Skip to content

opencti

Version: 1.4.2 Type: application AppVersion: 7.260609.0

A Helm chart to deploy OpenCTI

Homepage:

Values

Key Type Default Description
elasticsearch.allowMmap bool true Explicitly set the usage of ES Memory Mapping settings to allow a better usage of virtual memory
Ref: https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/virtual-memory
elasticsearch.clusterName string "elasticsearch" ES cluster name
elasticsearch.dataNodes.additionalVolumeClaimTemplates list [] Configure additional Volume Claim templates on your ES data nodes (can be used for backups on a shared volume for example)
ATTENTION: The ECK operator currently doesn't support editing the volumClaimTemplates after the cluster creation. Make sure to set the correct values before enabling your ES cluster.
If you need to declare a new PVC, you can create it manually and then use the persistentVolumeClaim field of the volumes you're mounting.
elasticsearch.dataNodes.additionalVolumeMounts list [] Configure additional Volume mounts on your ES data nodes (can be used for backups on a shared volume for example)
elasticsearch.dataNodes.additionalVolumes list [] Configure additional Volumes on your ES data nodes (can be used for backups on a shared volume for example)
elasticsearch.dataNodes.affinity object {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"elasticsearch.k8s.elastic.co/cluster-name":"elasticsearch","elasticsearch.k8s.elastic.co/node-master":"false"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} Affinity for ES data nodes assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
elasticsearch.dataNodes.extraConfig object {} Additional configuration to apply on the ES data nodes. This can be used to set custom configuration entries in the elasticsearch.yml file for example.
Only add configuration not managed by the chart currently
elasticsearch.dataNodes.initContainers list [] initContainers definition for ES data nodes
elasticsearch.dataNodes.javaOpts string "-Xms2g -Xmx2g -Xlog:disable -Xlog:all=warning:stderr:utctime,level,tags -Xlog:gc=debug:stderr:utctime"
elasticsearch.dataNodes.nodeSelector object {} Node labels for ES data nodes assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
elasticsearch.dataNodes.priorityClass object {"enabled":false,"name":"default"} Configure the priority class for your ES data nodes
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
elasticsearch.dataNodes.priorityClass.enabled bool false Enable or disable the priority class configuration
elasticsearch.dataNodes.priorityClass.name string "default" Priority class name to apply on your ES data nodes
elasticsearch.dataNodes.replicas int 2 Number of data node replicas
elasticsearch.dataNodes.resources object {"limits":{"memory":"6Gi"},"requests":{"cpu":1,"memory":"4Gi"}} The resources limits and requests for ES data nodes
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
elasticsearch.dataNodes.storageClassName string "" Storage Class Name to use in your volumes
elasticsearch.dataNodes.storageSize string "100Gi" Default size of your ES data nodes
elasticsearch.dataNodes.threadPoolSearchQueueSize int 5000 Sets the default Queue Size for the Search thread pool. This is a value recommended by Filigran
Ref: https://docs.opencti.io/latest/deployment/installation#configure-the-environment
elasticsearch.dataNodes.tolerations list [] Tolerations for ES data nodes assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
elasticsearch.disableDowngradeValidation bool true Allows ECK to rollback to a previous version if performed an undesired upgrade
elasticsearch.enableXpackML bool false Enable or disable the ML features built-in ES
Ref: https://www.elastic.co/docs/reference/elasticsearch/configuration-reference/machine-learning-settings
elasticsearch.enabled bool false Set to true to deploy your own Elastic instance. Be aware you need to install the CRDs beforehand.
elasticsearch.imagePullPolicy string "IfNotPresent" Image pull policy
elasticsearch.imagePullSecrets object {} Configure your secrets to pull from private registries. Make sure your secret exists beforehand
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
elasticsearch.initVMMaxMapCount bool false Enable or disable default initContainers to set vm.max_map_count on the ES nodes hosts
Recommended to be enabled when allowMmap is set to true.
Ref: https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/virtual-memory
elasticsearch.initVMMaxMapCountInitContainer object {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"busybox","tag":"1.36.1@sha256:d5f45b39573a582b66cc64866691322abdfeccc6d77a13194c7ab6b3915baaf6"} Configure the image for the initContainer to set vm.max_map_count on the ES nodes hosts
elasticsearch.kibana object {"elasticsearchRequestTimeout":1800000,"enabled":true,"http":{"tls":{"selfSignedCertificate":{"disabled":true}}},"ingress":{"enabled":false},"name":"kibana","podTemplate":{},"serverSocketTimeout":1800000,"telemetryAllowChangingOptInStatus":false,"telemetryOptIn":false} Configuration block for Kibana instance
elasticsearch.kibana.elasticsearchRequestTimeout int 1800000 Override the timeout value for ES requests
elasticsearch.kibana.enabled bool true Enable or disable Kibana deployment
elasticsearch.kibana.http object {"tls":{"selfSignedCertificate":{"disabled":true}}} Define the http configuration to expose Kibana
Ref: https://www.elastic.co/docs/deploy-manage/security/k8s-https-settings
elasticsearch.kibana.ingress object {"enabled":false} Ingress configuration to expose Kibana
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
elasticsearch.kibana.name string "kibana" Set Kibana deployment name
elasticsearch.kibana.podTemplate object {} Define the podTemplate properties for Kibana pods
Ref: https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-advanced-configuration
elasticsearch.kibana.serverSocketTimeout int 1800000 Override the timeout value for sockets in Kibana
elasticsearch.kibana.telemetryAllowChangingOptInStatus bool false Override the telemetry allow opt-in status
elasticsearch.kibana.telemetryOptIn bool false Override the telemetry opt-in boolean
elasticsearch.loggerDiscoveryLevel string "ERROR" Sets the default log level for your ES instance
Ref: https://www.elastic.co/docs/deploy-manage/monitor/logging-configuration/update-elasticsearch-logging-levels
elasticsearch.masterNodes.additionalVolumeClaimTemplates list [] Configure additional Volume Claim templates on your ES data nodes (can be used for backups on a shared volume for example)
ATTENTION: The ECK operator currently doesn't support editing the volumClaimTemplates after the cluster creation. Make sure to set the correct values before enabling your ES cluster.
