Difference between revisions of "Helm show values sentinelone/s1-agent"

From wikieduonline
Jump to navigation Jump to search
Line 2: Line 2:
 
  [[helm show values]] sentinelone/[[s1-agent]]
 
  [[helm show values]] sentinelone/[[s1-agent]]
  
  [[helm search repo sentinelone]]
+
  # For the simplest of deployments, where you use your own package registry and create all secrets in this deployment, all values
 +
# that you typically need to edit are shown under "configuration"
 +
#
 +
configuration:
 +
  cluster:
 +
    name: "" # set the name of your cluster
 +
  image:
 +
    agent: "" # Leave empty to use agent repositories and tags values below, or provide a full image (with repo:tag) value to override them
 +
    helper: "" # Leave empty to use helper repositories and tags values below, or provide a full image (with repo:tag) value to override them
 +
  repositories:
 +
    agent: "cwpp_agent/s1agent" # Edit and add your own registry paths
 +
    helper: "cwpp_agent/s1helper" # Edit and add your own registry paths
 +
  tag:
 +
    agent: "23.4.1" # IF you want to use a different tag for the agent (only do so if advised by support), please replace this with the relevant tag for the agent image
 +
    helper: "23.4.1" # IF you want to use a different tag for the helper (only do so if advised by support), please replace this with the relevant tag for the helper image
 +
  proxy: "" # specify a proxy server (in URL format), if needed
 +
  dv_proxy: "" # specify a proxy server for Deep-Visibility (in URL format), if needed
 +
  env:
 +
    agent:
 +
      host_mount_path: # leave default unless host path is mounted elsewhere in your environment
 +
      persistent_dir: # path on the node to a directory that will be used for persistent storage (logs, configuration, etc.)
 +
      heap_trimming_enable: # to enable/disable heap trimming, set to 'true'/'false'
 +
      heap_trimming_interval: # heap trimming default interval (s)
 +
      log_level: "" # info, error, warning, debug, trace (defaults to 'info')
 +
      pod_uid: 1000 # uid of the default pod user
 +
      pod_gid: 1000 # gid of the default pod group
 +
      watchdog_healthcheck_timeout: 15 # watchdog healthcheck timeout before exiting the pod entrypoint. (seconds, 0=disabled)
 +
      helper_healthcheck_retry: 60 # amount of tries to verify the helper service is running before starting the agent.
 +
      helper_healthcheck_interval: 5 # time to wait between each try. (seconds)
 +
      fips_enabled: # to enable/disable FIPS mode, set to 'true'/'false'
 +
    helper:
 +
      log_level: "" # info, error, warning, debug, trace (defaults to 'info')
 +
    injection:
 +
      enabled: false # to enable agent injection mode on AWS Fargate, set to 'true'
 +
  # If you are using an on-prem console with an un-trusted CA, you need to provide the CA
 +
  # certificate(s) and intermediaries, if needed, under files/*.pem in PEM format
 +
  custom_ca: false
 +
  custom_ca_path:
 +
  imagePullPolicy: "" # defaults to IfNotPresent
 +
  platform:
 +
    type: kubernetes # platform-specific support: defaults to kubernetes. possible values: kubernetes, openshift and
 +
                      # serverless for kubernetes cluster without nodes (currently Fargate only). For serverless
 +
                      # cluster with nodes as well, use kubernetes type.
 +
    # optional settings, used with OpenShift only:
 +
    openshift:
 +
      scc:
 +
