Skip to content

threatstack/threatstack-helm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

172 Commits
charts
charts
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
.helmignore
.helmignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Chart.yaml
Chart.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
values.yaml
values.yaml
 
 

Repository files navigation

Threat Stack Agent Helm Chart

Release Version

Overview

This project defines the helm chart to deploy the Threat Stack container agent in the recommended configuration for kubernetes.

Note

The chart version is independent of the version of the agent packaged/installed by the chart. The default version of the Threat Stack agent to be installed by the helm chart is defined by the helm chart's appVersion field.

Because agent updates and improvements from version to version can require backwards-incompatible chart changes, we do not recommend customers override the agent version.

This chart installs the agent in the recommended configuration for kubernetes clusters. Configuration values should be overridden by passing helm one or more yaml files of overrides. See Additional Installation Notes section for specific recommendations. For a full list of values defined for this chart, see the values.yaml in this repository.

The following kubernetes objects are created when the chart is installed:

  • A service account named threatstack-agent (unless overridden in a values.yaml), created in the namespace specifed (the default is default)
  • A clusterrole/clusterrolebinding that allows the service account to get/list/watch the following objects:
    • events
    • namespaces
    • pods
    • clusterroles
    • clusterrolebindings
    • roles
    • rolebindings
  • A daemonset that installs the threatstack agent container on each node (1 container per node). It defaults to deploying on all nodes (this can be overridden via a values.yaml).
  • A replicaset to deploy a specially configured threatstack-agent container that communicates with the kubernetes control plane.
  • A Secret to store sensitive agent configuration, unless you define your own secret
  • A ConfigMap will be created to store the Threat Stack agent's setup and runtime configuration options.
  • Optionally a Pod Security Policy for clusters with strict pod admission control requirements.

Values

Key Type Default Description
additionalSetupConfig string "" A list of command line arguments used when the agent container registers itself with the Threat Stack platform. See official documentation for details.
agentDeployKey string ""
agentSetupExternalSecretRef object {}
apiReader.additionalRuntimeConfig string "log.level info"
apiReader.affinity object {}
apiReader.nodeSelector object {}
apiReader.tolerations list []
apiReader.podAnnotations string {}
apiReader.priorityClassName string "" Optionally set the priority class name for the daemonset pods. Note that priority classes are not created via this