If you need to declare a new PVC, you can create it manually and then use the persistentVolumeClaim field of the volumes you're mounting.
elasticsearch.masterNodes.additionalVolumeMounts list [] Configure additional Volumes mounts on your ES data nodes (can be used for backups on a shared volume for example)
elasticsearch.masterNodes.additionalVolumes list [] Configure additional Volumes on your ES data nodes (can be used for backups on a shared volume for example)
elasticsearch.masterNodes.affinity object {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"elasticsearch.k8s.elastic.co/cluster-name":"elasticsearch","elasticsearch.k8s.elastic.co/node-master":"true"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} Affinity for ES master nodes assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
elasticsearch.masterNodes.extraConfig object {} Additional configuration to apply on the ES master nodes. This can be used to set custom configuration entries in the elasticsearch.yml file for example.
Only add configuration not managed by the chart currently
elasticsearch.masterNodes.initContainers list [] initContainers definition for ES master nodes
elasticsearch.masterNodes.javaOpts string "-Xms500m -Xmx500m -Xlog:disable -Xlog:all=warning:stderr:utctime,level,tags -Xlog:gc=debug:stderr:utctime"
elasticsearch.masterNodes.nodeSelector object {} Node labels for ES master nodes assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
elasticsearch.masterNodes.priorityClass object {"enabled":false,"name":"default"} Configure the priority class for your ES master nodes
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
elasticsearch.masterNodes.priorityClass.enabled bool false Enable or disable the priority class configuration
elasticsearch.masterNodes.priorityClass.name string "default" Priority class name to apply on your ES master nodes
elasticsearch.masterNodes.replicas int 1 Number of master nodes replicas (must be odd or 0)
elasticsearch.masterNodes.resources object {"limits":{"memory":"4Gi"},"requests":{"cpu":0.5,"memory":"2Gi"}} The resources limits and requests for ES master nodes
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
elasticsearch.masterNodes.storageClassName string "" Storage Class Name to use in your volumes
elasticsearch.masterNodes.storageSize string "10Gi" Default size of your ES master nodes
elasticsearch.masterNodes.tolerations list [] Tolerations for ES master nodes assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
elasticsearch.service object {"name":"es-data-nodes","port":9200,"targetPort":9200} Configuration of the ES related Kubernetes Service
elasticsearch.service.name string "es-data-nodes" ES data service name
elasticsearch.service.port int 9200 ES data port
elasticsearch.service.targetPort int 9200 ES data target port
elasticsearch.snapshots object {"accessKey":"","clientName":"default","enableCustomClient":false,"secretKey":""} Setup a custom S3 client to use in a Snapshot Registry to perform backups
Ref: https://www.elastic.co/docs/deploy-manage/tools/snapshot-and-restore/cloud-on-k8s#k8s-s3-compatible
elasticsearch.version string "8.18.4" Version of ES to use
elasticsearch.vmMaxMapCountValue int 1048576 Value to set for vm.max_map_count on the ES nodes hosts when initVMMaxMapCount is set to true
Ref: https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s/virtual-memory
global object {} Global section contains parameters applied across all resources
importDocumentAiWebservice object {"annotations":{},"enabled":false,"env":{},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"filigran/import-document-ai-webservice","version":"latest"},"imagePullSecrets":{},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"import-document-ai-webservice.local","paths":[{"path":"/","pathType":"Prefix"}]}],"labels":{},"path":"/","pathType":"Prefix","tls":[]},"labels":{"app":"import-document-ai-webservice"},"livenessProbe":{"failureThreshold":3,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":30,"periodSeconds":10},"name":"import-document-ai-webservice","nodeSelector":{},"podAnnotations":{},"podLabels":{"app":"import-document-ai-webservice"},"priorityClass":null,"readinessProbe":{"failureThreshold":10,"initialDelaySeconds":10,"periodSeconds":5,"successThreshold":1,"tcpSocket":{"port":8000}},"resources":{"limits":{"cpu":"2","memory":"16Gi"},"requests":{"cpu":"1","memory":"4Gi"}},"service":{"port":80,"targetPort":8000,"type":"ClusterIP"},"serviceAccountName":"","tolerations":[]} Configuration of the AI import document Webservice
Ref: https://docs.opencti.io/latest/deployment/ai-import-document/
importDocumentAiWebservice.annotations object {} The annotations configured for the deployment itself
importDocumentAiWebservice.imagePullSecrets object {} Configure your secrets to pull from private registries. Make sure your secret exists beforehand
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
importDocumentAiWebservice.nodeSelector object {} Node labels for import-document-ai-webservice pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
importDocumentAiWebservice.podAnnotations object {} The annotations configured on the import-document-ai-webservice pods
importDocumentAiWebservice.podLabels object {"app":"import-document-ai-webservice"} The labels configured on the import-document-ai-webservice pods
importDocumentAiWebservice.priorityClass string nil Configure the priority class for your import-document-ai-webservice containers
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
importDocumentAiWebservice.serviceAccountName string "" Service account name for import-document-ai-webservice pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
importDocumentAiWebservice.tolerations list [] Tolerations for import-document-ai-webservice pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
minio.annotations object {} Annotations to add to the MinIO Tenant resource metadata
minio.buckets list [] Array of objects describing one or more buckets to create during tenant provisioning.
