helm show values sentinelone/s1-agent
Jump to navigation
Jump to search
helm show values sentinelone/s1-agent
# For the simplest of deployments, where you use your own package registry and create all secrets in this deployment, all values
# that you typically need to edit are shown under "configuration"
#
configuration:
cluster:
name: "" # set the name of your cluster
image:
agent: "" # Leave empty to use agent repositories and tags values below, or provide a full image (with repo:tag) value to override them
helper: "" # Leave empty to use helper repositories and tags values below, or provide a full image (with repo:tag) value to override them
repositories:
agent: "cwpp_agent/s1agent" # Edit and add your own registry paths
helper: "cwpp_agent/s1helper" # Edit and add your own registry paths
tag:
agent: "23.4.1" # IF you want to use a different tag for the agent (only do so if advised by support), please replace this with the relevant tag for the agent image
helper: "23.4.1" # IF you want to use a different tag for the helper (only do so if advised by support), please replace this with the relevant tag for the helper image
proxy: "" # specify a proxy server (in URL format), if needed
dv_proxy: "" # specify a proxy server for Deep-Visibility (in URL format), if needed
env:
agent:
host_mount_path: # leave default unless host path is mounted elsewhere in your environment
persistent_dir: # path on the node to a directory that will be used for persistent storage (logs, configuration, etc.)
heap_trimming_enable: # to enable/disable heap trimming, set to 'true'/'false'
heap_trimming_interval: # heap trimming default interval (s)
log_level: "" # info, error, warning, debug, trace (defaults to 'info')
pod_uid: 1000 # uid of the default pod user
pod_gid: 1000 # gid of the default pod group
watchdog_healthcheck_timeout: 15 # watchdog healthcheck timeout before exiting the pod entrypoint. (seconds, 0=disabled)
helper_healthcheck_retry: 60 # amount of tries to verify the helper service is running before starting the agent.
helper_healthcheck_interval: 5 # time to wait between each try. (seconds)
fips_enabled: # to enable/disable FIPS mode, set to 'true'/'false'
helper:
log_level: "" # info, error, warning, debug, trace (defaults to 'info')
injection:
enabled: false # to enable agent injection mode on AWS Fargate, set to 'true'
# If you are using an on-prem console with an un-trusted CA, you need to provide the CA
# certificate(s) and intermediaries, if needed, under files/*.pem in PEM format
custom_ca: false
custom_ca_path:
imagePullPolicy: "" # defaults to IfNotPresent
platform:
type: kubernetes # platform-specific support: defaults to kubernetes. possible values: kubernetes, openshift and
# serverless for kubernetes cluster without nodes (currently Fargate only). For serverless
# cluster with nodes as well, use kubernetes type.
# optional settings, used with OpenShift only:
openshift:
scc:
create: true # enable only if you are using OpenShift; this enables creation of a SecurityContextConstraint required to run on OpenShift
secrets:
imagePullSecret: "" # you need to specify the name of the image pull secret (created outside this chart)
helper_certificate: "" # you need to specify the name of the helper signed certificate secret (created outside this chart)
helper_token: "" # you need to specify the name of the helper token secret (created outside this chart)
site_key: # if neither were supplied, the agent will work offline mode
value: "" # set site token if you want a secret to be crated with that value.
name: "" # set the name of a pre-existing secret to use
# Most users will not want to make changes below this line.
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: sentinelone
agentInjection:
selector:
namespaceSelector:
matchLabels:
agent-injection-enabled: "true"
resources:
limits:
cpu: 900m
memory: 1500Mi
requests:
cpu: 100m
memory: 800Mi
helper:
fullnameOverride: ""
nameOverride: ""
labels: {}
nodeSelector: {}
priorityClassName: ""
tolerations: {}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
probe: false
# Default values for the helper security context
securityContext:
runAsUser: 1000
runAsGroup: 1000
resources:
limits:
cpu: 900m
memory: 1945Mi # Almost equals to 1.9Gi but isn't fractional
requests:
cpu: 100m
memory: 100Mi
# Specifies whether cluster role and cluster role bindings should be created
rbac:
create: true
agent:
capabilities:
- DAC_OVERRIDE
- DAC_READ_SEARCH
- FOWNER
- SETGID
- SETUID
- SYS_ADMIN
- SYS_PTRACE
- SYS_RESOURCE
- SYSLOG
- SYS_CHROOT
- CHOWN
- SYS_MODULE
- KILL
- NET_ADMIN
- NET_RAW
fullnameOverride: ""
nameOverride: ""
updateStrategy: ""
labels: {}
nodeSelector: {}
priorityClassName: ""
podAnnotations: ""
apparmorAnnotation: container.apparmor.security.beta.kubernetes.io/s1-agent
apparmorPolicy: unconfined
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: eks.amazonaws.com/compute-type
operator: NotIn
values:
- fargate
resources:
limits:
cpu: 900m
memory: 1945Mi # Almost equals to 1.9Gi but isn't fractional
requests:
cpu: 100m
memory: 800Mi
service:
annotations: {}
fullnameOverride: ""
nameOverride: ""
helm search repo sentinelone
- SentinelOne, Scalyr, SIEM, SOC, EDR
Advertising:
