opencti
A Helm chart to deploy OpenCTI
Homepage:
Values
| Key | Type | Default | Description |
|---|---|---|---|
| elasticsearch.allowMmap | bool | true |
Explicitly set the usage of ES Memory Mapping settings to allow a better usage of virtual memory Ref: https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/virtual-memory |
| elasticsearch.clusterName | string | "elasticsearch" |
ES cluster name |
| elasticsearch.dataNodes.additionalVolumeClaimTemplates | list | [] |
Configure additional Volume Claim templates on your ES data nodes (can be used for backups on a shared volume for example) ATTENTION: The ECK operator currently doesn't support editing the volumClaimTemplates after the cluster creation. Make sure to set the correct values before enabling your ES cluster. If you need to declare a new PVC, you can create it manually and then use the persistentVolumeClaim field of the volumes you're mounting. |
| elasticsearch.dataNodes.additionalVolumeMounts | list | [] |
Configure additional Volume mounts on your ES data nodes (can be used for backups on a shared volume for example) |
| elasticsearch.dataNodes.additionalVolumes | list | [] |
Configure additional Volumes on your ES data nodes (can be used for backups on a shared volume for example) |
| elasticsearch.dataNodes.affinity | object | {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"elasticsearch.k8s.elastic.co/cluster-name":"elasticsearch","elasticsearch.k8s.elastic.co/node-master":"false"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} |
Affinity for ES data nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
| elasticsearch.dataNodes.extraConfig | object | {} |
Additional configuration to apply on the ES data nodes. This can be used to set custom configuration entries in the elasticsearch.yml file for example. Only add configuration not managed by the chart currently |
| elasticsearch.dataNodes.initContainers | list | [] |
initContainers definition for ES data nodes |
| elasticsearch.dataNodes.javaOpts | string | "-Xms2g -Xmx2g -Xlog:disable -Xlog:all=warning:stderr:utctime,level,tags -Xlog:gc=debug:stderr:utctime" |
|
| elasticsearch.dataNodes.nodeSelector | object | {} |
Node labels for ES data nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
| elasticsearch.dataNodes.priorityClass | object | {"enabled":false,"name":"default"} |
Configure the priority class for your ES data nodes Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass |
| elasticsearch.dataNodes.priorityClass.enabled | bool | false |
Enable or disable the priority class configuration |
| elasticsearch.dataNodes.priorityClass.name | string | "default" |
Priority class name to apply on your ES data nodes |
| elasticsearch.dataNodes.replicas | int | 2 |
Number of data node replicas |
| elasticsearch.dataNodes.resources | object | {"limits":{"memory":"6Gi"},"requests":{"cpu":1,"memory":"4Gi"}} |
The resources limits and requests for ES data nodes Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| elasticsearch.dataNodes.storageClassName | string | "" |
Storage Class Name to use in your volumes |
| elasticsearch.dataNodes.storageSize | string | "100Gi" |
Default size of your ES data nodes |
| elasticsearch.dataNodes.threadPoolSearchQueueSize | int | 5000 |
Sets the default Queue Size for the Search thread pool. This is a value recommended by Filigran Ref: https://docs.opencti.io/latest/deployment/installation#configure-the-environment |
| elasticsearch.dataNodes.tolerations | list | [] |
Tolerations for ES data nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| elasticsearch.disableDowngradeValidation | bool | true |
Allows ECK to rollback to a previous version if performed an undesired upgrade |
| elasticsearch.enableXpackML | bool | false |
Enable or disable the ML features built-in ES Ref: https://www.elastic.co/docs/reference/elasticsearch/configuration-reference/machine-learning-settings |
| elasticsearch.enabled | bool | false |
Set to true to deploy your own Elastic instance. Be aware you need to install the CRDs beforehand. |
| elasticsearch.imagePullPolicy | string | "IfNotPresent" |
Image pull policy |
| elasticsearch.imagePullSecrets | object | {} |
Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| elasticsearch.initVMMaxMapCount | bool | false |
Enable or disable default initContainers to set vm.max_map_count on the ES nodes hosts Recommended to be enabled when allowMmap is set to true. Ref: https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/virtual-memory |
| elasticsearch.initVMMaxMapCountInitContainer | object | {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"busybox","tag":"1.36.1@sha256:d5f45b39573a582b66cc64866691322abdfeccc6d77a13194c7ab6b3915baaf6"} |
Configure the image for the initContainer to set vm.max_map_count on the ES nodes hosts |
| elasticsearch.kibana | object | {"elasticsearchRequestTimeout":1800000,"enabled":true,"http":{"tls":{"selfSignedCertificate":{"disabled":true}}},"ingress":{"enabled":false},"name":"kibana","podTemplate":{},"serverSocketTimeout":1800000,"telemetryAllowChangingOptInStatus":false,"telemetryOptIn":false} |
Configuration block for Kibana instance |
| elasticsearch.kibana.elasticsearchRequestTimeout | int | 1800000 |
Override the timeout value for ES requests |
| elasticsearch.kibana.enabled | bool | true |
Enable or disable Kibana deployment |
| elasticsearch.kibana.http | object | {"tls":{"selfSignedCertificate":{"disabled":true}}} |
Define the http configuration to expose Kibana Ref: https://www.elastic.co/docs/deploy-manage/security/k8s-https-settings |
| elasticsearch.kibana.ingress | object | {"enabled":false} |
Ingress configuration to expose Kibana Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ |
| elasticsearch.kibana.name | string | "kibana" |
Set Kibana deployment name |
| elasticsearch.kibana.podTemplate | object | {} |
Define the podTemplate properties for Kibana pods Ref: https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-advanced-configuration |
| elasticsearch.kibana.serverSocketTimeout | int | 1800000 |
Override the timeout value for sockets in Kibana |
| elasticsearch.kibana.telemetryAllowChangingOptInStatus | bool | false |
Override the telemetry allow opt-in status |
| elasticsearch.kibana.telemetryOptIn | bool | false |
Override the telemetry opt-in boolean |
| elasticsearch.loggerDiscoveryLevel | string | "ERROR" |
Sets the default log level for your ES instance Ref: https://www.elastic.co/docs/deploy-manage/monitor/logging-configuration/update-elasticsearch-logging-levels |
| elasticsearch.masterNodes.additionalVolumeClaimTemplates | list | [] |
Configure additional Volume Claim templates on your ES data nodes (can be used for backups on a shared volume for example) ATTENTION: The ECK operator currently doesn't support editing the volumClaimTemplates after the cluster creation. Make sure to set the correct values before enabling your ES cluster. If you need to declare a new PVC, you can create it manually and then use the persistentVolumeClaim field of the volumes you're mounting. |
| elasticsearch.masterNodes.additionalVolumeMounts | list | [] |
Configure additional Volumes mounts on your ES data nodes (can be used for backups on a shared volume for example) |
| elasticsearch.masterNodes.additionalVolumes | list | [] |
Configure additional Volumes on your ES data nodes (can be used for backups on a shared volume for example) |
| elasticsearch.masterNodes.affinity | object | {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"elasticsearch.k8s.elastic.co/cluster-name":"elasticsearch","elasticsearch.k8s.elastic.co/node-master":"true"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} |
Affinity for ES master nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
| elasticsearch.masterNodes.extraConfig | object | {} |
Additional configuration to apply on the ES master nodes. This can be used to set custom configuration entries in the elasticsearch.yml file for example. Only add configuration not managed by the chart currently |
| elasticsearch.masterNodes.initContainers | list | [] |
initContainers definition for ES master nodes |
| elasticsearch.masterNodes.javaOpts | string | "-Xms500m -Xmx500m -Xlog:disable -Xlog:all=warning:stderr:utctime,level,tags -Xlog:gc=debug:stderr:utctime" |
|
| elasticsearch.masterNodes.nodeSelector | object | {} |
Node labels for ES master nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
| elasticsearch.masterNodes.priorityClass | object | {"enabled":false,"name":"default"} |
Configure the priority class for your ES master nodes Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass |
| elasticsearch.masterNodes.priorityClass.enabled | bool | false |
Enable or disable the priority class configuration |
| elasticsearch.masterNodes.priorityClass.name | string | "default" |
Priority class name to apply on your ES master nodes |
| elasticsearch.masterNodes.replicas | int | 1 |
Number of master nodes replicas (must be odd or 0) |
| elasticsearch.masterNodes.resources | object | {"limits":{"memory":"4Gi"},"requests":{"cpu":0.5,"memory":"2Gi"}} |
The resources limits and requests for ES master nodes Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| elasticsearch.masterNodes.storageClassName | string | "" |
Storage Class Name to use in your volumes |
| elasticsearch.masterNodes.storageSize | string | "10Gi" |
Default size of your ES master nodes |
| elasticsearch.masterNodes.tolerations | list | [] |
Tolerations for ES master nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| elasticsearch.service | object | {"name":"es-data-nodes","port":9200,"targetPort":9200} |
Configuration of the ES related Kubernetes Service |
| elasticsearch.service.name | string | "es-data-nodes" |
ES data service name |
| elasticsearch.service.port | int | 9200 |
ES data port |
| elasticsearch.service.targetPort | int | 9200 |
ES data target port |
| elasticsearch.snapshots | object | {"accessKey":"","clientName":"default","enableCustomClient":false,"secretKey":""} |
Setup a custom S3 client to use in a Snapshot Registry to perform backups Ref: https://www.elastic.co/docs/deploy-manage/tools/snapshot-and-restore/cloud-on-k8s#k8s-s3-compatible |
| elasticsearch.version | string | "8.18.4" |
Version of ES to use |
| elasticsearch.vmMaxMapCountValue | int | 1048576 |
Value to set for vm.max_map_count on the ES nodes hosts when initVMMaxMapCount is set to true Ref: https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/virtual-memory |
| global | object | {} |
Global section contains parameters applied across all resources |
| importDocumentAiWebservice | object | {"annotations":{},"enabled":false,"env":{},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"filigran/import-document-ai-webservice","version":"latest"},"imagePullSecrets":{},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"import-document-ai-webservice.local","paths":[{"path":"/","pathType":"Prefix"}]}],"labels":{},"path":"/","pathType":"Prefix","tls":[]},"labels":{"app":"import-document-ai-webservice"},"livenessProbe":{"failureThreshold":3,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":30,"periodSeconds":10},"name":"import-document-ai-webservice","nodeSelector":{},"podAnnotations":{},"podLabels":{"app":"import-document-ai-webservice"},"priorityClass":null,"readinessProbe":{"failureThreshold":10,"initialDelaySeconds":10,"periodSeconds":5,"successThreshold":1,"tcpSocket":{"port":8000}},"resources":{"limits":{"cpu":"2","memory":"16Gi"},"requests":{"cpu":"1","memory":"4Gi"}},"service":{"port":80,"targetPort":8000,"type":"ClusterIP"},"serviceAccountName":"","tolerations":[]} |
Configuration of the AI import document Webservice Ref: https://docs.opencti.io/latest/deployment/ai-import-document/ |
| importDocumentAiWebservice.annotations | object | {} |
The annotations configured for the deployment itself |
| importDocumentAiWebservice.imagePullSecrets | object | {} |
Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| importDocumentAiWebservice.nodeSelector | object | {} |
Node labels for import-document-ai-webservice pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
| importDocumentAiWebservice.podAnnotations | object | {} |
The annotations configured on the import-document-ai-webservice pods |
| importDocumentAiWebservice.podLabels | object | {"app":"import-document-ai-webservice"} |
The labels configured on the import-document-ai-webservice pods |
| importDocumentAiWebservice.priorityClass | string | nil |
Configure the priority class for your import-document-ai-webservice containers Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass |
| importDocumentAiWebservice.serviceAccountName | string | "" |
Service account name for import-document-ai-webservice pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
| importDocumentAiWebservice.tolerations | list | [] |
Tolerations for import-document-ai-webservice pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| minio.annotations | object | {} |
Annotations to add to the MinIO Tenant resource metadata |
| minio.buckets | list | [] |
Array of objects describing one or more buckets to create during tenant provisioning. |
| minio.certificate | object | {"certConfig":{},"externalCaCertSecret":[],"externalCertSecret":[],"externalClientCertSecrets":[],"requestAutoCert":false} |
Manage MinIO certificate configuration Ref: https://github.com/minio/operator/blob/master/helm/tenant/values.yaml#L245 |
| minio.certificate.certConfig | object | {} |
Configuration of your custom certificate Ref: https://docs.min.io/community/minio-object-store/operations/network-encryption/enable-minio-tls.html#procedure |
| minio.certificate.externalCaCertSecret | list | [] |
List of secrets to use for your external cert authority |
| minio.certificate.externalCertSecret | list | [] |
List of secrets to use for your external cert clients |
| minio.certificate.externalClientCertSecrets | list | [] |
List of secrets to use for your external client cert authority |
| minio.certificate.requestAutoCert | bool | false |
Enable or disable automatic TLS configuration in your tenant |