minio.certificate object {"certConfig":{},"externalCaCertSecret":[],"externalCertSecret":[],"externalClientCertSecrets":[],"requestAutoCert":false} Manage MinIO certificate configuration
Ref: https://github.com/minio/operator/blob/master/helm/tenant/values.yaml#L245
minio.certificate.certConfig object {} Configuration of your custom certificate
Ref: https://docs.min.io/community/minio-object-store/operations/network-encryption/enable-minio-tls.html#procedure
minio.certificate.externalCaCertSecret list [] List of secrets to use for your external cert authority
minio.certificate.externalCertSecret list [] List of secrets to use for your external cert clients
minio.certificate.externalClientCertSecrets list [] List of secrets to use for your external client cert authority
minio.certificate.requestAutoCert bool false Enable or disable automatic TLS configuration in your tenant
minio.enabled bool false Set to true to deploy your own MinIO instance
minio.env list [] Array of environment variables that you want to add to your MinIO containers
minio.exposeServices object {} Tells the operator to expose the S3 API or Console services as LB objects
minio.features object {"bucketDNS":false,"domains":{},"enableSFTP":false} Configure MinIO features for your tenant
Ref: https://docs.min.io/community/minio-object-store/reference/operator-crd.html#features
minio.image string "quay.io/minio/minio:RELEASE.2025-05-24T17-08-30Z" Reference of your Redis image
minio.imagePullPolicy string "IfNotPresent" Image pull policy
minio.imagePullSecret object {"name":""} MinIO tenant CRD supports only one imagePullSecret value directly through the name key.
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
minio.ingress object {"enabled":false} Ingress configuration to expose MinIO Web Console
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
minio.initContainers list [] Additional initContainers for MinIO pods
Ref: https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html
minio.lifecycle object {} Lifecycle hooks for MinIO containers
Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
minio.liveness object {} Liveness probe configuration
minio.logging object {"anonymous":true,"json":true,"quiet":true} Configure pod logging in your tenant
minio.logging.anonymous bool true Anonymized logs
minio.logging.json bool true JSON Formatted logs
minio.logging.quiet bool true Supress logging
minio.podManagementPolicy string "Parallel" Can be "OrderedReady" or "Parallel"
Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podmanagementpolicytype-v1-apps
minio.priorityClass object {"enabled":false,"name":"default"} Configure the priority class for your MinIO containers
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
minio.priorityClass.enabled bool false Enable or disable the priority class configuration
minio.priorityClass.name string "default" Priority class name to apply on your MinIO containers
minio.prometheusOperator bool false Enable or disable the tenant"s metrics scrape config
minio.readiness object {} Readiness probe configuration
minio.serviceAccountName string "" Service account to associate with your MinIO tenant resources
minio.serviceMetadata object {} Define additional labels or annotations to the MinIO services (Console and API endpoint)
minio.sidecars list [] Additional sidecar containers for MinIO pods
Ref: https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html
minio.standardClass int 1 Value referenced in the MinIO secret object. It helps define the Default Parity setting in your tenant
Ref: https://docs.min.io/community/minio-object-store/reference/minio-server/settings/storage-class.html#envvar.MINIO_STORAGE_CLASS_STANDARD
minio.standardPool object {"additionalVolumeMounts":[],"additionalVolumes":[],"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"minio"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}},"annotations":{},"containerSecurityContext":{},"enableSecurityContext":true,"labels":{},"nodeSelector":{},"resources":{"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}},"runtimeClassName":"","securityContext":{},"serversCount":4,"storageClassName":"","storageSize":"10Gi","tolerations":[],"topologySpreadConstraints":[],"volumesPerServer":1} Configuration of the default MinIO Tenant for OpenCTI
minio.standardPool.additionalVolumeMounts list [] Additional volume mounts for MinIO containers
Ref: https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html
minio.standardPool.additionalVolumes list [] Additional volumes to mount to MinIO pods
Ref: https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html
minio.standardPool.affinity object {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"minio"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} Configure affinity rules for MinIO pods. Defaults to preferredDuringSchedulingIgnoredDuringExecution based on kubernetes.io/hostname
minio.standardPool.annotations object {} Additional annotations to add to MinIO pool pods
minio.standardPool.containerSecurityContext object {} Container-level security context for MinIO containers
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
minio.standardPool.enableSecurityContext bool true Enable or disable the security context configuration for MinIO pods and containers By default, MinIO sets its own security context. Disabling forces the values to {} to be able to run on default config in OpenShift clusters for example.
minio.standardPool.labels object {} Additional labels to add to MinIO pool pods
minio.standardPool.nodeSelector object {} Node labels for MinIO pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
minio.standardPool.resources object {"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}} The resources limits and requests for your MinIO containers
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
minio.standardPool.runtimeClassName string "" Runtime class name for MinIO pods
Ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
minio.standardPool.securityContext object {} Pod-level security context for MinIO pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
minio.standardPool.storageClassName string "" Storage Class Name to use in your volumes
minio.standardPool.storageSize string "10Gi" Default size of MinIO data node
minio.standardPool.tolerations list [] Tolerations for MinIO pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
minio.standardPool.topologySpreadConstraints list [] Topology spread constraints for MinIO pods
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
minio.standardPool.volumesPerServer int 1 Number of volumes per MinIO server
minio.startup object {} Startup probe configuration
minio.users list [] Pre-configured users as a list of Kubernetes secrets.
Each secret should specify the CONSOLE_ACCESS_KEY and CONSOLE_SECRET_KEY as the access key and secret key for that user.
