openshift-docs/modules/file-integrity-important-attributes.adoc

// Module included in the following assemblies:
//
// * security/file_integrity_operator/file-integrity-operator-configuring.adoc

[id="important-file-integrity-object-attributes_{context}"]
= Important attributes

.Important `spec` and `spec.config` attributes

[%header,cols=2*]
|===
|Attribute
|Description

|`spec.nodeSelector`
|A map of key-values pairs that must match with node’s labels in order for the
AIDE pods to be schedulable on that node. The typical use is to set only a
single key-value pair where `node-role.kubernetes.io/worker: ""` schedules AIDE on
all worker nodes, `node.openshift.io/os_id: "rhcos"` schedules on all
{op-system-first} nodes.

|`spec.debug`
|A boolean attribute. If set to `true`, the daemon running in the AIDE deamon set’s
pods would output extra information.

|`spec.tolerations`
|Specify tolerations to schedule on nodes with custom taints. When not specified,
a default toleration is applied, which allows tolerations to run on master nodes.

|`spec.config.gracePeriod`
|The number of seconds to pause in between AIDE integrity checks. Frequent AIDE
checks on a node can be resource intensive, so it can be useful to specify a
longer interval. Defaults to `900`, or 15 minutes.

|`spec.config.name`, `spec.config.namespace`, `spec.config.key`
|These three attributes allow you to set a custom AIDE configuration. When the name
or namespace are unset, the File Integrity Operator generates a configuration
suitable for {op-system} systems. The name and namespace attributes point to the
config map; the key points to a key inside that config map. Use the key
attribute to specify a custom key that contains the actual config and defaults
to `aide.conf`.
|===