Advanced Kubernetes Integration

You can customize the deployment of Panoptica's Kubernetes controller using the Helm chart values below.

The most recent chart appears at the top; you will find previous versions below.

Helm Chart 1.2.3

Helm Chart 1.2.3

KeyTypeDefaultDescription
apisec-controllers.apisec-controller.image.repositorystring"panoptica/apisec/apisec-controller/controller"Overrides the controller image registry
apisec-controllers.fuzzer-controller.image.repositorystring"panoptica/apisec/fuzzer-controller/controller"Overrides the controller image registry
global.accessKeystring""Access key used by API Security.
global.affinityobject{}Configures Node affinity for Panoptica pods.
global.extraLabelsobject{}Allow labelling resources with custom key/value pairs.
global.httpProxystring""Proxy address to use for HTTP request if needed.
global.httpsProxystring""Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy.
global.isOpenShiftboolfalseIndicates whether installed in an OpenShift environment.
global.k8sCisBenchmarkEnabledbooltrueIndicates whether K8s CIS benchmark is enabled.
global.kubeVersionOverridestring""Override detected cluster version.
global.mgmtHostnamestring""Panoptica SaaS URL. Used to override default URL for local testing.
global.panopticaCDR.clusterIDstring""Cluster ID used by CDR.
global.panopticaCDR.initialTokenstring""Token used to register a new CDR instance. The token can be used once.
global.panopticaIntegration.apiSecurity.enabledbooltrueIndicates whether API Security is enabled.
global.panopticaIntegration.cdr.enabledboolfalseIndicates whether Realtime CDR is enabled.
global.panopticaIntegration.idstring""[Required] Integration ID.
global.panopticaIntegration.kspm.enabledbooltrueIndicates whether KSPM is enabled. Always true; this value cannot be changed.
global.productNameOverridestring"panoptica"Override product name. Defaults to chart name.
global.registrystring"registry.outshift.com"Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry.
global.sendTelemetriesIntervalSecint30Configures telemetry frequency (in seconds) for reporting duration.
global.sharedSecretstring""Shared secret used by API Security.
global.tolerationslist[]Configures tolerations for scheduling Panoptica pods.
k8sec-controller.busybox.image.repositorystring"panoptica/kspm/curlimages/curl"Overrides the busybox image registry
k8sec-controller.controller.image.repositorystring"panoptica/kspm/k8s_agent"Overrides the controller image registry
k8sec-controller.imageAnalysis.cisDockerBenchmark. image.repositorystring"panoptica/kspm/cis-docker-benchmark"Overrides the cis-docker-benchmark image registry
k8sec-controller.imageAnalysis.sbom. image.repositorystring"panoptica/kspm/image-analyzer"Overrides the image-analyzer image registry
k8sec-controller.k8sCISBenchmark.image.repositorystring"panoptica/kspm/k8s-cis-benchmark"Overrides the k8s-cis-benchmark image registry
kubernetes-integration-deployment-controller.api.urlstring""[Required] Panoptica SaaS URL.
kubernetes-integration-deployment-controller.image.registrystring"registry.outshift.com"Overrides the controller image registry
kubernetes-integration-deployment-controller.secret.tokenstring""Token used by the deployment controller to communicate with the SaaS.
kubernetes-integration-deployment-controller.syncIntegrationJob.api.urlstring""[Required] Panoptica SaaS URL.
kubernetes-integration-deployment-controller.syncIntegrationJob.image.registrystring"registry.outshift.com"Overrides the job image registry
Helm Chart 1.1.0

