Advanced tab
Enter information about certain External S-TAP advanced parameters.
The pod security context parameters allow you to use External S-TAP when Kubernetes Pod Security Policies are enabled. The parameters help ensure that the pod user has access to files and mounted volumes. For more information, see the Kubernetes Pod Security Policies documentation.
Parameter | Default | Meaning |
---|---|---|
Member count | The number of External S-TAP Docker containers to create for this database inspection cluster. In general, you don't need more than four containers per cluster. | |
Worker threads | 1 | The number of threads used by each External S-TAP in the cluster. |
Verify collector certificate | Select to have any S-TAPs verify the collector's certificate before the collector connects to the S-TAP. Use this feature, along with block lists and allow lists, to strictly control access between the Guardium® collector and the External S-TAP. | |
Collector CN | If you select Verify collector certificate, enter the common name (CN)
of the collector to use in Collector CN, or enter a regular expression to
specify a set of allowable collectors. For more information about Regular Expressions, see Regular Expressions. |
|
Override server IP | Enter a default server IP address to use for all recorded traffic. | |
runAsUser | 1000 | The UID for the processes within the pod containers. If the user is not 1000, then GID 0 must be a valid group for the user. |
fsGroup | 1000 | The file system group. Enter the GID for filesystem mounts in the containers of the Pod. The
fsGroup is added to the pod's supplementalGroups parameter. The default is 1000, but make sure that you specify a number that works with your policy. |