Values file configuration reference

This page describes the options that can be set in the values.yaml file that configures your sidecar deployment.

tip

The default values also define the type of structure that should be put in the field:

Default Value	Variable Type
[]	Array
""	String
{}	Complex object

Kubernetes configuration

Image configuration

Field	Description	Default Value
global.imageRegistry	Overrides the image registry for the sidecar images.	""
global.imagePullSecrets	Pull secret names to be attached to all images in the deployment	[]
global.cyral.imageRegistry	Overrides the image registry for cyral-based sidecar images	""
image.pullPolicy	Default pullPolicy for all images	"Always"

Object generation configuration

Field	Description	Default Value
nameOverride	Overrides the name of the chart for object generation	""
fullnameOverride	Overrides the full name of the generated objects	""

Deployment configuration

Field	Description	Default Value
replicaCount	Number of replicas of the deployment	1
nodeSelector	Node selector for the pods of the deployment	{}
tolerations	Tolerations for the pods of the deployment	[]
affinity	Affinity configuration for the pods	{}
extraVolumes	Extra volumes to be created on the deployment	[]
podSecurityContext	Security context for each pod created in the deployment	{}
securityContext	Security context for each container created in the deployment	{}

Service configuration

Field	Description	Default Value
service.enable	Enables/disables creation of the sidecar service	true
service.type	Type of kubernetes service that will be created alongside the sidecar. Allowed values are ClusterIP, LoadBalancer and NodePort.	"ClusterIP"
service.loadBalancer	Configuration for the AWS LB created when service.type is "LoadBalancer"	-
service.loadBalancer.certificateId	Id for the certificate that the AWS LB will use	""
service.loadBalancer.dnsName	DNS name for the AWS LB	""
service.loadBalancer.sourceRanges	Source ranges for reaching the AWS LB	[]
service.loadBalancer.tlsPorts	Ports that will be TLS terminated in the load balancer	[]
service.ports	Ports to be exposed on the service. These ports will override and other port defined in specific services	[]

TLS certificate configuration

Field	Description	Default Value
dispatcher.selfSignedCertificate.existingSecret	Name of the secret that contains the self signed certificate for dispatcher TLS connections.	""

RBAC configuration

Field	Description	Default Value
rbac.create	Whether or not to create RBAC objects on the cluster	true
rbac.serviceAccount.name	Name of the service account that will be used by the pod	""

Metrics configuration

Field	Description	Default Value
metrics.enabled	Enables/disables creation of the sidecar metrics resources, including targetting annotations	true
podMonitor.enabled	Enables/disables creation of podMonitor resources for prometheus scraping on the sidecar pod	false

Container configuration

These configurations can be applied to all containers inside of the chart, both repository and infrastructure containers. To apply these on the values.yaml file, you add the configuration to its <container> section.

General configuration

Field	Description	Default Value
<container>.enabled	Whether or not to add the container to the sidecar	true
<container>.extraEnvs	Extra environment variables that will be added to that container. These variables are templated	[]
<container>.extraVolumeMounts	Extra volumes to be mounted on that container. These values are templated	[]

Image configuration

Field	Description	Default Value
<container>.image.registry	Image registry for the container image	Container specific
<container>.image.repository	Image repository for the container image	Container specific
<container>.image.tag	Image tag for the container image	Container specific

Resource configuration

info

We don't set default resources for the deployment. This is infrastructure specific.

tip

To read more about container resources on Kubernetes, read our guide on setting resources and Kubernetes' documentation on it.

Field	Description	Default Value
<container>.resources.limits.cpu	CPU limit for that container	-
<container>.resources.limits.memory	memory limit for that container	-
<container>.resources.requests.cpu	CPU request for that container	-
<container>.resources.requests.memory	memory request for that container	-

Repository Configuration

This configuration applies for all repository specific containers. To apply this to the values.yaml file, add it in the section for the <repo> type you want to apply it to. For example, you would set the ports configuration for MySQL databases in the parameter, mysql.ports. Most repositories also contain all configurations contained in the Container Configuration section.

General configuration

Field	Description	Default Value
<repo>.enabled	Whether the repository will be supported by the sidecar. If disabled the containers (if any) and ports will not be added to the final sidecar resource	true
<repo>.ports	Port configuration for the repository	-
<repo>.ports.sidecar	List of ports that will be exposed on the sidecar's service with this repo's id on it. These ports will be overriten if service.ports is set	Repo specific

MySQL

Field	Description	Default Value
mysql.multiplexedPort	Port that will be configured as a multiplexed port on the mysql container. This port will not be available for repository conectivity. Leave 0 for no port to be allocated	0

MongoDB

Field	Description	Default Value
mongodb.portAllocation.low	The smallest port that will be allocated to mongodb repositories	27017
mongodb.portAllocation.high	The biggest port that will be allocated to mongodb repositories	27017

Snowflake

Field	Description	Default Value
snowflake.idp.SSOLoginURL	URL for the SSO for snowflake connections	""
snowflake.idp.certificate	Certificate for the snowflake SSO	""

info

Denodo and redshift repositories do not have image nor resource configurations, since they are handled by the same container as the postgres repository.

Integration configuration

These configurations will usually be generated by your control plane, don't change these without help from Cyral support.

Cyral Control Plane configurations

Field	Description	Default Value
controlPlane.host	Host of the Cyral Control Plane	""
controlPlane.ports.http	HTTP port for your control plane	8000
controlPlane.ports.grpc	GRPC port for your control plane	9080
sidecarId	ID of the sidecar, as registered in the Cyral control plane	""

Datadog

The datadog integration uses the datadog helm chart. We set a few default values when generating the values.yaml file from the control plane.

Filebeat

Field	Description	Default Value
filebeat.output.type	The type of output that filebeat will send to	"elasticsearch"
filebeat.output.useTLS	Use TLS on filebeat's output	false
filebeat.output.usePrivateCertificateChain	Use a private certificate chain on the TLS for the filebeat output	false
filebeat.output.useMutualAuthentication	Use mutual authentication for the filebeat output	false
filebeat.createRole	Create the roles necessary for filebeat to run	true
filebeat.integration	Type of integration that is active. This should match the configuration in the settings below	""
filebeat.logstash	Logstash configuration for the filebeat integration	{}
filebeat.elasticsearch	Elasticsearch configuration for the filebeat integration	{}

Fluentbit

Field	Description	Default Value
fluentbit.splunk	Splunk configuration for the fluentbit integration	{}
fluentbit.sumologic	Sumologic configuration for the fluentbit integration	{}