Advanced Kubernetes Integration
You can customize the deployment of Panoptica's Kubernetes controller using the Helm chart values below.
The most recent chart appears at the top; you will find previous versions below.
Helm Chart 1.17.0
Helm Chart 1.17.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller. image.repository | string | "panoptica/apisec/images/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller. image.repository | string | "panoptica/apisec/images/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.panopticaIntegration.telemetry.enabled | bool | true | Indicates whether error reports and metrics should be sent to Panoptica. |
| global.panopticaIntegration.telemetry. otelCollector.endpoint | string | "https://k8s-integration-otel-collector.panoptica.app" | SaaS collector endpoint. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/kspm-controller" | Overrides the controller image registry |
| k8sec-controller.controller.podValidation.enabled | bool | false | Indicates whether pod validation is enabled. Pod validation webhook will be deployed to enforce Pod policy. |
| k8sec-controller.controller.podValidation. excludeNamespaces | object | {} | List of namespaces to exclude from pod validation. |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.deploymentManagerUrl | string | nil | [Required] Deployment Manager URL. |
| kubernetes-integration-deployment-controller.api.integrationUrl | string | nil | [Required] Integration URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "" | Overrides the job image registry |
| otelCollector.additionalLabels | object | {} | |
| otelCollector.affinity | object | {} | |
| otelCollector.configMap.create | bool | false | |
| otelCollector.configMap.existingName | string | "panoptica-otel-collector" | |
| otelCollector.extraEnvs[0].name | string | "HTTPS_PROXY" | |
| otelCollector.extraEnvs[0].value | string | "" | |
| otelCollector.extraEnvs[1].name | string | "HTTP_PROXY" | |
| otelCollector.extraEnvs[1].value | string | "" | |
| otelCollector.extraEnvs[2].name | string | "API_TOKEN" | |
| otelCollector.extraEnvs[2].valueFrom. secretKeyRef.key | string | "token" | |
| otelCollector.extraEnvs[2].valueFrom. secretKeyRef.name | string | "panoptica-otel" | |
| otelCollector.fullnameOverride | string | "panoptica-otel-collector" | |
| otelCollector.image.repository | string | "registry.outshift.com/ panoptica/otel-collector" | |
| otelCollector.image.tag | string | "0.101.0" | |
| otelCollector.mode | string | "deployment" | |
| otelCollector.ports.jaeger-compact.enabled | bool | false | |
| otelCollector.ports.jaeger-grpc.enabled | bool | false | |
| otelCollector.ports.jaeger-thrift.enabled | bool | false | |
| otelCollector.ports.metrics.enabled | bool | false | |
| otelCollector.ports.otlp-http.containerPort | int | 4318 | |
| otelCollector.ports.otlp-http.enabled | bool | true | |
| otelCollector.ports.otlp-http.hostPort | int | 4318 | |
| otelCollector.ports.otlp-http.protocol | string | "TCP" | |
| otelCollector.ports.otlp-http.servicePort | int | 4318 | |
| otelCollector.ports.otlp.enabled | bool | false | |
| otelCollector.ports.zipkin.enabled | bool | false | |
| otelCollector.resources.limits.cpu | string | "250m" | |
| otelCollector.resources.limits.memory | string | "512Mi" | |
| otelCollector.resources.requests.cpu | string | "50m" | |
| otelCollector.resources.requests.memory | string | "128Mi" | |
| otelCollector.securityContext.allowPrivilegeEscalation | bool | false | |
| otelCollector.securityContext.capabilities.drop[0] | string | "ALL" | |
| otelCollector.securityContext.privileged | bool | false | |
| otelCollector.securityContext.readOnlyRootFilesystem | bool | true | |
| otelCollector.tolerations | list | [] | |
| otelCollectorSecret.create | bool | true | |
| otelCollectorSecret.key | string | "token" | Secret key that contains the token. |
| otelCollectorSecret.name | string | "panoptica-otel" | Secret name that contains the token used by the OTEL collector to communicate with the SaaS. |
| otelCollectorSecret.token | string | "" | [Required] Token used by the OTEL collector to communicate with the SaaS. |
Helm Chart 1.16.0
Helm Chart 1.16.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller. image.repository | string | "panoptica/apisec/images/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller. image.repository | string | "panoptica/apisec/images/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.panopticaIntegration.telemetry.enabled | bool | true | Indicates whether error reports and metrics should be sent to Panoptica. |