opencti.connector.commonEnv object {"CONNECTOR_LOG_LEVEL":"info","OPENCTI_URL":"http://opencti-ingest:80"} Environment variables deployed accross all connectors
opencti.connector.connectors list [{"annotations":{},"enabled":false,"env":{"CONFIG_GEOGRAPHY_FILE_URL":"https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/geography.json","CONFIG_INTERVAL":"15","CONFIG_SECTORS_FILE_URL":"https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/sectors.json","CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"OpenCTI Datasets","CONNECTOR_SCOPE":"marking-definition,identity,location","CONNECTOR_TYPE":"EXTERNAL_IMPORT","CONNECTOR_UPDATE_EXISTING_DATA":"true","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-opencti"},"labels":{},"name":"opencti","podLabels":{"app":"opencti-connector-opencti"},"replicaCount":1},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportFileCsv","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-file-csv"},"labels":{},"name":"export-file-csv","podLabels":{"app":"opencti-connector-export-file-csv"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportFileStix2","CONNECTOR_SCOPE":"application/vnd.oasis.stix+json","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-file-stix"},"labels":{},"name":"export-file-stix","podLabels":{"app":"opencti-connector-export-file-stix"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportReportPdf","CONNECTOR_SCOPE":"application/pdf","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_1":"Example Name","EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_2":"123 Main Street","EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_3":"Miami, FL 33101 USA","EXPORT_REPORT_PDF_COMPANY_EMAIL":"intelligence_reports@example.com","EXPORT_REPORT_PDF_COMPANY_PHONE_NUMBER":"888.888.8888","EXPORT_REPORT_PDF_COMPANY_WEBSITE":"https://example.com","EXPORT_REPORT_PDF_DEFANG_URLS":"false","EXPORT_REPORT_PDF_INDICATORS_ONLY":"false","EXPORT_REPORT_PDF_PRIMARY_COLOR":"#ff8c00","EXPORT_REPORT_PDF_SECONDARY_COLOR":"#000000","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-report-pdf"},"labels":{},"name":"export-report-pdf","podLabels":{"app":"opencti-connector-export-report-pdf"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportFileTxt","CONNECTOR_SCOPE":"text/plain","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-file-txt"},"labels":{},"name":"export-file-txt","podLabels":{"app":"opencti-connector-export-file-txt"}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ExportTTPsFileNavigator","CONNECTOR_SCOPE":"application/vnd.mitre.navigator+json","CONNECTOR_TYPE":"INTERNAL_EXPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-export-ttps-file-navigator"},"labels":{},"name":"export-ttps-file-navigator"},{"annotations":{},"enabled":false,"env":{"CONNECTOR_AUTO":"false","CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportDocument","CONNECTOR_SCOPE":"application/pdf,text/plain,text/html,text/markdown","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","CONNECTOR_VALIDATE_BEFORE_IMPORT":"true","CONNECTOR_WEB_SERVICE_URL":"https://importdoc.ariane.filigran.io","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-document"},"labels":{},"name":"import-document","resources":{"limits":{"memory":"4Gi"}}},{"annotations":{},"enabled":false,"env":{"CONNECTOR_AUTO":"false","CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportFileStix","CONNECTOR_SCOPE":"application/json,text/xml,application/xml","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","CONNECTOR_VALIDATE_BEFORE_IMPORT":"true","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-file-stix"},"labels":{},"name":"import-file-stix"},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportFileMISP","CONNECTOR_SCOPE":"application/json","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","MISP_IMPORT_FILE_AUTHOR_FROM_TAGS":"false","MISP_IMPORT_FILE_CREATE_INDICATORS":"true","MISP_IMPORT_FILE_CREATE_OBJECT_OBSERVABLES":"true","MISP_IMPORT_FILE_CREATE_OBSERVABLES":"true","MISP_IMPORT_FILE_CREATE_REPORTS":"true","MISP_IMPORT_FILE_CREATE_TAGS_AS_LABELS":"true","MISP_IMPORT_FILE_GUESS_THREAT_FROM_TAGS":"true","MISP_IMPORT_FILE_IMPORT_TO_IDS_NO_SCORE":"40","MISP_IMPORT_FILE_IMPORT_UNSUPPORTED_OBSERVABLES_AS_TEXT":"false","MISP_IMPORT_FILE_IMPORT_UNSUPPORTED_OBSERVABLES_AS_TEXT_TRANSPARENT":"true","MISP_IMPORT_FILE_IMPORT_WITH_ATTACHMENTS":"true","MISP_IMPORT_FILE_REPORT_TYPE":"misp-event","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-file-misp"},"labels":{},"name":"import-file-misp"},{"annotations":{},"enabled":false,"env":{"CONNECTOR_ID":"ChangeMe","CONNECTOR_LOG_LEVEL":"error","CONNECTOR_NAME":"ImportFileYARA","CONNECTOR_SCOPE":"text/yara+plain","CONNECTOR_TYPE":"INTERNAL_IMPORT_FILE","OPENCTI_TOKEN":"ChangeMe"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/connector-import-file-yara"},"labels":{},"name":"import-file-yara"}] Connectors configuration for your OpenCTI platform
Ref: https://docs.opencti.io/latest/deployment/connectors
Ref: https://github.com/OpenCTI-Platform/connectors
opencti.defaultInitContainers object {"connectors":{"enabled":true,"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}},"elasticsearch":{"enabled":true,"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"curlimages/curl","tag":"8.17.0@sha256:9fe0ae1b1f7803a52d3202ca91302e541a2d49eb1bc47225aff3a155f172d02d"},"minio":{"enabled":true,"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}},"rabbitmq":{"enabled":true,"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}},"redis":{"enabled":true,"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"redis","tag":"8.0.4"},"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}},"workers":{"enabled":true,"resources":{"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}}}} Default initContainers for dependency health checks
Applied to front, ingest, workers and connector deployments.
Each toggle controls whether the corresponding readiness check initContainer is rendered.
