openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
cef577401311e24b1b88fcc46f31e8fbbd99a894
openshift-docs/modules/file-integrity-important-attributes.adoc
Laura Hinson ed3b75c6f9 Adding content types to modules: F-I
2025-10-29 16:59:21 +00:00

51 lines
2.0 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * security/file_integrity_operator/file-integrity-operator-configuring.adoc
:_mod-docs-content-type: REFERENCE
[id="important-file-integrity-object-attributes_{context}"]
= Important attributes
.Important `spec` and `spec.config` attributes
[%header,cols=2*]
|===
|Attribute
|Description
|`spec.nodeSelector`
|A map of key-values pairs that must match with node's labels in order for the
AIDE pods to be schedulable on that node. The typical use is to set only a
single key-value pair where `node-role.kubernetes.io/worker: ""` schedules AIDE on
all worker nodes, `node.openshift.io/os_id: "rhcos"` schedules on all
{op-system-first} nodes.
|`spec.debug`
|A boolean attribute. If set to `true`, the daemon running in the AIDE deamon set's
pods would output extra information.
|`spec.tolerations`
|Specify tolerations to schedule on nodes with custom taints. When not specified,
a default toleration is applied, which allows tolerations to run on control plane nodes.
|`spec.config.gracePeriod`
|The number of seconds to pause in between AIDE integrity checks. Frequent AIDE
checks on a node can be resource intensive, so it can be useful to specify a
longer interval. Defaults to `900`, or 15 minutes.
|`maxBackups`
|The maximum number of AIDE database and log backups leftover from the `re-init` process to keep on a node. Older backups beyond this number are automatically pruned by the daemon.
|`spec.config.name`
| Name of a configMap that contains custom AIDE configuration. If omitted, a default configuration is created.
|`spec.config.namespace`
|Namespace of a configMap that contains custom AIDE configuration. If unset, the FIO generates a default configuration suitable for {op-system} systems.
|`spec.config.key`
|Key that contains actual AIDE configuration in a config map specified by `name` and `namespace`. The default value is `aide.conf`.
|`spec.config.initialDelay`
|The number of seconds to wait before starting the first AIDE integrity check. Default is set to 0. This attribute is optional.
|===
View Git Blame Copy Permalink