| global.panopticaIntegration.telemetry. otelCollector.endpoint | string | "https://k8s-integration-otel-collector.panoptica.app" | SaaS collector endpoint. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/kspm-controller" | Overrides the controller image registry |
| k8sec-controller.controller.podValidation.enabled | bool | false | Indicates whether pod validation is enabled. Pod validation webhook will be deployed to enforce Pod policy. |
| k8sec-controller.controller.podValidation. excludeNamespaces | object | {} | List of namespaces to exclude from pod validation. |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.deploymentManagerUrl | string | nil | [Required] Deployment Manager URL. |
| kubernetes-integration-deployment-controller.api.integrationUrl | string | nil | [Required] Integration URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "" | Overrides the job image registry |
| otelCollector.additionalLabels | object | {} | |
| otelCollector.affinity | object | {} | |
| otelCollector.configMap.create | bool | false | |
| otelCollector.configMap.existingName | string | "panoptica-otel-collector" | |
| otelCollector.extraEnvs[0].name | string | "HTTPS_PROXY" | |
| otelCollector.extraEnvs[0].value | string | "" | |
| otelCollector.extraEnvs[1].name | string | "HTTP_PROXY" | |
| otelCollector.extraEnvs[1].value | string | "" | |
| otelCollector.extraEnvs[2].name | string | "API_TOKEN" | |
| otelCollector.extraEnvs[2].valueFrom. secretKeyRef.key | string | "token" | |
| otelCollector.extraEnvs[2].valueFrom. secretKeyRef.name | string | "panoptica-otel" | |
| otelCollector.fullnameOverride | string | "panoptica-otel-collector" | |
| otelCollector.image.repository | string | "registry.outshift.com/ panoptica/otel-collector" | |
| otelCollector.image.tag | string | "0.101.0" | |
| otelCollector.mode | string | "deployment" | |
| otelCollector.ports.jaeger-compact.enabled | bool | false | |
| otelCollector.ports.jaeger-grpc.enabled | bool | false | |
| otelCollector.ports.jaeger-thrift.enabled | bool | false | |
| otelCollector.ports.metrics.enabled | bool | false | |
| otelCollector.ports.otlp-http.containerPort | int | 4318 | |
| otelCollector.ports.otlp-http.enabled | bool | true | |
| otelCollector.ports.otlp-http.hostPort | int | 4318 | |
| otelCollector.ports.otlp-http.protocol | string | "TCP" | |
| otelCollector.ports.otlp-http.servicePort | int | 4318 | |
| otelCollector.ports.otlp.enabled | bool | false | |
| otelCollector.ports.zipkin.enabled | bool | false | |
| otelCollector.resources.limits.cpu | string | "250m" | |
| otelCollector.resources.limits.memory | string | "512Mi" | |
| otelCollector.resources.requests.cpu | string | "50m" | |
| otelCollector.resources.requests.memory | string | "128Mi" | |
| otelCollector.securityContext.allowPrivilegeEscalation | bool | false | |
| otelCollector.securityContext.capabilities.drop[0] | string | "ALL" | |
| otelCollector.securityContext.privileged | bool | false | |
| otelCollector.securityContext.readOnlyRootFilesystem | bool | true | |
| otelCollector.tolerations | list | [] | |
| otelCollectorSecret.create | bool | true | |
| otelCollectorSecret.key | string | "token" | Secret key that contains the token. |
| otelCollectorSecret.name | string | "panoptica-otel" | Secret name that contains the token used by the OTEL collector to communicate with the SaaS. |
| otelCollectorSecret.token | string | "" | [Required] Token used by the OTEL collector to communicate with the SaaS. |
Helm Chart 1.15.0
Helm Chart 1.15.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller. image.repository | string | "panoptica/apisec/images/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller. image.repository | string | "panoptica/apisec/images/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.panopticaIntegration.telemetry.enabled | bool | true | Indicates whether error reports and metrics should be sent to Panoptica. |
| global.panopticaIntegration.telemetry. otelCollector.endpoint | string | "https://k8s-integration-otel-collector.panoptica.app" | SaaS collector endpoint. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/kspm-controller" | Overrides the controller image registry |