| minio.enabled | bool | false |
Set to true to deploy your own MinIO instance |
| minio.env | list | [] |
Array of environment variables that you want to add to your MinIO containers |
| minio.exposeServices | object | {} |
Tells the operator to expose the S3 API or Console services as LB objects |
| minio.features | object | {"bucketDNS":false,"domains":{},"enableSFTP":false} |
Configure MinIO features for your tenant Ref: https://docs.min.io/community/minio-object-store/reference/operator-crd.html#features |
| minio.image | string | "quay.io/minio/minio:RELEASE.2025-05-24T17-08-30Z" |
Reference of your Redis image |
| minio.imagePullPolicy | string | "IfNotPresent" |
Image pull policy |
| minio.imagePullSecret | object | {"name":""} |
MinIO tenant CRD supports only one imagePullSecret value directly through the name key. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| minio.ingress | object | {"enabled":false} |
Ingress configuration to expose MinIO Web Console Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ |
| minio.initContainers | list | [] |
Additional initContainers for MinIO pods Ref: https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html |
| minio.lifecycle | object | {} |
Lifecycle hooks for MinIO containers Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ |
| minio.liveness | object | {} |
Liveness probe configuration |
| minio.logging | object | {"anonymous":true,"json":true,"quiet":true} |
Configure pod logging in your tenant |
| minio.logging.anonymous | bool | true |
Anonymized logs |
| minio.logging.json | bool | true |
JSON Formatted logs |
| minio.logging.quiet | bool | true |
Supress logging |
| minio.podManagementPolicy | string | "Parallel" |
Can be "OrderedReady" or "Parallel" Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podmanagementpolicytype-v1-apps |
| minio.priorityClass | object | {"enabled":false,"name":"default"} |
Configure the priority class for your MinIO containers Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass |
| minio.priorityClass.enabled | bool | false |
Enable or disable the priority class configuration |
| minio.priorityClass.name | string | "default" |
Priority class name to apply on your MinIO containers |
| minio.prometheusOperator | bool | false |
Enable or disable the tenant"s metrics scrape config |
| minio.readiness | object | {} |
Readiness probe configuration |
| minio.serviceAccountName | string | "" |
Service account to associate with your MinIO tenant resources |
| minio.serviceMetadata | object | {} |
Define additional labels or annotations to the MinIO services (Console and API endpoint) |
| minio.sidecars | list | [] |
Additional sidecar containers for MinIO pods Ref: https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html |
| minio.standardClass | int | 1 |
Value referenced in the MinIO secret object. It helps define the Default Parity setting in your tenant Ref: https://docs.min.io/community/minio-object-store/reference/minio-server/settings/storage-class.html#envvar.MINIO_STORAGE_CLASS_STANDARD |
| minio.standardPool | object | {"additionalVolumeMounts":[],"additionalVolumes":[],"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"minio"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}},"annotations":{},"containerSecurityContext":{},"enableSecurityContext":true,"labels":{},"nodeSelector":{},"resources":{"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}},"runtimeClassName":"","securityContext":{},"serversCount":4,"storageClassName":"","storageSize":"10Gi","tolerations":[],"topologySpreadConstraints":[],"volumesPerServer":1} |
Configuration of the default MinIO Tenant for OpenCTI |
| minio.standardPool.additionalVolumeMounts | list | [] |
Additional volume mounts for MinIO containers Ref: https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html |
| minio.standardPool.additionalVolumes | list | [] |
Additional volumes to mount to MinIO pods Ref: https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html |
| minio.standardPool.affinity | object | {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"minio"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} |
Configure affinity rules for MinIO pods. Defaults to preferredDuringSchedulingIgnoredDuringExecution based on kubernetes.io/hostname |
| minio.standardPool.annotations | object | {} |
Additional annotations to add to MinIO pool pods |
| minio.standardPool.containerSecurityContext | object | {} |
Container-level security context for MinIO containers Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container |
| minio.standardPool.enableSecurityContext | bool | true |
Enable or disable the security context configuration for MinIO pods and containers By default, MinIO sets its own security context. Disabling forces the values to {} to be able to run on default config in OpenShift clusters for example. |
| minio.standardPool.labels | object | {} |
Additional labels to add to MinIO pool pods |
| minio.standardPool.nodeSelector | object | {} |
Node labels for MinIO pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
| minio.standardPool.resources | object | {"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}} |
The resources limits and requests for your MinIO containers Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| minio.standardPool.runtimeClassName | string | "" |
Runtime class name for MinIO pods Ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ |
| minio.standardPool.securityContext | object | {} |
Pod-level security context for MinIO pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
| minio.standardPool.storageClassName | string | "" |
Storage Class Name to use in your volumes |
| minio.standardPool.storageSize | string | "10Gi" |
Default size of MinIO data node |
| minio.standardPool.tolerations | list | [] |
Tolerations for MinIO pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| minio.standardPool.topologySpreadConstraints | list | [] |
Topology spread constraints for MinIO pods Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ |
| minio.standardPool.volumesPerServer | int | 1 |
Number of volumes per MinIO server |
| minio.startup | object | {} |
Startup probe configuration |
| minio.users | list | [] |
Pre-configured users as a list of Kubernetes secrets. Each secret should specify the CONSOLE_ACCESS_KEY and CONSOLE_SECRET_KEY as the access key and secret key for that user. |
| opencti.connector.commonEnv | object | {"CONNECTOR_LOG_LEVEL":"info","OPENCTI_URL":"http://opencti-ingest:80"} |
Environment variables deployed accross all connectors |