opencti.defaultInitContainers.connectors.enabled bool true Enable Connectors readiness check to ensure ingesters nodes are up and running before starting connectors
opencti.defaultInitContainers.connectors.resources object {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} The resources limits and requests for Connectors readiness check initContainer
opencti.defaultInitContainers.elasticsearch.enabled bool true Enable Elasticsearch readiness check in front and ingesters deployments
opencti.defaultInitContainers.elasticsearch.resources object {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} The resources limits and requests for Elasticsearch readiness check initContainer
opencti.defaultInitContainers.image object {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"curlimages/curl","tag":"8.17.0@sha256:9fe0ae1b1f7803a52d3202ca91302e541a2d49eb1bc47225aff3a155f172d02d"} Default image to perform the readiness checks
opencti.defaultInitContainers.minio.enabled bool true Enable MinIO readiness check in front and ingesters deployments
opencti.defaultInitContainers.minio.resources object {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} The resources limits and requests for MinIO readiness check initContainer
opencti.defaultInitContainers.rabbitmq.enabled bool true Enable RabbitMQ readiness check in front and ingesters deployments
opencti.defaultInitContainers.rabbitmq.resources object {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} The resources limits and requests for RabbitMQ readiness check initContainer
opencti.defaultInitContainers.redis.enabled bool true Enable Redis readiness check in front and ingesters deployments
opencti.defaultInitContainers.redis.image object {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"redis","tag":"8.0.4"} Default image to perform the Redis readiness check
opencti.defaultInitContainers.redis.resources object {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} The resources limits and requests for Redis readiness check initContainer
opencti.defaultInitContainers.workers.enabled bool true Enable Workers readiness check to ensure ingesters nodes are up and running before starting workers
opencti.defaultInitContainers.workers.resources object {"limits":{"cpu":"50m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"32Mi"}} The resources limits and requests for Workers readiness check initContainer
opencti.env object {"APP__ADMIN__EMAIL":"admin@opencti.io","APP__ADMIN__PASSWORD":"ChangeMe","APP__ADMIN__TOKEN":"ChangeMe","APP__BASE_PATH":"/","APP__BASE_URL":"ChangeMe","APP__CHILD_LOCKING_PROCESS__ENABLED":true,"APP__ENCRYPTION_KEY":"ChangeMe","APP__GRAPHQL__PLAYGROUND__ENABLED":false,"APP__GRAPHQL__PLAYGROUND__FORCE_DISABLED_INTROSPECTION":false,"APP__HEALTH_ACCESS_KEY":"ChangeMe","APP__TELEMETRY__METRICS__ENABLED":false,"ELASTICSEARCH__URL":"https://elasticsearch:9200","MINIO__ENDPOINT":"minio","MINIO__PORT":80,"NODE_OPTIONS":"--max-old-space-size=8192","PROVIDERS__LOCAL__STRATEGY":"LocalStrategy","RABBITMQ__HOSTNAME":"rabbitmq","RABBITMQ__PORT":5672,"RABBITMQ__PORT_MANAGEMENT":15672,"REDIS__HOSTNAME":"redis","REDIS__MODE":"single","REDIS__PORT":6379,"REDIS__TRIMMING":1000000} Environment variables to configure OpenCTI
Applied to both Front and Ingesters deployments.
Ref: https://docs.opencti.io/latest/deployment/configuration/#platform
opencti.envFromSecrets object {} Environment variables sets from secrets
opencti.front.affinity object {} Affinity for OpenCTI server pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
opencti.front.dnsConfig object {} DNS configuration for OpenCTI server pods
Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
opencti.front.dnsPolicy string "ClusterFirst" DNS policy for OpenCTI server pods
Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
opencti.front.env object {"ACTIVITY_MANAGER__ENABLED":"false","CONNECTOR_MANAGER__ENABLED":"false","EXPIRATION_SCHEDULER__ENABLED":"false","FILE_INDEX_MANAGER__ENABLED":"false","GARBAGE_COLLECTION_MANAGER__ENABLED":"false","HISTORY_MANAGER__ENABLED":"false","HUB_REGISTRATION_MANAGER__ENABLED":"false","INDICATOR_DECAY_MANAGER__ENABLED":"false","INGESTION_MANAGER__ENABLED":"false","NOTIFICATION_MANAGER__ENABLED":"false","PIR_MANAGER__ENABLED":"false","PLAYBOOK_MANAGER__ENABLED":"false","PROVIDERS__SAML__CONFIG__WANT_AUTHN_RESPONSE_SIGNED":"false","PUBLISHER_MANAGER__ENABLED":"false","RETENTION_MANAGER__ENABLED":"false","RULE_ENGINE__ENABLED":"false","SYNC_MANAGER__ENABLED":"false","TASK_SCHEDULER__ENABLED":"false"} Platform dedicated env vars
By default all managers are disabled
opencti.front.ingress object {"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]} Ingress configuration to expose OpenCTI
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
opencti.front.initContainers list [] initContainers definition for OpenCTI front pods
opencti.front.livenessProbe object {"enabled":false,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":30,"successThreshold":1,"timeoutSeconds":10} Configure liveness checker for OpenCTI container
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
opencti.front.loadBalancer object {"annotations":{},"enabled":false,"extraSelectorLabels":{},"extraSpec":{},"port":80,"targetPort":null} LoadBalancer service to expose OpenCTI front
opencti.front.loadBalancer.annotations object {}
Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
opencti.front.loadBalancer.extraSelectorLabels object {} Extra labels to add to the OpenCTI front load balancer service selector. Uses the OpenCTI front pod labels by default.
opencti.front.loadBalancer.extraSpec object {} Additional configuration to apply on the LoadBalancer service
opencti.front.loadBalancer.port int 80 The port to use for the OpenCTI front load balancer
opencti.front.loadBalancer.targetPort string nil The target port on OpenCTI front pods to direct load balancer traffic to. Defaults to the service target port if not set.