| k8sec-controller.controller.podValidation.enabled | bool | false | Indicates whether pod validation is enabled. Pod validation webhook will be deployed to enforce Pod policy. |
| k8sec-controller.controller.podValidation. excludeNamespaces | object | {} | List of namespaces to exclude from pod validation. |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmarkimage.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.deploymentManagerUrl | string | nil | [Required] Deployment Manager URL. |
| kubernetes-integration-deployment-controller.api.integrationUrl | string | nil | [Required] Integration URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "" | Overrides the job image registry |
| otelCollector.additionalLabels | object | {} | |
| otelCollector.affinity | object | {} | |
| otelCollector.configMap.create | bool | false | |
| otelCollector.configMap.existingName | string | "panoptica-otel-collector" | |
| otelCollector.extraEnvs[0].name | string | "HTTPS_PROXY" | |
| otelCollector.extraEnvs[0].value | string | "" | |
| otelCollector.extraEnvs[1].name | string | "HTTP_PROXY" | |
| otelCollector.extraEnvs[1].value | string | "" | |
| otelCollector.extraEnvs[2].name | string | "API_TOKEN" | |
| otelCollector.extraEnvs[2].valueFrom. secretKeyRef.key | string | "token" | |
| otelCollector.extraEnvs[2].valueFrom. secretKeyRef.name | string | "panoptica-otel" | |
| otelCollector.fullnameOverride | string | "panoptica-otel-collector" | |
| otelCollector.image.repository | string | "registry.outshift.com/panoptica/ otel-collector" | |
| otelCollector.image.tag | string | "0.101.0" | |
| otelCollector.mode | string | "deployment" | |
| otelCollector.ports.jaeger-compact.enabled | bool | false | |
| otelCollector.ports.jaeger-grpc.enabled | bool | false | |
| otelCollector.ports.jaeger-thrift.enabled | bool | false | |
| otelCollector.ports.metrics.enabled | bool | false | |
| otelCollector.ports.otlp-http.containerPort | int | 4318 | |
| otelCollector.ports.otlp-http.enabled | bool | true | |
| otelCollector.ports.otlp-http.hostPort | int | 4318 | |
| otelCollector.ports.otlp-http.protocol | string | "TCP" | |
| otelCollector.ports.otlp-http.servicePort | int | 4318 | |
| otelCollector.ports.otlp.enabled | bool | false | |
| otelCollector.ports.zipkin.enabled | bool | false | |
| otelCollector.resources.limits.cpu | string | "250m" | |
| otelCollector.resources.limits.memory | string | "512Mi" | |
| otelCollector.resources.requests.cpu | string | "50m" | |
| otelCollector.resources.requests.memory | string | "128Mi" | |
| otelCollector.securityContext. allowPrivilegeEscalation | bool | false | |
| otelCollector.securityContext.capabilities.drop[0] | string | "ALL" | |
| otelCollector.securityContext.privileged | bool | false | |
| otelCollector.securityContext. readOnlyRootFilesystem | bool | true | |
| otelCollector.tolerations | list | [] | |
| otelCollectorSecret.create | bool | true | |
| otelCollectorSecret.key | string | "token" | Secret key that contains the token. |
| otelCollectorSecret.name | string | "panoptica-otel" | Secret name that contains the token used by the OTEL collector to communicate with the SaaS. |
| otelCollectorSecret.token | string | "" | [Required] Token used by the OTEL collector to communicate with the SaaS. |
Helm Chart 1.14.0
Helm Chart 1.14.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/images/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/images/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.panopticaIntegration.telemetry.enabled | bool | true | Indicates whether error reports and metrics should be sent to Panoptica. |
| global.panopticaIntegration.telemetry. otelCollector.endpoint | string | "https://k8s-integration-otel-collector.panoptica.app" | SaaS collector endpoint. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/kspm-controller" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.deploymentManagerUrl | string | nil | [Required] Deployment Manager URL. |
| kubernetes-integration-deployment-controller.api.integrationUrl | string | nil | [Required] Integration URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "" | Overrides the job image registry |
| otelCollector.additionalLabels | object | {} | |
| otelCollector.affinity | object | {} | |
| otelCollector.configMap.create | bool | false | |
| otelCollector.configMap.existingName | string | "panoptica-otel-collector" | |
| otelCollector.extraEnvs[0].name | string | "HTTPS_PROXY" | |
