From 530e58f422a7b722d8cbe74cb61044ecb681ba0c Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 22 Nov 2019 22:50:42 +0000
Subject: [PATCH 001/156] updating installer docs

---
 .../openshift-with-hostpath/values.yaml       | 44 +++++++++++++++
 installer/examples/single-node/values.yaml    | 53 +++++++++++++++++++
 2 files changed, 97 insertions(+)
 create mode 100644 installer/examples/openshift-with-hostpath/values.yaml
 create mode 100644 installer/examples/single-node/values.yaml

diff --git a/installer/examples/openshift-with-hostpath/values.yaml b/installer/examples/openshift-with-hostpath/values.yaml
new file mode 100644
index 00000000..0c704608
--- /dev/null
+++ b/installer/examples/openshift-with-hostpath/values.yaml
@@ -0,0 +1,44 @@
+size: medium
+# The below can be ignored for non-openshift clusters.
+deployment: openshift
+# Replace with quay.io pull secrets provided by the sales team.
+quaypullsecret: <PLEASE_REPLACE>
+# Acceptable values here are awe|gke|none|hostPath, change this to none and configure storageClassName if you want to use an existing storageClass
+storageClassProvisioner: hostPath
+# Uncomment the below to specify an existing storageClass, if not configured a storageClass is created with the configured storageClassProvisioner
+# storageClassName: sysdig
+elasticsearch:
+  hostPathNodes:
+    # replace with the name section of kubectl get nodes
+    - my-cool-host1.com
+    - my-cool-host2.com
+    - my-cool-host3.com
+sysdig:
+  # Openshift API url along with its port number
+  openshiftUrl: <REPLACE_WITH_OPENSHIFT_URL>
+  # Username of the user to access the configured openshift url
+  openshiftUser: <REPLACE_WITH_OPENSHIFT_USERNAME>
+  # Password of the user to access the configured openshift url
+  openshiftPassword: <REPLACE_WITH_OPENSHIFT_PASSWORD>
+  collector:
+    dnsName: <PLEASE_REPLACE>
+  mysql:
+    hostPathNodes:
+      # replace with the name section of kubectl get nodes
+      - my-cool-host1.com
+  postgresql:
+    hostPathNodes:
+      # replace with the name section of kubectl get nodes
+      - my-cool-host1.com
+  cassandra:
+    hostPathNodes:
+      # replace with the name section of kubectl get nodes
+      - my-cool-host1.com
+      - my-cool-host2.com
+      - my-cool-host3.com
+  # Replace with domain name the api should be served on.
+  dnsName: <PLEASE_REPLACE>
+  admin:
+    username: <REPLACE_WITH_A_VALID_EMAIL_ADDRESS>
+  # Replace with license provided by the sales team.
+  license: <PLEASE_REPLACE>
diff --git a/installer/examples/single-node/values.yaml b/installer/examples/single-node/values.yaml
new file mode 100644
index 00000000..a30e3477
--- /dev/null
+++ b/installer/examples/single-node/values.yaml
@@ -0,0 +1,53 @@
+# The instructions here should create Sysdig Platform on a single node with 8 cores and 16Gig of RAM.
+size: small
+# Replace with quay.io pull secrets provided by the sales team.
+quaypullsecret: <PLEASE_REPLACE>
+# Acceptable values here are awe|gke|none|hostPath, change this to none and configure storageClassName if you want to use an existing storageClass
+storageClassProvisioner: hostPath
+# Uncomment the below to specify an existing storageClass, if not configured a storageClass is created with the configured storageClassProvisioner
+# storageClassName: sysdig
+elasticsearch:
+  hostPathNodes:
+      # replace with the name section of kubectl get nodes
+    - minikube
+sysdig:
+  mysql:
+    hostPathNodes:
+      # replace with the name section of kubectl get nodes
+      - minikube
+  postgresql:
+    hostPathNodes:
+      # replace with the name section of kubectl get nodes
+      - minikube
+  cassandra:
+    hostPathNodes:
+      # replace with the name section of kubectl get nodes
+      - minikube
+  # Replace with domain name the api should be served on.
+  dnsName: <PLEASE_REPLACE>
+  admin:
+    username: pov@sysdig.com
+  # Replace with license provided by the sales team.
+  license: <PLEASE_REPLACE>
+  # For PoC do not change the below
+  resources:
+    api:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    cassandra:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    collector:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    elasticsearch:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    worker:
+      requests:
+        cpu: 500m
+        memory: 1Gi

From 3c51e3404c14df83602da67e4b36326cbe950b7a Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 22 Nov 2019 22:54:38 +0000
Subject: [PATCH 002/156] updating installer docs

---
 installer/single-node/README.md  |  50 +++++++
 installer/single-node/install.sh | 232 +++++++++++++++++++++++++++++++
 2 files changed, 282 insertions(+)
 create mode 100644 installer/single-node/README.md
 create mode 100755 installer/single-node/install.sh

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
new file mode 100644
index 00000000..b94c1476
--- /dev/null
+++ b/installer/single-node/README.md
@@ -0,0 +1,50 @@
+# Single node POV installer
+
+This script will install docker, minikube, jq, curl etc required to run Sysdig
+Platform, after installing all dependencies the script will create a
+values.yaml and run the installer using the created values.yaml file.
+
+## Usage
+
+Copy the [script](./install.sh) to the machine that sysdig
+platform is intended to run on, if you intend using enterprise anchore copy the
+anchore license file to the same path as the script, then run:
+
+```bash
+sudo ./install.sh
+```
+
+This will prompt for quay pull secrets, sysdig license and domain name(in ec2
+this is the public hostname for the instance). It will install dependencies
+run the installer and create a sysdig platform. It also logs everything you
+see in your terminal to `/var/log/sysdig-installer.log` so this can be used
+for debugging a failed install.
+
+## Requirements.
+
+- An instance with at least 8 CPU cores, 16GB of RAM and 300GB of disk space.
+- Port 443 and 6443 granted network access (in AWS this is done with security
+groups)
+
+## Status
+
+Tested on:
+
+- amazon linux
+- centos 7
+- centos 8
+- debian buster
+- debian stretch
+- ubuntu bionic
+- ubuntu xenial
+
+The script will not work on any OS that it has not been tested on.
+
+## Note
+
+To need to run `kubectl` as root on the host.
+
+## Future improvements
+
+- the script will be hosted in a public location so you can `curl | sudo bash`
+the script.
diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
new file mode 100755
index 00000000..85448b54
--- /dev/null
+++ b/installer/single-node/install.sh
@@ -0,0 +1,232 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+#log to file and stdout
+log_file="/var/log/sysdig-installer.log"
+exec &>> >(tee -a "$log_file")
+
+if [[ "$EUID" -ne 0 ]]; then
+  echo "This script needs to be run as root"
+  echo "Usage: sudo ./$0"
+  exit 1
+fi
+
+KUBERNETES_VERSION=v1.13.0
+DOCKER_VERSION=18.06.3
+ROOT_LOCAL_PATH="/usr/bin"
+QUAYPULLSECRET="PLACEHOLDER"
+LICENSE="PLACEHOLDER"
+DNSNAME="PLACEHOLDER"
+ANCHORE_LICENSE_FILE_NAME="none"
+
+function writeValuesYaml() {
+  cat << EOM > values.yaml
+size: small
+quaypullsecret: $QUAYPULLSECRET
+storageClassProvisioner: hostPath
+elasticsearch:
+  hostPathNodes:
+    - minikube
+sysdig:
+  mysql:
+    hostPathNodes:
+      - minikube
+  postgresql:
+    hostPathNodes:
+      - minikube
+  cassandra:
+    hostPathNodes:
+      - minikube
+  dnsName: $DNSNAME
+  admin:
+    username: pov@sysdig.com
+  license: $LICENSE
+  resources:
+    api:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    cassandra:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    collector:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    elasticsearch:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    worker:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+EOM
+  if [[ -n $ANCHORE_LICENSE_FILE_NAME && $ANCHORE_LICENSE_FILE_NAME != none ]]; then
+    if [[ ! -s $ANCHORE_LICENSE_FILE_NAME ]]; then
+      echo "Provided $ANCHORE_LICENSE_FILE_NAME does not exists or is empty"
+      exit 1
+    fi
+    echo "  configureScanningReporting: true" >> values.yaml
+    echo "  anchoreLicensePath: $ANCHORE_LICENSE_FILE_NAME" >> values.yaml
+  fi
+}
+
+function askQuestions() {
+  read -rp $'Provide quay pull secrets: \n' QUAYPULLSECRET
+  printf "\n"
+  read -rp $'Provide sysdig license: \n' LICENSE
+  printf "\n"
+  read -rp $'Provide domain name, this domain name should resolve to this node on port 443 and 6443: \n' DNSNAME
+  printf "\n"
+  read -rp $'Provide file name for anchore license, if you do not intend to you use enterprise anchore hit the enter key to continue \n' ANCHORE_LICENSE_FILE_NAME
+  printf "\n"
+}
+
+function dockerLogin() {
+  local -r quayPullSecret=$QUAYPULLSECRET
+  if [[ "$quayPullSecret" != "PLACEHOLDER" ]]; then
+    local -r auth=$(echo "$quayPullSecret" | base64 --decode | jq -r '.auths."quay.io".auth' | base64 --decode)
+    local -r quay_username=${auth%:*}
+    local -r quay_password=${auth#*:}
+    docker login -u "$quay_username" -p "$quay_password" quay.io
+  else
+    echo "Please rerun the script and configure quay pull secret"
+  fi
+}
+
+function installUbuntuDeps() {
+  apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
+  apt-get update -qq
+  apt-get install -y apt-transport-https ca-certificates curl software-properties-common jq python-pip
+  curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+  add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu  $(lsb_release -cs) stable"
+  apt-get update -qq
+  apt-get install -y --allow-unauthenticated docker-ce=${DOCKER_VERSION}~ce~3-0~ubuntu
+}
+
+function installDebianDeps() {
+  apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
+  apt-get update -qq
+  apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common jq python-pip
+  curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
+  add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
+  apt-get update -qq
+  apt-get install -y --allow-unauthenticated docker-ce=${DOCKER_VERSION}~ce~3-0~debian
+}
+
+function installCentOSDeps() {
+  local -r version=$1
+  yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
+  yum -y update
+  yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+  if [[ $version == 8 ]]; then
+    yum install -y yum-utils device-mapper-persistent-data lvm2 curl jq.x86_64
+  else
+    yum install -y yum-utils device-mapper-persistent-data lvm2 curl jq
+  fi
+  # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
+  yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
+  yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
+  systemctl enable docker
+  systemctl start docker
+}
+
+function installMiniKube() {
+  local -r minikube_latest=$(
+    curl -sL \
+      https://api.github.com/repos/kubernetes/minikube/releases/latest |
+      jq -r .tag_name
+  )
+  curl -s -Lo minikube "https://storage.googleapis.com/minikube/releases/${minikube_latest}/minikube-linux-amd64"
+  chmod +x minikube
+  mv minikube "${ROOT_LOCAL_PATH}"
+}
+
+function installKubectl() {
+  local -r kubectl_latest=$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)
+  curl -s -Lo kubectl "https://storage.googleapis.com/kubernetes-release/release/${kubectl_latest}/bin/linux/amd64/kubectl"
+  chmod +x kubectl
+  mv kubectl "${ROOT_LOCAL_PATH}"
+}
+
+function installDeps() {
+  set +e
+  source /etc/os-release
+  case $ID in
+    ubuntu)
+      installUbuntuDeps
+      if [[ ! $VERSION_CODENAME =~ ^(bionic|xenial)$ ]]; then
+        echo "ubuntu version: $VERSION_CODENAME is not supported"
+        exit 1
+      fi
+      ;;
+    debian)
+      installDebianDeps
+      if [[ ! $VERSION_CODENAME =~ ^(stretch|buster)$ ]]; then
+        echo "debian version: $VERSION_CODENAME is not supported"
+        exit 1
+      fi
+      ;;
+    centos | amzn)
+      if [[ $ID =~ ^(centos)$ ]] &&
+        [[ ! "$VERSION_ID" =~ ^(7|8) ]]; then
+        echo "$ID version: $VERSION_ID is not supported"
+        exit 1
+      fi
+      installCentOSDeps "$VERSION_ID"
+      ;;
+    *)
+      echo "unsupported platform $ID"
+      exit 1
+      ;;
+  esac
+  installMiniKube
+  installKubectl
+  set -e
+}
+
+function startDocker() {
+  systemctl enable docker
+  systemctl start docker
+  ip link set docker0 promisc on
+}
+
+function startMinikube() {
+  export MINIKUBE_HOME="/root"
+  export KUBECONFIG="/root/.kube/config"
+  minikube start --vm-driver=none --kubernetes-version=${KUBERNETES_VERSION}
+  kubectl config use-context minikube
+}
+
+function fixIptables() {
+  echo "Fixing iptables ..."
+  ### Install iptables rules because minikube locks out external access
+  iptables -I INPUT -t filter -p tcp --dport 443 -j ACCEPT
+  iptables -I INPUT -t filter -p tcp --dport 6443 -j ACCEPT
+  iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+}
+
+function runInstaller() {
+  dockerLogin
+  docker run --net=host \
+    -e KUBECONFIG=/root/.kube/config \
+    -v /root/.kube:/root/.kube:Z \
+    -v /root/.minikube:/root/.minikube:Z \
+    -v "$(pwd)":/manifests:Z \
+    quay.io/sysdig/installer:2.5.0-2
+}
+
+function __main() {
+  askQuestions
+  installDeps
+  writeValuesYaml
+  startDocker
+  startMinikube
+  fixIptables
+  runInstaller
+}
+
+__main

From 885e5e545750e130ee388cad8c25992f09775fca Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 27 Nov 2019 19:58:16 +0000
Subject: [PATCH 003/156] updating installer docs

---
 installer/single-node/README.md  | 1 +
 installer/single-node/install.sh | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index b94c1476..cd658aec 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -48,3 +48,4 @@ To need to run `kubectl` as root on the host.
 
 - the script will be hosted in a public location so you can `curl | sudo bash`
 the script.
+
diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 85448b54..c1140348 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -75,7 +75,7 @@ EOM
 }
 
 function askQuestions() {
-  read -rp $'Provide quay pull secrets: \n' QUAYPULLSECRET
+  read -rp $'Provide quay pull secret: \n' QUAYPULLSECRET
   printf "\n"
   read -rp $'Provide sysdig license: \n' LICENSE
   printf "\n"

From 4aea7f9b5af6bb25a53e50794881d38838b5938c Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 2 Dec 2019 21:32:24 +0000
Subject: [PATCH 004/156] updating installer docs

---
 installer/single-node/install.sh | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index c1140348..9ca7ff9b 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -18,7 +18,6 @@ ROOT_LOCAL_PATH="/usr/bin"
 QUAYPULLSECRET="PLACEHOLDER"
 LICENSE="PLACEHOLDER"
 DNSNAME="PLACEHOLDER"
-ANCHORE_LICENSE_FILE_NAME="none"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml
@@ -64,14 +63,6 @@ sysdig:
         cpu: 500m
         memory: 1Gi
 EOM
-  if [[ -n $ANCHORE_LICENSE_FILE_NAME && $ANCHORE_LICENSE_FILE_NAME != none ]]; then
-    if [[ ! -s $ANCHORE_LICENSE_FILE_NAME ]]; then
-      echo "Provided $ANCHORE_LICENSE_FILE_NAME does not exists or is empty"
-      exit 1
-    fi
-    echo "  configureScanningReporting: true" >> values.yaml
-    echo "  anchoreLicensePath: $ANCHORE_LICENSE_FILE_NAME" >> values.yaml
-  fi
 }
 
 function askQuestions() {
@@ -81,8 +72,6 @@ function askQuestions() {
   printf "\n"
   read -rp $'Provide domain name, this domain name should resolve to this node on port 443 and 6443: \n' DNSNAME
   printf "\n"
-  read -rp $'Provide file name for anchore license, if you do not intend to you use enterprise anchore hit the enter key to continue \n' ANCHORE_LICENSE_FILE_NAME
-  printf "\n"
 }
 
 function dockerLogin() {

From 116fab10eb41dc45fe92426f5199e734d90f503f Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 3 Dec 2019 18:02:15 +0000
Subject: [PATCH 005/156] updating installer docs

---
 installer/single-node/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 9ca7ff9b..087ec7c5 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -12,7 +12,7 @@ if [[ "$EUID" -ne 0 ]]; then
   exit 1
 fi
 
-KUBERNETES_VERSION=v1.13.0
+KUBERNETES_VERSION=v1.16.0
 DOCKER_VERSION=18.06.3
 ROOT_LOCAL_PATH="/usr/bin"
 QUAYPULLSECRET="PLACEHOLDER"

From 8e1a2bf3c1b5a06320d36ec1f89e8fc9a67c7f08 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 18 Dec 2019 23:07:15 +0000
Subject: [PATCH 006/156] updating installer docs

---
 installer/README.md                        |  280 ++
 installer/docs/advanced.md                 |   59 +
 installer/docs/configuration_parameters.md | 3458 ++++++++++++++++++++
 installer/docs/upgrade.md                  |   91 +
 installer/values.yaml                      |   23 +
 5 files changed, 3911 insertions(+)
 create mode 100644 installer/README.md
 create mode 100644 installer/docs/advanced.md
 create mode 100644 installer/docs/configuration_parameters.md
 create mode 100644 installer/docs/upgrade.md
 create mode 100644 installer/values.yaml