        create: true # enable only if you are using OpenShift; this enables creation of a SecurityContextConstraint required to run on OpenShift
 +
 +
secrets:
 +
  imagePullSecret: "" # you need to specify the name of the image pull secret (created outside this chart)
 +
  helper_certificate: "" # you need to specify the name of the helper signed certificate secret (created outside this chart)
 +
  helper_token: "" # you need to specify the name of the helper token secret (created outside this chart)
 +
  site_key: # if neither were supplied, the agent will work offline mode
 +
    value: "" # set site token if you want a secret to be crated with that value.
 +
    name: "" # set the name of a pre-existing secret to use
 +
 +
# Most users will not want to make changes below this line.
 +
 +
serviceAccount:
 +
  # Specifies whether a service account should be created
 +
  create: true
 +
  # The name of the service account to use.
 +
  # If not set and create is true, a name is generated using the fullname template
 +
  name: sentinelone
 +
 +
agentInjection:
 +
  selector:
 +
    namespaceSelector:
 +
      matchLabels:
 +
        agent-injection-enabled: "true"
 +
  resources:
 +
    limits:
 +
      cpu: 900m
 +
      memory: 1500Mi
 +
    requests:
 +
      cpu: 100m
 +
      memory: 800Mi
 +
 +
helper:
 +
  fullnameOverride: ""
 +
  nameOverride: ""
 +
  labels: {}
 +
  nodeSelector: {}
 +
  priorityClassName: ""
 +
  tolerations: {}
 +
  affinity:
 +
    nodeAffinity:
 +
      requiredDuringSchedulingIgnoredDuringExecution:
 +
        nodeSelectorTerms:
 +
        - matchExpressions:
 +
          - key: kubernetes.io/os
 +
            operator: In
 +
            values:
 +
            - linux
 +
  probe: false
 +
  # Default values for the helper security context
 +
  securityContext:
 +
    runAsUser: 1000
 +
    runAsGroup: 1000
 +
  resources:
 +
    limits:
 +
      cpu: 900m
 +
      memory: 1945Mi # Almost equals to 1.9Gi but isn't fractional
 +
    requests:
 +
      cpu: 100m
 +
      memory: 100Mi
 +
  # Specifies whether cluster role and cluster role bindings should be created
 +
  rbac:
 +
    create: true
 +
 +
agent:
 +
  capabilities:
 +
    - DAC_OVERRIDE
 +
    - DAC_READ_SEARCH
 +
    - FOWNER
 +
    - SETGID
 +
    - SETUID
 +
    - SYS_ADMIN
 +
    - SYS_PTRACE
 +
    - SYS_RESOURCE
 +
    - SYSLOG
 +
    - SYS_CHROOT
 +
    - CHOWN
 +
    - SYS_MODULE
 +
    - KILL
 +
    - NET_ADMIN
 +
    - NET_RAW
 +
  fullnameOverride: ""
 +
  nameOverride: ""
 +
  updateStrategy: ""
 +
  labels: {}
 +
  nodeSelector: {}
 +
  priorityClassName: ""
 +
  podAnnotations: ""
 +
  apparmorAnnotation: container.apparmor.security.beta.kubernetes.io/s1-agent
 +
  apparmorPolicy: unconfined
 +
  tolerations:
 +
    - effect: NoExecute
 +
      operator: Exists
 +
    - effect: NoSchedule
 +
      operator: Exists
 +
  affinity:
 +
    nodeAffinity:
 +
      requiredDuringSchedulingIgnoredDuringExecution:
 +
        nodeSelectorTerms:
 +
        - matchExpressions:
 +
          - key: kubernetes.io/os
 +
            operator: In
 +
            values:
 +
            - linux
 +
          - key: eks.amazonaws.com/compute-type
 +
            operator: NotIn
 +
            values:
 +
            - fargate
 +
  resources:
 +
    limits:
 +
      cpu: 900m
 +
      memory: 1945Mi # Almost equals to 1.9Gi but isn't fractional
 +
    requests:
 +
      cpu: 100m
 +
      memory: 800Mi
 +
 +
service:
 +
  annotations: {}
 +
 +
fullnameOverride: ""
 +
nameOverride: ""
 +
 +
 