opencti.front.nodeSelector object {} Node labels for OpenCTI server pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
opencti.front.podAnnotations object {} The annotations configured on OpenCTI server pods
opencti.front.podLabels object {"app.kubernetes.io/component":"opencti-front","app.kubernetes.io/name":"opencti"} The labels configured on OpenCTI server pods
opencti.front.podSecurityContext object {} Defines privilege and access control settings for OpenCTI server pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
opencti.front.readinessProbe object {"enabled":false,"failureThreshold":5,"initialDelaySeconds":5,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":10} Configure readinessProbe checker for OpenCTI container
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
opencti.front.replicaCount int 1 Number of OpenCTI servers
opencti.front.resources object {} The resources limits and requests for OpenCTI container
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
opencti.front.securityContext object {} Defines privilege and access control settings for OpenCTI containers
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
opencti.front.service object {"port":80,"targetPort":4000,"type":"ClusterIP"} Kubernetes service to expose OpenCTI server pods
Ref: https://kubernetes.io/docs/concepts/services-networking/service/
opencti.front.serviceAccountName string "" Service account name for OpenCTI front pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
opencti.front.startupProbe object {"enabled":false,"failureThreshold":50,"initialDelaySeconds":10,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":5} Configure startupProbe checker for OpenCTI container
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
opencti.front.terminationGracePeriodSeconds int 30 Configure OpenCTI server pods termination grace period
Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
opencti.front.tolerations list [] Tolerations for OpenCTI server pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
opencti.front.topologySpreadConstraints list [] Control how OpenCTI server pods are spread across your cluster
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints
opencti.front.volumeMounts list [] Configure Volume mounts on your OpenCTI containers
Ref: https://kubernetes.io/docs/concepts/storage/volumes/
opencti.front.volumes list [] Configure Volume on your OpenCTI server pods
Ref: https://kubernetes.io/docs/concepts/storage/volumes/
opencti.image object {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/platform","tag":""} Image configuration for the OpenCTI server
opencti.image.pullPolicy string "IfNotPresent" Image Pull Policy for OpenCTI containers
opencti.image.registry string "docker.io" The registry to pull OpenCTI images from
opencti.image.repository string "opencti/platform" The repository to pull OpenCTI images from
opencti.image.tag string "" Overrides the image tag. Default to OpenCTI version
opencti.ingest.affinity object {} Affinity for OpenCTI ingest server assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
opencti.ingest.dnsConfig object {} DNS configuration for OpenCTI ingest pods
Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
opencti.ingest.dnsPolicy string "ClusterFirst" DNS policy for OpenCTI ingest pods
Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
opencti.ingest.ingress object {"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-ingest-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]} Ingress configuration to expose OpenCTI ingesters
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
opencti.ingest.initContainers list [] initContainers definition for OpenCTI ingest pods
opencti.ingest.livenessProbe object {"enabled":false,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":30,"successThreshold":1,"timeoutSeconds":10} Configure liveness checker for OpenCTI container
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
opencti.ingest.loadBalancer object {"annotations":{},"enabled":false,"extraSelectorLabels":{},"extraSpec":{},"port":80,"targetPort":null} LoadBalancer service to expose OpenCTI ingesters
opencti.ingest.loadBalancer.annotations object {}
Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
opencti.ingest.loadBalancer.extraSelectorLabels object {} Extra labels to add to the OpenCTI ingest load balancer service selector. Uses the OpenCTI ingest pod labels by default.
opencti.ingest.loadBalancer.extraSpec object {} Additional configuration to apply on the LoadBalancer service
opencti.ingest.loadBalancer.port int 80 The port to use for the OpenCTI ingest load balancer
opencti.ingest.loadBalancer.targetPort string nil The target port on OpenCTI ingest pods to direct load balancer traffic to. Defaults to the service target port if not set.
opencti.ingest.nodeSelector object {} Node labels for OpenCTI ingest pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
opencti.ingest.podAnnotations object {} The annotations configured on OpenCTI ingest server pods
opencti.ingest.podLabels object {"app.kubernetes.io/component":"opencti-ingest","app.kubernetes.io/name":"opencti"} The labels configured on OpenCTI ingest pods
opencti.ingest.podSecurityContext object {} Defines privilege and access control settings for OpenCTI ingest pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
opencti.ingest.readinessProbe object {"enabled":false,"failureThreshold":5,"initialDelaySeconds":5,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":10} Configure readinessProbe checker for OpenCTI container
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
opencti.ingest.replicaCount int 3 Number of OpenCTI ingest servers
opencti.ingest.resources object {} The resources limits and requests for OpenCTI container
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
opencti.ingest.securityContext object {} Defines privilege and access control settings for OpenCTI containers
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
opencti.ingest.service object {"port":80,"targetPort":4000,"type":"ClusterIP"} Kubernetes service to expose OpenCTI ingest pods
Ref: https://kubernetes.io/docs/concepts/services-networking/service/
opencti.ingest.serviceAccountName string "" Service account name for OpenCTI ingest pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
opencti.ingest.startupProbe object {"enabled":false,"failureThreshold":50,"initialDelaySeconds":10,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":5} Configure startupProbe checker for OpenCTI container
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
opencti.ingest.terminationGracePeriodSeconds int 30 Configure OpenCTI ingest pods termination grace period
Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
opencti.ingest.tolerations list [] Tolerations for OpenCTI ingest pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
opencti.ingest.topologySpreadConstraints list [] Control how OpenCTI ingest pods are spread across your cluster
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints
opencti.ingest.volumeMounts list [] Configure Volume mounts on your OpenCTI ingest containers
Ref: https://kubernetes.io/docs/concepts/storage/volumes/
opencti.ingest.volumes list [] Configure Volume on your OpenCTI ingest pods
Ref: https://kubernetes.io/docs/concepts/storage/volumes/
opencti.logLevel string "info" Define OCTI Log Level
Accepts: info,error,debug
opencti.version string "7.260609.0" The version of OpenCTI to deploy
opencti.worker.affinity object {} Affinity for OpenCTI worker server assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
opencti.worker.dnsConfig object {} DNS configuration for OpenCTI worker pods
Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
opencti.worker.dnsPolicy string "ClusterFirst" DNS policy for OpenCTI worker pods
Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
opencti.worker.env object {"OPENCTI_URL":"http://opencti-ingest:80","WORKER_LOG_LEVEL":"info"} Environment variables to configure OpenCTI workers