diff --git a/installer/README.md b/installer/README.md
new file mode 100644
index 00000000..6db315b1
--- /dev/null
+++ b/installer/README.md
@@ -0,0 +1,280 @@
+# Installer
+
+The Sysdig Installer tool is a collection of scripts that help automate the
+on-premises deployment of the Sysdig platform (Sysdig Monitor and/or Sysdig
+Secure), for environments using Kubernetes or OpenShift. Use the Installer
+to install or upgrade your Sysdig platform. It is recommended as a replacement
+for the earlier manual install/upgrade procedures.
+
+# Installation Overview
+
+To install, you will log in to quay.io, download a sysdig-chart/values.yaml
+file, provide a few basic parameters in it, and launch the Installer. In a
+normal installation, the rest is automatically configured and deployed.
+
+Note that you can perform a quick install if your environment has access to the
+internet, or a partial or full airgapped installation, as needed. Each is
+described below.
+
+## Prerequisites
+
+### Requirements for Installation Machine with Internet Access
+
+- Network access to Kubernetes cluster
+- Docker
+- Bash
+- jq
+- Network access to quay.io
+- A domain name you are in control of.
+
+### Additional Requirements for Airgapped Environments
+
+- Edited sysdig-chart/values.yaml, with airgap registry details updated
+- Network and authenticated access to the private registry
+
+### Access Requirements
+
+- Sysdig license key (Monitor and/or Secure)
+- Quay pull secret
+- Anchore license file (if Secure is licensed)
+- Docker Log In to quay.io
+- Retrieve Quay username and password from Quay pull secret.
+  For example:
+  ```bash
+  AUTH=$(echo <REPLACE_WITH_quaypullsecret> | base64 --decode | jq -r '.auths."quay.io".auth'| base64 --decode)
+  QUAY_USERNAME=${AUTH%:*}
+  QUAY_PASSWORD=${AUTH#*:}
+  ```
+- Log in to quay.io using the username and password retrieved above.
+  ```bash
+  docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io
+  ```
+
+# Quickstart Install
+
+This install assumes the Kubernetes cluster has network access to pull images from quay.io.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+  ```bash
+  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
+  ```
+- Edit the following values:
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+  large.
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  your Sysdig purchase confirmation mail.
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+  The name of the storage class provisioner to use when creating the
+  configured storageClassName parameter. If you do not use one of those two
+  dynamic storage provisioners, then enter: hostPath and refer to the Advanced
+  examples for how to configure static storage provisioning with this option.
+  Valid options: aws, gke, hostPath
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  provided with your Sysdig purchase confirmation mail
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  the Sysdig APIs will be served on.
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  (OpenShift installs only) Domain name the Sysdig collector will be served on.
+  When not configured it defaults to whatever is configured for sysdig.dnsName.
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  The networking construct used to expose the Sysdig API and collector.  Options
+  are:
+    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
+      host ports for api and collector. This does not create a Kubernetes service.
+    - loadbalancer: creates a service of type loadbalancer and expects that
+      your Kubernetes cluster can provision a load balancer with your cloud provider.
+    - nodeport: creates a service of type nodeport. The node ports can be
+      customized with:
+
+      - sysdig.ingressNetworkingInsecureApiNodePort
+      - sysdig.ingressNetworkingApiNodePort
+      - sysdig.ingressNetworkingCollectorNodePort
+  When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
+
+  **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
+  would also edit the following values:
+
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  The URL of the airgapped (internal) docker registry. This URL is used for
+  installations where the Kubernetes cluster can not pull images directly from
+  Quay.
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  The password for the configured airgapped_registry_username. Ignore this
+  parameter if the registry does not require authentication.
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  The username for the configured airgapped_registry_name. Ignore this
+  parameter if the registry does not require authentication.
+
+- Run the Installer. (Note: This step differs in [Airgapped Installation
+  Options](#airgapped-installation-options).)
+  ```bash
+  docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z -v $(pwd):/manifests:Z \quay.io/sysdig/installer:2.5.0.3
+  ```
+- On successful run of Installer towards the end of your terminal you should
+  see the below:
+
+  ```
+  All Pods Ready.....Continuing
+  Congratulations, your Sysdig installation was successful!
+  You can now login to the UI at "https://awesome-domain.com:443" with:
+
+  username: "configured-username@awesome-domain.com"
+  password: "awesome-password"
+  ```
+
+**NOTE**: Save the values.yaml file in a secure location; it will be used for
+future upgrades. There will also be a generated directory containing various
+Kubernetes configuration yaml files which were applied by Installer against
+your cluster. It is not necessary to keep the generated directory, as the
+Installer can regenerate is consistently with the same values.yaml file.
+
+# Airgapped Installation Options
+
+The Installer can be used to install in airgapped environments, either with
+a multi-homed installation machine that has internet access, or in an
+environment with no internet access.
+
+## Airgapped with Multi-Homed Installation Machine
+
+This assumes a private docker registry is used and the installation machine has
+network access to pull from quay.io and push images to the private registry.
+
+The Prerequisites and workflow are the same as in the Quickstart Install, with
+the following exceptions:
+
+- In step 2, add the airgap registry information.
+
+- In step 3, run the Installer as follows:
+
+```bash
+docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
+  -v ~/.kube:/.kube:Z \
+  -v $(pwd):/manifests:Z \
+  -v /var/run/docker.sock:/var/run/docker.sock:Z \
+  -v ~/.docker:/root/docker:Z \
+  quay.io/sysdig/installer:2.5.0.3
+```
+
+## Full Airgap Install
+
+This assumes a private docker registry is used and the installation machine
+does not have network access to pull from quay.io, but can push images to the
+private registry.
+
+In this situation, a machine with network access (called the “jump machine”)
+will pull an image containing a self-extracting tarball which can be copied to
+the installation machine.
+
+### Requirements for jump machine
+- Network access to quay.io
+- Docker
+- jq
+
+### Requirements for installation machine
+- Network access to Kubernetes cluster
+- Docker
+- Bash
+- tar
+- Network and authenticated access to the private registry
+- Edited sysdig-chart/values.yaml, with airgap registry details updated
+
+### Workflow
+
+#### On the Jump Machine
+
+- Follow the Docker Log In to quay.io steps under the Access Requirements section.
+- Pull the image containing the self-extracting tar:
+  ```bash
+  docker pull quay.io/sysdig/installer:2.5.0.3-uber
+  ```
+- Extract the tarball:
+  ```bash
+  docker create --name uber_image quay.io/sysdig/installer:2.5.0.3-uber
+  docker cp uber_image:/sysdig_installer.tar.gz .
+  docker rm uber_image
+  ```
+- Copy the tarball to the installation machine.
+
+#### On the Installation Machine:
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+  ```bash
+  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
+  ```
+- Edit the following values:
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+  large
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  your Sysdig purchase confirmation mail
+  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+  name of the storage class provisioner to use when creating the configured
+  storageClassName parameter. Use hostPath or local in clusters that do not have
+  a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
+  are created manually this should be configured as none. Valid options are:
+  aws,gke,hostPath,local,none
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  provided with your Sysdig purchase confirmation mail
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  the Sysdig APIs will be served on.
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  (OpenShift installs only) Domain name the Sysdig collector will be served on.
+  When not configured it defaults to whatever is configured for sysdig.dnsName.
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  The networking construct used to expose the Sysdig API and collector.  Options
+  are:
+    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
+      host ports for api and collector. This does not create a Kubernetes service.
+    - loadbalancer: creates a service of type loadbalancer and expects that
+      your Kubernetes cluster can provision a load balancer with your cloud provider.
+    - nodeport: creates a service of type nodeport. The node ports can be
+      customized with:
+      - sysdig.ingressNetworkingInsecureApiNodePort
+      - sysdig.ingressNetworkingApiNodePort
+      - sysdig.ingressNetworkingCollectorNodePort
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  The URL of the airgapped (internal) docker registry. This URL is used for
+  installations where the Kubernetes cluster can not pull images directly from
+  Quay.
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  The password for the configured airgapped_registry_username. Ignore this
+  parameter if the registry does not require authentication.
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  The username for the configured airgapped_registry_name. Ignore this
+  parameter if the registry does not require authentication.
+
+- Copy the tarball file to the directory where you have your values.yaml file.
+- Run the tar file:
+  `bash sysdig_installer.tar.gz`
+- On successful run of Installer towards the end of your terminal you should
+  see the below:
+
+  ```
+  All Pods Ready.....Continuing
+  Congratulations, your Sysdig installation was successful!
+  You can now login to the UI at "https://awesome-domain.com:443" with:
+
+  username: "configured-username@awesome-domain.com"
+  password: "awesome-password"
+  ```
+
+**NOTE**: Save the values.yaml file in a secure location; it will be used for
+future upgrades. There will also be a generated directory containing various
+Kubernetes configuration yaml files which were applied by Installer against
+your cluster. It is not necessary to keep the generated directory, as the
+Installer can regenerate is consistently with the same values.yaml file.
+
+# Upgrades
+
+See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+
+# Configuration Parameters and Examples
+
+For the full dictionary of configuration parameters, see:
+[configuration_parameters.md](docs/configuration_parameters.md)
+
+# Advanced Configuration
+
+For advanced configuration option see [advanced.md](docs/advanced.md)
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
new file mode 100644
index 00000000..888f6e0a
--- /dev/null
+++ b/installer/docs/advanced.md
@@ -0,0 +1,59 @@
+# Advanced configuration
+
+## Use hostPath for Static Storage of Sysdig Components
+
+As described in the Installation Storage Requirements, the Installer
+assumes usage of a dynamic storage provider (AWS or GKE). In case these are
+not used in your environment, add the entries below to the values.yaml to
+configure static storage.
+
+Based on the `size` entered in the values.yaml file (small/medium/large), the
+Installer assumes a minimum number of replicas and nodes to be provided.
+You will enter the names of the nodes on which you will run the Cassandra,
+ElasticSearch, mySQL and Postgres components of Sysdig in the values.yaml, as
+in the parameters and example below.
+
+### Parameters
+
+`storageClassProvisioner`: hostPath.<br>
+`sysdig.cassandra.hostPathNodes`: The number of nodes configured here needs to
+be at minimum 1 when configured `size` is `small`, 3 when configured `size` is
+`medium` and 6 when configured `size` is large.<br>
+`elasticsearch.hostPathNodes`: The number of nodes configured here needs to be
+be at minimum 1 when configured `size` is `small`, 3 when configured `size` is
+`medium` and 6 when configured `size` is large.<br>
+`sysdig.mysql.hostPathNodes`: When sysdig.mysqlHa is configured to true this has
+to be at least 3 nodes and when sysdig.mysqlHa is not configured it should be
+at least one node.<br>
+`sysdig.postgresql.hostPathNodes`: This can be ignored if Sysdig Secure is not
+licensed or used on this environment. If Secure is used, then the parameter
+should be set to 1, regardless of the environment size setting.<br>
+
+### Example
+
+```yaml
+storageClassProvisioner: hostPath
+elasticsearch:
+  hostPathNodes:
+    - my-cool-host1.com
+    - my-cool-host2.com
+    - my-cool-host3.com
+    - my-cool-host4.com
+    - my-cool-host5.com
+    - my-cool-host6.com
+sysdig:
+  cassandra:
+    hostPathNodes:
+      - my-cool-host1.com
+      - my-cool-host2.com
+      - my-cool-host3.com
+      - my-cool-host4.com
+      - my-cool-host5.com
+      - my-cool-host6.com
+  mysql:
+    hostPathNodes:
+      - my-cool-host1.com
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
+```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
new file mode 100644
index 00000000..85cd06e9
--- /dev/null
+++ b/installer/docs/configuration_parameters.md
@@ -0,0 +1,3458 @@
+# Configuration Parameters
+
+## **quaypullsecret**
+**Required**: `true`<br>
+**Description**: quay.io credentials provided with your Sysdig purchase confirmation
+  mail.<br>
+**Options**:<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+quaypullsecret: Y29tZS13b3JrLWF0LXN5c2RpZwo=
+```
+
+## **schema_version**
+**Required**: `true`<br>
+**Description**: Represents the schema version of the values.yaml
+configuration. Versioning follows [Semver](https://semver.org/) (Semantic
+Versioning) and maintains semver guarantees about versioning.<br>
+**Options**:<br>
+**Default**: `1.0.0`<br>
+**Example**:
+
+```yaml
+schema_version: 1.0.0
+```
+
+## **size**
+**Required**: `true`<br>
+**Description**: Specifies the size of the cluster. Size defines CPU, Memory,
+Disk, and Replicas.<br>
+**Options**: `small|medium|large`<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+size: medium
+```
+
+## **storageClassProvisioner**
+**Required**: `true`<br>
+**Description**: The name of the [storage class
+provisioner](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner)
+to use when creating the configured storageClassName parameter. Use hostPath
+or local in clusters that do not have a provisioner. For setups where
+Persistent Volumes and Persistent Volume Claims are created manually this
+should be configured as `none`.<br>
+**Options**: `aws|gke|hostPath|local|none`<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+storageClassProvisioner: aws
+```
+
+## **apps**
+**Required**: `false`<br>
+**Description**: Specifies the Sysdig Platform components to be installed.<br>
+Combine multiple components by space separating them. Specify at least one
+app, for example, `monitor`.<br>
+**Options**: `monitor|monitor secure`<br>
+**Default**: `monitor secure`<br>
+**Example**:
+
+```yaml
+apps: monitor secure
+```
+
+## **airgapped_registry_name**
+**Required**: `false`<br>
+**Description**: The URL of the airgapped (internal) docker registry. This URL
+is used for installations where the Kubernetes cluster can not pull images
+directly from Quay. See [airgap instructions
+multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
+and [full airgap instructions](../usage.md#full-airgap-installation) for more
+details.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+airgapped_registry_name: my-awesome-domain.docker.io
+```
+
+## **airgapped_registry_password**
+**Required**: `false`
+**Description**: The password for the configured
+`airgapped_registry_username`. Ignore this parameter if the registry does not
+require authentication.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+airgapped_registry_password: my-@w350m3-p@55w0rd
+```
+
+## **airgapped_registry_username**
+**Required**: `false`<br>
+**Description**: The username for the configured `airgapped_registry_name`.
+Ignore this parameter if the registry does not require authentication.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+airgapped_registry_username: bob+alice
+```
+
+## **deployment**
+**Required**: `false`<br>
+**Description**: The name of the Kubernetes installation.<br>
+**Options**: `iks|kubernetes|openshift`<br>
+**Default**: `kubernetes`<br>
+**Example**:
+
+```yaml
+deployment: kubernetes
+```
+
+## **localStoragehostDir**
+**Required**: `false`<br>
+**Description**: The path on the host where the local volumes are mounted
+under. This  is relevant only when `storageClassProvisioner` is `local`.<br>
+**Options**:<br>
+**Default**: `/sysdig`<br>
+**Example**:
+
+```yaml
+localStoragehostDir: /sysdig
+```
+
+## **namespace**
+**Required**: `false`<br>
+**Description**: Kubernetes namespace to deploy Sysdig Platform to.<br>
+**Options**:<br>
+**Default**: `sysdig`<br>
+**Example**:
+
+```yaml
+namespace: sysdig
+```
+
+## **scripts**
+**Required**: `false`<br>
+**Description**: Defines which scripts needs to be run.<br>
+  `generate`: performs templating and customization.<br>
+  `diff`: generates diff against in-cluster configuration.<br>
+  `deploy`: applies the generated script in Kubernetes environment.<br>
+These options can be combined by space separating them.<br>
+**Options**: `generate|diff|deploy|generate diff|generate deploy|diff deploy|generate diff deploy`<br>
+**Default**: `generate deploy`<br>
+**Example**:
+
+```yaml
+scripts: generate diff
+```
+
+## **storageClassName**
+**Required**: `false`<br>
+**Description**: The name of the preconfigured [storage
+class](https://kubernetes.io/docs/concepts/storage/storage-classes/). If the
+storage class does not exist, Installer will attempt to create it using the
+`storageClassProvisioner` as the provisioner. This has no effect if
+`storageClassProvisioner` is configured to `none`.<br>
+**Options**:<br>
+**Default**: `sysdig`<br>
+**Example**:
+
+```yaml
+storageClassName: sysdig
+```
+
+## ~~**cloudProvider.create_loadbalancer**~~ (**Deprecated**)
+**Required**: `false`<br>
+**Description**: This is deprecated, prefer
+[`sysdig.ingressNetworking`](#sysdigingressnetworking) instead. When set to
+true a service of type
+[LoadBalancer](https://kubernetes.io/docs/concepts/services-networking/#loadbalancer)
+is created.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+cloudProvider:
+  create_loadbalancer: true
+```
+
+## **cloudProvider.isMultiAZ**
+**Required**: `false`<br>
+**Description**: Specifies whether the underlying Kubernetes cluster is
+deployed in multiple availability zones. The parameter requires
+[`cloudProvider.name`](#cloudprovidername) to be configured. <br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+cloudProvider:
+  isMultiAZ: false
+```
+
+## **cloudProvider.name**
+**Required**: `false`<br>
+**Description**: The name of the cloud provider Sysdig Platform will run on.<br>
+**Options**: `aws|gke`<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+cloudProvider:
+  name: aws
+```
+
+## **cloudProvider.region**
+**Required**: `false`<br>
+**Description**: The cloud provider region the underlying Kubernetes Cluster
+runs on. This parameter is required if
+[`cloudProvider.name`](#cloudprovidername) is configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+cloudProvider:
+  region: us-east-1
+```
+
+## **elasticsearch.hostPathNodes**
+**Required**: `false`<br>
+**Description**: An array of node hostnames printed out by the `kubectl get
+node -o name` command. ElasticSearch hostPath persistent volumes should be
+created on these nodes. The number of nodes must be at minimum whatever the
+value of
+[`sysdig.elasticsearchReplicaCount`](#sysdigelasticsearchreplicacount) is.
+This is required if configured
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: [] <br>
+
+**Example**:
+
+```yaml
+elasticsearch:
+  hostPathNodes:
+    - my-cool-host1.com
+    - my-cool-host2.com
+    - my-cool-host3.com
+    - my-cool-host4.com
+    - my-cool-host5.com
+    - my-cool-host6.com
+```
+
+
+## **elasticsearch.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Elasticsearch JVM.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+elasticsearch:
+  jvmOptions: -Xms4G -Xmx4G
+```
+
+## **elasticsearch.external**
+**Required**: `false`<br>
+**Description**: If set does not create a local Elasticsearch cluster, tries connecting to an external Elasticsearch cluster.
+This can be used in conjunction with [`elasticsearch.hostname`](#elasticsearchhostname) <br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  external: true
+```
+
+## **elasticsearch.hostname**
+**Required**: `false`<br>
+**Description**:  External Elasticsearch hostname can be provided here and certificates for clients can be provided under certs/elasticsearch-tls-certs.<br>
+**Options**: <br>
+**Default**: 'sysdigcloud-elasticsearch'<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  external: true
+  hostname: external.elasticsearch.cluster
+```
+
+## ~~**elasticsearch.searchguard.enabled**~~ (**Deprecated**)
+**Required**: `false`<br>
+**Description**: Enables user authentication and TLS-encrypted data-in-transit
+with [Searchguard](https://search-guard.com/)
+If Searchguard is enabled Installer does the following in the provided order:
+  1. Checks for user provided certificates under certs/elasticsearch-tls-certs if present uses that to setup elasticsearch(es) cluster.
+  2. Checks for existing searchguard certificates in the provided environment to setup ES cluster. (applicable for upgrades)
+  3. If neither of them are present Installer autogenerates searchguard certificates and uses them to setup es cluster.
+
+
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  searchguard:
+    enabled: false
+```
+
+## ~~**elasticsearch.searchguard.adminUser**~~ (**Deprecated**)
+**Required**: `false`<br>
+**Description**: The user bound to the ElasticSearch Searchguard admin role.<br>
+**Options**: <br>
+**Default**: `sysdig`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  searchguard:
+    adminUser: admin
+```
+
+## **elasticsearch.snitch.extractCMD**
+**Required**: `false`<br>
+**Description**: The command used to determine [elasticsearch cluster routing
+allocation awareness
+attributes](https://www.elastic.co/guide/en/elasticsearch/reference/current/allocation-awareness.html).
+The command will be passed to the bash eval command and is expected to return
+a single string. For example: `cut -d- -f2 /host/etc/hostname`.<br>
+**Options**: <br>
+**Default**: `sysdig`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  snitch:
+    extractCMD: cut -d- -f2 /host/etc/hostname
+```
+
+## **elasticsearch.snitch.hostnameFile**
+**Required**: `false`<br>
+**Description**: The name of the location to bind mount the host's
+`/etc/hostname` file to. This can be combined with
+[`elasticsearch.snitch.extractCMD`](#elasticsearchsnitchextractcmd) to
+determine cluster routing allocation associated with the node's hostname.<br>
+**Options**: <br>
+**Default**: `sysdig`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  snitch:
+    hostnameFile: /host/etc/hostname
+```
+
+## **hostPathCustomPaths.cassandra**
+**Required**: `false`<br>
+**Description**: The directory to bind mount Cassandra pod's
+`/var/lib/cassandra` to on the host. This parameter is relevant only when
+`storageClassProvisioner` is `hostPath`. <br>
+**Options**: <br>
+**Default**: `/var/lib/cassandra`<br>
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  cassandra: `/sysdig/cassandra`
+```
+
+## **hostPathCustomPaths.elasticsearch**
+**Required**: `false`<br>
+**Description**: The directory to bind mount elasticsearch pod's
+`/usr/share/elasticsearch` to on the host. This parameter is relevant only when
+`storageClassProvisioner` is `hostPath`.<br>
+**Options**: <br>
+**Default**: `/usr/share/elasticsearch`<br>
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  elasticsearch: `/sysdig/elasticsearch`
+```
+
+## **hostPathCustomPaths.mysql**
+**Required**: `false`<br>
+**Description**: The directory to bind mount mysql pod's `/var/lib/mysql` to
+on the host. This is relevant only when `storageClassProvisioner` is
+`hostPath`.<br>
+**Options**:<br>
+**Default**: `/var/lib/mysql`<br>
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  mysql: `/sysdig/mysql`
+```
+
+## **hostPathCustomPaths.postgresql**
+**Required**: `false`<br>
+**Description**: The directory to bind mount PostgreSQL pod's
+`/var/lib/postgresql/data/pgdata` to on the host. This parameter is relevant
+only when `storageClassProvisioner` is `hostPath`.<br>
+**Options**: <br>
+**Default**: `/var/lib/postgresql/data/pgdata`<br>
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  postgresql: `/sysdig/pgdata`
+```
+
+## **nodeaffinityLabel.key**
+**Required**: `false`<br>
+**Description**: The key of the label that is used to configure the nodes that the
+Sysdig Platform pods are expected to run on. The nodes are expected to have
+been labeled with the key.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+nodeaffinityLabel:
+  key: instancegroup
+```
+
+## **nodeaffinityLabel.value**
+**Required**: `false`<br>
+**Description**: The value of the label that is used to configure the nodes
+that the Sysdig Platform pods are expected to run on. The nodes are expected
+to have been labeled with the value of
+[`nodeaffinityLabel.key`](#nodeaffinitylabelkey), and is required if
+[`nodeaffinityLabel.key`](#nodeaffinitylabelkey) is configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+nodeaffinityLabel:
+  value: sysdig
+```
+
+## **pvStorageSize.large.cassandra**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 300Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    cassandra: 500Gi
+```
+
+## **pvStorageSize.large.elasticsearch**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to Elasticsearch
+in a cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 300Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    elasticsearch: 500Gi
+```
+
+## **pvStorageSize.large.mysql**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to MySQL in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 25Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    mysql: 100Gi
+```
+
+## **pvStorageSize.large.postgresql**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to PostgreSQL in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 60Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    postgresql: 100Gi
+```
+
+## **pvStorageSize.medium.cassandra**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 100Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    cassandra: 300Gi
+```
+
+## **pvStorageSize.medium.elasticsearch**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to Elasticsearch in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 100Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    elasticsearch: 300Gi
+```
+
+## **pvStorageSize.medium.mysql**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to MySQL in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 25Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    mysql: 100Gi
+```
+
+## **pvStorageSize.medium.postgresql**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to PostgreSQL in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 60Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    postgresql: 100Gi
+```
+
+## **pvStorageSize.small.cassandra**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 30Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    cassandra: 100Gi
+```
+
+## **pvStorageSize.small.elasticsearch**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to Elasticsearch
+in a cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 30Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    elasticsearch: 100Gi
+```
+
+## **pvStorageSize.small.mysql**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to MySQL in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 25Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    mysql: 100Gi
+```
+
+## **pvStorageSize.small.postgresql**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to PostgreSQL in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 30Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    postgresql: 100Gi
+```
+
+## **sysdig.anchoreLicensePath**
+**Required**: `false`<br>
+**Description**: This is the path relative to the values.yaml where the
+anchore enterprise license yaml is located. This parameter is required if
+`sysdig.configureScanningReporting` is configured to `true`.<br>
+**Options**:<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+sysdig:
+  anchoreLicensePath: anchore-enterprise-license.yaml
+```
+
+## **sysdig.anchoreVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of the Sysdig Anchore Core.<br>
+**Options**:<br>
+**Default**: 0.5.0.1<br>
+**Example**:
+
+```yaml
+sysdig:
+  anchoreVersion: 0.5.0.1
+```
+
+## **sysdig.anchoreEnterpriseVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of the Sysdig Anchore reporting.<br>
+**Options**:<br>
+**Default**: v0.4.1<br>
+**Example**:
+
+```yaml
+sysdig:
+  anchoreEnterpriseVersion: 0.5.0.1
+```
+
+## **sysdig.cassandraVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of Cassandra.<br>
+**Options**:<br>
+**Default**: 2.1.21.13<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraVersion: 2.1.21.13
+```
+
+## **sysdig.cassandra.external**
+**Required**: `false`<br>
+**Description**: If set does not create a local Cassandra cluster, tries connecting to an external Cassandra cluster.
+This can be used in conjunction with [`sysdig.cassandra.endpoint`](#sysdigcassandraendpoint) <br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+  external: true
+```
+
+## **sysdig.cassandra.endpoint**
+**Required**: `false`<br>
+**Description**:  External Cassandra endpoint can be provided here. <br>
+**Options**: <br>
+**Default**: 'sysdigcloud-cassandra'<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+  external: true
+  endpoint: external.cassandra.cluster
+```
+
+## **sysdig.cassandra.secure**
+**Required**: `false`<br>
+**Description**: Enables cassandra server and clients to use authentication. <br>
+**Options**: `true|false`<br>
+**Default**:`false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   secure: true
+   ssl: true
+```
+
+## **sysdig.cassandra.ssl**
+**Required**: `false`<br>
+**Description**: Enables cassandra server and clients communicate over ssl. <br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   secure: true
+   ssl: true
+```
+
+## **sysdig.cassandra.user**
+**Required**: `false`<br>
+**Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
+**Options**: <br>
+**Default**: `sysdigcassandra`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   user: cassandrauser
+```
+
+## **sysdig.cassandra.password**
+**Required**: `false`<br>
+**Description**: Sets cassandra password <br>
+**Options**: <br>
+**Default**: Autogenerated 16 alphanumeric characters<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   user: cassandrauser
+   password: cassandrapassword
+```
+
+## **sysdig.cassandra.workloadName**
+**Required**: `false`<br>
+**Description**: Name assigned to the Cassandra objects(statefulset and
+service)<br>
+**Options**: <br>
+**Default**: `sysdigcloud-cassandra`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   workloadName: sysdigcloud-cassandra
+```
+
+## **sysdig.cassandra.customOverrides**
+**Required**: `false`<br>
+**Description**: The custom overrides of Cassandra's default configuration. The parameter
+expects a YAML block of key-value pairs as described in the [Cassandra
+documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/configuration/configCassandra_yaml_r.html).<br>
+**Options**:<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    customOverrides: |
+      hinted_handoff_enabled: false
+      concurrent_compactors: 8
+      read_request_timeout_in_ms: 10000
+      write_request_timeout_in_ms: 10000
+```
+
+## **sysdig.cassandra.datacenterName**
+**Required**: `false`<br>
+**Description**: The datacenter name used for the [Cassandra
+Snitch](http://cassandra.apache.org/doc/latest/operating/snitch.html).<br>
+**Options**:<br>
+**Default**:  In AWS the value is ec2Region as determined by the code
+[here](https://github.com/apache/cassandra/blob/a85afbc7a83709da8d96d92fc4154675794ca7fb/src/java/org/apache/cassandra/locator/Ec2Snitch.java#L61-L63),
+elsewhere defaults to an empty string. <br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    datacenterName: my-cool-datacenter
+```
+
+## **sysdig.cassandra.jvmOptions**
+**Required**: `false`<br>
+**Description**: The custom configuration for Cassandra JVM.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    jvmOptions: -Xms6G -Xmx6G -XX:+PrintGCDateStamps -XX:+PrintGCDetails
+```
+
+## **sysdig.cassandra.hostPathNodes**
+**Required**: `false`<br>
+**Description**: An array of node hostnames printed out by the `kubectl get node -o
+name` command. These are the nodes where Cassandra hostPath persistent volumes should be created on. The number of nodes must be at minimum whatever the value of
+[`sysdig.cassandraReplicaCount`](#sysdigcassandrareplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
+**Options**:<br>
+**Default**: [] <br>
