параметры

Версия схемы: 1

  • settings
    объект
    • controller
      объект

      Конфигурация компонента контроллера NeuVector.

      Контроллер управляет политиками, организует сканирование и предоставляет REST API.

      • controller.nodeSelector
        объект

        Структура, аналогичная spec.nodeSelector пода Kubernetes.

        Если параметр не указан, будет определяться автоматически.

        Пример: 


        disktype: ssd
      • controller.storageClass

        The name of StorageClass that will be used in the cluster by default.

        If the value is not specified, the StorageClass will be used according to the global storageClass parameter setting.

        The global storageClass parameter is only considered when the module is enabled. Changing the global storageClass parameter while the module is enabled will not trigger disk re-provisioning.

        Warning. Specifying a value different from the one currently used (in the existing PVC) will result in disk re-provisioning and all data will be deleted.

        If false is specified, emptyDir will be forced to be used.

        Примеры: 


        storageClass: false

        storageClass: nfs-storage-class
      • controller.tolerations
        массив объектов

        The same as in the Pods’ spec.tolerations parameter in Kubernetes.

        If the parameter is omitted or false, it will be determined automatically.

        • controller.tolerations.effect
          строка
        • controller.tolerations.key
          строка
        • controller.tolerations.operator
          строка
        • controller.tolerations.tolerationSeconds
          целочисленный
        • controller.tolerations.value
          строка
    • highAvailability
      булевый

      Manually enable the high availability mode.

      By default, Deckhouse automatically decides whether to enable the HA mode. Click here to learn more about the HA mode for modules.

      Пример: 


      highAvailability: true
    • https
      объект

      What certificate type to use with the neuvector.

      This parameter completely overrides the global.modules.https settings.

      Примеры: 


      customCertificate:
  secretName: foobar
mode: CustomCertificate

      certManager:
  clusterIssuerName: letsencrypt
mode: CertManager
      • https.certManager
        объект
        • https.certManager.clusterIssuerName
          строка
          What ClusterIssuer to use for the neuvector. Currently, letsencrypt, letsencrypt-staging, selfsigned are available; also, you can define your own.

          По умолчанию: letsencrypt

      • https.customCertificate
        объект
        • https.customCertificate.secretName
          строка
          The name of the Secret in the d8-system namespace to use with the neuvector (this Secret must have the kubernetes.io/tls format).

          По умолчанию: false

      • https.mode
        строка

        The HTTPS usage mode:

        • CertManager — the neuvector will use HTTPS and get a certificate from the ClusterIssuer defined in the certManager.clusterIssuerName parameter;
        • CustomCertificate — the neuvector will use the certificate from the d8-system namespace for HTTPS;
        • Disabled — neuvector will not work in this mode;
        • OnlyInURI — the neuvector will work over HTTP (thinking that there is an external HTTPS load balancer in front of it that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme. Load balancer should provide a redirect from HTTP to HTTPS.

        Допустимые значения: Disabled, CertManager, CustomCertificate, OnlyInURI

    • manager
      объект

      Конфигурация компонента менеджера NeuVector (веб-интерфейс).

      Менеджер предоставляет веб-интерфейс пользователя для NeuVector.

      • manager.nodeSelector
        объект

        Структура, аналогичная spec.nodeSelector пода Kubernetes.

        Если параметр не указан, будет определяться автоматически.

        Пример: 


        disktype: ssd
      • manager.tolerations
        массив объектов

        The same as in the Pods’ spec.tolerations parameter in Kubernetes.

        If the parameter is omitted or false, it will be determined automatically.

        • manager.tolerations.effect
          строка
        • manager.tolerations.key
          строка
        • manager.tolerations.operator
          строка
        • manager.tolerations.tolerationSeconds
          целочисленный
        • manager.tolerations.value
          строка
    • scanner
      объект

      Configuration for the NeuVector scanner component.

      The scanner performs vulnerability scanning of container images and registries.

      • scanner.nodeSelector
        объект
        Node selector for scanner pods.

        Пример: 


        disktype: ssd
      • scanner.tolerations
        массив объектов

        The same as in the Pods’ spec.tolerations parameter in Kubernetes.

        If the parameter is omitted or false, it will be determined automatically.

        • scanner.tolerations.effect
          строка
        • scanner.tolerations.key
          строка
        • scanner.tolerations.operator
          строка
        • scanner.tolerations.tolerationSeconds
          целочисленный
        • scanner.tolerations.value
          строка