Advanced Kubernetes Integration
You can customize the deployment of Panoptica's Kubernetes controller using the Helm chart values below.
The most recent chart appears at the top; you will find previous versions below.
Helm Chart 1.3.3
Helm Chart 1.3.3
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.deploymentHooks.annotations | object | {} | Annotations to add to the deployment hooks |
| global.deploymentHooks.enabled | bool | false | Indicates whether deployment hooks should be used to report deployment status (e.g ArgoCD sync hooks). |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/k8s_agent" | Overrides the controller image registry |
| k8sec-controller. imageAnalysis.cisDockerBenchmark. image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller. imageAnalysis.sbom.image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller. k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "registry.outshift.com" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "registry.outshift.com" | Overrides the job image registry |
Helm Chart 1.2.3
Helm Chart 1.2.3
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.apisec-controller.image.repository | string | "panoptica/apisec/apisec-controller/controller" | Overrides the controller image registry |
| apisec-controllers.fuzzer-controller.image.repository | string | "panoptica/apisec/fuzzer-controller/controller" | Overrides the controller image registry |
| global.accessKey | string | "" | Access key used by API Security. |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled. |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled. |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.registry | string | "registry.outshift.com" | Registry for the Panoptica images. If replaced with a local registry need to make sure all images are pulled into the local registry. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret used by API Security. |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller.busybox.image.repository | string | "panoptica/kspm/curlimages/curl" | Overrides the busybox image registry |
| k8sec-controller.controller.image.repository | string | "panoptica/kspm/k8s_agent" | Overrides the controller image registry |
| k8sec-controller.imageAnalysis.cisDockerBenchmark. image.repository | string | "panoptica/kspm/cis-docker-benchmark" | Overrides the cis-docker-benchmark image registry |
| k8sec-controller.imageAnalysis.sbom. image.repository | string | "panoptica/kspm/image-analyzer" | Overrides the image-analyzer image registry |
| k8sec-controller.k8sCISBenchmark.image.repository | string | "panoptica/kspm/k8s-cis-benchmark" | Overrides the k8s-cis-benchmark image registry |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.image.registry | string | "registry.outshift.com" | Overrides the controller image registry |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.image.registry | string | "registry.outshift.com" | Overrides the job image registry |
Helm Chart 1.1.0
Helm Chart 1.1.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers | object | {} | |
| cdr-controller | object | {} | |
| global.accessKey | string | "" | Agent ID in the case of APIsec the agnetID is accesKey |
| global.affinity | object | {} | Configures Node affinity for Panoptica pods. |
| global.basicPodSecurityContext | object | {} | - Set basic pod security context |
| global.basicSecurityContext | object | {} | - Set basic security context |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.panopticaIntegration.apiSecurity.enabled | bool | true | Indicates whether API Security is enabled |
| global.panopticaIntegration.cdr.enabled | bool | false | Indicates whether Realtime CDR is enabled |
| global.panopticaIntegration.id | string | "" | [Required] Integration ID. |
| global.panopticaIntegration.kspm.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret |
| global.tolerations | list | [] | Configures tolerations for scheduling Panoptica pods. |
| k8sec-controller | object | {} | |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
| kubernetes-integration-deployment-controller.syncIntegrationJob.api.url | string | "" | [Required] Panoptica SaaS URL. |
Helm Chart 1.0.0
Helm Chart 1.0.0
| Key | Type | Default | Description |
|---|---|---|---|
| apisec-controllers.enabled | bool | true | Indicates whether API Security is enabled |
| apisec-controllers.fuzzer-controller.enabled | bool | true | Indicates whether API fuzz testing is enabled |
| cdr-controller.enabled | bool | false | Indicates whether Realtime CDR is enabled |
| global.accessKey | string | "" | AgentID in the case of API Security |
| global.basicPodSecurityContext | object | {} | - Set basic pod security context |
| global.basicSecurityContext | object | {} | - Set basic security context |
| global.extraLabels | object | {} | Allow labelling resources with custom key/value pairs. |
| global.httpProxy | string | "" | Proxy address to use for HTTP request if needed. |
| global.httpsProxy | string | "" | Proxy address to use for HTTPs request if needed. In most cases, this is the same as httpProxy. |
| global.isOpenShift | bool | false | Indicates whether installed in an OpenShift environment. |
| global.k8sCisBenchmarkEnabled | bool | true | Indicates whether K8s CIS benchmark is enabled. |
| global.kubeVersionOverride | string | "" | Override detected cluster version. |
| global.mgmtHostname | string | "" | Panoptica SaaS URL. Used to override default URL for local testing. |
| global.panopticaCDR.clusterID | string | "" | Cluster ID used by CDR. |
| global.panopticaCDR.initialToken | string | "" | Token used to register a new CDR instance. The token can be used once. |
| global.productNameOverride | string | "panoptica" | Override product name. Defaults to chart name. |
| global.sendTelemetriesIntervalSec | int | 30 | Configures telemetry frequency (in seconds) for reporting duration. |
| global.sharedSecret | string | "" | Shared secret |
| k8sec-controller.enabled | bool | true | Indicates whether KSPM is enabled. Always true; this value cannot be changed |
| k8sec-controller.imageAnalysis.sbom. resources.limits.memory | int | 2000Mi | Configures scanner memory limit |
| kubernetes-integration-deployment-controller.api.integrationID | string | "" | [Required] Controller integration ID. |
| kubernetes-integration-deployment-controller.api.url | string | "" | [Required] Panoptica SaaS URL. |
| kubernetes-integration-deployment-controller.secret.token | string | "" | Token used by the deployment controller to communicate with the SaaS. |
Updated 8 days ago