| otelCollector.extraEnvs[0].value | string | "" | |
| otelCollector.extraEnvs[1].name | string | "HTTP_PROXY" | |
| otelCollector.extraEnvs[1].value | string | "" | |
| otelCollector.extraEnvs[2].name | string | "API_TOKEN" | |
| otelCollector.extraEnvs[2].valueFrom.secretKeyRef.key | string | "token" | |
| otelCollector.extraEnvs[2].valueFrom.secretKeyRef.name | string | "panoptica-otel" | |
| otelCollector.fullnameOverride | string | "panoptica-otel-collector" | |
| otelCollector.image.repository | string | "registry.outshift.com/panoptica/otel-collector" | |
| otelCollector.image.tag | string | "0.101.0" | |
| otelCollector.mode | string | "deployment" | |
| otelCollector.ports.jaeger-compact.enabled | bool | false | |
| otelCollector.ports.jaeger-grpc.enabled | bool | false | |
| otelCollector.ports.jaeger-thrift.enabled | bool | false | |
| otelCollector.ports.metrics.enabled | bool | false | |
| otelCollector.ports.otlp-http.containerPort | int | 4318 | |
| otelCollector.ports.otlp-http.enabled | bool | true | |
| otelCollector.ports.otlp-http.hostPort | int | 4318 | |
| otelCollector.ports.otlp-http.protocol | string | "TCP" | |
| otelCollector.ports.otlp-http.servicePort | int | 4318 | |
| otelCollector.ports.otlp.enabled | bool | false | |
| otelCollector.ports.zipkin.enabled | bool | false | |
| otelCollector.resources.limits.cpu | string | "250m" | |
| otelCollector.resources.limits.memory | string | "512Mi" | |
| otelCollector.resources.requests.cpu | string | "50m" | |
| otelCollector.resources.requests.memory | string | "128Mi" | |
| otelCollector.securityContext.allowPrivilegeEscalation | bool | false | |
| otelCollector.securityContext.capabilities.drop[0] | string | "ALL" | |
| otelCollector.securityContext.privileged | bool | false | |
| otelCollector.securityContext.readOnlyRootFilesystem | bool | true | |
| otelCollector.tolerations | list | [] | |
| otelCollectorSecret.create | bool | true | |
| otelCollectorSecret.key | string | "token" | Secret key that contains the token. |
| otelCollectorSecret.name | string | "panoptica-otel" | Secret name that contains the token used by the OTEL collector to communicate with the SaaS. |
| otelCollectorSecret.token | string | "" | [Required] Token used by the OTEL collector to communicate with the SaaS. |
Helm Chart 1.13.0
Helm Chart 1.13.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/images/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/images/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.panopticaIntegration.telemetry.enabled | bool | true | Indicates whether error reports and metrics should be sent to Panoptica. |
| global.panopticaIntegration.telemetry. otelCollector.endpoint | string | "https://k8s-integration-otel-collector.panoptica.app" | SaaS collector endpoint. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/kspm-controller" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.deploymentManagerUrl | string | nil | [Required] Deployment Manager URL. |
| kubernetes-integration-deployment-controller.api.integrationUrl | string | nil | [Required] Integration URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "" | Overrides the job image registry |
| otelCollector.additionalLabels | object | {} | |
| otelCollector.affinity | object | {} | |
| otelCollector.configMap.create | bool | false | |
| otelCollector.configMap.existingName | string | "panoptica-otel-collector" | |
| otelCollector.extraEnvs[0].name | string | "HTTPS_PROXY" | |
| otelCollector.extraEnvs[0].value | string | "" | |
| otelCollector.extraEnvs[1].name | string | "HTTP_PROXY" | |
| otelCollector.extraEnvs[1].value | string | "" | |
| otelCollector.extraEnvs[2].name | string | "API_TOKEN" | |
| otelCollector.extraEnvs[2].valueFrom.secretKeyRef.key | string | "token" | |
| otelCollector.extraEnvs[2].valueFrom.secretKeyRef.name | string | "panoptica-otel" | |
| otelCollector.fullnameOverride | string | "panoptica-otel-collector" | |
| otelCollector.image.repository | string | "registry.outshift.com/panoptica/otel-collector" | |
| otelCollector.image.tag | string | "0.101.0" | |
| otelCollector.mode | string | "deployment" | |
| otelCollector.ports.jaeger-compact.enabled | bool | false | |
| otelCollector.ports.jaeger-grpc.enabled | bool | false | |
| otelCollector.ports.jaeger-thrift.enabled | bool | false | |
| otelCollector.ports.metrics.enabled | bool | false | |
