Advanced tab

Enter information about certain External S-TAP advanced parameters.

The pod security context parameters allow you to use External S-TAP when Kubernetes Pod Security Policies are enabled. The parameters help ensure that the pod user has access to files and mounted volumes. For more information, see the Kubernetes Pod Security Policies documentation.

Table 1. Advanced tab parameters
Parameter Default Meaning
Member count The number of External S-TAP Docker containers to create for this database inspection cluster. In general, you don't need more than four containers per cluster.
Worker threads 1 The number of threads used by each External S-TAP in the cluster.
Verify collector certificate   Select to have any S-TAPs verify the collector's certificate before the collector connects to the S-TAP. Use this feature, along with block lists and allow lists, to strictly control access between the Guardium® collector and the External S-TAP.
Collector CN   If you select Verify collector certificate, enter the common name (CN) of the collector to use in Collector CN, or enter a regular expression to specify a set of allowable collectors.

For more information about Regular Expressions, see Regular Expressions.

Override server IP   Enter a default server IP address to use for all recorded traffic.
runAsUser 1000 The UID for the processes within the pod containers. If the user is not 1000, then GID 0 must be a valid group for the user.
fsGroup 1000 The file system group. Enter the GID for filesystem mounts in the containers of the Pod. The fsGroup is added to the pod's supplementalGroups parameter.

The default is 1000, but make sure that you specify a number that works with your policy.