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    hostPathNodes:
+      - my-cool-host1.com
+      - my-cool-host2.com
+      - my-cool-host3.com
+      - my-cool-host4.com
+      - my-cool-host5.com
+      - my-cool-host6.com
+```
+
+## **sysdig.collectorPort**
+**Required**: `false`<br>
+**Description**: The port to publicly serve Sysdig collector on.<br>
+_**Note**: collectorPort is not configurable in openshift deployments. It is always 443._<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443` <br>
+**Example**:
+
+```yaml
+sysdig:
+  collectorPort: 7000
+```
+
+## **sysdig.configureScanningReporting**
+**Required**: `false`<br>
+**Description**: Specifies if image scanning and reporting feature should be
+included in the Sysdig platform to be deployed.<br>
+**Options**: `true|false`<br>
+**Default**: `false` <br>
+**Example**:
+
+```yaml
+sysdig:
+  configureScanningReporting: true
+```
+
+## **sysdig.customCA**
+**Required**: `false`<br>
+**Description**:
+The Sysdig platform may sometimes open connections over SSL to certain external services, including:
+ - LDAP over SSL
+ - SAML over SSL
+ - OpenID Connect over SSL
+ - HTTPS Proxies<br>
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
+**Example**:
+
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/custom-java-certs
+certs/custom-java-certs/certificate1.crt
+certs/custom-java-certs/certificate2.crt
+values.yaml
+```
+
+```yaml
+sysdig:
+  customCA: true
+```
+
+## **sysdig.dnsName**
+**Required**: `true`<br>
+**Description**: The domain name the Sysdig APIs will be served on.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  dnsName: my-awesome-domain-name.com
+```
+
+## **sysdig.elasticsearchVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of Elasticsearch.<br>
+**Options**:<br>
+**Default**: 5.6.16.12<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchVersion: 5.6.16.12
+```
+
+## **sysdig.haproxyVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of HAProxy ingress controller. The
+parameter is relevant only when configured `deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: v0.7-beta.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  haproxyVersion: v0.7-beta.7
+```
+
+## **sysdig.ingressNetworking**
+**Required**: `false`<br>
+**Description**: The networking construct used to expose the Sysdig API and collector.
+* hostnetwork, sets the hostnetworking in ingress daemonset and opens host ports for api and collector. This does not create a service.
+* loadbalancer, creates a service of type [`loadbalancer`](https://kubernetes.io/docs/concepts/services-networking/#loadbalancer)
+* nodeport, creates a service of type [`nodeport`](https://kubernetes.io/docs/concepts/services-networking/#nodeport). The node ports can be customized with:
+  * [`sysdig.ingressNetworkingInsecureApiNodePort`](#sysdigingressnetworkinginsecureapinodeport)
+  * [`sysdig.ingressNetworkingApiNodePort`](#sysdigingressnetworkingapinodeport)
+  * [`sysdig.ingressNetworkingCollectorNodePort`](#sysdigingressnetworkingcollectornodeport)
+
+**Options**:
+[`hostnetwork`](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces)|[`loadbalancer`](https://kubernetes.io/docs/concepts/services-networking/#loadbalancer)|[`nodeport`](https://kubernetes.io/docs/concepts/services-networking/#nodeport)
+
+**Default**: `hostnetwork`
+**Example**:
+
+```yaml
+sysdig:
+  ingressNetworking: loadbalancer
+```
+
+## **sysdig.ingressNetworkingInsecureApiNodePort**
+**Required**: `false`<br>
+**Description**: When [`sysdig.ingressNetworking`](#sysdigingressnetworking)
+is configured as `nodeport`, this is the NodePort requested by Installer
+from Kubernetes for the Sysdig non-TLS API endpoint.<br>
+**Options**: <br>
+**Default**: `30000`
+**Example**:
+
+```yaml
+sysdig:
+  ingressNetworkingInsecureApiNodePort: 30000
+```
+
+## **sysdig.ingressNetworkingApiNodePort**
+**Required**: `false`<br>
+**Description**: When [`sysdig.ingressNetworking`](#sysdigingressnetworking)
+is configured as `nodeport`, this is the NodePort requested by Installer
+from Kubernetes for the Sysdig TLS API endpoint.<br>
+**Options**: <br>
+**Default**: `30001`
+**Example**:
+
+```yaml
+sysdig:
+  ingressNetworkingApiNodePort: 30001
+```
+
+## **sysdig.ingressNetworkingCollectorNodePort**
+**Required**: `false`<br>
+**Description**: When [`sysdig.ingressNetworking`](#sysdigingressnetworking)
+is configured as `nodeport`, this is the NodePort requested by Installer
+from Kubernetes for the Sysdig collector endpoint.<br>
+**Options**: <br>
+**Default**: `30002`
+**Example**:
+
+```yaml
+sysdig:
+  ingressNetworkingCollectorNodePort: 30002
+```
+
+## **sysdig.license**
+**Required**: `true`<br>
+**Description**: Sysdig license provided with the deployment.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  license: replace_with_your_license
+```
+
+## **sysdig.localVolumeProvisioner**
+**Required**: `false`<br>
+**Description**: The version of the localVolumeProvisioner.<br>
+**Options**:<br>
+**Default**: v2.3.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  localVolumeProvisioner: v2.3.2
+```
+
+## **sysdig.monitorVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of the Sysdig Monitor.<br>
+**Options**:<br>
+**Default**: 2.5.0.5132<br>
+**Example**:
+
+```yaml
+sysdig:
+  monitorVersion: 2.5.0.5132
+```
+
+## **sysdig.mysqlHa**
+**Required**: `false`<br>
+**Description**: Determines if mysql should run in HA mode.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  mysqlHa: false
+```
+
+## **sysdig.mysqlHaVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of MySQL used for HA.<br>
+**Options**:<br>
+**Default**: 8.0.16.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  mysqlVersion: 8.0.16.2
+```
+
+## **sysdig.mysqlHaAgentVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of MySQL Agent used for HA.<br>
+**Options**:<br>
+**Default**: 0.1.15<br>
+**Example**:
+
+```yaml
+sysdig:
+  mysqlVersion: 0.1.15
+```
+
+## **sysdig.mysqlVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of MySQL.<br>
+**Options**:<br>
+**Default**: 5.6.44.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  mysqlVersion: 5.6.44.0
+```
+
+## **sysdig.mysql.external**
+**Required**: `false`<br>
+**Description**: If set, the installer does not create a local mysql cluster
+instead it sets up the sysdig platform to connect to the configured
+[`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    external: true
+```
+
+## **sysdig.mysql.hostname**
+**Required**: `false`<br>
+**Description**: Name of the mySQL host that the sysdig platform components
+should connect to.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    hostname: mysql.foo.com
+```
+
+## **sysdig.mysql.hostPathNodes**
+**Required**: `false`<br>
+**Description**: An array of node hostnames printed out by the `kubectl get
+node -o name` command. These are the nodes where MySQL hostPath persistent
+volumes should be created on. The number of nodes must be at minimum whatever
+the value of [`sysdig.mysqlReplicaCount`](#sysdigmysqlreplicacount) is. This
+parameter is required if configured
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: [] <br>
+
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
+## **sysdig.mysql.password**
+**Required**: `false`<br>
+**Description**: The password of the MySQL user that the Sysdig Platform backend
+components will use in communicating with MySQL.<br>
+**Options**:<br>
+**Default**: `mysql-admin`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    user: awesome-user
+```
+
+## **sysdig.mysql.user**
+**Required**: `false`<br>
+**Description**: The username of the MySQL user that the Sysdig Platform backend
+components will use in communicating with MySQL.<br>
+**Options**:<br>
+**Default**: `mysql-admin`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    user: awesome-user
+```
+
+## **sysdig.openshiftUrl**
+**Required**: `false`<br>
+**Description**: Openshift API url along with its port number, this is
+required if configured `deployment` is `openshift`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  openshiftUrl: https://api.my-awesome-openshift.com:6443
+```
+
+## **sysdig.openshiftUser**
+**Required**: `false`<br>
+**Description**: Username of the user to access the configured
+`sysdig.openshiftUrl`, required if configured `deployment` is `openshift`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  openshiftUser: bob+alice
+```
+
+## **sysdig.openshiftPassword**
+**Required**: `false`<br>
+**Description**: Password of the user(`sysdig.openshiftUser`) to access the
+configured `sysdig.openshiftUrl`, required if configured `deployment` is
+`openshift`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  openshiftPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.postgresVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Postgres, relevant when configured `apps`
+is `monitor secure`.<br>
+**Options**:<br>
+**Default**: 10.6.10<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresVersion: 10.6.10
+```
+
+## **sysdig.postgresql.hostPathNodes**
+**Required**: `false`<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
+**Options**:<br>
+**Default**: [] <br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
+## **sysdig.proxy.defaultNoProxy**
+**Required**: `false`<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
+**Options**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports
+```
+
+## **sysdig.proxy.enable**
+**Required**: `false`<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://ancho.re.](https://ancho.re.)<br>
+**Options**:<br>
+**Default**: `false`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+```
+
+## **sysdig.proxy.host**
+**Required**: `false`<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
+**Options**:<br>
+**Default**:<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
+```
+
+## **sysdig.proxy.noProxy**
+**Required**: `false`<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
+**Options**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
+```
+
+## **sysdig.proxy.password**
+**Required**: `false`<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**:<br>
+**Default**:<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    password: F00B@r!
+```
+
+## **sysdig.proxy.port**
+**Required**: `false`<br>
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
+**Options**:<br>
+**Default**: `80`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    port: 3128
+```
+
+## **sysdig.proxy.protocol**
+**Required**: `false`<br>
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    protocol: https
+```
+
+## **sysdig.proxy.user**
+**Required**: `false`<br>
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**:<br>
+**Default**:<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    user: alice
+```
+
+
+## **sysdig.redisVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Redis.<br>
+**Options**:<br>
+**Default**: 4.0.12.6<br>
+**Example**:
+
+```yaml
+sysdig:
+  redisVersion: 4.0.12.6
+```
+
+## **sysdig.redisHaVersion**
+**Required**: `true`<br>
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
+**Options**:<br>
+**Default**: 4.0.12.6<br>
+**Example**:
+
+```yaml
+sysdig:
+  redisHaVersion: 4.0.12.6
+```
+
+## **sysdig.redisHa**
+**Required**: `false`<br>
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  redisHa: false
+```
+
+## **sysdig.resources.cassandra.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits|
+|------------|------|
+| small      | 2    |
+| medium     | 4    |
+| large      | 8    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    cassandra:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.cassandra.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits|
+|------------|------|
+| small      | 8Gi  |
+| medium     | 8Gi  |
+| large      | 8Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    cassandra:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.cassandra.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 1      |
+| medium     | 2      |
+| large      | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    cassandra:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.cassandra.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 2Gi    |
+| medium     | 2Gi    |
+| large      | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    cassandra:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.elasticsearch.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits|
+|------------|------|
+| small      | 2    |
+| medium     | 4    |
+| large      | 8    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    elasticsearch:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.elasticsearch.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits|
+|------------|------|
+| small      | 8Gi  |
+| medium     | 8Gi  |
+| large      | 8Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    elasticsearch:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.elasticsearch.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 1      |
+| medium     | 2      |
+| large      | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    elasticsearch:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.elasticsearch.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 4Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    elasticsearch:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.mysql-router.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits|
+|------------|------|
+| small      | 500m |
+| medium     | 500m |
+| large      | 500m |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql-router:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.mysql-router.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits|
+|------------|------|
+| small      | 500Mi|
+| medium     | 500Mi|
+| large      | 500Mi|
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql-router:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.mysql-router.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 250m   |
+| medium     | 250m   |
+| large      | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql-router:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.mysql-router.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100Mi  |
+| medium     | 100Mi  |
+| large      | 100Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql-router:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.mysql.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
+**Options**:<br>
+**Default**:<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.mysql.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to mysql pods<br>
+**Options**:<br>
+**Default**:<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.mysql.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 500m   |
+| medium     | 500m   |
+| large      | 500m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.mysql.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 1Gi    |
+| medium     | 1Gi    |
+| large      | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.postgresql.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 4      |
+| large      | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    postgresql:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.postgresql.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    postgresql:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.postgresql.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 500m   |
+| medium     | 1      |
+| large      | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    postgresql:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.postgresql.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 1Gi    |
+| large      | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    postgresql:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.redis.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to redis pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.redis.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to redis pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2Gi    |
+| medium     | 2Gi    |
+| large      | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.redis.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule redis pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100m   |
+| medium     | 100m   |
+| large      | 100m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.redis.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule redis pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100Mi  |
+| medium     | 100Mi  |
+| large      | 100Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.redis-primary.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to redis-primary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-primary:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-primary.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to redis-primary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2Gi    |
+| medium     | 2Gi    |
+| large      | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-primary:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.redis-primary.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule redis-primary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100m   |
+| medium     | 100m   |
+| large      | 100m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-primary:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-primary.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule redis-primary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100Mi  |
+| medium     | 100Mi  |
+| large      | 100Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-primary:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.redis-secondary.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to redis-secondary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-secondary:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-secondary.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to redis-secondary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2Gi    |
+| medium     | 2Gi    |
+| large      | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-secondary:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.redis-secondary.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule redis-secondary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100m   |
+| medium     | 100m   |
+| large      | 100m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-secondary:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-secondary.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule redis-secondary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100Mi  |
+| medium     | 100Mi  |
+| large      | 100Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-secondary:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.redis-sentinel.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 300m   |
+| medium     | 300m   |
+| large      | 300m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-sentinel.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 20Mi   |
+| medium     | 20Mi   |
+| large      | 20Mi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.redis-sentinel.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50m   |
+| medium     |  50m   |
+| large      |  50m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-sentinel.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   5Mi  |
+| medium     |   5Mi  |
+| large      |   5Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.redis-sentinel.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 300m   |
+| medium     | 300m   |
+| large      | 300m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-sentinel.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 20Mi   |
+| medium     | 20Mi   |
+| large      | 20Mi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.redis-sentinel.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50m   |
+| medium     |  50m   |
+| large      |  50m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-sentinel.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   5Mi  |
+| medium     |   5Mi  |
+| large      |   5Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4      |
+| medium     | 4      |
+| large      | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 16Gi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    api:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  1     |
+| medium     |  1     |
+| large      |  4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    api:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   4Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    api:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4      |
+| medium     | 4      |
+| large      | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    worker:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 16Gi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    worker:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  1     |
+| medium     |  1     |
+| large      |  4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    worker:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   4Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    worker:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.collector.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to collector pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4      |
+| medium     | 4      |
+| large      | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.collector.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to collector pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 16Gi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.collector.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  1     |
+| medium     |  1     |
+| large      |  4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.collector.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule collector pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   4Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.anchore-core.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4      |
+| medium     | 4      |
+| large      | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-core:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-core.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-core:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.anchore-core.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  500m  |
+| medium     |  1     |
+| large      |  1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-core:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-core.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   1Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-core:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.anchore-reports.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to anchore-reports pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 300m   |
+| medium     | 300m   |
+| large      | 300m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-reports:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-reports.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to anchore-reports pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 8Gi    |
+| medium     | 8Gi    |
+| large      | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-reports:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.anchore-reports.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule anchore-reports pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  100m  |
+| medium     |  100m  |
+| large      |  100m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-reports:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-reports.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule anchore-reports pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   3Gi  |
+| medium     |   3Gi  |
+| large      |   3Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-reports:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.anchore-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4      |
+| medium     | 4      |
+| large      | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.anchore-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  500m  |
+| medium     |  1     |
+| large      |  1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   1Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.scanning-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4      |
+| medium     | 4      |
+| large      | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.scanning-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  500m  |
+| medium     |  1     |
+| large      |  1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   1Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      requests:
+        memory: 200Mi
+```
+
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4      |
+| medium     | 4      |
+| large      | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.scanningalertmgr.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.scanningalertmgr.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  500m  |
+| medium     |  1     |
+| large      |  1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.scanningalertmgr.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   1Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.5<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.5
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+**Required**: `false`<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+**Required**: `false`<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+**Required**: `false`<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+**Required**: `false`<br>
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br>
+```
+
+## **sysdig.smtpUser**
+**Required**: `false`<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br>
+```
+
+## **sysdig.tolerations**
+**Required**: `false`<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 5
+```
+
+## **sysdig.anchoreReportingReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Reporting replicas, this is a noop
+for clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreReportingReplicaCount: 5
+```
+
+## **sysdig.apiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  3  |
+| large      |  5  |
+
+**Example**:
+
+```yaml
+sysdig:
+  apiReplicaCount: 5
+```
+
+## **sysdig.cassandraReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  3  |
+| large      |  6  |
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandraReplicaCount: 20
+```
+
+## **sysdig.collectorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  3  |
+| large      |  5  |
+
+**Example**:
+
+```yaml
+sysdig:
+  collectorReplicaCount: 7
+```
+
+## **sysdig.elasticSearchReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  3  |
+| large      |  6  |
+
+**Example**:
+
+```yaml
+sysdig:
+  elasticSearchReplicaCount: 20
+```
+
+## **sysdig.workerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  3  |
+| large      |  5  |
+
+**Example**:
+
+```yaml
+sysdig:
+  workerReplicaCount: 7
+```
+
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
+```
+
+## **sysdig.admin.password**
+**Required**: `false`<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    password: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.api.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+```
+
+## **sysdig.certificate.generate**
+**Required**: `false`<br>
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    generate: true
+```
+
+## **sysdig.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    crt: certs/server.crt
+```
+
+## **sysdig.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    crt: certs/server.key
+```
+
+## **sysdig.collector.dnsName**
+**Required**: `false`<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
+```
+
+## **sysdig.collector.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.collector.certificate.generate**
+**Required**: `false`<br>
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      generate: true
+```
+
+## **sysdig.collector.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
+```
+
+## **sysdig.collector.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
+```
+
+## **sysdig.worker.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
new file mode 100644
index 00000000..874f2373
--- /dev/null
+++ b/installer/docs/upgrade.md
@@ -0,0 +1,91 @@
+# Upgrade
+
+## Overview
+
+The Installer can be used to upgrade a Sysdig implementation. As in an
+install, you must meet the prerequisites, download the values.yaml, edit the
+values as indicated, and run the Installer. The main difference is that you
+run it twice: once to discover the differences between the old and new
+versions, and the second time to deploy the new version.
+
+As with installs, it can be used in airgapped or non-airgapped environments.
+
+Review the [Prerequisites](../README.md#prerequisites) and [Installation
+Options](../README.md#quickstart-install) for more context.
+
+## Upgrade Steps
+
+To upgrade:<br>
+
+1. Copy the current version sysdig-chart/values.yaml to your working directory.
+  ```bash
+  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
+  ```
+2. Edit the following values:
+  - [`scripts`](docs/configuration_parameters.md#scripts): Set this to
+  `generate diff`. This setting will generate the differences between the
+  installed environment and the upgrade version. The changes will be displayed
+  in your terminal. 
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the
+  cluster. Size defines CPU, Memory, Disk, and Replicas. Valid options are:
+  small, medium and large.
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret):
+  quay.io credentials provided with your Sysdig purchase confirmation mail.
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+  The name of the storage class provisioner to use when creating the
+  configured storageClassName parameter. If you do not use one of those two
+  dynamic storage provisioners, then enter: hostPath and refer to the Advanced
+  examples for how to configure static storage provisioning with this option.
+  Valid options: aws, gke, hostPath
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  provided with your Sysdig purchase confirmation mail
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  the Sysdig APIs will be served on.
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  (OpenShift installs only) Domain name the Sysdig collector will be served on.
+  When not configured it defaults to whatever is configured for sysdig.dnsName.
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  The networking construct used to expose the Sysdig API and collector.  Options
+  are:
+    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
+      host ports for api and collector. This does not create a Kubernetes service.
+    - loadbalancer: creates a service of type loadbalancer and expects that
+      your Kubernetes cluster can provision a load balancer with your cloud provider.
+    - nodeport: creates a service of type nodeport. The node ports can be
+      customized with:
+
+      - sysdig.ingressNetworkingInsecureApiNodePort
+      - sysdig.ingressNetworkingApiNodePort
+      - sysdig.ingressNetworkingCollectorNodePort
+
+  **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
+  would also edit the following values: 
+
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  The URL of the airgapped (internal) docker registry. This URL is used for
+  installations where the Kubernetes cluster can not pull images directly from
+  Quay.
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  The password for the configured airgapped_registry_username. Ignore this
+  parameter if the registry does not require authentication.
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  The username for the configured airgapped_registry_name. Ignore this
+  parameter if the registry does not require authentication.
+
+3. Run the Installer. (Note: This step differs for Airgapped Installations,
+  see [Airgapped Installation
+  Options](../README.md#airgapped-Installation-Options).) 
+  ```bash
+  docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z -v $(pwd):/manifests:Z \quay.io/sysdig/installer:2.4.1-3
+  ```
+
+4. If you are fine with the differences displayed, then set value for the
+  `scripts` parameter in your values.yaml to `deploy` and rerun the Installer
+  as in Step 3.<br>
+  If you find differences that you want to preserve you should
+  look in the [Configuration Parameters](docs/configuration_parameters.md)
+  documentation for the configuration parameter that matches the difference
+  you intend preserving and update your values.yaml accordingly then repeat
+  step 3 until you are fine with the differences. Then set scripts to deploy
+  and run for the final time.
diff --git a/installer/values.yaml b/installer/values.yaml
new file mode 100644
index 00000000..2318bb9e
--- /dev/null
+++ b/installer/values.yaml
@@ -0,0 +1,23 @@
+#This represents the schema version of this config, this version follows semver
+#and maintains semver guarantees around versioning.
+schema_version: 1.0.0
+#Size of the cluster. Takes [ small | medium | large ]
+#This defines CPU & Memory & Disk & Replicas
+#Replicas can be overwritten for medium , large in advanced   config section
+size: medium
+#Set Quay.Io secrets
+quaypullsecret: <change-me>
+#supports aws | gke | hostPath | local
+storageClassProvisioner: aws
+#Sysdig application config
+sysdig:
+# Sysdig Platform super admin user. This will be used for initial login to
+# the web interface. Make sure this is a valid email address that you can
+# receive emails at.
+  admin:
+    username: <a-valid-email-address>
+  #Set Sysdig license
+  license: <change-me>
+  dnsName: <change-me>
+  #supports hostnetwork | loadbalancer | nodeport
+  ingressNetworking: hostnetwork