Helm Chart 1.1.0

KeyTypeDefaultDescription
apisec-controllersobject{}
cdr-controllerobject{}
global.accessKeystring""Agent ID in the case of APIsec the agnetID is accesKey
global.affinityobject{}Configures Node affinity for Panoptica pods.
global.basicPodSecurityContextobject{}- Set basic pod security context
global.basicSecurityContextobject{}- Set basic security context
global.extraLabelsobject{}Allow labelling resources with custom key/value pairs.
global.httpProxystring""Proxy address to use for HTTP request if needed.
global.httpsProxystring""Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy.
global.isOpenShiftboolfalseIndicates whether installed in an OpenShift environment.
global.k8sCisBenchmarkEnabledbooltrueIndicates whether K8s CIS benchmark is enabled.
global.kubeVersionOverridestring""Override detected cluster version.
global.mgmtHostnamestring""Panoptica SaaS URL. Used to override default URL for local testing.
global.panopticaCDR.clusterIDstring""Cluster ID used by CDR.
global.panopticaCDR.initialTokenstring""Token used to register a new CDR instance. The token can be used once.
global.panopticaIntegration.apiSecurity.enabledbooltrueIndicates whether API Security is enabled
global.panopticaIntegration.cdr.enabledboolfalseIndicates whether Realtime CDR is enabled
global.panopticaIntegration.idstring""[Required] Integration ID.
global.panopticaIntegration.kspm.enabledbooltrueIndicates whether KSPM is enabled.
Always true; this value cannot be changed
global.productNameOverridestring"panoptica"Override product name. Defaults to chart name.
global.sendTelemetriesIntervalSecint30Configures telemetry frequency (in seconds) for reporting duration.
global.sharedSecretstring""Shared secret
global.tolerationslist[]Configures tolerations for scheduling Panoptica pods.
k8sec-controllerobject{}
kubernetes-integration-deployment-controller.api.urlstring""[Required] Panoptica SaaS URL.
kubernetes-integration-deployment-controller.secret.tokenstring""Token used by the deployment controller to communicate with the SaaS.
kubernetes-integration-deployment-controller.syncIntegrationJob.api.urlstring""[Required] Panoptica SaaS URL.

Helm Chart 1.0.0

Helm Chart 1.0.0

KeyTypeDefaultDescription
apisec-controllers.enabledbooltrueIndicates whether API Security is enabled
apisec-controllers.fuzzer-controller.enabledbooltrueIndicates whether API fuzz testing is enabled
cdr-controller.enabledboolfalseIndicates whether Realtime CDR is enabled
global.accessKeystring""AgentID in the case of API Security
global.basicPodSecurityContextobject{}- Set basic pod security context
global.basicSecurityContextobject{}- Set basic security context
global.extraLabelsobject{}Allow labelling resources with custom key/value pairs.
global.httpProxystring""Proxy address to use for HTTP request if needed.
global.httpsProxystring""Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy.
global.isOpenShiftboolfalseIndicates whether installed in an OpenShift environment.
global.k8sCisBenchmarkEnabledbooltrueIndicates whether K8s CIS benchmark is enabled.
global.kubeVersionOverridestring""Override detected cluster version.
global.mgmtHostnamestring""Panoptica SaaS URL. Used to override default URL for local testing.
global.panopticaCDR.clusterIDstring""Cluster ID used by CDR.
global.panopticaCDR.initialTokenstring""Token used to register a new CDR instance. The token can be used once.
global.productNameOverridestring"panoptica"Override product name. Defaults to chart name.
global.sendTelemetriesIntervalSecint30Configures telemetry frequency (in seconds) for reporting duration.
global.sharedSecretstring""Shared secret
k8sec-controller.enabledbooltrueIndicates whether KSPM is enabled.
Always true; this value cannot be changed
k8sec-controller.imageAnalysis.sbom. resources.limits.memoryint2000MiConfigures scanner memory limit
kubernetes-integration-deployment-controller.api.integrationIDstring""[Required] Controller integration ID.
kubernetes-integration-deployment-controller.api.urlstring""[Required] Panoptica SaaS URL.
kubernetes-integration-deployment-controller.secret.tokenstring""Token used by the deployment controller to communicate with the SaaS.