tag for the agent image helper: "23.4.1" # IF you want to use a different tag for the helper (only do so if advised by support), please replace this with the relevant tag for the helper image proxy: "" # specify a proxy server (in URL format), if needed dv_proxy: "" # specify a proxy server for Deep-Visibility (in URL format), if needed env: agent: host_mount_path: # leave default unless host path is mounted elsewhere in your environment persistent_dir: # path on the node to a directory that will be used for persistent storage (logs, configuration, etc.) heap_trimming_enable: # to enable/disable heap trimming, set to 'true'/'false' heap_trimming_interval: # heap trimming default interval (s) log_level: "" # info, error, warning, debug, trace (defaults to 'info') pod_uid: 1000 # uid of the default pod user pod_gid: 1000 # gid of the default pod group watchdog_healthcheck_timeout: 15 # watchdog healthcheck timeout before exiting the pod entrypoint. (seconds, 0=disabled) helper_healthcheck_retry: 60 # amount of tries to verify the helper service is running before starting the agent. helper_healthcheck_interval: 5 # time to wait between each try. (seconds) fips_enabled: # to enable/disable FIPS mode, set to 'true'/'false' helper: log_level: "" # info, error, warning, debug, trace (defaults to 'info') injection: enabled: false # to enable agent injection mode on AWS Fargate, set to 'true' # If you are using an on-prem console with an un-trusted CA, you need to provide the CA # certificate(s) and intermediaries, if needed, under files/*.pem in PEM format custom_ca: false custom_ca_path: imagePullPolicy: "" # defaults to IfNotPresent platform: type: kubernetes # platform-specific support: defaults to kubernetes. possible values: kubernetes, openshift and # serverless for kubernetes cluster without nodes (currently Fargate only). For serverless # cluster with nodes as well, use kubernetes type. # optional settings, used with OpenShift only: openshift: scc: create: true # enable only if you are using OpenShift; this enables creation of a SecurityContextConstraint required to run on OpenShift secrets: imagePullSecret: "" # you need to specify the name of the image pull secret (created outside this chart) helper_certificate: "" # you need to specify the name of the helper signed certificate secret (created outside this chart) helper_token: "" # you need to specify the name of the helper token secret (created outside this chart) site_key: # if neither were supplied, the agent will work offline mode value: "" # set site token if you want a secret to be crated with that value. name: "" # set the name of a pre-existing secret to use # Most users will not want to make changes below this line. serviceAccount: # Specifies whether a service account should be created create: true # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: sentinelone agentInjection: selector: namespaceSelector: matchLabels: agent-injection-enabled: "true" resources: limits: cpu: 900m memory: 1500Mi requests: cpu: 100m memory: 800Mi helper: fullnameOverride: "" nameOverride: "" labels: {} nodeSelector: {} priorityClassName: "" tolerations: {} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux probe: false # Default values for the helper security context securityContext: runAsUser: 1000 runAsGroup: 1000 resources: limits: cpu: 900m memory: 1945Mi # Almost equals to 1.9Gi but isn't fractional requests: cpu: 100m memory: 100Mi # Specifies whether cluster role and cluster role bindings should be created rbac: create: true agent: capabilities: - DAC_OVERRIDE - DAC_READ_SEARCH - FOWNER - SETGID - SETUID - SYS_ADMIN - SYS_PTRACE - SYS_RESOURCE - SYSLOG - SYS_CHROOT - CHOWN - SYS_MODULE - KILL - NET_ADMIN - NET_RAW fullnameOverride: "" nameOverride: "" updateStrategy: "" labels: {} nodeSelector: {} priorityClassName: "" podAnnotations: "" apparmorAnnotation: container.apparmor.security.beta.kubernetes.io/s1-agent apparmorPolicy: unconfined tolerations: - effect: NoExecute operator: Exists - effect: NoSchedule operator: Exists affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux - key: eks.amazonaws.com/compute-type operator: NotIn values: - fargate resources: limits: cpu: 900m memory: 1945Mi # Almost equals to 1.9Gi but isn't fractional requests: cpu: 100m memory: 800Mi service: annotations: {} fullnameOverride: "" nameOverride: ""
helm search repo sentinelone
- SentinelOne, Scalyr, SIEM, SOC, EDR
Advertising: