forked from CrowdStrike/falcon-helm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
questions.yaml
294 lines (260 loc) · 9.32 KB
/
questions.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
questions:
- variable: node.enabled
description: "Deploy the Falcon Sensor to the Kubernetes nodes"
required: true
type: boolean
default: true
label: Deploy daemonset to nodes
group: "Falcon Node settings"
- variable: node.daemonset.updateStrategy
description: "Update strategy to role out new daemonset configuration to the nodes."
required: false
type: enum
options:
- RollingUpdate
- OnDelete
label: Container Image Repository
group: "Falcon Node settings"
- variable: node.daemonset.maxUnavailable
description: "Sets the max unavailable nodes. Default is 1 when no value exists."
required: false
type: int
default: 1
label: Max number of unavailable nodes
group: "Falcon Node settings"
- variable: node.image.repository
description: "URL of container image repository holding containerized Falcon sensor. Defaults to 'falcon-node-sensor'."
required: true
type: string
default: falcon-node-sensor
label: Image Repository
group: "Falcon Node settings"
- variable: node.image.tag
description: "Container registry image tag. Defaults to 'latest'."
required: true
type: string
default: "latest"
label: Image Tag
group: "Falcon Node settings"
- variable: node.image.pullPolicy
description: "The default image pullPolicy. Defaults to 'Always'."
required: false
type: enum
options:
- IfNotPresent
- Always
- Never
default: Always
label: Image pullPolicy
group: "Falcon Node settings"
- variable: node.image.pullSecrets
description: "Name of the pull secret to pull the container image. Conflicts with node.image.registryConfigJSON"
required: false
type: string
label: Pull Secret Name
group: "Falcon Node settings"
- variable: node.image.registryConfigJSON
description: "Value must be base64. This setting conflicts with node.image.pullSecrets. The base64 encoded string of the docker config json for the pull secret can be gotten through `$ cat ~/.docker/config.json | base64 -`"
required: false
type: string
label: Pull Secret as a base64 string
group: "Falcon Node settings"
- variable: container.enabled
description: "Deploy the Falcon Sensor to the Kubernetes pods as a sidecar"
required: true
type: boolean
default: false
label: Deploy sidecar sensor to pods
group: "Falcon Container settings"
- variable: container.image.repository
description: "URL of container image repository holding containerized Falcon sensor. Defaults to 'falcon-sensor'."
required: true
type: string
default: falcon-sensor
label: Image Repository
group: "Falcon Container settings"
- variable: container.image.tag
description: "Container registry image tag. Defaults to 'latest'."
required: true
type: string
default: "latest"
label: Image Tag
group: "Falcon Container settings"
- variable: container.image.pullPolicy
description: "The default image pullPolicy. Defaults to 'Always'."
required: false
type: enum
options:
- IfNotPresent
- Always
- Never
default: Always
label: Image pullPolicy
group: "Falcon Container settings"
- variable: container.image.pullSecrets.enable
description: "Enable pullSecrets to get container from registry that requires authentication."
required: false
type: boolean
default: false
label: Enable pullSecrets
group: "Falcon Container settings"
- variable: container.image.pullSecrets.namespaces
description: "Configure the list of namespaces that should have access to pull the Falcon sensor from a registry that requires authentication. This is a comma separated."