| opencti.connector.connectors | list | [{"annotations":{},"enabled":false,"env":{"CONFIG_GEOGRAPHY_FILE_URL":"https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/geography.json","CONFIG_INTERVAL":"15","CONFIG_SECTORS_FILE_URL":"https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/sectors.json","CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"OpenCTI Datasets","CONNECTOR_SCOPE":"marking-definition,identity,location","CONNECTOR_TYPE":"EXTERNAL_IMPORT","CONNECTOR_UPDATE_EXISTING_DATA":"true","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-opencti"},"labels":{},"name":"opencti","podLabels":{"app":"opencti-connector-opencti"},"replicaCount":1},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportFileCsv","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-file-csv"},"labels":{},"name":"export-file-csv","podLabels":{"app":"opencti-connector-export-file-csv"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportFileStix2","CONNECTOR_SCOPE":"application/vnd.oasis.stix+json","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-file-stix"},"labels":{},"name":"export-file-stix","podLabels":{"app":"opencti-connector-export-file-stix"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportReportPdf","CONNECTOR_SCOPE":"application/pdf","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_1":"Example Name","EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_2":"123 Main Street","EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_3":"Miami, FL 33101 USA","EXPORT_REPORT_PDF_COMPANY_EMAIL":"intelligence_reports@example.com","EXPORT_REPORT_PDF_COMPANY_PHONE_NUMBER":"888.888.8888","EXPORT_REPORT_PDF_COMPANY_WEBSITE":"https://example.com","EXPORT_REPORT_PDF_DEFANG_URLS":"false","EXPORT_REPORT_PDF_INDICATORS_ONLY":"false","EXPORT_REPORT_PDF_PRIMARY_COLOR":"#ff8c00","EXPORT_REPORT_PDF_SECONDARY_COLOR":"#000000","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-report-pdf"},"labels":{},"name":"export-report-pdf","podLabels":{"app":"opencti-connector-export-report-pdf"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportFileTxt","CONNECTOR_SCOPE":"text/plain","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-file-txt"},"labels":{},"name":"export-file-txt","podLabels":{"app":"opencti-connector-export-file-txt"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportTTPsFileNavigator","CONNECTOR_SCOPE":"application/vnd.mitre.navigator+json","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-ttps-file-navigator"},"labels":{},"name":"export-ttps-file-navigator"},{"annotations":{},"enabled":false,"env":{"CONNECTOR_AUTO":"false","CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportDocument","CONNECTOR_SCOPE":"application/pdf,text/plain,text/html,text/markdown","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","CONNECTOR_VALIDATE_BEFORE_IMPORT":"true","CONNECTOR_WEB_SERVICE_URL":"https://importdoc.ariane.filigran.io","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-document"},"labels":{},"name":"import-document","resources":{"limits":{"memory":"4Gi"}}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_AUTO":"false","CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportFileStix","CONNECTOR_SCOPE":"application/json,text/xml,application/xml","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","CONNECTOR_VALIDATE_BEFORE_IMPORT":"true","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-file-stix"},"labels":{},"name":"import-file-stix"},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportFileMISP","CONNECTOR_SCOPE":"application/json","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","MISP_IMPORT_FILE_AUTHOR_FROM_TAGS":"false","MISP_IMPORT_FILE_CREATE_INDICATORS":"true","MISP_IMPORT_FILE_CREATE_OBJECT_OBSERVABLES":"true","MISP_IMPORT_FILE_CREATE_OBSERVABLES":"true","MISP_IMPORT_FILE_CREATE_REPORTS":"true","MISP_IMPORT_FILE_CREATE_TAGS_AS_LABELS":"true","MISP_IMPORT_FILE_GUESS_THREAT_FROM_TAGS":"true","MISP_IMPORT_FILE_IMPORT_TO_IDS_NO_SCORE":"40","MISP_IMPORT_FILE_IMPORT_UNSUPPORTED_OBSERVABLES_AS_TEXT":"false","MISP_IMPORT_FILE_IMPORT_UNSUPPORTED_OBSERVABLES_AS_TEXT_TRANSPARENT":"true","MISP_IMPORT_FILE_IMPORT_WITH_ATTACHMENTS":"true","MISP_IMPORT_FILE_REPORT_TYPE":"misp-event","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-file-misp"},"labels":{},"name":"import-file-misp"},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportFileYARA","CONNECTOR_SCOPE":"text/yara+plain","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-file-yara"},"labels":{},"name":"import-file-yara"}] |
Connectors configuration for your OpenCTI platform Ref: https://docs.opencti.io/latest/deployment/connectors Ref: https://github.com/OpenCTI-Platform/connectors |
| opencti.defaultInitContainers | object | {"connectors":{"enabled":true,"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}},"elasticsearch":{"enabled":true,"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"curlimages/curl","tag":"8.17.0@sha256:9fe0ae1b1f7803a52d3202ca91302e541a2d49eb1bc47225aff3a155f172d02d"},"minio":{"enabled":true,"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}},"rabbitmq":{"enabled":true,"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}},"redis":{"enabled":true,"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"redis","tag":"8.0.4"},"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}},"workers":{"enabled":true,"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}}} |
Default initContainers for dependency health checks Applied to front, ingest, workers and connector deployments. Each toggle controls whether the corresponding readiness check initContainer is rendered. |
| opencti.defaultInitContainers.connectors.enabled | bool | true |
Enable Connectors readiness check to ensure ingesters nodes are up and running before starting connectors |
| opencti.defaultInitContainers.connectors.resources | object | {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} |
The resources limits and requests for Connectors readiness check initContainer |
| opencti.defaultInitContainers.elasticsearch.enabled | bool | true |
Enable Elasticsearch readiness check in front and ingesters deployments |
| opencti.defaultInitContainers.elasticsearch.resources | object | {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} |
The resources limits and requests for Elasticsearch readiness check initContainer |
| opencti.defaultInitContainers.image | object | {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"curlimages/curl","tag":"8.17.0@sha256:9fe0ae1b1f7803a52d3202ca91302e541a2d49eb1bc47225aff3a155f172d02d"} |
Default image to perform the readiness checks |
| opencti.defaultInitContainers.minio.enabled | bool | true |
Enable MinIO readiness check in front and ingesters deployments |
| opencti.defaultInitContainers.minio.resources | object | {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} |
The resources limits and requests for MinIO readiness check initContainer |
| opencti.defaultInitContainers.rabbitmq.enabled | bool | true |
Enable RabbitMQ readiness check in front and ingesters deployments |
| opencti.defaultInitContainers.rabbitmq.resources | object | {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} |
The resources limits and requests for RabbitMQ readiness check initContainer |
| opencti.defaultInitContainers.redis.enabled | bool | true |
Enable Redis readiness check in front and ingesters deployments |
| opencti.defaultInitContainers.redis.image | object | {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"redis","tag":"8.0.4"} |