| otelCollector.ports.otlp-http.containerPort | int | 4318 | |
| otelCollector.ports.otlp-http.enabled | bool | true | |
| otelCollector.ports.otlp-http.hostPort | int | 4318 | |
| otelCollector.ports.otlp-http.protocol | string | "TCP" | |
| otelCollector.ports.otlp-http.servicePort | int | 4318 | |
| otelCollector.ports.otlp.enabled | bool | false | |
| otelCollector.ports.zipkin.enabled | bool | false | |
| otelCollector.resources.limits.cpu | string | "250m" | |
| otelCollector.resources.limits.memory | string | "512Mi" | |
| otelCollector.resources.requests.cpu | string | "50m" | |
| otelCollector.resources.requests.memory | string | "128Mi" | |
| otelCollector.securityContext.allowPrivilegeEscalation | bool | false | |
| otelCollector.securityContext.capabilities.drop[0] | string | "ALL" | |
| otelCollector.securityContext.privileged | bool | false | |
| otelCollector.securityContext.readOnlyRootFilesystem | bool | true | |
| otelCollector.tolerations | list | [] | |
| otelCollectorSecret.create | bool | true | |
| otelCollectorSecret.key | string | "token" | Secret key that contains the token. |
| otelCollectorSecret.name | string | "panoptica-otel" | Secret name that contains the token used by the OTEL collector to communicate with the SaaS. |
| otelCollectorSecret.token | string | "" | [Required] Token used by the OTEL collector to communicate with the SaaS. |
Helm Chart 1.12.1
Helm Chart 1.12.1
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/images/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/images/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.panopticaIntegration.telemetry.enabled | bool | true | Indicates whether error reports and metrics should be sent to Panoptica. |
| global.panopticaIntegration.telemetry. otelCollector.endpoint | string | "https://k8s-integration-otel-collector.panoptica.app" | SaaS collector endpoint. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/kspm-controller" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.deploymentManagerUrl | string | nil | [Required] Deployment Manager URL. |
| kubernetes-integration-deployment-controller.api.integrationUrl | string | nil | [Required] Integration URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "" | Overrides the job image registry |
| otelCollector.additionalLabels | object | {} | |
| otelCollector.affinity | object | {} | |
| otelCollector.configMap.create | bool | false | |
| otelCollector.configMap.existingName | string | "panoptica-otel-collector" | |
| otelCollector.extraEnvs[0].name | string | "HTTPS_PROXY" | |
| otelCollector.extraEnvs[0].value | string | "" | |
| otelCollector.extraEnvs[1].name | string | "HTTP_PROXY" | |
| otelCollector.extraEnvs[1].value | string | "" | |
| otelCollector.extraEnvs[2].name | string | "API_TOKEN" | |
| otelCollector.extraEnvs[2].valueFrom.secretKeyRef.key | string | "token" | |
| otelCollector.extraEnvs[2].valueFrom.secretKeyRef.name | string | "panoptica-otel" | |
| otelCollector.fullnameOverride | string | "panoptica-otel-collector" | |
| otelCollector.image.repository | string | "registry.outshift.com/panoptica/otel-collector" | |
| otelCollector.image.tag | string | "0.101.0" | |
| otelCollector.mode | string | "deployment" | |
| otelCollector.ports.jaeger-compact.enabled | bool | false | |
| otelCollector.ports.jaeger-grpc.enabled | bool | false | |
| otelCollector.ports.jaeger-thrift.enabled | bool | false | |
| otelCollector.ports.metrics.enabled | bool | false | |
| otelCollector.ports.otlp-http.containerPort | int | 4318 | |
| otelCollector.ports.otlp-http.enabled | bool | true | |
| otelCollector.ports.otlp-http.hostPort | int | 4318 | |
| otelCollector.ports.otlp-http.protocol | string | "TCP" | |
| otelCollector.ports.otlp-http.servicePort | int | 4318 | |
| otelCollector.ports.otlp.enabled | bool | false | |
| otelCollector.ports.zipkin.enabled | bool | false | |
| otelCollector.resources.limits.cpu | string | "250m" | |
| otelCollector.resources.limits.memory | string | "512Mi" | |
| otelCollector.resources.requests.cpu | string | "50m" | |
| otelCollector.resources.requests.memory | string | "128Mi" | |
| otelCollector.securityContext.allowPrivilegeEscalation | bool | false | |
| otelCollector.securityContext.capabilities.drop[0] | string | "ALL" | |
| otelCollector.securityContext.privileged | bool | false | |
| otelCollector.securityContext.readOnlyRootFilesystem | bool | true | |