From 315e58453f06718aa5b997fd7c536ab87f3815f1 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 19 Dec 2019 18:52:38 +0000
Subject: [PATCH 007/156] updating installer docs

---
 installer/README.md                        |  166 ++-
 installer/docs/advanced.md                 |   38 +
 installer/docs/configuration_parameters.md | 1510 +++++++++++++++++---
 installer/docs/upgrade.md                  |   10 +-
 installer/values.yaml                      |    4 +-
 5 files changed, 1489 insertions(+), 239 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 6db315b1..1eb572e8 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,9 +1,7 @@
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor and/or Sysdig
-Secure), for environments using Kubernetes or OpenShift. Use the Installer
-to install or upgrade your Sysdig platform. It is recommended as a replacement
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and Agent), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
 # Installation Overview
@@ -56,30 +54,32 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
+
   - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-  defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-  large.
+    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+    large.
   - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-  your Sysdig purchase confirmation mail.
+    your Sysdig purchase confirmation mail.
   - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
-  The name of the storage class provisioner to use when creating the
-  configured storageClassName parameter. If you do not use one of those two
-  dynamic storage provisioners, then enter: hostPath and refer to the Advanced
-  examples for how to configure static storage provisioning with this option.
-  Valid options: aws, gke, hostPath
+    The name of the storage class provisioner to use when creating the
+    configured storageClassName parameter. If you do not use one of those two
+    dynamic storage provisioners, then enter: hostPath and refer to the Advanced
+    examples for how to configure static storage provisioning with this option.
+    Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-  provided with your Sysdig purchase confirmation mail
+    provided with your Sysdig purchase confirmation mail
   - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-  the Sysdig APIs will be served on.
+    the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-  (OpenShift installs only) Domain name the Sysdig collector will be served on.
-  When not configured it defaults to whatever is configured for sysdig.dnsName.
+    (OpenShift installs only) Domain name the Sysdig collector will be served on.
+    When not configured it defaults to whatever is configured for sysdig.dnsName.
   - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-  The networking construct used to expose the Sysdig API and collector.  Options
-  are:
+    The networking construct used to expose the Sysdig API and collector. Options
+    are:
+
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
       host ports for api and collector. This does not create a Kubernetes service.
     - loadbalancer: creates a service of type loadbalancer and expects that
@@ -87,30 +87,35 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     - nodeport: creates a service of type nodeport. The node ports can be
       customized with:
 
-      - sysdig.ingressNetworkingInsecureApiNodePort
-      - sysdig.ingressNetworkingApiNodePort
-      - sysdig.ingressNetworkingCollectorNodePort
-  When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
+          - sysdig.ingressNetworkingInsecureApiNodePort
+          - sysdig.ingressNetworkingApiNodePort
+          - sysdig.ingressNetworkingCollectorNodePort
+
+      When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
 
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
   - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-  The URL of the airgapped (internal) docker registry. This URL is used for
-  installations where the Kubernetes cluster can not pull images directly from
-  Quay.
+    The URL of the airgapped (internal) docker registry. This URL is used for
+    installations where the Kubernetes cluster can not pull images directly from
+    Quay.
   - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-  The password for the configured airgapped_registry_username. Ignore this
-  parameter if the registry does not require authentication.
+    The password for the configured airgapped_registry_username. Ignore this
+    parameter if the registry does not require authentication.
   - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-  The username for the configured airgapped_registry_name. Ignore this
-  parameter if the registry does not require authentication.
+    The username for the configured airgapped_registry_name. Ignore this
+    parameter if the registry does not require authentication.
 
 - Run the Installer. (Note: This step differs in [Airgapped Installation
   Options](#airgapped-installation-options).)
   ```bash
-  docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z -v $(pwd):/manifests:Z \quay.io/sysdig/installer:2.5.0.3
+  docker run \
+    -e HOST_USER=$(id -u) \
+    -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z \
+    -v $(pwd):/manifests:Z \
+    quay.io/sysdig/installer:3.0.0-1
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -130,6 +135,29 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -149,12 +177,14 @@ the following exceptions:
 - In step 3, run the Installer as follows:
 
 ```bash
-docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
+docker run \
+  -e HOST_USER=$(id -u) \
+  -e KUBECONFIG=/.kube/config \
   -v ~/.kube:/.kube:Z \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:2.5.0.3
+  quay.io/sysdig/installer:3.0.0-1
 ```
 
 ## Full Airgap Install
@@ -168,11 +198,13 @@ will pull an image containing a self-extracting tarball which can be copied to
 the installation machine.
 
 ### Requirements for jump machine
+
 - Network access to quay.io
 - Docker
 - jq
 
 ### Requirements for installation machine
+
 - Network access to Kubernetes cluster
 - Docker
 - Bash
@@ -187,11 +219,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:2.5.0.3-uber
+  docker pull quay.io/sysdig/installer:3.0.0-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:2.5.0.3-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.0.0-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -201,30 +233,31 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
+
   - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-  defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-  large
+    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+    large
   - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-  your Sysdig purchase confirmation mail
+    your Sysdig purchase confirmation mail
   - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
-  name of the storage class provisioner to use when creating the configured
-  storageClassName parameter. Use hostPath or local in clusters that do not have
-  a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
-  are created manually this should be configured as none. Valid options are:
-  aws,gke,hostPath,local,none
+    name of the storage class provisioner to use when creating the configured
+    storageClassName parameter. Use hostPath or local in clusters that do not have
+    a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
+    are created manually this should be configured as none. Valid options are:
+    aws,gke,hostPath,local,none
   - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-  provided with your Sysdig purchase confirmation mail
+    provided with your Sysdig purchase confirmation mail
   - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-  the Sysdig APIs will be served on.
+    the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-  (OpenShift installs only) Domain name the Sysdig collector will be served on.
-  When not configured it defaults to whatever is configured for sysdig.dnsName.
+    (OpenShift installs only) Domain name the Sysdig collector will be served on.
+    When not configured it defaults to whatever is configured for sysdig.dnsName.
   - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-  The networking construct used to expose the Sysdig API and collector.  Options
-  are:
+    The networking construct used to expose the Sysdig API and collector. Options
+    are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
       host ports for api and collector. This does not create a Kubernetes service.
     - loadbalancer: creates a service of type loadbalancer and expects that
@@ -235,15 +268,15 @@ the installation machine.
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
   - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-  The URL of the airgapped (internal) docker registry. This URL is used for
-  installations where the Kubernetes cluster can not pull images directly from
-  Quay.
+    The URL of the airgapped (internal) docker registry. This URL is used for
+    installations where the Kubernetes cluster can not pull images directly from
+    Quay.
   - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-  The password for the configured airgapped_registry_username. Ignore this
-  parameter if the registry does not require authentication.
+    The password for the configured airgapped_registry_username. Ignore this
+    parameter if the registry does not require authentication.
   - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-  The username for the configured airgapped_registry_name. Ignore this
-  parameter if the registry does not require authentication.
+    The username for the configured airgapped_registry_name. Ignore this
+    parameter if the registry does not require authentication.
 
 - Copy the tarball file to the directory where you have your values.yaml file.
 - Run the tar file:
@@ -278,3 +311,22 @@ For the full dictionary of configuration parameters, see:
 # Advanced Configuration
 
 For advanced configuration option see [advanced.md](docs/advanced.md)
+
+# Example values.yaml
+
+- [single-node values.yaml](examples/single-node/values.yaml)
+- [openshift-with-hostpath values.yaml](examples/openshift-with-hostpath/values.yaml)
+
+# Resource requirements
+
+The below table represents the amount of resources for various cluster sizes
+in their default configuration. The `Redis HA` column indicates extra amount
+of resources required if `redisHa: true` is configured.
+
+| Application | SMALL        |            | GB              | GB            | GB      |     | MEDIUM       |            | GB              | GB            | GB      |     | LARGE |              | GB         | GB              | GB            |         |
+| ----------- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ----- | ------------ | ---------- | --------------- | ------------- | ------- |
+|             | cpu requests | cpu limits | memory requests | memory limits | storage |     | cpu requests | cpu limits | memory requests | memory limits | storage |     |       | cpu requests | cpu limits | memory requests | memory limits | storage |
+| Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
+| Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
+| Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 888f6e0a..c940cc2d 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -57,3 +57,41 @@ sysdig:
     hostPathNodes:
       - my-cool-host1.com
 ```
+
+
+## Installer on EKS
+
+### Creating a cluster
+Please do not use eksctl 0.10.0 and 0.10.1 as those are known to be buggy see: kubernetes/kubernetes#73906 (comment)
+```bash
+eksctl create cluster \
+   --name=eks-installer1 \
+   --node-type=m5.4xlarge \
+   --nodes=3 \
+   --version 1.14 \
+   --region=us-east-1 \
+   --vpc-public-subnets=<subnet1,subnet2>
+```
+
+### Additional config for installer
+EKS uses aws-iam-authenticator to authorize kubectl commands.
+aws-iam-authenticator needs aws credentials mounted from **~/.aws** to the installer.
+```bash
+docker run  \
+  -v ~/.aws:/.aws \
+  -e HOST_USER=$(id -u) \
+  -e KUBECONFIG=/.kube/config \
+  -v ~/.kube:/.kube:Z \
+  -v $(pwd):/manifests:Z \
+  quay.io/sysdig/installer:<InstallerVersion>
+```
+
+### Exposing the sysdig endpoint
+Get the external ip/endpoint for the ingress service.
+```bash
+kubectl -n <namespace>  get service haproxy-ingress-service
+```
+In route53 create an A record with the dns name pointing to external ip/endpoint.
+
+### Gotchas
+Make sure that subnets have internet gateway configured and has enough ips.
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 85cd06e9..52278766 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -38,13 +38,14 @@ size: medium
 ```
 
 ## **storageClassProvisioner**
-**Required**: `true`<br>
+**Required**: `false`<br>
 **Description**: The name of the [storage class
 provisioner](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner)
 to use when creating the configured storageClassName parameter. Use hostPath
 or local in clusters that do not have a provisioner. For setups where
 Persistent Volumes and Persistent Volume Claims are created manually this
-should be configured as `none`.<br>
+should be configured as `none`. If this is not configured
+[`storageClassName`](#storageclassname) needs to be configured.<br>
 **Options**: `aws|gke|hostPath|local|none`<br>
 **Default**:<br>
 **Example**:
@@ -58,7 +59,7 @@ storageClassProvisioner: aws
 **Description**: Specifies the Sysdig Platform components to be installed.<br>
 Combine multiple components by space separating them. Specify at least one
 app, for example, `monitor`.<br>
-**Options**: `monitor|monitor secure`<br>
+**Options**: `monitor|monitor secure|agent|monitor agent|monitor secure agent`<br>
 **Default**: `monitor secure`<br>
 **Example**:
 
@@ -130,6 +131,18 @@ under. This  is relevant only when `storageClassProvisioner` is `local`.<br>
 localStoragehostDir: /sysdig
 ```
 
+## **context**
+**Required**: `false`<br>
+**Description**: Kubernetes context to use for deploying Sysdig Platform.
+If this param is not not or a blank value is specified, it will use the default context.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+context: production
+```
+
 ## **namespace**
 **Required**: `false`<br>
 **Description**: Kubernetes namespace to deploy Sysdig Platform to.<br>
@@ -204,7 +217,7 @@ cloudProvider:
 ## **cloudProvider.name**
 **Required**: `false`<br>
 **Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gke`<br>
+**Options**: `aws|gke|ibm`<br>
 **Default**:<br>
 **Example**:
 
@@ -623,42 +636,28 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **sysdig.anchoreLicensePath**
+## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
-**Description**: This is the path relative to the values.yaml where the
-anchore enterprise license yaml is located. This parameter is required if
-`sysdig.configureScanningReporting` is configured to `true`.<br>
+**Description**: Docker image tag of Activity Audit services.<br>
 **Options**:<br>
-**Default**: <br>
+**Default**: 3.0.0.5308<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreLicensePath: anchore-enterprise-license.yaml
+  activityAuditVersion: 3.0.0.5308
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.5.0.1<br>
-**Example**:
-
-```yaml
-sysdig:
-  anchoreVersion: 0.5.0.1
-```
-
-## **sysdig.anchoreEnterpriseVersion**
-**Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Anchore reporting.<br>
-**Options**:<br>
-**Default**: v0.4.1<br>
+**Default**: 0.5.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreEnterpriseVersion: 0.5.0.1
+  anchoreVersion: 0.5.1.2
 ```
 
 ## **sysdig.cassandraVersion**
@@ -670,7 +669,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.13
+  cassandraVersion: 2.1.21.16
 ```
 
 ## **sysdig.cassandra.external**
@@ -855,19 +854,6 @@ sysdig:
   collectorPort: 7000
 ```
 
-## **sysdig.configureScanningReporting**
-**Required**: `false`<br>
-**Description**: Specifies if image scanning and reporting feature should be
-included in the Sysdig platform to be deployed.<br>
-**Options**: `true|false`<br>
-**Default**: `false` <br>
-**Example**:
-
-```yaml
-sysdig:
-  configureScanningReporting: true
-```
-
 ## **sysdig.customCA**
 **Required**: `false`<br>
 **Description**:
@@ -916,12 +902,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 5.6.16.12<br>
+**Default**: 5.6.16.15<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 5.6.16.12
+  elasticsearchVersion: 5.6.16.15
 ```
 
 ## **sysdig.haproxyVersion**
@@ -929,12 +915,12 @@ sysdig:
 **Description**: The docker image tag of HAProxy ingress controller. The
 parameter is relevant only when configured `deployment` is `kubernetes`.<br>
 **Options**:<br>
-**Default**: v0.7-beta.7<br>
+**Default**: v0.7-beta.7.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  haproxyVersion: v0.7-beta.7
+  haproxyVersion: v0.7-beta.7.1
 ```
 
 ## **sysdig.ingressNetworking**
@@ -1026,14 +1012,16 @@ sysdig:
 
 ## **sysdig.monitorVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Monitor.<br>
+**Description**: The docker image tag of the Sysdig Monitor. **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br>
 **Options**:<br>
-**Default**: 2.5.0.5132<br>
+**Default**: 3.0.0.5439<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 2.5.0.5132
+  monitorVersion: 3.0.0.5439
 ```
 
 ## **sysdig.mysqlHa**
@@ -1057,19 +1045,19 @@ sysdig:
 
 ```yaml
 sysdig:
-  mysqlVersion: 8.0.16.2
+  mysqlHaVersion: 8.0.16.2
 ```
 
 ## **sysdig.mysqlHaAgentVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of MySQL Agent used for HA.<br>
 **Options**:<br>
-**Default**: 0.1.15<br>
+**Default**: 0.1.1.5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlVersion: 0.1.15
+  mysqlHaAgentVersion: 0.1.1.5
 ```
 
 ## **sysdig.mysqlVersion**
@@ -1163,6 +1151,30 @@ sysdig:
     user: awesome-user
 ```
 
+## **sysdig.natsExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the Prometheus exporter for NATS.<br>
+**Options**:<br>
+**Default**: 0.6.0.1<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.6.0.1
+```
+
+## **sysdig.natsStreamingVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming.<br>
+**Options**:<br>
+**Default**: 0.16.2.1<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingVersion: 0.16.2.1
+```
+
 ## **sysdig.openshiftUrl**
 **Required**: `false`<br>
 **Description**: Openshift API url along with its port number, this is
@@ -1208,12 +1220,12 @@ sysdig:
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
 is `monitor secure`.<br>
 **Options**:<br>
-**Default**: 10.6.10<br>
+**Default**: 10.6.11<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresVersion: 10.6.10
+  postgresVersion: 10.6.11
 ```
 
 ## **sysdig.postgresql.hostPathNodes**
@@ -1245,7 +1257,7 @@ should only be used if there is an intent to override the defaults provided by
 Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
 instead.<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
 
 **Example**:
 
@@ -1253,7 +1265,7 @@ instead.<br>
 sysdig:
   proxy:
     enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
 ```
 
 ## **sysdig.proxy.enable**
@@ -1298,7 +1310,7 @@ only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
 appended to the list in
 [`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
 
 **Example**:
 
@@ -1379,25 +1391,25 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**: 4.0.12.6<br>
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.6
+  redisVersion: 4.0.12.7
 ```
 
 ## **sysdig.redisHaVersion**
-**Required**: `true`<br>
+**Required**: `false`<br>
 **Description**: Docker image tag of HA Redis, relevant when configured
 `sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**: 4.0.12.6<br>
+**Default**: 4.0.12.8-ha<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12.6
+  redisHaVersion: 4.0.12.8-ha
 ```
 
 ## **sysdig.redisHa**
@@ -2642,39 +2654,39 @@ sysdig:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-reports.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-reports pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|limits  |
 |------------|--------|
-| small      | 300m   |
-| medium     | 300m   |
-| large      | 300m   |
+| small      | 4      |
+| medium     | 4      |
+| large      | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-reports:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-reports.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-reports pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|limits  |
 |------------|--------|
-| small      | 8Gi    |
-| medium     | 8Gi    |
-| large      | 8Gi    |
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 4Gi    |
 
 
 **Example**:
@@ -2682,58 +2694,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-reports:
+    anchore-worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-reports.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-reports pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|requests|
 |------------|--------|
-| small      |  100m  |
-| medium     |  100m  |
-| large      |  100m  |
+| small      |  500m  |
+| medium     |  1     |
+| large      |  1     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-reports:
+    anchore-worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-reports.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-reports pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|requests|
 |------------|--------|
-| small      |   3Gi  |
-| medium     |   3Gi  |
-| large      |   3Gi  |
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   1Gi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-reports:
+    anchore-worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2748,14 +2760,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2771,14 +2783,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanning-api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2793,14 +2805,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanning-api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2815,14 +2827,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanning-api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2837,14 +2850,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2860,14 +2873,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanningalertmgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2882,14 +2895,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanningalertmgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2904,15 +2917,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanningalertmgr:
       requests:
         memory: 200Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2927,14 +2939,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    policy-advisor:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2950,20 +2962,20 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    policy-advisor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|requests|
 |------------|--------|
-| small      |  500m  |
+| small      |  1  |
 | medium     |  1     |
 | large      |  1     |
 