Default image to perform the Redis readiness check |
| opencti.defaultInitContainers.redis.resources | object | {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} |
The resources limits and requests for Redis readiness check initContainer |
| opencti.defaultInitContainers.workers.enabled | bool | true |
Enable Workers readiness check to ensure ingesters nodes are up and running before starting workers |
| opencti.defaultInitContainers.workers.resources | object | {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} |
The resources limits and requests for Workers readiness check initContainer |
| opencti.env | object | {"APP__ADMIN__EMAIL":"admin@opencti.io","APP__ADMIN__PASSWORD":"ChangeMe","APP__ADMIN__TOKEN":"ChangeMe","APP__BASE_PATH":"/","APP__BASE_URL":"ChangeMe","APP__CHILD_LOCKING_PROCESS__ENABLED":true,"APP__ENCRYPTION_KEY":"ChangeMe","APP__GRAPHQL__PLAYGROUND__ENABLED":false,"APP__GRAPHQL__PLAYGROUND__FORCE_DISABLED_INTROSPECTION":false,"APP__HEALTH_ACCESS_KEY":"ChangeMe","APP__TELEMETRY__METRICS__ENABLED":false,"ELASTICSEARCH__URL":"https://elasticsearch:9200","MINIO__ENDPOINT":"minio","MINIO__PORT":80,"NODE_OPTIONS":"--max-old-space-size=8192","PROVIDERS__LOCAL__STRATEGY":"LocalStrategy","RABBITMQ__HOSTNAME":"rabbitmq","RABBITMQ__PORT":5672,"RABBITMQ__PORT_MANAGEMENT":15672,"REDIS__HOSTNAME":"redis","REDIS__MODE":"single","REDIS__PORT":6379,"REDIS__TRIMMING":1000000} |
Environment variables to configure OpenCTI Applied to both Front and Ingesters deployments. Ref: https://docs.opencti.io/latest/deployment/configuration/#platform |
| opencti.envFromSecrets | object | {} |
Environment variables sets from secrets |
| opencti.front.affinity | object | {} |
Affinity for OpenCTI server pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
| opencti.front.dnsConfig | object | {} |
DNS configuration for OpenCTI server pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ |
| opencti.front.dnsPolicy | string | "ClusterFirst" |
DNS policy for OpenCTI server pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy |
| opencti.front.env | object | {"ACTIVITY_MANAGER__ENABLED":"false","CONNECTOR_MANAGER__ENABLED":"false","EXPIRATION_SCHEDULER__ENABLED":"false","FILE_INDEX_MANAGER__ENABLED":"false","GARBAGE_COLLECTION_MANAGER__ENABLED":"false","HISTORY_MANAGER__ENABLED":"false","HUB_REGISTRATION_MANAGER__ENABLED":"false","INDICATOR_DECAY_MANAGER__ENABLED":"false","INGESTION_MANAGER__ENABLED":"false","NOTIFICATION_MANAGER__ENABLED":"false","PIR_MANAGER__ENABLED":"false","PLAYBOOK_MANAGER__ENABLED":"false","PROVIDERS__SAML__CONFIG__WANT_AUTHN_RESPONSE_SIGNED":"false","PUBLISHER_MANAGER__ENABLED":"false","RETENTION_MANAGER__ENABLED":"false","RULE_ENGINE__ENABLED":"false","SYNC_MANAGER__ENABLED":"false","TASK_SCHEDULER__ENABLED":"false"} |
Platform dedicated env vars By default all managers are disabled |
| opencti.front.ingress | object | {"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]} |
Ingress configuration to expose OpenCTI Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ |
| opencti.front.initContainers | list | [] |
initContainers definition for OpenCTI front pods |
| opencti.front.livenessProbe | object | {"enabled":false,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":30,"successThreshold":1,"timeoutSeconds":10} |
Configure liveness checker for OpenCTI container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
| opencti.front.loadBalancer | object | {"annotations":{},"enabled":false,"extraSelectorLabels":{},"extraSpec":{},"port":80,"targetPort":null} |
LoadBalancer service to expose OpenCTI front |
| opencti.front.loadBalancer.annotations | object | {} |
Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| opencti.front.loadBalancer.extraSelectorLabels | object | {} |
Extra labels to add to the OpenCTI front load balancer service selector. Uses the OpenCTI front pod labels by default. |
| opencti.front.loadBalancer.extraSpec | object | {} |
Additional configuration to apply on the LoadBalancer service |
| opencti.front.loadBalancer.port | int | 80 |
The port to use for the OpenCTI front load balancer |
| opencti.front.loadBalancer.targetPort | string | nil |
The target port on OpenCTI front pods to direct load balancer traffic to. Defaults to the service target port if not set. |
| opencti.front.nodeSelector | object | {} |
Node labels for OpenCTI server pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
| opencti.front.podAnnotations | object | {} |
The annotations configured on OpenCTI server pods |
| opencti.front.podLabels | object | {"app.kubernetes.io/component":"opencti-front","app.kubernetes.io/name":"opencti"} |
The labels configured on OpenCTI server pods |
| opencti.front.podSecurityContext | object | {} |
Defines privilege and access control settings for OpenCTI server pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
| opencti.front.readinessProbe | object | {"enabled":false,"failureThreshold":5,"initialDelaySeconds":5,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":10} |
Configure readinessProbe checker for OpenCTI container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
| opencti.front.replicaCount | int | 1 |
Number of OpenCTI servers |
| opencti.front.resources | object | {} |
The resources limits and requests for OpenCTI container Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| opencti.front.securityContext | object | {} |
Defines privilege and access control settings for OpenCTI containers Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container |
| opencti.front.service | object | {"port":80,"targetPort":4000,"type":"ClusterIP"} |
Kubernetes service to expose OpenCTI server pods Ref: https://kubernetes.io/docs/concepts/services-networking/service/ |
| opencti.front.serviceAccountName | string | "" |
Service account name for OpenCTI front pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
| opencti.front.startupProbe | object | {"enabled":false,"failureThreshold":50,"initialDelaySeconds":10,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":5} |
Configure startupProbe checker for OpenCTI container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
| opencti.front.terminationGracePeriodSeconds | int | 30 |
Configure OpenCTI server pods termination grace period Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination |
| opencti.front.tolerations | list | [] |
Tolerations for OpenCTI server pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| opencti.front.topologySpreadConstraints | list | [] |
Control how OpenCTI server pods are spread across your cluster Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints |
| opencti.front.volumeMounts | list | [] |
Configure Volume mounts on your OpenCTI containers Ref: https://kubernetes.io/docs/concepts/storage/volumes/ |
| opencti.front.volumes | list | [] |
Configure Volume on your OpenCTI server pods Ref: https://kubernetes.io/docs/concepts/storage/volumes/ |
| opencti.image | object | {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/platform","tag":""} |