| otelCollector.tolerations | list | [] | |
| otelCollectorSecret.create | bool | true | |
| otelCollectorSecret.key | string | "token" | Secret key that contains the token. |
| otelCollectorSecret.name | string | "panoptica-otel" | Secret name that contains the token used by the OTEL collector to communicate with the SaaS. |
| otelCollectorSecret.token | string | "" | [Required] Token used by the OTEL collector to communicate with the SaaS. |
Helm Chart 1.11.1
Helm Chart 1.11.1
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/images/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/images/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.panopticaIntegration.telemetry.enabled | bool | true | Indicates whether error reports and metrics should be sent to Panoptica. |
| global.panopticaIntegration.telemetry. otelCollector.endpoint | string | "https://k8s-integration-otel-collector.panoptica.app" | SaaS collector endpoint. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/kspm-controller" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.deploymentManagerUrl | string | nil | [Required] Deployment Manager URL. |
| kubernetes-integration-deployment-controller.api.integrationUrl | string | nil | [Required] Integration URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "" | Overrides the job image registry |
| otelCollector.additionalLabels | object | {} | |
| otelCollector.affinity | object | {} | |
| otelCollector.configMap.create | bool | false | |
| otelCollector.configMap.existingName | string | "panoptica-otel-collector" | |
| otelCollector.extraEnvs[0].name | string | "HTTPS_PROXY" | |
| otelCollector.extraEnvs[0].value | string | "" | |
| otelCollector.extraEnvs[1].name | string | "HTTP_PROXY" | |
| otelCollector.extraEnvs[1].value | string | "" | |
| otelCollector.extraEnvs[2].name | string | "API_TOKEN" | |
| otelCollector.extraEnvs[2].valueFrom.secretKeyRef.key | string | "token" | |
| otelCollector.extraEnvs[2].valueFrom.secretKeyRef.name | string | "panoptica-otel" | |
| otelCollector.fullnameOverride | string | "panoptica-otel-collector" | |
| otelCollector.image.repository | string | "registry.outshift.com/panoptica/otel-collector" | |
| otelCollector.image.tag | string | "0.101.0" | |
| otelCollector.mode | string | "deployment" | |
| otelCollector.ports.jaeger-compact.enabled | bool | false | |
| otelCollector.ports.jaeger-grpc.enabled | bool | false | |
| otelCollector.ports.jaeger-thrift.enabled | bool | false | |
| otelCollector.ports.metrics.enabled | bool | false | |
| otelCollector.ports.otlp-http.containerPort | int | 4318 | |
| otelCollector.ports.otlp-http.enabled | bool | true | |
| otelCollector.ports.otlp-http.hostPort | int | 4318 | |
| otelCollector.ports.otlp-http.protocol | string | "TCP" | |
| otelCollector.ports.otlp-http.servicePort | int | 4318 | |
| otelCollector.ports.otlp.enabled | bool | false | |
| otelCollector.ports.zipkin.enabled | bool | false | |
| otelCollector.resources.limits.cpu | string | "250m" | |
| otelCollector.resources.limits.memory | string | "512Mi" | |
| otelCollector.resources.requests.cpu | string | "50m" | |
| otelCollector.resources.requests.memory | string | "128Mi" | |
| otelCollector.securityContext.allowPrivilegeEscalation | bool | false | |
| otelCollector.securityContext.capabilities.drop[0] | string | "ALL" | |
| otelCollector.securityContext.privileged | bool | false | |
| otelCollector.securityContext.readOnlyRootFilesystem | bool | true | |
| otelCollector.tolerations | list | [] | |
| otelCollectorSecret.create | bool | true | |
| otelCollectorSecret.key | string | "token" | Secret key that contains the token. |
| otelCollectorSecret.name | string | "panoptica-otel" | Secret name that contains the token used by the OTEL collector to communicate with the SaaS. |
| otelCollectorSecret.token | string | "" | [Required] Token used by the OTEL collector to communicate with the SaaS. |
Helm Chart 1.10.1
Helm Chart 1.10.1
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/images/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/images/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/kspm-controller" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "registry.outshift.com" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "registry.outshift.com" | Overrides the job image registry |
Helm Chart 1.8.0