@@ -2972,14 +2984,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    policy-advisor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2994,125 +3006,480 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    policy-advisor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.restrictPasswordLogin**
+## **sysdig.resources.nats-streaming.limits.cpu**
 **Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  restrictPasswordLogin: true
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.rsyslogVersion**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
-**Default**: 8.34.0.5<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      |  2Gi   |
+| medium     |  2Gi   |
+| large      |  2Gi   |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  rsyslogVersion: 8.34.0.5
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.smtpFromAddress**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpFromAddress: from-address@my-company.com
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.smtpPassword**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
-```
+|cluster-size|requests|
+|------------|--------|
+| small      |  1Gi   |
+| medium     |  1Gi   |
+| large      |  1Gi   |
 
-## **sysdig.smtpProtocolSSL**
-**Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolSSL: true
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.smtpProtocolTLS**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolTLS: true
+  resources:
+    activity-audit-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.smtpServer**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServer: smtp.gmail.com
+  resources:
+    activity-audit-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.smtpServerPort**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServerPort: 587<br>
+  resources:
+    activity-audit-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.smtpUser**
+## **sysdig.resources.activity-audit-api.requests.memory**
 **Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpUser: bob+alice@gmail.com<br>
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.tolerations**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**:
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.activity-audit-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 250m   |
+| medium     | 250m   |
+| large      | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 200Mi  |
+| medium     | 200Mi  |
+| large      | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+**Required**: `false`<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+**Required**: `false`<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+**Required**: `false`<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+**Required**: `false`<br>
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br>
+```
+
+## **sysdig.smtpUser**
+**Required**: `false`<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br>
+```
+
+## **sysdig.tolerations**
+**Required**: `false`<br>
+**Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
 [nodeaffinityLabel.key](#nodeaffinityLabelkey) and
@@ -3151,10 +3518,9 @@ sysdig:
   anchoreCoreReplicaCount: 5
 ```
 
-## **sysdig.anchoreReportingReplicaCount**
+## **sysdig.anchoreWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Reporting replicas, this is a noop
-for clusters of `size` `small`.<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
 **Options**:<br>
 **Default**:<br>
 
@@ -3168,7 +3534,7 @@ for clusters of `size` `small`.<br>
 
 ```yaml
 sysdig:
-  anchoreReportingReplicaCount: 5
+  anchoreWorkerReplicaCount: 5
 ```
 
 ## **sysdig.apiReplicaCount**
@@ -3231,7 +3597,7 @@ sysdig:
   collectorReplicaCount: 7
 ```
 
-## **sysdig.elasticSearchReplicaCount**
+## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
 **Description**: Number of ElasticSearch replicas, this is a noop for clusters of
 `size` `small`.<br>
@@ -3248,7 +3614,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  elasticSearchReplicaCount: 20
+  elasticsearchReplicaCount: 20
 ```
 
 ## **sysdig.workerReplicaCount**
@@ -3456,3 +3822,793 @@ sysdig:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
       -XX:-UseContainerSupport
 ```
+
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  apiKey: replace_with_your_monitor_access_key
+```
+
+## **agent.collectorEndpoint**
+**Required**: `false`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
+```
+
+## **agent.collectorPort**
+**Required**: `false`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
+**Example**:
+
+```yaml
+agent:
+  collectorPort: 6443
+```
+
+## **agent.namespace**
+**Required**: `false`<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Options**: <br>
+**Default**: `agent`<br>
+**Example**:
+
+```yaml
+agent:
+  namespace: sysdig-agent
+```
+
+## **agent.useSlim**
+**Required**: `false`<br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  useSlim: true
+```
+
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `0.93.1`<br>
+**Example**:
+
+```yaml
+agent:
+  version: latest
+```
+
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  useSSL: false
+```
+
+## **agent.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  verifySSL: false
+```
+
+## **agent.clusterName**
+**Required**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
+**Example**:
+
+```yaml
+agent:
+  clusterName: false
+```
+
+## **agent.tags**
+**Required**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  tags: environment:production linux:ubuntu
+```
+
+## **agent.capturesEnabled**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  capturesEnabled: false
+```
+
+## **agent.timezone**
+**Required**: `false`<br>
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  timezone: America/New_York.
+```
+
+## **agent.proxy.httpProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
+```
+
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
+```
+
+## **agent.proxy.noProxy**
+**Required**: `false`<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
+```
+
+## **agent.customKernelModules.enabled**
+**Required**: `false`<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  customKernelModules:
+    enabled: true
+```
+
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    enabled: true
+```
+
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    commandLineCapturesEnabled: true
+```
+
+## **agent.secure.memoryDumpEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    memoryDumpEnabled: true
+```
+
+## **agent.secure.settings.k8sAuditServerURL**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
+```
+
+## **agent.secure.settings.k8sAuditServerPort**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
+```
+
+## **agent.prometheus.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    enabled: true
+```
+
+## **agent.prometheus.settings.interval**
+**Required**: `false`<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      interval: 30
+```
+
+## **agent.prometheus.settings.logErrors**
+**Required**: `false`<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      logErrors: true
+```
+
+## **agent.prometheus.settings.maxMetrics**
+**Required**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
+```
+
+## **agent.prometheus.settings.maxMetricsPerProcess**
+**Required**: `false`<br>
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
+```
+
+## **agent.prometheus.settings.maxTagsPerMetric**
+**Required**: `false`<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `200`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
+```
+
+## **agent.prometheus.settings.histograms**
+**Required**: `false`<br>
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
+
+## **agent.statsd.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    enabled: true
+```
+
+## **agent.statsd.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    settings:
+      limit: 1000
+```
+
+## **agent.jmx.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    enabled: true
+```
+
+## **agent.jmx.settings.limit**
+**Required**: `false`<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    settings:
+      limit: 1000
+```
+
+## **agent.ebpf.enabled**
+**Required**: `false`<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    enabled: true
+```
+
+## **agent.ebpf.settings.mountEtcVolume**
+**Required**: `false`<br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
+```
+
+## **agent.appChecks.elasticsearch.authEnabled**
+**Required**: `false`<br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
+```
+
+## **agent.appChecks.elasticsearch.url**
+**Required**: `false`<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
+```
+
+## **agent.appChecks.elasticsearch.port**
+**Required**: `false`<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
+```
+
+## **agent.appChecks.elasticsearch.username**
+**Required**: `false`<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
+```
+
+## **agent.appChecks.elasticsearch.password**
+**Required**: `false`<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
+```
+
+## **agent.appChecks.elasticsearch.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
+```
+
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enabled: true
+```
+
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
+```
+
+## **agent.appChecks.kafka.url**
+**Required**: `false`<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
+```
+
+## **agent.appChecks.kafka.port**
+**Required**: `false`<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      port: 9200
+```
+
+## **agent.appChecks.kafka.zk.url**
+**Required**: `false`<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
+```
+
+## **agent.appChecks.kafka.zk.port**
+**Required**: `false`<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
+```
+
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
+```
+
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
+```
+
+## **agent.resources.limits.cpu**
+**Required**: `false`<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits|
+|------------|------|
+| small      | 3    |
+| medium     | 5    |
+| large      | 8    |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    limits:
+      cpu: 2
+```
+
+## **agent.resources.limits.memory**
+**Required**: `false`<br>
+**Description**:  The amount of memory assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits|
+|------------|------|
+| small      | 3Gi  |
+| medium     | 6Gi  |
+| large      | 10Gi |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    limits:
+      memory: 2
+```
+
+## **agent.resources.requests.cpu**
+**Required**: `false`<br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 1      |
+| medium     | 3      |
+| large      | 5      |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    requests:
+      cpu: 2
+```
+
+## **agent.resources.requests.memory**
+**Required**: `false`<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 1Gi    |
+| medium     | 3Gi    |
+| large      | 6Gi    |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    requests:
+      memory: 2
+```
+
+## **agent.resources.watchdog.max_memory_usage_mb**
+**Required**: `false`<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 512    |
+| medium     | 1024   |
+| large      | 2048   |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
+```
+
+## **agent.resources.watchdog.cointerface**
+**Required**: `false`<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 512    |
+| medium     | 2048   |
+| large      | 4096   |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    watchdog:
+      cointerface: 1024
+```
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 874f2373..15dc0a99 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -19,7 +19,7 @@ To upgrade:<br>
 
 1. Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 2. Edit the following values:
   - [`scripts`](docs/configuration_parameters.md#scripts): Set this to
@@ -76,8 +76,12 @@ To upgrade:<br>
   see [Airgapped Installation
   Options](../README.md#airgapped-Installation-Options).) 
   ```bash
-  docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z -v $(pwd):/manifests:Z \quay.io/sysdig/installer:2.4.1-3
+  docker run \
+    -e HOST_USER=$(id -u) \
+    -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z \
+    -v $(pwd):/manifests:Z \
+    quay.io/sysdig/installer:3.0.0-1
   ```
 
 4. If you are fine with the differences displayed, then set value for the
diff --git a/installer/values.yaml b/installer/values.yaml
index 2318bb9e..41c0b5a2 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -7,8 +7,8 @@ schema_version: 1.0.0
 size: medium
 #Set Quay.Io secrets
 quaypullsecret: <change-me>
-#supports aws | gke | hostPath | local
-storageClassProvisioner: aws
+#supports aws | gke | ibm | hostPath | local
+storageClassProvisioner: aws  # TODO: this would be better as cloudProvisioner | hostPath | local, where cloudProvisioner differs to cloudProvider.name where used
 #Sysdig application config
 sysdig:
 # Sysdig Platform super admin user. This will be used for initial login to

From 8d7b2967458844fe88a5add39ff9ffae3c43d93a Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 19 Dec 2019 22:45:17 +0000
Subject: [PATCH 008/156] updating installer docs

---
 installer/single-node/install.sh | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 087ec7c5..c3f932ca 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -89,7 +89,7 @@ function dockerLogin() {
 function installUbuntuDeps() {
   apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
   apt-get update -qq
-  apt-get install -y apt-transport-https ca-certificates curl software-properties-common jq python-pip
+  apt-get install -y apt-transport-https ca-certificates curl software-properties-common
   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
   add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu  $(lsb_release -cs) stable"
   apt-get update -qq
@@ -99,7 +99,7 @@ function installUbuntuDeps() {
 function installDebianDeps() {
   apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
   apt-get update -qq
-  apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common jq python-pip
+  apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
   curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
   add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
   apt-get update -qq
@@ -112,9 +112,9 @@ function installCentOSDeps() {
   yum -y update
   yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
   if [[ $version == 8 ]]; then
-    yum install -y yum-utils device-mapper-persistent-data lvm2 curl jq.x86_64
+    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
   else
-    yum install -y yum-utils device-mapper-persistent-data lvm2 curl jq
+    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
   fi
   # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
   yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
@@ -141,6 +141,12 @@ function installKubectl() {
   mv kubectl "${ROOT_LOCAL_PATH}"
 }
 
+function installJq() {
+  curl -o jq -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
+  chmod +x jq
+  mv jq "${ROOT_LOCAL_PATH}"
+}
+
 function installDeps() {
   set +e
   source /etc/os-release
@@ -172,6 +178,7 @@ function installDeps() {
       exit 1
       ;;
   esac
+  installJq
   installMiniKube
   installKubectl
   set -e

From faf94eba19409a1a674810c68f6cb0bfeaa655e6 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 19 Dec 2019 23:08:58 +0000
Subject: [PATCH 009/156] updating installer docs

---
 installer/README.md                        |  166 +--
 installer/docs/advanced.md                 |   38 -
 installer/docs/configuration_parameters.md | 1508 +++-----------------
 installer/docs/upgrade.md                  |   10 +-
 installer/values.yaml                      |    4 +-
 5 files changed, 238 insertions(+), 1488 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 1eb572e8..6db315b1 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,7 +1,9 @@
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and Agent), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement
+on-premises deployment of the Sysdig platform (Sysdig Monitor and/or Sysdig
+Secure), for environments using Kubernetes or OpenShift. Use the Installer
+to install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
 # Installation Overview
@@ -54,32 +56,30 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
   ```
 - Edit the following values:
-
   - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-    large.
+  defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+  large.
   - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-    your Sysdig purchase confirmation mail.
+  your Sysdig purchase confirmation mail.
   - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
-    The name of the storage class provisioner to use when creating the
-    configured storageClassName parameter. If you do not use one of those two
-    dynamic storage provisioners, then enter: hostPath and refer to the Advanced
-    examples for how to configure static storage provisioning with this option.
-    Valid options: aws, gke, hostPath
+  The name of the storage class provisioner to use when creating the
+  configured storageClassName parameter. If you do not use one of those two
+  dynamic storage provisioners, then enter: hostPath and refer to the Advanced
+  examples for how to configure static storage provisioning with this option.
+  Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-    provided with your Sysdig purchase confirmation mail
+  provided with your Sysdig purchase confirmation mail
   - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-    the Sysdig APIs will be served on.
+  the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-    (OpenShift installs only) Domain name the Sysdig collector will be served on.
-    When not configured it defaults to whatever is configured for sysdig.dnsName.
+  (OpenShift installs only) Domain name the Sysdig collector will be served on.
+  When not configured it defaults to whatever is configured for sysdig.dnsName.
   - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-    The networking construct used to expose the Sysdig API and collector. Options
-    are:
-
+  The networking construct used to expose the Sysdig API and collector.  Options
+  are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
       host ports for api and collector. This does not create a Kubernetes service.
     - loadbalancer: creates a service of type loadbalancer and expects that
@@ -87,35 +87,30 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     - nodeport: creates a service of type nodeport. The node ports can be
       customized with:
 
-          - sysdig.ingressNetworkingInsecureApiNodePort
-          - sysdig.ingressNetworkingApiNodePort
-          - sysdig.ingressNetworkingCollectorNodePort
-
-      When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
+      - sysdig.ingressNetworkingInsecureApiNodePort
+      - sysdig.ingressNetworkingApiNodePort
+      - sysdig.ingressNetworkingCollectorNodePort
+  When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
 
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
   - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-    The URL of the airgapped (internal) docker registry. This URL is used for
-    installations where the Kubernetes cluster can not pull images directly from
-    Quay.
+  The URL of the airgapped (internal) docker registry. This URL is used for
+  installations where the Kubernetes cluster can not pull images directly from
+  Quay.
   - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-    The password for the configured airgapped_registry_username. Ignore this
-    parameter if the registry does not require authentication.
+  The password for the configured airgapped_registry_username. Ignore this
+  parameter if the registry does not require authentication.
   - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-    The username for the configured airgapped_registry_name. Ignore this
-    parameter if the registry does not require authentication.
+  The username for the configured airgapped_registry_name. Ignore this
+  parameter if the registry does not require authentication.
 
 - Run the Installer. (Note: This step differs in [Airgapped Installation
   Options](#airgapped-installation-options).)
   ```bash
-  docker run \
-    -e HOST_USER=$(id -u) \
-    -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z \
-    -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-1
+  docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z -v $(pwd):/manifests:Z \quay.io/sysdig/installer:2.5.0.3
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -135,29 +130,6 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -177,14 +149,12 @@ the following exceptions:
 - In step 3, run the Installer as follows:
 
 ```bash
-docker run \
-  -e HOST_USER=$(id -u) \
-  -e KUBECONFIG=/.kube/config \
+docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
   -v ~/.kube:/.kube:Z \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.0.0-1
+  quay.io/sysdig/installer:2.5.0.3
 ```
 
 ## Full Airgap Install
@@ -198,13 +168,11 @@ will pull an image containing a self-extracting tarball which can be copied to
 the installation machine.
 
 ### Requirements for jump machine
-
 - Network access to quay.io
 - Docker
 - jq
 
 ### Requirements for installation machine
-
 - Network access to Kubernetes cluster
 - Docker
 - Bash
@@ -219,11 +187,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.0.0-1-uber
+  docker pull quay.io/sysdig/installer:2.5.0.3-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.0.0-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:2.5.0.3-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -233,31 +201,30 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
   ```
 - Edit the following values:
-
   - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-    large
+  defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+  large
   - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-    your Sysdig purchase confirmation mail
+  your Sysdig purchase confirmation mail
   - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
-    name of the storage class provisioner to use when creating the configured
-    storageClassName parameter. Use hostPath or local in clusters that do not have
-    a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
-    are created manually this should be configured as none. Valid options are:
-    aws,gke,hostPath,local,none
+  name of the storage class provisioner to use when creating the configured
+  storageClassName parameter. Use hostPath or local in clusters that do not have
+  a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
+  are created manually this should be configured as none. Valid options are:
+  aws,gke,hostPath,local,none
   - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-    provided with your Sysdig purchase confirmation mail
+  provided with your Sysdig purchase confirmation mail
   - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-    the Sysdig APIs will be served on.
+  the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-    (OpenShift installs only) Domain name the Sysdig collector will be served on.
-    When not configured it defaults to whatever is configured for sysdig.dnsName.
+  (OpenShift installs only) Domain name the Sysdig collector will be served on.
+  When not configured it defaults to whatever is configured for sysdig.dnsName.
   - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-    The networking construct used to expose the Sysdig API and collector. Options
-    are:
+  The networking construct used to expose the Sysdig API and collector.  Options
+  are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
       host ports for api and collector. This does not create a Kubernetes service.
     - loadbalancer: creates a service of type loadbalancer and expects that
@@ -268,15 +235,15 @@ the installation machine.
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
   - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-    The URL of the airgapped (internal) docker registry. This URL is used for
-    installations where the Kubernetes cluster can not pull images directly from
-    Quay.
+  The URL of the airgapped (internal) docker registry. This URL is used for
+  installations where the Kubernetes cluster can not pull images directly from
+  Quay.
   - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-    The password for the configured airgapped_registry_username. Ignore this
-    parameter if the registry does not require authentication.
+  The password for the configured airgapped_registry_username. Ignore this
+  parameter if the registry does not require authentication.
   - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-    The username for the configured airgapped_registry_name. Ignore this
-    parameter if the registry does not require authentication.
+  The username for the configured airgapped_registry_name. Ignore this
+  parameter if the registry does not require authentication.
 
 - Copy the tarball file to the directory where you have your values.yaml file.
 - Run the tar file:
@@ -311,22 +278,3 @@ For the full dictionary of configuration parameters, see:
 # Advanced Configuration
 
 For advanced configuration option see [advanced.md](docs/advanced.md)
-
-# Example values.yaml
-
-- [single-node values.yaml](examples/single-node/values.yaml)
-- [openshift-with-hostpath values.yaml](examples/openshift-with-hostpath/values.yaml)
-
-# Resource requirements
-
-The below table represents the amount of resources for various cluster sizes
-in their default configuration. The `Redis HA` column indicates extra amount
-of resources required if `redisHa: true` is configured.
-
-| Application | SMALL        |            | GB              | GB            | GB      |     | MEDIUM       |            | GB              | GB            | GB      |     | LARGE |              | GB         | GB              | GB            |         |
-| ----------- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ----- | ------------ | ---------- | --------------- | ------------- | ------- |
-|             | cpu requests | cpu limits | memory requests | memory limits | storage |     | cpu requests | cpu limits | memory requests | memory limits | storage |     |       | cpu requests | cpu limits | memory requests | memory limits | storage |
-| Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
-| Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
-| Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index c940cc2d..888f6e0a 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -57,41 +57,3 @@ sysdig:
     hostPathNodes:
       - my-cool-host1.com
 ```
-
-
-## Installer on EKS
-
-### Creating a cluster
-Please do not use eksctl 0.10.0 and 0.10.1 as those are known to be buggy see: kubernetes/kubernetes#73906 (comment)
-```bash
-eksctl create cluster \
-   --name=eks-installer1 \
-   --node-type=m5.4xlarge \
-   --nodes=3 \
-   --version 1.14 \
-   --region=us-east-1 \
-   --vpc-public-subnets=<subnet1,subnet2>
-```
-
-### Additional config for installer
-EKS uses aws-iam-authenticator to authorize kubectl commands.
-aws-iam-authenticator needs aws credentials mounted from **~/.aws** to the installer.
-```bash
-docker run  \
-  -v ~/.aws:/.aws \
-  -e HOST_USER=$(id -u) \
-  -e KUBECONFIG=/.kube/config \
-  -v ~/.kube:/.kube:Z \
-  -v $(pwd):/manifests:Z \
-  quay.io/sysdig/installer:<InstallerVersion>
-```
-
-### Exposing the sysdig endpoint
-Get the external ip/endpoint for the ingress service.
-```bash
-kubectl -n <namespace>  get service haproxy-ingress-service
-```
-In route53 create an A record with the dns name pointing to external ip/endpoint.
-
-### Gotchas
-Make sure that subnets have internet gateway configured and has enough ips.
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 52278766..85cd06e9 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -38,14 +38,13 @@ size: medium
 ```
 
 ## **storageClassProvisioner**
-**Required**: `false`<br>
+**Required**: `true`<br>
 **Description**: The name of the [storage class
 provisioner](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner)
 to use when creating the configured storageClassName parameter. Use hostPath
 or local in clusters that do not have a provisioner. For setups where
 Persistent Volumes and Persistent Volume Claims are created manually this
-should be configured as `none`. If this is not configured
-[`storageClassName`](#storageclassname) needs to be configured.<br>
+should be configured as `none`.<br>
 **Options**: `aws|gke|hostPath|local|none`<br>
 **Default**:<br>
 **Example**:
@@ -59,7 +58,7 @@ storageClassProvisioner: aws
 **Description**: Specifies the Sysdig Platform components to be installed.<br>
 Combine multiple components by space separating them. Specify at least one
 app, for example, `monitor`.<br>
-**Options**: `monitor|monitor secure|agent|monitor agent|monitor secure agent`<br>
+**Options**: `monitor|monitor secure`<br>
 **Default**: `monitor secure`<br>
 **Example**:
 
@@ -131,18 +130,6 @@ under. This  is relevant only when `storageClassProvisioner` is `local`.<br>
 localStoragehostDir: /sysdig
 ```
 