Ref: https://docs.opencti.io/latest/deployment/configuration/#worker-and-connector
opencti.worker.envFromSecrets object {} Environment variables sets from secrets
opencti.worker.image object {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"opencti/worker","tag":""} Image configuration for the OpenCTI workers
opencti.worker.image.pullPolicy string "IfNotPresent" Image Pull Policy for OpenCTI worker containers
opencti.worker.image.registry string "docker.io" The registry to pull OpenCTI worker images from
opencti.worker.image.repository string "opencti/worker" The repository to pull OpenCTI worker images from
opencti.worker.image.tag string "" Overrides the worker image tag. Default to OpenCTI version
opencti.worker.initContainers list [] initContainers definition for OpenCTI worker pods
opencti.worker.nodeSelector object {} Node labels for OpenCTI worker pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
opencti.worker.podAnnotations object {} The annotations configured on OpenCTI worker server pods
opencti.worker.podLabels object {"app.kubernetes.io/component":"opencti-worker","app.kubernetes.io/name":"opencti"} The labels configured on OpenCTI worker pods
opencti.worker.podSecurityContext object {} Defines privilege and access control settings for OpenCTI worker pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
opencti.worker.replicaCount int 3 Number of OpenCTI worker servers
opencti.worker.resources object {} The resources limits and requests for OpenCTI container
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
opencti.worker.securityContext object {} Defines privilege and access control settings for OpenCTI containers
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
opencti.worker.serviceAccountName string "" Service account name for OpenCTI worker pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
opencti.worker.terminationGracePeriodSeconds int 30 Configure OpenCTI worker pods termination grace period
Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
opencti.worker.tolerations list [] Tolerations for OpenCTI worker pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
opencti.worker.topologySpreadConstraints list [] Control how OpenCTI worker pods are spread across your cluster
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints
opencti.worker.volumeMounts list [] Configure Volume mounts on your OpenCTI worker containers
Ref: https://kubernetes.io/docs/concepts/storage/volumes/
opencti.worker.volumes list [] Configure Volume on your OpenCTI worker pods
Ref: https://kubernetes.io/docs/concepts/storage/volumes/
opencti.writeAppLogsToFile bool false Toggle for OpenCTI logging to file inside containers
Defaults to false
opencti.writeAuditLogsToFile bool false Toggle for OpenCTI Audit logging to file inside containers
Defaults to false
rabbitmq.additionalConfig string "disk_free_limit.absolute = 500Mi\nmax_message_size = 536870912\nmanagement.disable_stats = false\ncollect_statistics_interval = 10000\nlog.console.level = error\nmanagement_agent.disable_metrics_collector = false\n" Additional config that will be passed down to set up your RabbitMQ cluster
Ref: https://www.rabbitmq.com/kubernetes/operator/using-operator#additional-config
rabbitmq.additionalPlugins list ["rabbitmq_management"] Additional plugins to be enabled in your RabbitMQ cluster
Ref: https://www.rabbitmq.com/kubernetes/operator/using-operator#additional-plugins
rabbitmq.affinity object {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"rabbitmq"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} Affinity for RabbitMQ nodes assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
rabbitmq.enabled bool false Set to true to deploy your own RabbitMQ instance. Be aware you need to install the CRDs beforehand
rabbitmq.image string "docker.io/rabbitmq:4.1.4" Reference of your RabbitMQ image
rabbitmq.imagePullSecrets object {} Configure your secrets to pull from private registries. Make sure your secret exists beforehand
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
rabbitmq.ingress object {"enabled":false} Ingress configuration to expose RabbitMQ Management endpoint
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
rabbitmq.loadBalancer object {"annotations":{},"enabled":false,"extraSpec":{},"port":15672,"selector":{"app.kubernetes.io/name":"rabbitmq"},"targetPort":15672} LoadBalancer service to expose RabbitMQ
rabbitmq.loadBalancer.annotations object {}
Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
rabbitmq.loadBalancer.extraSpec object {} Additional configuration to apply on the LoadBalancer service
rabbitmq.loadBalancer.port int 15672 The port to use for the RabbitMQ load balancer
rabbitmq.loadBalancer.selector object {"app.kubernetes.io/name":"rabbitmq"} The selector labels to use on the RabbitMQ load balancer service. Defaults to the labels applied by the CRDs.
rabbitmq.loadBalancer.targetPort int 15672 The target port to use for the RabbitMQ load balancer
rabbitmq.override object {} Override the default for RabbitMQ resources (services, sts...)
Ref: https://www.rabbitmq.com/kubernetes/operator/using-operator#override
rabbitmq.priorityClass object {"enabled":false,"name":"default"} Configure the priority class for your RabbitMQ containers
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
rabbitmq.priorityClass.enabled bool false Enable or disable the priority class configuration
rabbitmq.priorityClass.name string "default" Priority class name to apply on your RabbitMQ containers
rabbitmq.replicas int 1 Number of replicas in your RabbitMQ cluster
rabbitmq.resources object {} The resources limits and requests for your RabbitMQ containers
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
rabbitmq.storageClassName string "" Storage Class Name to use in your volumes
rabbitmq.storageSize string "5Gi" Default size of your RabbitMQ nodes
rabbitmq.tolerations list [] Tolerations for RabbitMQ pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
redis.data object {"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["redis","redis-replication"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}},"nodeSelector":{},"resources":{"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}},"storageClassName":"","storageSize":"4Gi","tolerations":[]} The configuration for your Redis DATA containers. Valid for both standalone and sentinel mode.
redis.data.affinity object {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["redis","redis-replication"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} Affinity for Redis DATA nodes assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
redis.data.nodeSelector object {} Node labels for Redis DATA pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
redis.data.resources object {"limits":{"cpu":"2","memory":"2Gi"},"requests":{"cpu":"1","memory":"1Gi"}} The resources limits and requests for your Redis DATA containers
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
redis.data.storageClassName string "" Storage Class Name to use in your volumes
redis.data.storageSize string "4Gi" Default size of your Redis nodes. Should at least be the double of the RAM allocated to allow rdb dumps.
redis.data.tolerations list [] Tolerations for Redis DATA pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
redis.enableSecurityContext bool false Enable the security context option for your Redis containers
Default: false
redis.enabled bool false Set to true to deploy your own Redis instance
redis.image string "docker.io/redis:8.0.4" Reference of your Redis image
redis.imagePullPolicy string "IfNotPresent" Image pull policy
redis.imagePullSecrets object {} Configure your secrets to pull from private registries. Make sure your secret exists beforehand
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
redis.initContainer object {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"busybox","tag":"1.36.1@sha256:d5f45b39573a582b66cc64866691322abdfeccc6d77a13194c7ab6b3915baaf6"} Configure the image to use for the Redis initContainer that creates the HA configuration for Sentinel mode.