Helm Chart 1.8.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/k8s_agent" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "registry.outshift.com" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "registry.outshift.com" | Overrides the job image registry |
Helm Chart 1.6.0
Helm Chart 1.6.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/k8s_agent" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "registry.outshift.com" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "registry.outshift.com" | Overrides the job image registry |
Helm Chart 1.5.0
Helm Chart 1.5.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller. image.repository | string | "panoptica/apisec/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller. image.repository | string | "panoptica/apisec/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration. apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.panopticaIntegration. onDemandUpgrade.enabled | bool | false | Indicates whether On-Demand automated upgrade is enabled. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox. image.repository | string | "panoptica/kspm/ curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller. image.repository | string | "panoptica/kspm/ k8s_agent" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom. image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "registry.outshift.com" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "registry.outshift.com" | Overrides the job image registry |
Helm Chart 1.4.0
Helm Chart 1.4.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/k8s_agent" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "registry.outshift.com" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "registry.outshift.com" | Overrides the job image registry |
Helm Chart 1.3.3
Helm Chart 1.3.3
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Smart CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/k8s_agent" | Overrides the controller image registry |
| k8sec-controller. imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller. imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller. k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "registry.outshift.com" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "registry.outshift.com" | Overrides the job image registry |
Helm Chart 1.2.3
Helm Chart 1.2.3
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Smart CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/k8s_agent" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis. cisDockerBenchmark.image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom. image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "registry.outshift.com" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "registry.outshift.com" | Overrides the job image registry |
Helm Chart 1.1.0
Helm Chart 1.1.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers | object | {} | |
| cdr-controller | object | {} | |
| global.accessKey | string | "" | Agent ID in the case of APIsec the agnetID is accesKey |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.basicPodSecurityContext | object | {} | - Set basic pod security context |
| global.basicSecurityContext | object | {} | - Set basic security context |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Smart CDR is enabled |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller | object | {} | |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
Helm Chart 1.0.0
Helm Chart 1.0.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.enabled | bool | true | Indicates whether API Security is enabled |
| apisec-controllers.fuzzer-controller.enabled | bool | true | Indicates whether API fuzz testing is enabled |
| cdr-controller.enabled | bool | false | Indicates whether Smart CDR is enabled |
| global.accessKey | string | "" | AgentID in the case of API Security |
| global.basicPodSecurityContext | object | {} | - Set basic pod security context |
| global.basicSecurityContext | object | {} | - Set basic security context |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret |
| k8sec-controller.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed |
| k8sec-controller.imageAnalysis.sbom. resources.limits.memory | int | 2000Mi | Configures scanner memory limit |
| kubernetes-integration-deployment-controller.api.integrationID | string | "" | [Required] Controller integration ID. |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
Updated 3 months ago