-## **context**
-**Required**: `false`<br>
-**Description**: Kubernetes context to use for deploying Sysdig Platform.
-If this param is not not or a blank value is specified, it will use the default context.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-context: production
-```
-
 ## **namespace**
 **Required**: `false`<br>
 **Description**: Kubernetes namespace to deploy Sysdig Platform to.<br>
@@ -217,7 +204,7 @@ cloudProvider:
 ## **cloudProvider.name**
 **Required**: `false`<br>
 **Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gke|ibm`<br>
+**Options**: `aws|gke`<br>
 **Default**:<br>
 **Example**:
 
@@ -636,28 +623,42 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **sysdig.activityAuditVersion**
+## **sysdig.anchoreLicensePath**
 **Required**: `false`<br>
-**Description**: Docker image tag of Activity Audit services.<br>
+**Description**: This is the path relative to the values.yaml where the
+anchore enterprise license yaml is located. This parameter is required if
+`sysdig.configureScanningReporting` is configured to `true`.<br>
 **Options**:<br>
-**Default**: 3.0.0.5308<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.0.0.5308
+  anchoreLicensePath: anchore-enterprise-license.yaml
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.5.1.2<br>
+**Default**: 0.5.0.1<br>
+**Example**:
+
+```yaml
+sysdig:
+  anchoreVersion: 0.5.0.1
+```
+
+## **sysdig.anchoreEnterpriseVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of the Sysdig Anchore reporting.<br>
+**Options**:<br>
+**Default**: v0.4.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.5.1.2
+  anchoreEnterpriseVersion: 0.5.0.1
 ```
 
 ## **sysdig.cassandraVersion**
@@ -669,7 +670,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.16
+  cassandraVersion: 2.1.21.13
 ```
 
 ## **sysdig.cassandra.external**
@@ -854,6 +855,19 @@ sysdig:
   collectorPort: 7000
 ```
 
+## **sysdig.configureScanningReporting**
+**Required**: `false`<br>
+**Description**: Specifies if image scanning and reporting feature should be
+included in the Sysdig platform to be deployed.<br>
+**Options**: `true|false`<br>
+**Default**: `false` <br>
+**Example**:
+
+```yaml
+sysdig:
+  configureScanningReporting: true
+```
+
 ## **sysdig.customCA**
 **Required**: `false`<br>
 **Description**:
@@ -902,12 +916,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 5.6.16.15<br>
+**Default**: 5.6.16.12<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 5.6.16.15
+  elasticsearchVersion: 5.6.16.12
 ```
 
 ## **sysdig.haproxyVersion**
@@ -915,12 +929,12 @@ sysdig:
 **Description**: The docker image tag of HAProxy ingress controller. The
 parameter is relevant only when configured `deployment` is `kubernetes`.<br>
 **Options**:<br>
-**Default**: v0.7-beta.7.1<br>
+**Default**: v0.7-beta.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  haproxyVersion: v0.7-beta.7.1
+  haproxyVersion: v0.7-beta.7
 ```
 
 ## **sysdig.ingressNetworking**
@@ -1012,16 +1026,14 @@ sysdig:
 
 ## **sysdig.monitorVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Monitor. **Do not modify
-this unless you know what you are doing as modifying it could have unintended
-consequences**<br>
+**Description**: The docker image tag of the Sysdig Monitor.<br>
 **Options**:<br>
-**Default**: 3.0.0.5439<br>
+**Default**: 2.5.0.5132<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.0.0.5439
+  monitorVersion: 2.5.0.5132
 ```
 
 ## **sysdig.mysqlHa**
@@ -1045,19 +1057,19 @@ sysdig:
 
 ```yaml
 sysdig:
-  mysqlHaVersion: 8.0.16.2
+  mysqlVersion: 8.0.16.2
 ```
 
 ## **sysdig.mysqlHaAgentVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of MySQL Agent used for HA.<br>
 **Options**:<br>
-**Default**: 0.1.1.5<br>
+**Default**: 0.1.15<br>
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlHaAgentVersion: 0.1.1.5
+  mysqlVersion: 0.1.15
 ```
 
 ## **sysdig.mysqlVersion**
@@ -1151,30 +1163,6 @@ sysdig:
     user: awesome-user
 ```
 
-## **sysdig.natsExporterVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of the Prometheus exporter for NATS.<br>
-**Options**:<br>
-**Default**: 0.6.0.1<br>
-**Example**:
-
-```yaml
-sysdig:
-  natsExporterVersion: 0.6.0.1
-```
-
-## **sysdig.natsStreamingVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of NATS streaming.<br>
-**Options**:<br>
-**Default**: 0.16.2.1<br>
-**Example**:
-
-```yaml
-sysdig:
-  natsStreamingVersion: 0.16.2.1
-```
-
 ## **sysdig.openshiftUrl**
 **Required**: `false`<br>
 **Description**: Openshift API url along with its port number, this is
@@ -1220,12 +1208,12 @@ sysdig:
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
 is `monitor secure`.<br>
 **Options**:<br>
-**Default**: 10.6.11<br>
+**Default**: 10.6.10<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresVersion: 10.6.11
+  postgresVersion: 10.6.10
 ```
 
 ## **sysdig.postgresql.hostPathNodes**
@@ -1257,7 +1245,7 @@ should only be used if there is an intent to override the defaults provided by
 Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
 instead.<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports`<br>
 
 **Example**:
 
@@ -1265,7 +1253,7 @@ instead.<br>
 sysdig:
   proxy:
     enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports
 ```
 
 ## **sysdig.proxy.enable**
@@ -1310,7 +1298,7 @@ only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
 appended to the list in
 [`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports`<br>
 
 **Example**:
 
@@ -1391,25 +1379,25 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**: 4.0.12.7<br>
+**Default**: 4.0.12.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  redisVersion: 4.0.12.6
 ```
 
 ## **sysdig.redisHaVersion**
-**Required**: `false`<br>
+**Required**: `true`<br>
 **Description**: Docker image tag of HA Redis, relevant when configured
 `sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**: 4.0.12.8-ha<br>
+**Default**: 4.0.12.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12.8-ha
+  redisHaVersion: 4.0.12.6
 ```
 
 ## **sysdig.redisHa**
@@ -2654,39 +2642,39 @@ sysdig:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.anchore-reports.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-reports pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|limits  |
 |------------|--------|
-| small      | 4      |
-| medium     | 4      |
-| large      | 4      |
+| small      | 300m   |
+| medium     | 300m   |
+| large      | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    anchore-reports:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.anchore-reports.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to anchore-reports pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|limits  |
 |------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 4Gi    |
+| small      | 8Gi    |
+| medium     | 8Gi    |
+| large      | 8Gi    |
 
 
 **Example**:
@@ -2694,58 +2682,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    anchore-reports:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.anchore-reports.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule anchore-reports pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|requests|
 |------------|--------|
-| small      |  500m  |
-| medium     |  1     |
-| large      |  1     |
+| small      |  100m  |
+| medium     |  100m  |
+| large      |  100m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    anchore-reports:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.anchore-reports.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-reports pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|requests|
 |------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   1Gi  |
+| small      |   3Gi  |
+| medium     |   3Gi  |
+| large      |   3Gi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    anchore-reports:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2760,14 +2748,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2783,14 +2771,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    anchore-worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2805,14 +2793,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    anchore-worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2827,15 +2815,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    anchore-worker:
       requests:
         memory: 200Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2850,14 +2837,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2873,14 +2860,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    scanning-api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2895,14 +2882,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    scanning-api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2917,14 +2904,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    scanning-api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2939,14 +2927,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2962,20 +2950,20 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    scanningalertmgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|requests|
 |------------|--------|
-| small      |  1  |
+| small      |  500m  |
 | medium     |  1     |
 | large      |  1     |
 
@@ -2984,14 +2972,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    scanningalertmgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3006,478 +2994,123 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    scanningalertmgr:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.restrictPasswordLogin**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
-
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        cpu: 2
+  restrictPasswordLogin: true
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.rsyslogVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
 **Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      |  2Gi   |
-| medium     |  2Gi   |
-| large      |  2Gi   |
-
-
+**Default**: 8.34.0.5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
+  rsyslogVersion: 8.34.0.5
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.smtpFromAddress**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
 **Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
+  smtpFromAddress: from-address@my-company.com
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.smtpPassword**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
 **Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      |  1Gi   |
-| medium     |  1Gi   |
-| large      |  1Gi   |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        memory: 1Gi
+  smtpPassword: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.smtpProtocolSSL**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
-
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        cpu: 2
+  smtpProtocolSSL: true
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
+## **sysdig.smtpProtocolTLS**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
-
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
+  smtpProtocolTLS: true
 ```
 
-## **sysdig.resources.activity-audit-api.requests.cpu**
+## **sysdig.smtpServer**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
 
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        cpu: 250m
+  smtpServerPort: 587<br>
 ```
 
-## **sysdig.resources.activity-audit-api.requests.memory**
+## **sysdig.smtpUser**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
 **Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        memory: 50Mi
+  smtpUser: bob+alice@gmail.com<br>
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.activity-audit-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.activity-audit-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 250m   |
-| medium     | 250m   |
-| large      | 250m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 200Mi  |
-| medium     | 200Mi  |
-| large      | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.restrictPasswordLogin**
-**Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  restrictPasswordLogin: true
-```
-
-## **sysdig.rsyslogVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
-**Options**:<br>
-**Default**: 8.34.0.7<br>
-**Example**:
-
-```yaml
-sysdig:
-  rsyslogVersion: 8.34.0.7
-```
-
-## **sysdig.smtpFromAddress**
-**Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpFromAddress: from-address@my-company.com
-```
-
-## **sysdig.smtpPassword**
-**Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.smtpProtocolSSL**
-**Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolSSL: true
-```
-
-## **sysdig.smtpProtocolTLS**
-**Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolTLS: true
-```
-
-## **sysdig.smtpServer**
-**Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServer: smtp.gmail.com
-```
-
-## **sysdig.smtpServerPort**
-**Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServerPort: 587<br>
-```
-
-## **sysdig.smtpUser**
-**Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpUser: bob+alice@gmail.com<br>
-```
-
-## **sysdig.tolerations**
+## **sysdig.tolerations**
 **Required**: `false`<br>
 **Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
@@ -3518,9 +3151,10 @@ sysdig:
   anchoreCoreReplicaCount: 5
 ```
 
-## **sysdig.anchoreWorkerReplicaCount**
+## **sysdig.anchoreReportingReplicaCount**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Description**: Number of Sysdig Anchore Reporting replicas, this is a noop
+for clusters of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
 
@@ -3534,7 +3168,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  anchoreWorkerReplicaCount: 5
+  anchoreReportingReplicaCount: 5
 ```
 
 ## **sysdig.apiReplicaCount**
@@ -3597,7 +3231,7 @@ sysdig:
   collectorReplicaCount: 7
 ```
 
-## **sysdig.elasticsearchReplicaCount**
+## **sysdig.elasticSearchReplicaCount**
 **Required**: `false`<br>
 **Description**: Number of ElasticSearch replicas, this is a noop for clusters of
 `size` `small`.<br>
@@ -3614,7 +3248,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  elasticsearchReplicaCount: 20
+  elasticSearchReplicaCount: 20
 ```
 
 ## **sysdig.workerReplicaCount**
@@ -3822,793 +3456,3 @@ sysdig:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
       -XX:-UseContainerSupport
 ```
-
-## **agent.apiKey**
-**Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  apiKey: replace_with_your_monitor_access_key
-```
-
-## **agent.collectorEndpoint**
-**Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
-```
-
-## **agent.collectorPort**
-**Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
-**Example**:
-
-```yaml
-agent:
-  collectorPort: 6443
-```
-
-## **agent.namespace**
-**Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
-**Options**: <br>
-**Default**: `agent`<br>
-**Example**:
-
-```yaml
-agent:
-  namespace: sysdig-agent
-```
-
-## **agent.useSlim**
-**Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  useSlim: true
-```
-
-## **agent.version**
-**Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
-**Options**: <br>
-**Default**: `0.93.1`<br>
-**Example**:
-
-```yaml
-agent:
-  version: latest
-```
-
-## **agent.useSSL**
-**Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  useSSL: false
-```
-
-## **agent.verifySSL**
-**Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  verifySSL: false
-```
-
-## **agent.clusterName**
-**Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
-**Example**:
-
-```yaml
-agent:
-  clusterName: false
-```
-
-## **agent.tags**
-**Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  tags: environment:production linux:ubuntu
-```
-
-## **agent.capturesEnabled**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  capturesEnabled: false
-```
-
-## **agent.timezone**
-**Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  timezone: America/New_York.
-```
-
-## **agent.proxy.httpProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
-```
-
-## **agent.proxy.httpsProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
-```
-
-## **agent.proxy.noProxy**
-**Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
-```
-
-## **agent.customKernelModules.enabled**
-**Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  customKernelModules:
-    enabled: true
-```
-
-## **agent.secure.enabled**
-**Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    enabled: true
-```
-
-## **agent.secure.commandLineCapturesEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    commandLineCapturesEnabled: true
-```
-
-## **agent.secure.memoryDumpEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    memoryDumpEnabled: true
-```
-
-## **agent.secure.settings.k8sAuditServerURL**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
-```
-
-## **agent.secure.settings.k8sAuditServerPort**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
-```
-
-## **agent.prometheus.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    enabled: true
-```
-
-## **agent.prometheus.settings.interval**
-**Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
-```
-
-## **agent.prometheus.settings.logErrors**
-**Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
-```
-
-## **agent.prometheus.settings.maxMetrics**
-**Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
-```
-
-## **agent.prometheus.settings.maxMetricsPerProcess**
-**Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
-```
-
-## **agent.prometheus.settings.maxTagsPerMetric**
-**Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `200`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
-```
-
-## **agent.prometheus.settings.histograms**
-**Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      histograms: 3000
-```
-
-## **agent.statsd.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    enabled: true
-```
-
-## **agent.statsd.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
-```
-
-## **agent.jmx.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    enabled: true
-```
-
-## **agent.jmx.settings.limit**
-**Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    settings:
-      limit: 1000
-```
-
-## **agent.ebpf.enabled**
-**Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    enabled: true
-```
-
-## **agent.ebpf.settings.mountEtcVolume**
-**Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
-```
-
-## **agent.appChecks.elasticsearch.authEnabled**
-**Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
-```
-
-## **agent.appChecks.elasticsearch.url**
-**Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
-```
-
-## **agent.appChecks.elasticsearch.port**
-**Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
-```
-
-## **agent.appChecks.elasticsearch.username**
-**Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
-```
-
-## **agent.appChecks.elasticsearch.password**
-**Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
-```
-
-## **agent.appChecks.elasticsearch.verifySSL**
-**Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
-```
-
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enabled: true
-```
-
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
-```
-
-## **agent.appChecks.kafka.url**
-**Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
-```
-
-## **agent.appChecks.kafka.port**
-**Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      port: 9200
-```
-
-## **agent.appChecks.kafka.zk.url**
-**Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
-```
-
-## **agent.appChecks.kafka.zk.port**
-**Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
-```
-
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
-```
-
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
-```
-
-## **agent.resources.limits.cpu**
-**Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits|
-|------------|------|
-| small      | 3    |
-| medium     | 5    |
-| large      | 8    |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    limits:
-      cpu: 2
-```
-
-## **agent.resources.limits.memory**
-**Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits|
-|------------|------|
-| small      | 3Gi  |
-| medium     | 6Gi  |
-| large      | 10Gi |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    limits:
-      memory: 2
-```
-
-## **agent.resources.requests.cpu**
-**Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 1      |
-| medium     | 3      |
-| large      | 5      |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    requests:
-      cpu: 2
-```
-
-## **agent.resources.requests.memory**
-**Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 1Gi    |
-| medium     | 3Gi    |
-| large      | 6Gi    |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    requests:
-      memory: 2
-```
-
-## **agent.resources.watchdog.max_memory_usage_mb**
-**Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 512    |
-| medium     | 1024   |
-| large      | 2048   |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
-```
-
-## **agent.resources.watchdog.cointerface**
-**Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 512    |
-| medium     | 2048   |
-| large      | 4096   |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
-```
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 15dc0a99..874f2373 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -19,7 +19,7 @@ To upgrade:<br>
 
 1. Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
   ```
 2. Edit the following values:
   - [`scripts`](docs/configuration_parameters.md#scripts): Set this to
@@ -76,12 +76,8 @@ To upgrade:<br>
   see [Airgapped Installation
   Options](../README.md#airgapped-Installation-Options).) 
   ```bash
-  docker run \
-    -e HOST_USER=$(id -u) \
-    -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z \
-    -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-1
+  docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z -v $(pwd):/manifests:Z \quay.io/sysdig/installer:2.4.1-3
   ```
 
 4. If you are fine with the differences displayed, then set value for the
diff --git a/installer/values.yaml b/installer/values.yaml
index 41c0b5a2..2318bb9e 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -7,8 +7,8 @@ schema_version: 1.0.0
 size: medium
 #Set Quay.Io secrets
 quaypullsecret: <change-me>
-#supports aws | gke | ibm | hostPath | local
-storageClassProvisioner: aws  # TODO: this would be better as cloudProvisioner | hostPath | local, where cloudProvisioner differs to cloudProvider.name where used
+#supports aws | gke | hostPath | local
+storageClassProvisioner: aws
 #Sysdig application config
 sysdig:
 # Sysdig Platform super admin user. This will be used for initial login to

From f2f5ace45a90942d99f63c4dd8f3bf716ee249b4 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 2 Jan 2020 15:49:02 +0000
Subject: [PATCH 010/156] updating installer docs

---
 installer/README.md                        |  166 ++-
 installer/docs/advanced.md                 |   38 +
 installer/docs/configuration_parameters.md | 1510 +++++++++++++++++---
 installer/docs/upgrade.md                  |   10 +-
 installer/values.yaml                      |    4 +-
 5 files changed, 1489 insertions(+), 239 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 6db315b1..1eb572e8 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,9 +1,7 @@
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor and/or Sysdig
-Secure), for environments using Kubernetes or OpenShift. Use the Installer
-to install or upgrade your Sysdig platform. It is recommended as a replacement
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and Agent), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
 # Installation Overview
@@ -56,30 +54,32 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
+
   - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-  defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-  large.
+    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+    large.
   - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-  your Sysdig purchase confirmation mail.
+    your Sysdig purchase confirmation mail.
   - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
-  The name of the storage class provisioner to use when creating the
-  configured storageClassName parameter. If you do not use one of those two
-  dynamic storage provisioners, then enter: hostPath and refer to the Advanced
-  examples for how to configure static storage provisioning with this option.
-  Valid options: aws, gke, hostPath
+    The name of the storage class provisioner to use when creating the
+    configured storageClassName parameter. If you do not use one of those two
+    dynamic storage provisioners, then enter: hostPath and refer to the Advanced
+    examples for how to configure static storage provisioning with this option.
+    Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-  provided with your Sysdig purchase confirmation mail
+    provided with your Sysdig purchase confirmation mail
   - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-  the Sysdig APIs will be served on.
+    the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-  (OpenShift installs only) Domain name the Sysdig collector will be served on.
-  When not configured it defaults to whatever is configured for sysdig.dnsName.
+    (OpenShift installs only) Domain name the Sysdig collector will be served on.
+    When not configured it defaults to whatever is configured for sysdig.dnsName.
   - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-  The networking construct used to expose the Sysdig API and collector.  Options
-  are:
+    The networking construct used to expose the Sysdig API and collector. Options
+    are:
+
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
       host ports for api and collector. This does not create a Kubernetes service.
     - loadbalancer: creates a service of type loadbalancer and expects that
@@ -87,30 +87,35 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     - nodeport: creates a service of type nodeport. The node ports can be
       customized with:
 
-      - sysdig.ingressNetworkingInsecureApiNodePort
-      - sysdig.ingressNetworkingApiNodePort
-      - sysdig.ingressNetworkingCollectorNodePort
-  When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
+          - sysdig.ingressNetworkingInsecureApiNodePort
+          - sysdig.ingressNetworkingApiNodePort
+          - sysdig.ingressNetworkingCollectorNodePort
+
+      When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
 
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
   - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-  The URL of the airgapped (internal) docker registry. This URL is used for
-  installations where the Kubernetes cluster can not pull images directly from
-  Quay.
+    The URL of the airgapped (internal) docker registry. This URL is used for
+    installations where the Kubernetes cluster can not pull images directly from
+    Quay.
   - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-  The password for the configured airgapped_registry_username. Ignore this
-  parameter if the registry does not require authentication.
+    The password for the configured airgapped_registry_username. Ignore this
+    parameter if the registry does not require authentication.
   - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-  The username for the configured airgapped_registry_name. Ignore this
-  parameter if the registry does not require authentication.
+    The username for the configured airgapped_registry_name. Ignore this
+    parameter if the registry does not require authentication.
 