Image configuration for the OpenCTI server |
| opencti.image.pullPolicy | string | "IfNotPresent" |
Image Pull Policy for OpenCTI containers |
| opencti.image.registry | string | "docker.io" |
The registry to pull OpenCTI images from |
| opencti.image.repository | string | "opencti/platform" |
The repository to pull OpenCTI images from |
| opencti.image.tag | string | "" |
Overrides the image tag. Default to OpenCTI version |
| opencti.ingest.affinity | object | {} |
Affinity for OpenCTI ingest server assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
| opencti.ingest.dnsConfig | object | {} |
DNS configuration for OpenCTI ingest pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ |
| opencti.ingest.dnsPolicy | string | "ClusterFirst" |
DNS policy for OpenCTI ingest pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy |
| opencti.ingest.ingress | object | {"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-ingest-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]} |
Ingress configuration to expose OpenCTI ingesters Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ |
| opencti.ingest.initContainers | list | [] |
initContainers definition for OpenCTI ingest pods |
| opencti.ingest.livenessProbe | object | {"enabled":false,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":30,"successThreshold":1,"timeoutSeconds":10} |
Configure liveness checker for OpenCTI container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
| opencti.ingest.loadBalancer | object | {"annotations":{},"enabled":false,"extraSelectorLabels":{},"extraSpec":{},"port":80,"targetPort":null} |
LoadBalancer service to expose OpenCTI ingesters |
| opencti.ingest.loadBalancer.annotations | object | {} |
Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| opencti.ingest.loadBalancer.extraSelectorLabels | object | {} |
Extra labels to add to the OpenCTI ingest load balancer service selector. Uses the OpenCTI ingest pod labels by default. |
| opencti.ingest.loadBalancer.extraSpec | object | {} |
Additional configuration to apply on the LoadBalancer service |
| opencti.ingest.loadBalancer.port | int | 80 |
The port to use for the OpenCTI ingest load balancer |
| opencti.ingest.loadBalancer.targetPort | string | nil |
The target port on OpenCTI ingest pods to direct load balancer traffic to. Defaults to the service target port if not set. |
| opencti.ingest.nodeSelector | object | {} |
Node labels for OpenCTI ingest pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
| opencti.ingest.podAnnotations | object | {} |
The annotations configured on OpenCTI ingest server pods |
| opencti.ingest.podLabels | object | {"app.kubernetes.io/component":"opencti-ingest","app.kubernetes.io/name":"opencti"} |
The labels configured on OpenCTI ingest pods |
| opencti.ingest.podSecurityContext | object | {} |
Defines privilege and access control settings for OpenCTI ingest pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
| opencti.ingest.readinessProbe | object | {"enabled":false,"failureThreshold":5,"initialDelaySeconds":5,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":10} |
Configure readinessProbe checker for OpenCTI container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
| opencti.ingest.replicaCount | int | 3 |
Number of OpenCTI ingest servers |
| opencti.ingest.resources | object | {} |
The resources limits and requests for OpenCTI container Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| opencti.ingest.securityContext | object | {} |
Defines privilege and access control settings for OpenCTI containers Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container |
| opencti.ingest.service | object | {"port":80,"targetPort":4000,"type":"ClusterIP"} |
Kubernetes service to expose OpenCTI ingest pods Ref: https://kubernetes.io/docs/concepts/services-networking/service/ |
| opencti.ingest.serviceAccountName | string | "" |
Service account name for OpenCTI ingest pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
| opencti.ingest.startupProbe | object | {"enabled":false,"failureThreshold":50,"initialDelaySeconds":10,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":5} |
Configure startupProbe checker for OpenCTI container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
| opencti.ingest.terminationGracePeriodSeconds | int | 30 |
Configure OpenCTI ingest pods termination grace period Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination |
| opencti.ingest.tolerations | list | [] |
Tolerations for OpenCTI ingest pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| opencti.ingest.topologySpreadConstraints | list | [] |
Control how OpenCTI ingest pods are spread across your cluster Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints |
| opencti.ingest.volumeMounts | list | [] |
Configure Volume mounts on your OpenCTI ingest containers Ref: https://kubernetes.io/docs/concepts/storage/volumes/ |
| opencti.ingest.volumes | list | [] |
Configure Volume on your OpenCTI ingest pods Ref: https://kubernetes.io/docs/concepts/storage/volumes/ |
| opencti.logLevel | string | "info" |
Define OCTI Log Level Accepts: info,error,debug |
| opencti.version | string | "7.260609.0" |
The version of OpenCTI to deploy |
| opencti.worker.affinity | object | {} |
Affinity for OpenCTI worker server assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
| opencti.worker.dnsConfig | object | {} |
DNS configuration for OpenCTI worker pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ |
| opencti.worker.dnsPolicy | string | "ClusterFirst" |
DNS policy for OpenCTI worker pods Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy |
| opencti.worker.env | object | {"OPENCTI_URL":"http://opencti-ingest:80","WORKER_LOG_LEVEL":"info"} |
Environment variables to configure OpenCTI workers Ref: https://docs.opencti.io/latest/deployment/configuration/#worker-and-connector |
| opencti.worker.envFromSecrets | object | {} |
Environment variables sets from secrets |
| opencti.worker.image | object | {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/worker","tag":""} |
Image configuration for the OpenCTI workers |
| opencti.worker.image.pullPolicy | string | "IfNotPresent" |
Image Pull Policy for OpenCTI worker containers |
| opencti.worker.image.registry | string | "docker.io" |
The registry to pull OpenCTI worker images from |
| opencti.worker.image.repository | string | "opencti/worker" |
The repository to pull OpenCTI worker images from |
| opencti.worker.image.tag | string | "" |
Overrides the worker image tag. Default to OpenCTI version |
| opencti.worker.initContainers | list | [] |
initContainers definition for OpenCTI worker pods |
| opencti.worker.nodeSelector | object | {} |
Node labels for OpenCTI worker pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
| opencti.worker.podAnnotations | object | {} |
The annotations configured on OpenCTI worker server pods |
| opencti.worker.podLabels | object | {"app.kubernetes.io/component":"opencti-worker","app.kubernetes.io/name":"opencti"} |