redis.mode string "standalone" Choose the mode you want to deploy in, options are:
standalone (a single Redis node)
sentinel (highly available Redis mode with sentinels and replications nodes)
More info: https://redis.io/docs/latest/operate/oss_and_stack/management/sentinel/
redis.priorityClass object {"enabled":false,"name":"default"} Configure the priority class for your Redis containers
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
redis.priorityClass.enabled bool false Enable or disable the priority class configuration
redis.priorityClass.name string "default" Priority class name to apply on your Redis containers
redis.securityContext object {"fsGroup":1000,"runAsGroup":1000,"runAsUser":1000} Security context config for your Redis containers
redis.sentinel object {"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"redis-sentinel"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}},"nodeSelector":{},"replicationReplicas":2,"resources":{"limits":{"cpu":"1","memory":"1Gi"},"requests":{"cpu":"1","memory":"1Gi"}},"sentinelReplicas":3,"tolerations":[]} Sentinel mode dedicated configuration
redis.sentinel.affinity object {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchLabels":{"app.kubernetes.io/name":"redis-sentinel"}},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}} Affinity for Redis SENTINEL pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
redis.sentinel.nodeSelector object {} Node labels for Redis SENTINEL pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
redis.sentinel.replicationReplicas int 2 Number of Redis Replication replicas
redis.sentinel.resources object {"limits":{"cpu":"1","memory":"1Gi"},"requests":{"cpu":"1","memory":"1Gi"}} The resources limits and requests for your Redis SENTINEL containers
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
redis.sentinel.sentinelReplicas int 3 Number of Sentinel replicas
redis.sentinel.tolerations list [] Tolerations for Redis SENTINEL pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
redis.serviceAccountName string "" Service account name for Redis pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
xtmComposer object {"affinity":{},"annotations":{},"appAdminTokenSecretName":"opencti-config","baseDeployment":{"metadata":{"labels":{"app.kubernetes.io/deployed-by":"xtm-composer","app.kubernetes.io/part-of":"opencti"},"name":"name"},"spec":{"template":{"metadata":{"labels":{"app.kubernetes.io/component":"opencti-connector","app.kubernetes.io/deployed-by":"xtm-composer"}}}}},"containerSecurityContext":{},"createServiceAccount":true,"enabled":false,"env":{"MANAGER__LOGGER__LEVEL":"error"},"image":{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"filigran/xtm-composer","version":"3.260609.0"},"imagePullSecrets":{},"labels":{"app":"xtm-composer"},"managerUUID":"c0mp0s3r-f1l1-gr4n-00io-000000000001","nodeSelector":{},"podAnnotations":{},"podLabels":{"app":"xtm-composer"},"podSecurityContext":{},"resources":{"limits":{"cpu":"1","memory":"512Mi"},"requests":{"cpu":"0.2","memory":"256Mi"}},"rsaKeyFileName":"private_key.pem","rsaKeySecretName":"xtm-composer-rsa-key","serviceAccountName":"xtm-composer","tolerations":[],"topologySpreadConstraints":[]} Configuration of the XTM Composer component
Ref: https://github.com/FiligranHQ/xtm-composer
xtmComposer.affinity object {} Affinity composer pods server assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
xtmComposer.annotations object {} The annotations configured for the deployment itself
xtmComposer.appAdminTokenSecretName string "opencti-config" Name of the secret where to find the OpenCTI admin token (if not declared in opencti.env)
xtmComposer.baseDeployment object {"metadata":{"labels":{"app.kubernetes.io/deployed-by":"xtm-composer","app.kubernetes.io/part-of":"opencti"},"name":"name"},"spec":{"template":{"metadata":{"labels":{"app.kubernetes.io/component":"opencti-connector","app.kubernetes.io/deployed-by":"xtm-composer"}}}}} Base YAML definition of the deployments that will be spawned for each connector
Must respect the Kubernetes deployment definition : https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#writing-a-deployment-spec
xtmComposer.containerSecurityContext object {} Defines privilege and access control settings for the composer pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
xtmComposer.createServiceAccount bool true Create XTM Composer service account
Defaults to true. If you want to use an existing SA, set this to false and specify the name of your SA in serviceAccountName.
xtmComposer.env object {"MANAGER__LOGGER__LEVEL":"error"} Environment variables to be passed to the manager
xtmComposer.image object {"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"filigran/xtm-composer","version":"3.260609.0"} Image configuration for the XTM Composer
xtmComposer.imagePullSecrets object {} Configure your secrets to pull from private registries. Make sure your secret exists beforehand
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
xtmComposer.labels object {"app":"xtm-composer"} The labels configured for the deployment itself
xtmComposer.managerUUID string "c0mp0s3r-f1l1-gr4n-00io-000000000001" Default UUID for the Manager deployment
xtmComposer.nodeSelector object {} Node labels for composer pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
xtmComposer.podAnnotations object {} The annotations configured on the composer pods
xtmComposer.podLabels object {"app":"xtm-composer"} The labels configured on the composer pods
xtmComposer.podSecurityContext object {} Defines privilege and access control settings for the composer pods
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
xtmComposer.resources object {"limits":{"cpu":"1","memory":"512Mi"},"requests":{"cpu":"0.2","memory":"256Mi"}} Resource limits and requests for the composer pods
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
xtmComposer.rsaKeyFileName string "private_key.pem" Name of the key found in the secret
xtmComposer.rsaKeySecretName string "xtm-composer-rsa-key" Name of the secret containing the RSA key pair to use for the Composer.
xtmComposer.serviceAccountName string "xtm-composer" Service account name for XTM Composer pods. Defaults to the built-in "xtm-composer" SA created by this chart.
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
xtmComposer.tolerations list [] Tolerations for composer pods assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
xtmComposer.topologySpreadConstraints list [] Control how the composer pods are spread across your cluster
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints

Autogenerated from chart metadata using helm-docs v1.14.2