 - Run the Installer. (Note: This step differs in [Airgapped Installation
   Options](#airgapped-installation-options).)
   ```bash
-  docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z -v $(pwd):/manifests:Z \quay.io/sysdig/installer:2.5.0.3
+  docker run \
+    -e HOST_USER=$(id -u) \
+    -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z \
+    -v $(pwd):/manifests:Z \
+    quay.io/sysdig/installer:3.0.0-1
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -130,6 +135,29 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -149,12 +177,14 @@ the following exceptions:
 - In step 3, run the Installer as follows:
 
 ```bash
-docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
+docker run \
+  -e HOST_USER=$(id -u) \
+  -e KUBECONFIG=/.kube/config \
   -v ~/.kube:/.kube:Z \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:2.5.0.3
+  quay.io/sysdig/installer:3.0.0-1
 ```
 
 ## Full Airgap Install
@@ -168,11 +198,13 @@ will pull an image containing a self-extracting tarball which can be copied to
 the installation machine.
 
 ### Requirements for jump machine
+
 - Network access to quay.io
 - Docker
 - jq
 
 ### Requirements for installation machine
+
 - Network access to Kubernetes cluster
 - Docker
 - Bash
@@ -187,11 +219,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:2.5.0.3-uber
+  docker pull quay.io/sysdig/installer:3.0.0-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:2.5.0.3-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.0.0-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -201,30 +233,31 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
+
   - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-  defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-  large
+    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+    large
   - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-  your Sysdig purchase confirmation mail
+    your Sysdig purchase confirmation mail
   - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
-  name of the storage class provisioner to use when creating the configured
-  storageClassName parameter. Use hostPath or local in clusters that do not have
-  a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
-  are created manually this should be configured as none. Valid options are:
-  aws,gke,hostPath,local,none
+    name of the storage class provisioner to use when creating the configured
+    storageClassName parameter. Use hostPath or local in clusters that do not have
+    a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
+    are created manually this should be configured as none. Valid options are:
+    aws,gke,hostPath,local,none
   - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-  provided with your Sysdig purchase confirmation mail
+    provided with your Sysdig purchase confirmation mail
   - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-  the Sysdig APIs will be served on.
+    the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-  (OpenShift installs only) Domain name the Sysdig collector will be served on.
-  When not configured it defaults to whatever is configured for sysdig.dnsName.
+    (OpenShift installs only) Domain name the Sysdig collector will be served on.
+    When not configured it defaults to whatever is configured for sysdig.dnsName.
   - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-  The networking construct used to expose the Sysdig API and collector.  Options
-  are:
+    The networking construct used to expose the Sysdig API and collector. Options
+    are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
       host ports for api and collector. This does not create a Kubernetes service.
     - loadbalancer: creates a service of type loadbalancer and expects that
@@ -235,15 +268,15 @@ the installation machine.
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
   - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-  The URL of the airgapped (internal) docker registry. This URL is used for
-  installations where the Kubernetes cluster can not pull images directly from
-  Quay.
+    The URL of the airgapped (internal) docker registry. This URL is used for
+    installations where the Kubernetes cluster can not pull images directly from
+    Quay.
   - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-  The password for the configured airgapped_registry_username. Ignore this
-  parameter if the registry does not require authentication.
+    The password for the configured airgapped_registry_username. Ignore this
+    parameter if the registry does not require authentication.
   - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-  The username for the configured airgapped_registry_name. Ignore this
-  parameter if the registry does not require authentication.
+    The username for the configured airgapped_registry_name. Ignore this
+    parameter if the registry does not require authentication.
 
 - Copy the tarball file to the directory where you have your values.yaml file.
 - Run the tar file:
@@ -278,3 +311,22 @@ For the full dictionary of configuration parameters, see:
 # Advanced Configuration
 
 For advanced configuration option see [advanced.md](docs/advanced.md)
+
+# Example values.yaml
+
+- [single-node values.yaml](examples/single-node/values.yaml)
+- [openshift-with-hostpath values.yaml](examples/openshift-with-hostpath/values.yaml)
+
+# Resource requirements
+
+The below table represents the amount of resources for various cluster sizes
+in their default configuration. The `Redis HA` column indicates extra amount
+of resources required if `redisHa: true` is configured.
+
+| Application | SMALL        |            | GB              | GB            | GB      |     | MEDIUM       |            | GB              | GB            | GB      |     | LARGE |              | GB         | GB              | GB            |         |
+| ----------- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ----- | ------------ | ---------- | --------------- | ------------- | ------- |
+|             | cpu requests | cpu limits | memory requests | memory limits | storage |     | cpu requests | cpu limits | memory requests | memory limits | storage |     |       | cpu requests | cpu limits | memory requests | memory limits | storage |
+| Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
+| Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
+| Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 888f6e0a..c940cc2d 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -57,3 +57,41 @@ sysdig:
     hostPathNodes:
       - my-cool-host1.com
 ```
+
+
+## Installer on EKS
+
+### Creating a cluster
+Please do not use eksctl 0.10.0 and 0.10.1 as those are known to be buggy see: kubernetes/kubernetes#73906 (comment)
+```bash
+eksctl create cluster \
+   --name=eks-installer1 \
+   --node-type=m5.4xlarge \
+   --nodes=3 \
+   --version 1.14 \
+   --region=us-east-1 \
+   --vpc-public-subnets=<subnet1,subnet2>
+```
+
+### Additional config for installer
+EKS uses aws-iam-authenticator to authorize kubectl commands.
+aws-iam-authenticator needs aws credentials mounted from **~/.aws** to the installer.
+```bash
+docker run  \
+  -v ~/.aws:/.aws \
+  -e HOST_USER=$(id -u) \
+  -e KUBECONFIG=/.kube/config \
+  -v ~/.kube:/.kube:Z \
+  -v $(pwd):/manifests:Z \
+  quay.io/sysdig/installer:<InstallerVersion>
+```
+
+### Exposing the sysdig endpoint
+Get the external ip/endpoint for the ingress service.
+```bash
+kubectl -n <namespace>  get service haproxy-ingress-service
+```
+In route53 create an A record with the dns name pointing to external ip/endpoint.
+
+### Gotchas
+Make sure that subnets have internet gateway configured and has enough ips.
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 85cd06e9..52278766 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -38,13 +38,14 @@ size: medium
 ```
 
 ## **storageClassProvisioner**
-**Required**: `true`<br>
+**Required**: `false`<br>
 **Description**: The name of the [storage class
 provisioner](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner)
 to use when creating the configured storageClassName parameter. Use hostPath
 or local in clusters that do not have a provisioner. For setups where
 Persistent Volumes and Persistent Volume Claims are created manually this
-should be configured as `none`.<br>
+should be configured as `none`. If this is not configured
+[`storageClassName`](#storageclassname) needs to be configured.<br>
 **Options**: `aws|gke|hostPath|local|none`<br>
 **Default**:<br>
 **Example**:
@@ -58,7 +59,7 @@ storageClassProvisioner: aws
 **Description**: Specifies the Sysdig Platform components to be installed.<br>
 Combine multiple components by space separating them. Specify at least one
 app, for example, `monitor`.<br>
-**Options**: `monitor|monitor secure`<br>
+**Options**: `monitor|monitor secure|agent|monitor agent|monitor secure agent`<br>
 **Default**: `monitor secure`<br>
 **Example**:
 
@@ -130,6 +131,18 @@ under. This  is relevant only when `storageClassProvisioner` is `local`.<br>
 localStoragehostDir: /sysdig
 ```
 
+## **context**
+**Required**: `false`<br>
+**Description**: Kubernetes context to use for deploying Sysdig Platform.
+If this param is not not or a blank value is specified, it will use the default context.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+context: production
+```
+
 ## **namespace**
 **Required**: `false`<br>
 **Description**: Kubernetes namespace to deploy Sysdig Platform to.<br>
@@ -204,7 +217,7 @@ cloudProvider:
 ## **cloudProvider.name**
 **Required**: `false`<br>
 **Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gke`<br>
+**Options**: `aws|gke|ibm`<br>
 **Default**:<br>
 **Example**:
 
@@ -623,42 +636,28 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **sysdig.anchoreLicensePath**
+## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
-**Description**: This is the path relative to the values.yaml where the
-anchore enterprise license yaml is located. This parameter is required if
-`sysdig.configureScanningReporting` is configured to `true`.<br>
+**Description**: Docker image tag of Activity Audit services.<br>
 **Options**:<br>
-**Default**: <br>
+**Default**: 3.0.0.5308<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreLicensePath: anchore-enterprise-license.yaml
+  activityAuditVersion: 3.0.0.5308
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.5.0.1<br>
-**Example**:
-
-```yaml
-sysdig:
-  anchoreVersion: 0.5.0.1
-```
-
-## **sysdig.anchoreEnterpriseVersion**
-**Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Anchore reporting.<br>
-**Options**:<br>
-**Default**: v0.4.1<br>
+**Default**: 0.5.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreEnterpriseVersion: 0.5.0.1
+  anchoreVersion: 0.5.1.2
 ```
 
 ## **sysdig.cassandraVersion**
@@ -670,7 +669,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.13
+  cassandraVersion: 2.1.21.16
 ```
 
 ## **sysdig.cassandra.external**
@@ -855,19 +854,6 @@ sysdig:
   collectorPort: 7000
 ```
 
-## **sysdig.configureScanningReporting**
-**Required**: `false`<br>
-**Description**: Specifies if image scanning and reporting feature should be
-included in the Sysdig platform to be deployed.<br>
-**Options**: `true|false`<br>
-**Default**: `false` <br>
-**Example**:
-
-```yaml
-sysdig:
-  configureScanningReporting: true
-```
-
 ## **sysdig.customCA**
 **Required**: `false`<br>
 **Description**:
@@ -916,12 +902,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 5.6.16.12<br>
+**Default**: 5.6.16.15<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 5.6.16.12
+  elasticsearchVersion: 5.6.16.15
 ```
 
 ## **sysdig.haproxyVersion**
@@ -929,12 +915,12 @@ sysdig:
 **Description**: The docker image tag of HAProxy ingress controller. The
 parameter is relevant only when configured `deployment` is `kubernetes`.<br>
 **Options**:<br>
-**Default**: v0.7-beta.7<br>
+**Default**: v0.7-beta.7.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  haproxyVersion: v0.7-beta.7
+  haproxyVersion: v0.7-beta.7.1
 ```
 
 ## **sysdig.ingressNetworking**
@@ -1026,14 +1012,16 @@ sysdig:
 
 ## **sysdig.monitorVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Monitor.<br>
+**Description**: The docker image tag of the Sysdig Monitor. **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br>
 **Options**:<br>
-**Default**: 2.5.0.5132<br>
+**Default**: 3.0.0.5439<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 2.5.0.5132
+  monitorVersion: 3.0.0.5439
 ```
 
 ## **sysdig.mysqlHa**
@@ -1057,19 +1045,19 @@ sysdig:
 
 ```yaml
 sysdig:
-  mysqlVersion: 8.0.16.2
+  mysqlHaVersion: 8.0.16.2
 ```
 
 ## **sysdig.mysqlHaAgentVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of MySQL Agent used for HA.<br>
 **Options**:<br>
-**Default**: 0.1.15<br>
+**Default**: 0.1.1.5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlVersion: 0.1.15
+  mysqlHaAgentVersion: 0.1.1.5
 ```
 
 ## **sysdig.mysqlVersion**
@@ -1163,6 +1151,30 @@ sysdig:
     user: awesome-user
 ```
 
+## **sysdig.natsExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the Prometheus exporter for NATS.<br>
+**Options**:<br>
+**Default**: 0.6.0.1<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.6.0.1
+```
+
+## **sysdig.natsStreamingVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming.<br>
+**Options**:<br>
+**Default**: 0.16.2.1<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingVersion: 0.16.2.1
+```
+
 ## **sysdig.openshiftUrl**
 **Required**: `false`<br>
 **Description**: Openshift API url along with its port number, this is
@@ -1208,12 +1220,12 @@ sysdig:
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
 is `monitor secure`.<br>
 **Options**:<br>
-**Default**: 10.6.10<br>
+**Default**: 10.6.11<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresVersion: 10.6.10
+  postgresVersion: 10.6.11
 ```
 
 ## **sysdig.postgresql.hostPathNodes**
@@ -1245,7 +1257,7 @@ should only be used if there is an intent to override the defaults provided by
 Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
 instead.<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
 
 **Example**:
 
@@ -1253,7 +1265,7 @@ instead.<br>
 sysdig:
   proxy:
     enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
 ```
 
 ## **sysdig.proxy.enable**
@@ -1298,7 +1310,7 @@ only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
 appended to the list in
 [`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, anchore-reports`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
 
 **Example**:
 
@@ -1379,25 +1391,25 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**: 4.0.12.6<br>
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.6
+  redisVersion: 4.0.12.7
 ```
 
 ## **sysdig.redisHaVersion**
-**Required**: `true`<br>
+**Required**: `false`<br>
 **Description**: Docker image tag of HA Redis, relevant when configured
 `sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**: 4.0.12.6<br>
+**Default**: 4.0.12.8-ha<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12.6
+  redisHaVersion: 4.0.12.8-ha
 ```
 
 ## **sysdig.redisHa**
@@ -2642,39 +2654,39 @@ sysdig:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-reports.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-reports pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|limits  |
 |------------|--------|
-| small      | 300m   |
-| medium     | 300m   |
-| large      | 300m   |
+| small      | 4      |
+| medium     | 4      |
+| large      | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-reports:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-reports.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-reports pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|limits  |
 |------------|--------|
-| small      | 8Gi    |
-| medium     | 8Gi    |
-| large      | 8Gi    |
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 4Gi    |
 
 
 **Example**:
@@ -2682,58 +2694,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-reports:
+    anchore-worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-reports.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-reports pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|requests|
 |------------|--------|
-| small      |  100m  |
-| medium     |  100m  |
-| large      |  100m  |
+| small      |  500m  |
+| medium     |  1     |
+| large      |  1     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-reports:
+    anchore-worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-reports.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-reports pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|requests|
 |------------|--------|
-| small      |   3Gi  |
-| medium     |   3Gi  |
-| large      |   3Gi  |
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   1Gi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-reports:
+    anchore-worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2748,14 +2760,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2771,14 +2783,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanning-api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2793,14 +2805,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanning-api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2815,14 +2827,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanning-api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2837,14 +2850,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2860,14 +2873,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanningalertmgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2882,14 +2895,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanningalertmgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2904,15 +2917,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanningalertmgr:
       requests:
         memory: 200Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2927,14 +2939,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    policy-advisor:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2950,20 +2962,20 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    policy-advisor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 |cluster-size|requests|
 |------------|--------|
-| small      |  500m  |
+| small      |  1  |
 | medium     |  1     |
 | large      |  1     |
 
@@ -2972,14 +2984,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    policy-advisor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2994,125 +3006,480 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    policy-advisor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.restrictPasswordLogin**
+## **sysdig.resources.nats-streaming.limits.cpu**
 **Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  restrictPasswordLogin: true
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.rsyslogVersion**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
-**Default**: 8.34.0.5<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      |  2Gi   |
+| medium     |  2Gi   |
+| large      |  2Gi   |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  rsyslogVersion: 8.34.0.5
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.smtpFromAddress**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpFromAddress: from-address@my-company.com
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.smtpPassword**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
-```
+|cluster-size|requests|
+|------------|--------|
+| small      |  1Gi   |
+| medium     |  1Gi   |
+| large      |  1Gi   |
 
-## **sysdig.smtpProtocolSSL**
-**Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolSSL: true
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.smtpProtocolTLS**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolTLS: true
+  resources:
+    activity-audit-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.smtpServer**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServer: smtp.gmail.com
+  resources:
+    activity-audit-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.smtpServerPort**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServerPort: 587<br>
+  resources:
+    activity-audit-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.smtpUser**
+## **sysdig.resources.activity-audit-api.requests.memory**
 **Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpUser: bob+alice@gmail.com<br>
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.tolerations**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**:
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.activity-audit-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 250m   |
+| medium     | 250m   |
+| large      | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 200Mi  |
+| medium     | 200Mi  |
+| large      | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+**Required**: `false`<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+**Required**: `false`<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+**Required**: `false`<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+**Required**: `false`<br>
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br>
+```
+
+## **sysdig.smtpUser**
+**Required**: `false`<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br>
+```
+
+## **sysdig.tolerations**
+**Required**: `false`<br>
+**Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
 [nodeaffinityLabel.key](#nodeaffinityLabelkey) and
@@ -3151,10 +3518,9 @@ sysdig:
   anchoreCoreReplicaCount: 5
 ```
 
-## **sysdig.anchoreReportingReplicaCount**
+## **sysdig.anchoreWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Reporting replicas, this is a noop
-for clusters of `size` `small`.<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
 **Options**:<br>
 **Default**:<br>
 
@@ -3168,7 +3534,7 @@ for clusters of `size` `small`.<br>
 
 ```yaml
 sysdig:
-  anchoreReportingReplicaCount: 5
+  anchoreWorkerReplicaCount: 5
 ```
 
 ## **sysdig.apiReplicaCount**
@@ -3231,7 +3597,7 @@ sysdig:
   collectorReplicaCount: 7
 ```
 
-## **sysdig.elasticSearchReplicaCount**
+## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
 **Description**: Number of ElasticSearch replicas, this is a noop for clusters of
 `size` `small`.<br>
@@ -3248,7 +3614,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  elasticSearchReplicaCount: 20
+  elasticsearchReplicaCount: 20
 ```
 
 ## **sysdig.workerReplicaCount**
@@ -3456,3 +3822,793 @@ sysdig:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
       -XX:-UseContainerSupport
 ```
+
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  apiKey: replace_with_your_monitor_access_key
+```
+
+## **agent.collectorEndpoint**
+**Required**: `false`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
+```
+
+## **agent.collectorPort**
+**Required**: `false`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
+**Example**:
+
+```yaml
+agent:
+  collectorPort: 6443
+```
+
+## **agent.namespace**
+**Required**: `false`<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Options**: <br>
+**Default**: `agent`<br>
+**Example**:
+
+```yaml
+agent:
+  namespace: sysdig-agent
+```
+
+## **agent.useSlim**
+**Required**: `false`<br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  useSlim: true
+```
+
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `0.93.1`<br>
+**Example**:
+
+```yaml
+agent:
+  version: latest
+```
+
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  useSSL: false
+```
+
+## **agent.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  verifySSL: false
+```
+
+## **agent.clusterName**
+**Required**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
+**Example**:
+
+```yaml
+agent:
+  clusterName: false
+```
+
+## **agent.tags**
+**Required**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  tags: environment:production linux:ubuntu
+```
+
+## **agent.capturesEnabled**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  capturesEnabled: false
+```
+
+## **agent.timezone**
+**Required**: `false`<br>
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  timezone: America/New_York.
+```
+
+## **agent.proxy.httpProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
+```
+
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
+```
+
+## **agent.proxy.noProxy**
+**Required**: `false`<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
+```
+
+## **agent.customKernelModules.enabled**
+**Required**: `false`<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  customKernelModules:
+    enabled: true
+```
+
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    enabled: true
+```
+
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    commandLineCapturesEnabled: true
+```
+
+## **agent.secure.memoryDumpEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    memoryDumpEnabled: true
+```
+
+## **agent.secure.settings.k8sAuditServerURL**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
+```
+
+## **agent.secure.settings.k8sAuditServerPort**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
+```
+
+## **agent.prometheus.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    enabled: true
+```
+
+## **agent.prometheus.settings.interval**
+**Required**: `false`<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      interval: 30
+```
+
+## **agent.prometheus.settings.logErrors**
+**Required**: `false`<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      logErrors: true
+```
+
+## **agent.prometheus.settings.maxMetrics**
+**Required**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
+```
+
+## **agent.prometheus.settings.maxMetricsPerProcess**
+**Required**: `false`<br>
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
+```
+
+## **agent.prometheus.settings.maxTagsPerMetric**
+**Required**: `false`<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `200`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
+```
+
+## **agent.prometheus.settings.histograms**
+**Required**: `false`<br>
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
+
+## **agent.statsd.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    enabled: true
+```
+
+## **agent.statsd.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    settings:
+      limit: 1000
+```
+
+## **agent.jmx.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    enabled: true
+```
+
+## **agent.jmx.settings.limit**
+**Required**: `false`<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    settings:
+      limit: 1000
+```
+
+## **agent.ebpf.enabled**
+**Required**: `false`<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    enabled: true
+```
+
+## **agent.ebpf.settings.mountEtcVolume**
+**Required**: `false`<br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
+```
+
+## **agent.appChecks.elasticsearch.authEnabled**
+**Required**: `false`<br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
+```
+
+## **agent.appChecks.elasticsearch.url**
+**Required**: `false`<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
+```
+
+## **agent.appChecks.elasticsearch.port**
+**Required**: `false`<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
+```
+
+## **agent.appChecks.elasticsearch.username**
+**Required**: `false`<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
+```
+
+## **agent.appChecks.elasticsearch.password**
+**Required**: `false`<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
+```
+
+## **agent.appChecks.elasticsearch.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
+```
+
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enabled: true
+```
+
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
+```
+
+## **agent.appChecks.kafka.url**
+**Required**: `false`<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
+```
+
+## **agent.appChecks.kafka.port**
+**Required**: `false`<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      port: 9200
+```
+
+## **agent.appChecks.kafka.zk.url**
+**Required**: `false`<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
+```
+
+## **agent.appChecks.kafka.zk.port**
+**Required**: `false`<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
+```
+
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
+```
+
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
+```
+
+## **agent.resources.limits.cpu**
+**Required**: `false`<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits|
+|------------|------|
+| small      | 3    |
+| medium     | 5    |
+| large      | 8    |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    limits:
+      cpu: 2
+```
+
+## **agent.resources.limits.memory**
+**Required**: `false`<br>
+**Description**:  The amount of memory assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits|
+|------------|------|
+| small      | 3Gi  |
+| medium     | 6Gi  |
+| large      | 10Gi |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    limits:
+      memory: 2
+```
+
+## **agent.resources.requests.cpu**
+**Required**: `false`<br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 1      |
+| medium     | 3      |
+| large      | 5      |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    requests:
+      cpu: 2
+```
+
+## **agent.resources.requests.memory**
+**Required**: `false`<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 1Gi    |
+| medium     | 3Gi    |
+| large      | 6Gi    |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    requests:
+      memory: 2
+```
+
+## **agent.resources.watchdog.max_memory_usage_mb**
+**Required**: `false`<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 512    |
+| medium     | 1024   |
+| large      | 2048   |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
+```
+
+## **agent.resources.watchdog.cointerface**
+**Required**: `false`<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 512    |
+| medium     | 2048   |
+| large      | 4096   |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    watchdog:
+      cointerface: 1024
+```
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 874f2373..15dc0a99 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -19,7 +19,7 @@ To upgrade:<br>
 