required: false
type: string
show_if: "container.image.pullSecrets.enable=true"
label: List of Namespaces for pullSecret
group: "Falcon Container settings"
- variable: container.image.pullSecrets.allNamespaces
description: "Attempt to create the Falcon sensor pull secret in all Namespaces instead of using 'container.image.pullSecrets.namespaces'"
required: false
type: boolean
default: false
show_if: "container.image.pullSecrets.enable=true"
label: Create pullSecret in all Namespaces
group: "Falcon Container settings"
- variable: container.image.pullSecrets.registryConfigJSON
description: "Value must be base64. The base64 encoded string of the docker config json for the pull secret can be gotten through `$ cat ~/.docker/config.json | base64 -`"
required: false
type: string
show_if: "container.image.pullSecrets.enable=true"
label: Pull Secret as a base64 string
group: "Falcon Container settings"
- variable: container.autoCertificateUpdate
description: "Auto-update the certificates every time there is an update"
required: false
type: boolean
default: true
label: Auto-update certificates
group: "Falcon Container settings"
- variable: container.autoDeploymentUpdate
description: "Update Webhook and roll out new Deployment on upgrade"
required: false
type: boolean
default: true
label: Update the webhook on upgrade
group: "Falcon Container settings"
- variable: container.azure.enabled
description: "Enable for AKS without the pulltoken option"
required: false
type: boolean
default: false
label: Configure AKS registry configuration
group: "Falcon Container settings"
- variable: container.azure.AzureConfig
description: "Path to the Kubernetes Azure config file on worker nodes"
required: false
type: string
default: "/etc/kubernetes/azure.json"
show_if: "container.azure.enabled=true"
label: Deploy sidecar sensor to pods
group: "Falcon Container settings"
- variable: container.disableNSInjection
description: "Disable injection for all Namespaces"
required: false
type: boolean
default: false
label: Disable Namespace injection
group: "Falcon Container settings"
- variable: container.disablePodInjection
description: "Disable injection for all Pods"
required: false
type: boolean
default: false
label: Disable Pod injection
group: "Falcon Container settings"
- variable: container.certExpiration
description: "Certificate validity duration in number of days"
required: false
type: int
default: 3650
label: Certificate validity
group: "Falcon Container settings"
- variable: container.injectorPort
description: "Configure the Injector Port"
required: false
type: int
default: 4433
label: Injector Port
group: "Falcon Container settings"
- variable: container.domainName
description: "For custom DNS configurations when .svc requires a domain for services"
required: false
type: string
label: Custom DNS domain name for webhook
group: "Falcon Container settings"
- variable: falcon.cid
description: "Configure your CrowdStrike Customer ID (CID)"
required: true
type: string
label: CrowdStrike Customer ID (CID)
group: "Falcon Sensor Settings"
- variable: falcon.apd
description: "App Proxy Disable (APD). Disables the Falcon sensor from using a proxy."
required: false
type: boolean
default: true
label: Enable using a proxy
group: "Falcon Sensor Settings"
- variable: falcon.aph
description: "App Proxy Hostname (APH). Uncommon in container-based deployments."
required: false
type: string
show_if: "falcon.apd=false"
label: Configure Proxy Host
group: "Falcon Sensor Settings"
- variable: falcon.app
description: "App Proxy Port (APP). Uncommon in container-based deployments."
required: false
type: string
show_if: "falcon.apd=false"
label: Configure Proxy Port
group: "Falcon Sensor Settings"
- variable: falcon.trace
description: "Options are [none|err|warn|info|debug]."
required: false
type: enum
options:
- none
- err
- warn
- info
- debug
label: Set logging trace level
default: none
group: "Falcon Sensor Settings"
- variable: falcon.feature
description: "Options to pass to the \"--feature\" flag. Options are [none,[enableLog[,disableLogBuffer[,disableOsfm[,emulateUpdate]]]]]"
required: false
type: string
label: Enable or disable certain sensor features
group: "Falcon Sensor Settings"
- variable: falcon.message_log
description: "Enable message log (true/false)"
required: false
type: boolean
default: false
label: Enable logging
group: "Falcon Sensor Settings"
- variable: falcon.billing
description: "Utilize default or metered billing. Should only be configured when needing to switch between the two."
required: false
type: enum
options:
- default
- metered
default: default
label: Configure Billing
group: "Falcon Sensor Settings"
- variable: falcon.tags
description: "Comma separated list of tags for sensor grouping. Allowed characters: all alphanumerics, '/', '-', '_', and ','."
required: false
type: string
label: Configure tags for sensor grouping
group: "Falcon Sensor Settings"
- variable: falcon.provisioning_token
description: "Used to protect the CID. Provisioning token value."
required: false
type: string
label: Set a provisioning installation token
group: "Falcon Sensor Settings"