forked from aquasecurity/aqua-helm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
130 lines (120 loc) · 4.08 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# Specifies the secret data for imagePullSecrets needed to fetch the private docker images
imageCredentials:
create: true
name: aqua-registry-secret # example
repositoryUriPrefix: "registry.aquasec.com" # for dockerhub - "docker.io"
registry: "registry.aquasec.com" #REQUIRED only if create is true, for dockerhub - "index.docker.io/v1/"
username: ""
password: ""
rbac:
enabled: true
privileged: true
roleRef:
platform: "" #Please specify k8s platform acronym. Allowed values are aks, eks, gke, openshift
console:
publicIP: ""
publicPort: ""
serviceAccount:
name: "aqua-sa"
db:
external:
enabled: false
name: ""
host: ""
port: ""
user: ""
password:
auditName: ""
auditHost: ""
auditPort: ""
auditUser: ""
auditPassword:
pubsubName: ""
pubsubHost: ""
pubsubPort: ""
pubsubUser: ""
pubsubPassword: ""
passwordFromSecret:
enabled: false #Enable if loading passwords for db and audit-db from secret
dbPasswordName: "" #Specify the Password Secret name used for db password
dbPasswordKey: "" #Specify the db password key name stored in the #dbPasswordName secret
dbAuditPasswordName: "" #Specify the Password Secret name used for audit db password
dbAuditPasswordKey: "" #Specify the audit db password key name stored in the #dbAuditPasswordName secret
dbPubsubPasswordName: "" #Specify the Password Secret name used for pubsub db password
dbPubsubPasswordKey: "" #Specify the pubsub db password key name stored in the #PubsubPasswordName secret
ssl: false
auditssl: false
pubsubssl: false
gate:
replicaCount: 1
logLevel:
image:
repository: gateway
tag: "5.3"
pullPolicy: IfNotPresent
service:
type: ClusterIP # you can enable gateway to external by changing type to "LoadBalancer"
loadbalancerIP: "" # Specify loadBalancerIP address for aqua-web in AKS platform
annotations: {}
ports:
- name: aqua-gate
port: 3622
targetPort: 3622
nodePort:
protocol: TCP
- name: aqua-gate-ssl
port: 8443
targetPort: 8443
nodePort:
protocol: TCP
- name: aqua-health
port: 8082
protocol: TCP
targetPort: 8082
nodePort:
publicIP:
livenessProbe:
httpGet:
path: /
port: 8082
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
tcpSocket:
port: 8443
initialDelaySeconds: 60
periodSeconds: 60
resources: {}
# Note: For recommendations please check the official sizing guide.
# requests:
# cpu: 100m
# memory: 0.2Gi
# limits:
# cpu: 1000m
# memory: 2Gi
nodeSelector: {}
tolerations: []
affinity: {}
securityContext:
runAsUser: 11431
runAsGroup: 11433
fsGroup: 11433
container_securityContext: {}
# TLS is for enabling mTLS/TLS establishment between gateway <-> server and gateway <-> enforcers
TLS:
enabled: false # enable to true for secure communication (mTLS/TLS)
secretName: "" # provide certificates secret name created to enable tls/mtls communication between enforcer and gateway/envoy
publicKey_fileName: "" #provide filename of the public key eg: aqua_gateway.crt
privateKey_fileName: "" #provide filename of the private key eg: aqua_gateway.key
rootCA_fileName: "" #provide filename of the rootCA, if using self-signed certificates eg: rootCA.crt
aqua_verify_enforcer: "0" # change it to "1" for enabling mTLS between enforcer and gateway/envoy
# extraEnvironmentVars is a list of extra environment variables to set in the gateway deployments.
# https://docs.aquasec.com/docs/gateway-optional-variables
extraEnvironmentVars: {}
# ENV_NAME: value
# extraSecretEnvironmentVars is a list of extra environment variables to set in the gateway deployments.
# These variables take value from existing Secret objects.
extraSecretEnvironmentVars: []
# - envName: ENV_NAME
# secretName: name
# secretKey: key