Helm Chart
Current bifrost-agent version: 0.9.6
Example configurations
Below are some example configurations for the helm chart.
Inline secret
agent: key: <AGENT_KEY>Existing secret
kubectl create secret generic bifrost-agent --from-literal=agent-key=<AGENT_KEY>agent: secret: name: bifrost-agent key: agent-keyMounted secret
Use a secret mounted as a volume. It can be mounted by as CSI driver or in this case, as a configMap.
kubectl create configmap bifrost-agent --from-literal=agent-key=<AGENT_KEY>agent: keyFilePath: /mnt/secrets/agent-key
extraVolumes: - name: agent-key configMap: name: bifrost-agent items: - key: agent-key path: agent-key
extraVolumeMounts: - name: agent-key mountPath: /mnt/secrets readOnly: trueReference
image:
# The container registry to pull the agent image from.
repository: public.ecr.aws/bifrostsec/bifrost-agent
# Kubernetes imagePullPolicy on Deployment.
pullPolicy: IfNotPresent
# Image tag for the container, this will default to `.Chart.AppVersion` if not set.
tag: ""
# Image pull secrets.
imagePullSecrets: []
admissionWebhook:
# Enable the admission webhook in the agent.
enabled: true
# Port agent should listen on for webhook requests.
servicePort: 9443
certManager:
# Enable cert-manager integration.
enabled: false
agent:
# Secret key for the agent to authenticate with the server.
key: ""
# Path to the mount file for the agent key. Can be set if using CSI driver to mount the secret.
keyFilePath: ""
secret:
name: ""
key: ""
extraVolumes: [] # Additional volumes
extraVolumeMounts: [] # Additional volume mounts
server:
# URL of the Bifrost server.
url: "https://portal.bifrostsec.com"
kernelAuditControl: true
# A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core).
tolerations: []