The labels configured on OpenCTI worker pods |
| opencti.worker.podSecurityContext | object | {} |
Defines privilege and access control settings for OpenCTI worker pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
| opencti.worker.replicaCount | int | 3 |
Number of OpenCTI worker servers |
| opencti.worker.resources | object | {} |
The resources limits and requests for OpenCTI container Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| opencti.worker.securityContext | object | {} |
Defines privilege and access control settings for OpenCTI containers Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container |
| opencti.worker.serviceAccountName | string | "" |
Service account name for OpenCTI worker pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
| opencti.worker.terminationGracePeriodSeconds | int | 30 |
Configure OpenCTI worker pods termination grace period Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination |
| opencti.worker.tolerations | list | [] |
Tolerations for OpenCTI worker pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| opencti.worker.topologySpreadConstraints | list | [] |
Control how OpenCTI worker pods are spread across your cluster Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints |
| opencti.worker.volumeMounts | list | [] |
Configure Volume mounts on your OpenCTI worker containers Ref: https://kubernetes.io/docs/concepts/storage/volumes/ |
| opencti.worker.volumes | list | [] |
Configure Volume on your OpenCTI worker pods Ref: https://kubernetes.io/docs/concepts/storage/volumes/ |
| opencti.writeAppLogsToFile | bool | false |
Toggle for OpenCTI logging to file inside containers Defaults to false |
| opencti.writeAuditLogsToFile | bool | false |
Toggle for OpenCTI Audit logging to file inside containers Defaults to false |
| rabbitmq.additionalConfig | string | "disk_free_limit.absolute = 500Mi\nmax_message_size = 536870912\nmanagement.disable_stats = false\ncollect_statistics_interval = 10000\nlog.console.level = error\nmanagement_agent.disable_metrics_collector = false\n" |
Additional config that will be passed down to set up your RabbitMQ cluster Ref: https://www.rabbitmq.com/kubernetes/operator/using-operator#additional-config |
| rabbitmq.additionalPlugins | list | ["rabbitmq_management"] |
Additional plugins to be enabled in your RabbitMQ cluster Ref: https://www.rabbitmq.com/kubernetes/operator/using-operator#additional-plugins |
| rabbitmq.affinity | object | {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"rabbitmq"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} |
Affinity for RabbitMQ nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
| rabbitmq.enabled | bool | false |
Set to true to deploy your own RabbitMQ instance. Be aware you need to install the CRDs beforehand |
| rabbitmq.image | string | "docker.io/rabbitmq:4.1.4" |
Reference of your RabbitMQ image |
| rabbitmq.imagePullSecrets | object | {} |
Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| rabbitmq.ingress | object | {"enabled":false} |
Ingress configuration to expose RabbitMQ Management endpoint Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ |
| rabbitmq.loadBalancer | object | {"annotations":{},"enabled":false,"extraSpec":{},"port":15672,"selector":{"app.kubernetes.io/name":"rabbitmq"},"targetPort":15672} |
LoadBalancer service to expose RabbitMQ |
| rabbitmq.loadBalancer.annotations | object | {} |
Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer |
| rabbitmq.loadBalancer.extraSpec | object | {} |
Additional configuration to apply on the LoadBalancer service |
| rabbitmq.loadBalancer.port | int | 15672 |
The port to use for the RabbitMQ load balancer |
| rabbitmq.loadBalancer.selector | object | {"app.kubernetes.io/name":"rabbitmq"} |
The selector labels to use on the RabbitMQ load balancer service. Defaults to the labels applied by the CRDs. |
| rabbitmq.loadBalancer.targetPort | int | 15672 |
The target port to use for the RabbitMQ load balancer |
| rabbitmq.override | object | {} |
Override the default for RabbitMQ resources (services, sts...) Ref: https://www.rabbitmq.com/kubernetes/operator/using-operator#override |
| rabbitmq.priorityClass | object | {"enabled":false,"name":"default"} |
Configure the priority class for your RabbitMQ containers Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass |
| rabbitmq.priorityClass.enabled | bool | false |
Enable or disable the priority class configuration |
| rabbitmq.priorityClass.name | string | "default" |
Priority class name to apply on your RabbitMQ containers |
| rabbitmq.replicas | int | 1 |
Number of replicas in your RabbitMQ cluster |
| rabbitmq.resources | object | {} |
The resources limits and requests for your RabbitMQ containers Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| rabbitmq.storageClassName | string | "" |
Storage Class Name to use in your volumes |
| rabbitmq.storageSize | string | "5Gi" |
Default size of your RabbitMQ nodes |
| rabbitmq.tolerations | list | [] |
Tolerations for RabbitMQ pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| redis.data | object | {"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["redis","redis-replication"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}},"nodeSelector":{},"resources":{"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}},"storageClassName":"","storageSize":"4Gi","tolerations":[]} |
The configuration for your Redis DATA containers. Valid for both standalone and sentinel mode. |
| redis.data.affinity | object | {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["redis","redis-replication"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} |
Affinity for Redis DATA nodes assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
| redis.data.nodeSelector | object | {} |
Node labels for Redis DATA pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
| redis.data.resources | object | {"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}} |
The resources limits and requests for your Redis DATA containers Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| redis.data.storageClassName | string | "" |
Storage Class Name to use in your volumes |
| redis.data.storageSize | string | "4Gi" |
Default size of your Redis nodes. Should at least be the double of the RAM allocated to allow rdb dumps. |
| redis.data.tolerations | list | [] |
Tolerations for Redis DATA pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| redis.enableSecurityContext | bool | false |
Enable the security context option for your Redis containers Default: false |
| redis.enabled | bool | false |
Set to true to deploy your own Redis instance |
| redis.image | string | "docker.io/redis:8.0.4" |
Reference of your Redis image |
| redis.imagePullPolicy | string | "IfNotPresent" |
Image pull policy |
| redis.imagePullSecrets | object | {} |
Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| redis.initContainer | object | {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"busybox","tag":"1.36.1@sha256:d5f45b39573a582b66cc64866691322abdfeccc6d77a13194c7ab6b3915baaf6"} |
