diff --git a/README.md b/README.md index 21686e5..c7a06fb 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,8 @@ helm install gremlin-integrations gremlin/gremlin-integrations \ --namespace gremlin \ --set gremlin.secret.teamID=YOUR-TEAM-ID \ --set-file gremlin.secret.certificate=PATH_TO_CERTIFICATE \ - --set-file gremlin.secret.key=PATH_TO_PRIVATE_KEY + --set-file gremlin.secret.key=PATH_TO_PRIVATE_KEY \ + --set gremlin.secret.certVolume=YOUR-CERT-VOLUME-CONFIG ``` For more detailed instructions, see the chart's diff --git a/gremlin-integrations/README.md b/gremlin-integrations/README.md index 6578eba..31b90ff 100644 --- a/gremlin-integrations/README.md +++ b/gremlin-integrations/README.md @@ -20,7 +20,9 @@ values.yaml for all available options. | `nodeSelector` | Map of node labels for pod assignment for the `gremlin-integrations` container | `{}` | | `tolerations` | List of node taints to tolerate for the `gremlin-integrations` container | `[]` | | `affinity` | Map of node/pod affinities for the `gremlin-integrations` container | `{}` | -| `gremlin.serviceAccount.create` | Specifies whether Gremlin's kubernetes service account should be created by this helm chart | `true` | +| `gremlin.serviceAccount.create` | Specifies whether Gremlin's kubernetes service account should be created by this helm chart | +| `gremlin.secret.certVolume` | Used to define the value of the gremlin-cert volume except the name. This volume should always contain two files named `gremlin.cert` and `gremlin.key` containing the team certificate and private key used to auth the agents to the gremlin API | `{}` | +| `gremlin.serviceAccount.annotations` | Annotations to add to the Gremlin service account | `{}` | | `true` | | `gremlin.serviceUrl` | Specifies the Control Plane endpoint URL | `https://api.gremlin.com/v1` | | `gremlin.allowList` | Whitelist URLs in order to allow access only to specific set of endpoints | `""` | | `gremlin.secret.managed` | Specifies whether Gremlin should manage its secrets with Helm | `false` | diff --git a/gremlin/README.md b/gremlin/README.md index 49eb7f4..5626cc0 100644 --- a/gremlin/README.md +++ b/gremlin/README.md @@ -30,6 +30,7 @@ their default values. See values.yaml for all available options. | `chao.nodeSelector` | Map of node labels for pod assignment for the `chao` container | `{}` | | `chao.tolerations` | List of node taints to tolerate for the `chao` container | `[]` | | `chao.affinity` | Map of node/pod affinities for the `chao` container | `{}` | +| `chao.serviceAccount.annotations` | Annotations to add to the Chao service account | `{}` | | `chao.create` | Enable kubernetes targeting by installing k8s client | true | | `chao.extraEnv` | Specify any arbitrary environment variables to pass to the Chao deployment. | `[]` | | `chao.namespaces` | List of namespaces for Gremlin to watch for attacking | `[]` @@ -45,6 +46,7 @@ their default values. See values.yaml for all available options. | `gremlin.podSecurity.readOnlyRootFilesystem` | Forces the Gremlin Daemonset containers to run with a read-only root filesystem | `false` | | `gremlin.podSecurity.supplementalGroups.rule` | Specifies the Linux groups the Gremlin Daemonset containers should run as | `RunAsAny` | | `gremlin.podSecurity.fsGroup.rule` | Specifies the Linux groups applied to mounted volumes | `RunAsAny` | +| `gremlin.secret.certVolume` | Used to define the value of the gremlin-cert volume except the name. This volume should always contain two files named `gremlin.cert` and `gremlin.key` containing the team certificate and private key used to auth the agents to the gremlin API | `{}` | | `gremlin.podSecurity.volumes` | Specifies the volume types the Gremlin Daemonset is allowed to use | `[configMap, secret, hostPath]` | | `gremlin.podSecurity.podSecurityPolicy.create` | When true, Gremlin creates and uses a custom PodSecurityPolicy, granting all behaviors Gremlin needs | `false` | | `gremlin.podSecurity.podSecurityPolicy.seLinux` | Sets the SecurityContext for the PSP used by the Gremlin Daemonset | `{ rule: MustRunAs, seLinuxOptions: { type: gremlin.process } }` |