Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
# Default values for Sysdig Monitor and Secure Helm package.
image:
# This is a hack to support RELATED_IMAGE_<identifier> feature in Helm based
# Operators
#
# As long as I don't want to people to use this, I will keep it undocumented
overrideValue:
registry: docker.io
repository: sysdig/agent
tag: 10.0.0
# Specify a imagePullPolicy
# Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
# ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
pullPolicy: IfNotPresent
# Optionally specify an array of imagePullSecrets.
# Secrets must be manually created in the namespace.
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
#
# pullSecrets:
# - name: myRegistrKeySecretName
resources:
# Although resources needed are subjective on the actual workload we provide
# a sane defaults ones. If you have more questions or concerns, please refer
# to Sysdig Support for more info about it
requests:
cpu: 600m
memory: 512Mi
limits:
cpu: 2000m
memory: 1536Mi
rbac:
# true here enables creation of rbac resources
create: true
serviceAccount:
# Create and use serviceAccount resources
create: true
# Use this value as serviceAccountName
name:
daemonset:
# Perform rolling updates by default in the DaemonSet agent
# ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
updateStrategy:
# You can also customize maxUnavailable, maxSurge or minReadySeconds if you
# need it
type: RollingUpdate
## Extra environment variables that will be pass onto deployment pods
env: {}
# Allow the DaemonSet to schedule using affinity rules
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
# Allow the DaemonSet to set annotations
annotations: {}
# If is behind a proxy you can set the proxy server
proxy:
httpProxy:
httpsProxy:
noProxy:
# Set daemonset timezone
timezone:
# Set daemonset priorityClassName
priorityClassName:
ebpf:
# Enable eBPF support for Sysdig Agent
enabled: false
settings:
# Needed to correctly detect the kernel version for the eBPF program
# Set to false if not running on Google COS
mountEtcVolume: true
slim:
# Uses a slim version of the Sysdig Agent
enabled: false
# When using slim the kernel module is built in other container, which
# contains the toolchain required to build the kernel module.
kmoduleImage:
repository: sysdig/agent-kmodule
resources:
# Resources required by the kernel module builder image. These are some
# a sane defaults ones, but you can tweak or ask Sysdig Support for more
# info about this
requests:
cpu: 1000m
memory: 348Mi
limits:
memory: 512Mi
sysdig:
# Required: You need your Sysdig Monitor access key before running agents.
accessKey: ""
settings: {}
### Agent tags
# tags: linux:ubuntu,dept:dev,local:nyc
#### Sysdig Software related config ####
# Sysdig collector address
# collector: 192.168.1.1
# Collector TCP port
# collector_port: 6666
# Whether collector accepts ssl
# ssl: true
# collector certificate validation
# ssl_verify_certificate: true
#######################################
# k8s_cluster_name: production
secure:
# true here enables Sysdig Secure: container run-time security & forensics
enabled: true
auditLog:
# true here activates the K8s Audit Log feature for Sysdig Secure
enabled: false
auditServerUrl: 0.0.0.0
auditServerPort: 7765
dynamicBackend:
# true here configures an AuditSink who will receive the K8s audit logs
enabled: false
scc:
create: false
customAppChecks: {}
# Allow passing custom app checks for Sysdig Agent.
# Example:
#
# sample.py: |-
# from checks import AgentCheck
#
# class MyCustomCheck(AgentCheck):
# def check(self, instance):
# self.gauge("testhelm", 1)
# Allow sysdig to run on Kubernetes 1.6 masters.
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master