forked from konvergence/gvm-containers
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
246 lines (214 loc) · 5.59 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
## Default values for gvm.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.
replicaCount: 1
## To change all the gvm tags together you can use go templates.
## Example:
#
# global:
# gvmImageTag: "21"
# image:
# gvmd:
# tag: "{{ .Values.global.gvmImageTag }}"
# gsad:
# tag: "{{ .Values.global.gvmImageTag }}"
# openvas:
# tag: "{{ .Values.global.gvmImageTag }}"
image:
gvmd:
registry: "docker.io"
repository: "admirito/gvmd"
tag: "21.4.4"
pullPolicy: IfNotPresent
gsad:
registry: "docker.io"
repository: "admirito/gsad"
tag: "21.4.3"
pullPolicy: IfNotPresent
openvas:
registry: "docker.io"
repository: "admirito/openvas-scanner"
tag: "21.4.3"
pullPolicy: IfNotPresent
socat:
registry: "docker.io"
repository: "alpine/socat"
tag: "1.0.3"
pullPolicy: IfNotPresent
socket:
openvas:
listener: /run/ospd/ospd.sock
connector:
redis: /run/redis/redis.sock
gvmd:
connector:
openvas: /run/ospd/ospd-openvas.sock
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
labels:
applicationName: gvm
partOf: gvm
instanceSuffix: ""
gvmdService:
type: ClusterIP
port: 9390
openvasService:
type: ClusterIP
port: 9391
## gsa service
service:
type: ClusterIP
port: 80
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: "nginx"
# nginx.ingress.kubernetes.io/client-max-body-size: "0"
# nginx.ingress.kubernetes.io/proxy-body-size: "0"
# nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
# nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
# nginx.ingress.kubernetes.io/proxy-stream-timeout: "1800"
# nginx.ingress.kubernetes.io/upstream-keepalive-timeout: "300"
hosts:
- host: chart-example.local
paths:
- path: /
# pathType: ImplementationSpecific
# backend:
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources:
gvmd: {}
gvmdOpenvasConnector: {}
openvas: {}
openvasListener: {}
openvasRedisConnector: {}
gsad: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
extraEnv:
gvmd: []
gsad: []
openvas: []
## A cron job to synchronize feeds on a schedule
syncFeedsCronJob:
enabled: true
schedule: "@daily"
## update all the nvt, scap, cert and gvmd data feeds in a post
## installation hook
syncFeedsAfterInstall: false
customFeedsServer:
## Enable a deployment with a custom image that could be used as a
## custom rsync server to provide feeds for GVM components
enabled: false
image:
registry: ""
repository: ""
tag: "latest"
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 873
containerPort: 873
resources: {}
## Configure gvmd and openvas deployments to use the custom feed
## server service
setDefaultFeedServerForGVM: true
## the value of dataSubPathPrefix will be used as the prefix for
## subPath in volumeMounts of gvmd/openvas deployments for the
## persistent volume specified by persistence parameters
dataSubPathPrefix: ""
## This is data persistence for nasl plugins / scap data / cert
## data. For database persistence see gvmd-db and openvas-redis.
persistence:
## It is highly recommended not to disable the
## persistence. Without enabling a persistent volume
## sharing nvt-plugins between gvmd and openvas-scanner is not
## possible
enabled: true
## existing PVC to be used instead of creating a new one
existingClaim: ""
## PVC annotations
# annotations:
accessMode: ReadWriteOnce
# storageClass:
# volumeName:
size: 5Gi
secrets:
## existing secret to be used instead of creating a new one
existingSecret:
annotations: {}
## username and password of GVMD that will be stored in the created
## secret
gvmdUsername: "admin"
gvmdPassword: "admin"
gvmd-db:
image:
## You can override this one, or global.imageRegistry
registry: "docker.io"
repository: admirito/gvm-postgres
tag: "21.4.5"
volumePermissions:
enabled: false
primary:
podSecurityContext:
enabled: false
auth:
user: gvmduser
database: gvmd
# primary:
# persistence:
# enabled: true
# existingClaim:
# mountPath: /bitnami/postgresql
# subPath: ""
# storageClass: "-"
# accessModes:
# - ReadWriteOnce
# size: 8Gi
# annotations: {}
openvas-redis:
image:
## You can override this one, or global.imageRegistry
registry: "docker.io"
repository: bitnami/redis
tag: "5.0"
commonConfiguration: |-
# Default redis chart values:
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
## Values added for openvas:
# Multiple KBs can be served in parallel, for multiple hosts
# scanned by one or several tasks. This is done using redis
# databases, which are independent namepaces. It is therefore
# important that redis exports enough databases. This number can
# be calculated using the following formula:
# DB = 1 + (#of parallel tasks) * (#of parallel hosts)
databases 1025
architecture: standalone
master:
## openvas requires "FLUSHDB" but it is disabled by default
disableCommands: []
auth:
enabled: false
# master:
# persistence:
# enabled: true
# existingClaim:
# subPath: ""
# storageClass: "-"
# accessModes:
# - ReadWriteOnce
# size: 8Gi