Configure the image to use for the Redis initContainer that creates the HA configuration for Sentinel mode. |
| redis.mode | string | "standalone" |
Choose the mode you want to deploy in, options are: standalone (a single Redis node) sentinel (highly available Redis mode with sentinels and replications nodes) More info: https://redis.io/docs/latest/operate/oss_and_stack/management/sentinel/ |
| redis.priorityClass | object | {"enabled":false,"name":"default"} |
Configure the priority class for your Redis containers Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass |
| redis.priorityClass.enabled | bool | false |
Enable or disable the priority class configuration |
| redis.priorityClass.name | string | "default" |
Priority class name to apply on your Redis containers |
| redis.securityContext | object | {"fsGroup":1000,"runAsGroup":1000,"runAsUser":1000} |
Security context config for your Redis containers |
| redis.sentinel | object | {"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"redis-sentinel"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}},"nodeSelector":{},"replicationReplicas":2,"resources":{"limits":{"cpu":"1","memory":"1Gi"},"requests":{"cpu":"1","memory":"1Gi"}},"sentinelReplicas":3,"tolerations":[]} |
Sentinel mode dedicated configuration |
| redis.sentinel.affinity | object | {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"redis-sentinel"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} |
Affinity for Redis SENTINEL pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| redis.sentinel.nodeSelector | object | {} |
Node labels for Redis SENTINEL pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
| redis.sentinel.replicationReplicas | int | 2 |
Number of Redis Replication replicas |
| redis.sentinel.resources | object | {"limits":{"cpu":"1","memory":"1Gi"},"requests":{"cpu":"1","memory":"1Gi"}} |
The resources limits and requests for your Redis SENTINEL containers Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| redis.sentinel.sentinelReplicas | int | 3 |
Number of Sentinel replicas |
| redis.sentinel.tolerations | list | [] |
Tolerations for Redis SENTINEL pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| redis.serviceAccountName | string | "" |
Service account name for Redis pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
| xtmComposer | object | {"affinity":{},"annotations":{},"appAdminTokenSecretName":"opencti-config","baseDeployment":{"metadata":{"labels":{"app.kubernetes.io/deployed-by":"xtm-composer","app.kubernetes.io/part-of":"opencti"},"name":"name"},"spec":{"template":{"metadata":{"labels":{"app.kubernetes.io/component":"opencti-connector","app.kubernetes.io/deployed-by":"xtm-composer"}}}}},"containerSecurityContext":{},"createServiceAccount":true,"enabled":false,"env":{"MANAGER__LOGGER__LEVEL":"error"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"filigran/xtm-composer","version":"3.260609.0"},"imagePullSecrets":{},"labels":{"app":"xtm-composer"},"managerUUID":"c0mp0s3r-f1l1-gr4n-00io-000000000001","nodeSelector":{},"podAnnotations":{},"podLabels":{"app":"xtm-composer"},"podSecurityContext":{},"resources":{"limits":{"cpu":"1","memory":"512Mi"},"requests":{"cpu":"0.2","memory":"256Mi"}},"rsaKeyFileName":"private_key.pem","rsaKeySecretName":"xtm-composer-rsa-key","serviceAccountName":"xtm-composer","tolerations":[],"topologySpreadConstraints":[]} |
Configuration of the XTM Composer component Ref: https://github.com/FiligranHQ/xtm-composer |
| xtmComposer.affinity | object | {} |
Affinity composer pods server assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
| xtmComposer.annotations | object | {} |
The annotations configured for the deployment itself |
| xtmComposer.appAdminTokenSecretName | string | "opencti-config" |
Name of the secret where to find the OpenCTI admin token (if not declared in opencti.env) |
| xtmComposer.baseDeployment | object | {"metadata":{"labels":{"app.kubernetes.io/deployed-by":"xtm-composer","app.kubernetes.io/part-of":"opencti"},"name":"name"},"spec":{"template":{"metadata":{"labels":{"app.kubernetes.io/component":"opencti-connector","app.kubernetes.io/deployed-by":"xtm-composer"}}}}} |
Base YAML definition of the deployments that will be spawned for each connector Must respect the Kubernetes deployment definition : https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#writing-a-deployment-spec |
| xtmComposer.containerSecurityContext | object | {} |
Defines privilege and access control settings for the composer pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container |
| xtmComposer.createServiceAccount | bool | true |
Create XTM Composer service account Defaults to true. If you want to use an existing SA, set this to false and specify the name of your SA in serviceAccountName. |
| xtmComposer.env | object | {"MANAGER__LOGGER__LEVEL":"error"} |
Environment variables to be passed to the manager |
| xtmComposer.image | object | {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"filigran/xtm-composer","version":"3.260609.0"} |
Image configuration for the XTM Composer |
| xtmComposer.imagePullSecrets | object | {} |
Configure your secrets to pull from private registries. Make sure your secret exists beforehand Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| xtmComposer.labels | object | {"app":"xtm-composer"} |
The labels configured for the deployment itself |
| xtmComposer.managerUUID | string | "c0mp0s3r-f1l1-gr4n-00io-000000000001" |
Default UUID for the Manager deployment |
| xtmComposer.nodeSelector | object | {} |
Node labels for composer pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
| xtmComposer.podAnnotations | object | {} |
The annotations configured on the composer pods |
| xtmComposer.podLabels | object | {"app":"xtm-composer"} |
The labels configured on the composer pods |
| xtmComposer.podSecurityContext | object | {} |
Defines privilege and access control settings for the composer pods Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
| xtmComposer.resources | object | {"limits":{"cpu":"1","memory":"512Mi"},"requests":{"cpu":"0.2","memory":"256Mi"}} |
Resource limits and requests for the composer pods Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| xtmComposer.rsaKeyFileName | string | "private_key.pem" |
Name of the key found in the secret |
| xtmComposer.rsaKeySecretName | string | "xtm-composer-rsa-key" |
Name of the secret containing the RSA key pair to use for the Composer. |
| xtmComposer.serviceAccountName | string | "xtm-composer" |
Service account name for XTM Composer pods. Defaults to the built-in "xtm-composer" SA created by this chart. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
| xtmComposer.tolerations | list | [] |
Tolerations for composer pods assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
| xtmComposer.topologySpreadConstraints | list | [] |
Control how the composer pods are spread across your cluster Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints |
Autogenerated from chart metadata using helm-docs v1.14.2