 +
 
  
  
 +
[[helm search repo sentinelone]]
  
  
{{SentinelOne}}
+
* {{SentinelOne}}

Revision as of 16:37, 23 January 2024

helm show values sentinelone/s1-agent

# For the simplest of deployments, where you use your own package registry and create all secrets in this deployment, all values
# that you typically need to edit are shown under "configuration"
#
configuration:
  cluster:
    name: "" # set the name of your cluster
  image:
    agent: "" # Leave empty to use agent repositories and tags values below, or provide a full image (with repo:tag) value to override them
    helper: "" # Leave empty to use helper repositories and tags values below, or provide a full image (with repo:tag) value to override them
  repositories:
    agent: "cwpp_agent/s1agent" # Edit and add your own registry paths
    helper: "cwpp_agent/s1helper" # Edit and add your own registry paths
  tag:
    agent: "23.4.1" # IF you want to use a different tag for the agent (only do so if advised by support), please replace this with the relevant tag for the agent image
    helper: "23.4.1" # IF you want to use a different tag for the helper (only do so if advised by support), please replace this with the relevant tag for the helper image
  proxy: "" # specify a proxy server (in URL format), if needed
  dv_proxy: "" # specify a proxy server for Deep-Visibility (in URL format), if needed
  env:
    agent:
      host_mount_path: # leave default unless host path is mounted elsewhere in your environment
      persistent_dir: # path on the node to a directory that will be used for persistent storage (logs, configuration, etc.)
      heap_trimming_enable: # to enable/disable heap trimming, set to 'true'/'false'
      heap_trimming_interval: # heap trimming default interval (s)
      log_level: "" # info, error, warning, debug, trace (defaults to 'info')
      pod_uid: 1000 # uid of the default pod user
      pod_gid: 1000 # gid of the default pod group
      watchdog_healthcheck_timeout: 15 # watchdog healthcheck timeout before exiting the pod entrypoint. (seconds, 0=disabled)
      helper_healthcheck_retry: 60 # amount of tries to verify the helper service is running before starting the agent.
      helper_healthcheck_interval: 5 # time to wait between each try. (seconds)
      fips_enabled: # to enable/disable FIPS mode, set to 'true'/'false'
    helper:
      log_level: "" # info, error, warning, debug, trace (defaults to 'info')
    injection:
      enabled: false # to enable agent injection mode on AWS Fargate, set to 'true'
  # If you are using an on-prem console with an un-trusted CA, you need to provide the CA
  # certificate(s) and intermediaries, if needed, under files/*.pem in PEM format
  custom_ca: false
  custom_ca_path:
  imagePullPolicy: "" # defaults to IfNotPresent
  platform:
    type: kubernetes # platform-specific support: defaults to kubernetes. possible values: kubernetes, openshift and
                     # serverless for kubernetes cluster without nodes (currently Fargate only). For serverless
                     # cluster with nodes as well, use kubernetes type.
    # optional settings, used with OpenShift only:
    openshift:
      scc:
        create: true # enable only if you are using OpenShift; this enables creation of a SecurityContextConstraint required to run on OpenShift

secrets:
  imagePullSecret: "" # you need to specify the name of the image pull secret (created outside this chart)
  helper_certificate: "" # you need to specify the name of the helper signed certificate secret (created outside this chart)
  helper_token: "" # you need to specify the name of the helper token secret (created outside this chart)
  site_key: # if neither were supplied, the agent will work offline mode
    value: "" # set site token if you want a secret to be crated with that value.
    name: "" # set the name of a pre-existing secret to use

# Most users will not want to make changes below this line.

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: sentinelone

agentInjection:
  selector:
    namespaceSelector:
      matchLabels:
        agent-injection-enabled: "true"
  resources:
    limits:
      cpu: 900m
      memory: 1500Mi
    requests:
      cpu: 100m
      memory: 800Mi

helper:
  fullnameOverride: ""
  nameOverride: ""
  labels: {}
  nodeSelector: {}
  priorityClassName: ""
  tolerations: {}
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/os
            operator: In
            values:
            - linux
  probe: false
  # Default values for the helper security context
  securityContext:
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    limits:
      cpu: 900m
      memory: 1945Mi # Almost equals to 1.9Gi but isn't fractional
    requests:
      cpu: 100m
      memory: 100Mi
  # Specifies whether cluster role and cluster role bindings should be created
  rbac:
    create: true

agent:
  capabilities:
    - DAC_OVERRIDE
    - DAC_READ_SEARCH
    - FOWNER
    - SETGID
    - SETUID
    - SYS_ADMIN
    - SYS_PTRACE
    - SYS_RESOURCE
    - SYSLOG
    - SYS_CHROOT
    - CHOWN
    - SYS_MODULE
    - KILL
    - NET_ADMIN
    - NET_RAW
  fullnameOverride: ""
  nameOverride: ""
  updateStrategy: ""
  labels: {}
  nodeSelector: {}
  priorityClassName: ""
  podAnnotations: ""
  apparmorAnnotation: container.apparmor.security.beta.kubernetes.io/s1-agent
  apparmorPolicy: unconfined
  tolerations:
    - effect: NoExecute
      operator: Exists
    - effect: NoSchedule
      operator: Exists
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/os
            operator: In
            values:
            - linux
          - key: eks.amazonaws.com/compute-type
            operator: NotIn
            values:
            - fargate
  resources:
    limits:
      cpu: 900m
      memory: 1945Mi # Almost equals to 1.9Gi but isn't fractional
    requests:
      cpu: 100m
      memory: 800Mi

service:
  annotations: {}

fullnameOverride: ""
nameOverride: ""





helm search repo sentinelone


Retrieved from "https://www.wikieduonline.com/index.php?title=Helm_show_values_sentinelone/s1-agent&oldid=292345"

Advertising: