parameters

Schema version: 1

  • settings
    object
    • controller
      object

      Configuration for the NeuVector controller component.

      The controller manages policies, orchestrates scanning, and provides the REST API.

      • controller.nodeSelector
        object

        The same as in the pods’ spec.nodeSelector parameter in Kubernetes.

        If the parameter is omitted, it will be determined automatically.

        Example: 


        disktype: ssd
      • controller.storageClass

        The name of StorageClass that will be used in the cluster by default.

        If the value is not specified, the StorageClass will be used according to the global storageClass parameter setting.

        The global storageClass parameter is only considered when the module is enabled. Changing the global storageClass parameter while the module is enabled will not trigger disk re-provisioning.

        Warning. Specifying a value different from the one currently used (in the existing PVC) will result in disk re-provisioning and all data will be deleted.

        If false is specified, emptyDir will be forced to be used.

        Examples: 


        storageClass: false

        storageClass: nfs-storage-class
      • controller.tolerations
        array of objects

        The same as in the Pods’ spec.tolerations parameter in Kubernetes.

        If the parameter is omitted or false, it will be determined automatically.

        • controller.tolerations.effect
          string
        • controller.tolerations.key
          string
        • controller.tolerations.operator
          string
        • controller.tolerations.tolerationSeconds
          integer
        • controller.tolerations.value
          string
    • highAvailability
      boolean

      Manually enable the high availability mode.

      By default, Deckhouse automatically decides whether to enable the HA mode. Click here to learn more about the HA mode for modules.

      Example: 


      highAvailability: true
    • https
      object

      What certificate type to use with the neuvector.

      This parameter completely overrides the global.modules.https settings.

      Examples: 


      customCertificate:
  secretName: foobar
mode: CustomCertificate

      certManager:
  clusterIssuerName: letsencrypt
mode: CertManager
      • https.certManager
        object
        • https.certManager.clusterIssuerName
          string
          What ClusterIssuer to use for the neuvector. Currently, letsencrypt, letsencrypt-staging, selfsigned are available; also, you can define your own.

          Default: letsencrypt

      • https.customCertificate
        object
        • https.customCertificate.secretName
          string
          The name of the Secret in the d8-system namespace to use with the neuvector (this Secret must have the kubernetes.io/tls format).

          Default: false

      • https.mode
        string

        The HTTPS usage mode:

        • CertManager — the neuvector will use HTTPS and get a certificate from the ClusterIssuer defined in the certManager.clusterIssuerName parameter;
        • CustomCertificate — the neuvector will use the certificate from the d8-system namespace for HTTPS;
        • Disabled — neuvector will not work in this mode;
        • OnlyInURI — the neuvector will work over HTTP (thinking that there is an external HTTPS load balancer in front of it that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme. Load balancer should provide a redirect from HTTP to HTTPS.

        Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

    • manager
      object

      Configuration for the NeuVector manager (web UI) component.

      The manager provides the web-based user interface for NeuVector.

      • manager.nodeSelector
        object

        The same as in the pods’ spec.nodeSelector parameter in Kubernetes.

        If the parameter is omitted, it will be determined automatically.

        Example: 


        disktype: ssd
      • manager.tolerations
        array of objects

        The same as in the Pods’ spec.tolerations parameter in Kubernetes.

        If the parameter is omitted or false, it will be determined automatically.

        • manager.tolerations.effect
          string
        • manager.tolerations.key
          string
        • manager.tolerations.operator
          string
        • manager.tolerations.tolerationSeconds
          integer
        • manager.tolerations.value
          string
    • scanner
      object

      Configuration for the NeuVector scanner component.

      The scanner performs vulnerability scanning of container images and registries.

      • scanner.nodeSelector
        object
        Node selector for scanner pods.

        Example: 


        disktype: ssd
      • scanner.tolerations
        array of objects

        The same as in the Pods’ spec.tolerations parameter in Kubernetes.

        If the parameter is omitted or false, it will be determined automatically.

        • scanner.tolerations.effect
          string
        • scanner.tolerations.key
          string
        • scanner.tolerations.operator
          string
        • scanner.tolerations.tolerationSeconds
          integer
        • scanner.tolerations.value
          string