 1. Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://github.com/draios/sysdigcloud-kubernetes/blob/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 2. Edit the following values:
   - [`scripts`](docs/configuration_parameters.md#scripts): Set this to
@@ -76,8 +76,12 @@ To upgrade:<br>
   see [Airgapped Installation
   Options](../README.md#airgapped-Installation-Options).) 
   ```bash
-  docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z -v $(pwd):/manifests:Z \quay.io/sysdig/installer:2.4.1-3
+  docker run \
+    -e HOST_USER=$(id -u) \
+    -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z \
+    -v $(pwd):/manifests:Z \
+    quay.io/sysdig/installer:3.0.0-1
   ```
 
 4. If you are fine with the differences displayed, then set value for the
diff --git a/installer/values.yaml b/installer/values.yaml
index 2318bb9e..41c0b5a2 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -7,8 +7,8 @@ schema_version: 1.0.0
 size: medium
 #Set Quay.Io secrets
 quaypullsecret: <change-me>
-#supports aws | gke | hostPath | local
-storageClassProvisioner: aws
+#supports aws | gke | ibm | hostPath | local
+storageClassProvisioner: aws  # TODO: this would be better as cloudProvisioner | hostPath | local, where cloudProvisioner differs to cloudProvider.name where used
 #Sysdig application config
 sysdig:
 # Sysdig Platform super admin user. This will be used for initial login to

From 55255a0f03216c1b4917625e4a135af9b9a04159 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 3 Jan 2020 15:13:13 +0000
Subject: [PATCH 011/156] updating installer docs

---
 installer/single-node/install.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index c3f932ca..c3c868e1 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -123,6 +123,12 @@ function installCentOSDeps() {
   systemctl start docker
 }
 
+function disableFirewalld() {
+  echo "Disabling firewald...."
+  systemctl stop firewalld
+  systemctl disable firewalld
+}
+
 function installMiniKube() {
   local -r minikube_latest=$(
     curl -sL \
@@ -171,6 +177,7 @@ function installDeps() {
         echo "$ID version: $VERSION_ID is not supported"
         exit 1
       fi
+      disableFirewalld
       installCentOSDeps "$VERSION_ID"
       ;;
     *)

From 00dac4d6b9fa382669166290b4d6eb991402c25e Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 6 Jan 2020 15:16:47 +0000
Subject: [PATCH 012/156] updating installer docs

---
 installer/single-node/install.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index c3c868e1..d5bf93b3 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -155,6 +155,14 @@ function installJq() {
 
 function installDeps() {
   set +e
+
+  cat << EOF > /etc/sysctl.d/k8s.conf
+  net.bridge.bridge-nf-call-ip6tables = 1
+  net.bridge.bridge-nf-call-iptables = 1
+EOF
+  modprobe br_netfilter
+  sysctl --system
+
   source /etc/os-release
   case $ID in
     ubuntu)
@@ -201,6 +209,7 @@ function startMinikube() {
   export MINIKUBE_HOME="/root"
   export KUBECONFIG="/root/.kube/config"
   minikube start --vm-driver=none --kubernetes-version=${KUBERNETES_VERSION}
+  systemctl enable kubelet
   kubectl config use-context minikube
 }
 
@@ -219,7 +228,7 @@ function runInstaller() {
     -v /root/.kube:/root/.kube:Z \
     -v /root/.minikube:/root/.minikube:Z \
     -v "$(pwd)":/manifests:Z \
-    quay.io/sysdig/installer:2.5.0-2
+    quay.io/sysdig/installer:2.5.0-3
 }
 
 function __main() {

From 17ac9ea1083d9d8f9ac7949dfef87b7dd27ba857 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 13 Jan 2020 23:54:52 +0000
Subject: [PATCH 013/156] updating installer docs

---
 installer/single-node/README.md  | 7 ++++---
 installer/single-node/install.sh | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index cd658aec..2d433f8f 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -22,23 +22,24 @@ for debugging a failed install.
 
 ## Requirements.
 
-- An instance with at least 8 CPU cores, 16GB of RAM and 300GB of disk space.
+- An instance with at least 16 CPU cores, 32GB of RAM and 300GB of disk space.
 - Port 443 and 6443 granted network access (in AWS this is done with security
 groups)
 
 ## Status
 
 Tested on:
+- ubuntu bionic
 
+Should work fine on:
 - amazon linux
 - centos 7
 - centos 8
 - debian buster
 - debian stretch
-- ubuntu bionic
 - ubuntu xenial
 
-The script will not work on any OS that it has not been tested on.
+The script will not work on any OS not in above lists.
 
 ## Note
 
diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index d5bf93b3..49e2f130 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -228,7 +228,7 @@ function runInstaller() {
     -v /root/.kube:/root/.kube:Z \
     -v /root/.minikube:/root/.minikube:Z \
     -v "$(pwd)":/manifests:Z \
-    quay.io/sysdig/installer:2.5.0-3
+    quay.io/sysdig/installer:3.0.0-1
 }
 
 function __main() {

From 488309a7c3090b0d5e67eab872904ff578b1e660 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 14 Jan 2020 23:20:33 +0000
Subject: [PATCH 014/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 52278766..c707266c 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -932,9 +932,10 @@ sysdig:
   * [`sysdig.ingressNetworkingInsecureApiNodePort`](#sysdigingressnetworkinginsecureapinodeport)
   * [`sysdig.ingressNetworkingApiNodePort`](#sysdigingressnetworkingapinodeport)
   * [`sysdig.ingressNetworkingCollectorNodePort`](#sysdigingressnetworkingcollectornodeport)
+* external, assumes external ingress is used and does not create ingress objects.
 
 **Options**:
-[`hostnetwork`](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces)|[`loadbalancer`](https://kubernetes.io/docs/concepts/services-networking/#loadbalancer)|[`nodeport`](https://kubernetes.io/docs/concepts/services-networking/#nodeport)
+[`hostnetwork`](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces)|[`loadbalancer`](https://kubernetes.io/docs/concepts/services-networking/#loadbalancer)|[`nodeport`](https://kubernetes.io/docs/concepts/services-networking/#nodeport)| external
 
 **Default**: `hostnetwork`
 **Example**:

From 89bb1c174f6ab58910b846bf5098ed4ba9bd2214 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 15 Jan 2020 23:30:21 +0000
Subject: [PATCH 015/156] updating installer docs

---
 installer/single-node/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 49e2f130..ecdeb059 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -228,7 +228,7 @@ function runInstaller() {
     -v /root/.kube:/root/.kube:Z \
     -v /root/.minikube:/root/.minikube:Z \
     -v "$(pwd)":/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-1
+    quay.io/sysdig/installer:3.0.0-2
 }
 
 function __main() {

From 01047ab3878a52ed4358cb4394a96ae62fb6ba30 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 16 Jan 2020 00:18:46 +0000
Subject: [PATCH 016/156] updating installer docs

---
 installer/README.md       | 8 ++++----
 installer/docs/upgrade.md | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 1eb572e8..0699fe6d 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -115,7 +115,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-1
+    quay.io/sysdig/installer:3.0.0-2
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -184,7 +184,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.0.0-1
+  quay.io/sysdig/installer:3.0.0-2
 ```
 
 ## Full Airgap Install
@@ -219,11 +219,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.0.0-1-uber
+  docker pull quay.io/sysdig/installer:3.0.0-2-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.0.0-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.0.0-2-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 15dc0a99..0ba33e65 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-1
+    quay.io/sysdig/installer:3.0.0-2
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From aa513493ce663fbdf00e30d4489f3f5eb350a622 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 16 Jan 2020 21:58:11 +0000
Subject: [PATCH 017/156] updating installer docs

---
 installer/single-node/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index ecdeb059..b6070053 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -228,7 +228,7 @@ function runInstaller() {
     -v /root/.kube:/root/.kube:Z \
     -v /root/.minikube:/root/.minikube:Z \
     -v "$(pwd)":/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-2
+    quay.io/sysdig/installer:3.0.0-3
 }
 
 function __main() {

From edea1538280a75652a1c9a362cc503a454afc6da Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 4 Feb 2020 16:31:16 +0000
Subject: [PATCH 018/156] updating installer docs

---
 installer/single-node/install.sh | 47 ++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index b6070053..30726db1 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -2,6 +2,11 @@
 
 set -euo pipefail
 
+# globals
+MINIMUM_CPUS=16
+MINIMUM_MEMORY_KB=32000000
+MINIMUM_DISK_IN_GB=60
+
 #log to file and stdout
 log_file="/var/log/sysdig-installer.log"
 exec &>> >(tee -a "$log_file")
@@ -65,6 +70,47 @@ sysdig:
 EOM
 }
 
+function checkCPU() {
+  local -r cpus=$(grep -c processor /proc/cpuinfo)
+
+  if [[ $cpus -lt $MINIMUM_CPUS ]]; then
+    echo "The number of cpus '$cpus' is less than the required number of cpus: '$MINIMUM_CPUS'"
+    exit 1
+  fi
+
+  echo "Enough cpu ✓"
+}
+
+function checkMemory() {
+  local -r memory=$(grep MemTotal /proc/meminfo | awk '{print $2}')
+
+  if [[ $memory -lt $MINIMUM_MEMORY_KB ]]; then
+    echo "The amount of memory '$memory' is less than the required amount of memory in kilobytes '$MINIMUM_MEMORY_KB'"
+    exit 1
+  fi
+
+  echo "Enough memory ✓"
+}
+
+function checkDisk() {
+  local -r diskSizeHumanReadable=$(df -h /var | tail -n1 | awk '{print $2}')
+  local -r diskSize=${diskSizeHumanReadable%G}
+
+  if [[ $diskSize -lt $MINIMUM_DISK_IN_GB ]]; then
+    echo "The volume that holds the var directory needs a minimum of '$MINIMUM_DISK_IN_GB' but currently has '$diskSize'"
+    exit 1
+  fi
+
+  echo "Enough disk ✓"
+}
+
+function preFlight() {
+  echo "Running preFlight checks"
+  checkCPU
+  checkMemory
+  checkDisk
+}
+
 function askQuestions() {
   read -rp $'Provide quay pull secret: \n' QUAYPULLSECRET
   printf "\n"
@@ -232,6 +278,7 @@ function runInstaller() {
 }
 
 function __main() {
+  preFlight
   askQuestions
   installDeps
   writeValuesYaml

From 5a0336882c2b65636081d944d40e8e6139d938b1 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 4 Feb 2020 17:43:18 +0000
Subject: [PATCH 019/156] updating installer docs

---
 installer/README.md                        | 10 +--
 installer/docs/configuration_parameters.md | 73 +++++++++++++++++++++-
 installer/docs/upgrade.md                  |  2 +-
 3 files changed, 79 insertions(+), 6 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 0699fe6d..8cb6c38c 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -115,7 +115,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-2
+    quay.io/sysdig/installer:3.0.0-4
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -184,7 +184,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.0.0-2
+  quay.io/sysdig/installer:3.0.0-4
 ```
 
 ## Full Airgap Install
@@ -219,11 +219,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.0.0-2-uber
+  docker pull quay.io/sysdig/installer:3.0.0-4-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.0.0-2-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.0.0-4-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -281,6 +281,8 @@ the installation machine.
 - Copy the tarball file to the directory where you have your values.yaml file.
 - Run the tar file:
   `bash sysdig_installer.tar.gz`
+- The above step extracts images, runs installer and pushes images to the remote repository in one step. The extract, push images can be redundant for successive installer runs. Setting IMAGE_EXTRACT_PUSH=false runs only the installer.
+  `IMAGE_EXTRACT_PUSH=false bash sysdig_installer.tar.gz`
 - On successful run of Installer towards the end of your terminal you should
   see the below:
 
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index c707266c..6e0c40e1 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -640,7 +640,7 @@ pvStorageSize:
 **Required**: `false`<br>
 **Description**: Docker image tag of Activity Audit services.<br>
 **Options**:<br>
-**Default**: 3.0.0.5308<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
@@ -1141,6 +1141,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The username of the MySQL user that the Sysdig Platform backend
 components will use in communicating with MySQL.<br>
+_**Note**: Do NOT use `root` user for this value._<br>
 **Options**:<br>
 **Default**: `mysql-admin`<br>
 
@@ -3837,6 +3838,20 @@ agent:
   apiKey: replace_with_your_monitor_access_key
 ```
 
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    settings:
+      limit: 1500
+```
+
 ## **agent.collectorEndpoint**
 **Required**: `false`<br>
 **Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
@@ -4488,6 +4503,62 @@ agent:
       enableAggregationPartitions: true
 ```
 
+## **agent.appChecks.mysql.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable mysql app check.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    mysql:
+      enabled: true
+```
+
+## **agent.appChecks.mysql.hostname**
+**Required**: `false`<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
+```
+
+## **agent.appChecks.mysql.user**
+**Required**: `false`<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    mysql:
+      user: mysql-user
+```
+
+## **agent.appChecks.mysql.password**
+**Required**: `false`<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    mysql:
+      password: mysql-password
+```
+
 ## **agent.resources.limits.cpu**
 **Required**: `false`<br>
 **Description**:  The amount of cpu assigned to agent pods.<br>
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 0ba33e65..7523785a 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-2
+    quay.io/sysdig/installer:3.0.0-4
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From 66489c6e4e140b9fd4e6c59d3c3fef0b6725d7e2 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 4 Feb 2020 19:45:43 +0000
Subject: [PATCH 020/156] updating installer docs

---
 installer/single-node/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 30726db1..f92fe384 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -274,7 +274,7 @@ function runInstaller() {
     -v /root/.kube:/root/.kube:Z \
     -v /root/.minikube:/root/.minikube:Z \
     -v "$(pwd)":/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-3
+    quay.io/sysdig/installer:3.0.0-4
 }
 
 function __main() {

From bad04b096edfc27e6e8abdf86beb605a6b73039f Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 6 Feb 2020 05:56:32 +0000
Subject: [PATCH 021/156] updating installer docs

---
 installer/README.md       | 8 ++++----
 installer/docs/upgrade.md | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 8cb6c38c..18c7ac25 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -115,7 +115,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-4
+    quay.io/sysdig/installer:3.0.0-5
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -184,7 +184,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.0.0-4
+  quay.io/sysdig/installer:3.0.0-5
 ```
 
 ## Full Airgap Install
@@ -219,11 +219,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.0.0-4-uber
+  docker pull quay.io/sysdig/installer:3.0.0-5-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.0.0-4-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.0.0-5-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 7523785a..06094f63 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-4
+    quay.io/sysdig/installer:3.0.0-5
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From 13a06dd28f37bffc16c1d294eef966ed69c113f6 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 7 Feb 2020 20:01:42 +0000
Subject: [PATCH 022/156] updating installer docs

---
 installer/single-node/install.sh | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index f92fe384..b25b75b4 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -17,6 +17,7 @@ if [[ "$EUID" -ne 0 ]]; then
   exit 1
 fi
 
+MINIKUBE_VERSION=v1.6.2
 KUBERNETES_VERSION=v1.16.0
 DOCKER_VERSION=18.06.3
 ROOT_LOCAL_PATH="/usr/bin"
@@ -176,19 +177,13 @@ function disableFirewalld() {
 }
 
 function installMiniKube() {
-  local -r minikube_latest=$(
-    curl -sL \
-      https://api.github.com/repos/kubernetes/minikube/releases/latest |
-      jq -r .tag_name
-  )
-  curl -s -Lo minikube "https://storage.googleapis.com/minikube/releases/${minikube_latest}/minikube-linux-amd64"
+  curl -s -Lo minikube "https://storage.googleapis.com/minikube/releases/${MINIKUBE_VERSION}/minikube-linux-amd64"
   chmod +x minikube
   mv minikube "${ROOT_LOCAL_PATH}"
 }
 
 function installKubectl() {
-  local -r kubectl_latest=$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)
-  curl -s -Lo kubectl "https://storage.googleapis.com/kubernetes-release/release/${kubectl_latest}/bin/linux/amd64/kubectl"
+  curl -s -Lo kubectl "https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
   chmod +x kubectl
   mv kubectl "${ROOT_LOCAL_PATH}"
 }

From 7f25ffe1f9f94630502a6837f05426df0fa11f29 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 7 Feb 2020 23:37:01 +0000
Subject: [PATCH 023/156] updating installer docs

---
 installer/README.md        | 441 ++++++++++---------------------------
 installer/install.sh       | 382 ++++++++++++++++++++++++++++++++
 installer/vmx_template.vmx |  79 +++++++
 3 files changed, 573 insertions(+), 329 deletions(-)
 create mode 100755 installer/install.sh
 create mode 100644 installer/vmx_template.vmx

diff --git a/installer/README.md b/installer/README.md
index 18c7ac25..53dfb2b7 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,334 +1,117 @@
-# Installer
-
-The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and Agent), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement
-for the earlier manual install/upgrade procedures.
-
-# Installation Overview
-
-To install, you will log in to quay.io, download a sysdig-chart/values.yaml
-file, provide a few basic parameters in it, and launch the Installer. In a
-normal installation, the rest is automatically configured and deployed.
-
-Note that you can perform a quick install if your environment has access to the
-internet, or a partial or full airgapped installation, as needed. Each is
-described below.
-
-## Prerequisites
-
-### Requirements for Installation Machine with Internet Access
-
-- Network access to Kubernetes cluster
-- Docker
-- Bash
-- jq
-- Network access to quay.io
-- A domain name you are in control of.
-
-### Additional Requirements for Airgapped Environments
-
-- Edited sysdig-chart/values.yaml, with airgap registry details updated
-- Network and authenticated access to the private registry
-
-### Access Requirements
-
-- Sysdig license key (Monitor and/or Secure)
-- Quay pull secret
-- Anchore license file (if Secure is licensed)
-- Docker Log In to quay.io
-- Retrieve Quay username and password from Quay pull secret.
-  For example:
-  ```bash
-  AUTH=$(echo <REPLACE_WITH_quaypullsecret> | base64 --decode | jq -r '.auths."quay.io".auth'| base64 --decode)
-  QUAY_USERNAME=${AUTH%:*}
-  QUAY_PASSWORD=${AUTH#*:}
-  ```
-- Log in to quay.io using the username and password retrieved above.
-  ```bash
-  docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io
-  ```
-
-# Quickstart Install
-
-This install assumes the Kubernetes cluster has network access to pull images from quay.io.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-- Edit the following values:
-
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-    large.
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-    your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
-    The name of the storage class provisioner to use when creating the
-    configured storageClassName parameter. If you do not use one of those two
-    dynamic storage provisioners, then enter: hostPath and refer to the Advanced
-    examples for how to configure static storage provisioning with this option.
-    Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-    provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-    the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-    (OpenShift installs only) Domain name the Sysdig collector will be served on.
-    When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-    The networking construct used to expose the Sysdig API and collector. Options
-    are:
-
-    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
-      host ports for api and collector. This does not create a Kubernetes service.
-    - loadbalancer: creates a service of type loadbalancer and expects that
-      your Kubernetes cluster can provision a load balancer with your cloud provider.
-    - nodeport: creates a service of type nodeport. The node ports can be
-      customized with:
-
-          - sysdig.ingressNetworkingInsecureApiNodePort
-          - sysdig.ingressNetworkingApiNodePort
-          - sysdig.ingressNetworkingCollectorNodePort
-
-      When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
-
-  **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
-  would also edit the following values:
-
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-    The URL of the airgapped (internal) docker registry. This URL is used for
-    installations where the Kubernetes cluster can not pull images directly from
-    Quay.
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-    The password for the configured airgapped_registry_username. Ignore this
-    parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-    The username for the configured airgapped_registry_name. Ignore this
-    parameter if the registry does not require authentication.
-
-- Run the Installer. (Note: This step differs in [Airgapped Installation
-  Options](#airgapped-installation-options).)
-  ```bash
-  docker run \
-    -e HOST_USER=$(id -u) \
-    -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z \
-    -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-5
-  ```
-- On successful run of Installer towards the end of your terminal you should
-  see the below:
-
-  ```
-  All Pods Ready.....Continuing
-  Congratulations, your Sysdig installation was successful!
-  You can now login to the UI at "https://awesome-domain.com:443" with:
-
-  username: "configured-username@awesome-domain.com"
-  password: "awesome-password"
-  ```
-
-**NOTE**: Save the values.yaml file in a secure location; it will be used for
-future upgrades. There will also be a generated directory containing various
-Kubernetes configuration yaml files which were applied by Installer against
-your cluster. It is not necessary to keep the generated directory, as the
-Installer can regenerate is consistently with the same values.yaml file.
-
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
-# Airgapped Installation Options
-
-The Installer can be used to install in airgapped environments, either with
-a multi-homed installation machine that has internet access, or in an
-environment with no internet access.
-
-## Airgapped with Multi-Homed Installation Machine
-
-This assumes a private docker registry is used and the installation machine has
-network access to pull from quay.io and push images to the private registry.
-
-The Prerequisites and workflow are the same as in the Quickstart Install, with
-the following exceptions:
-
-- In step 2, add the airgap registry information.
+# Single node POV installer
 
-- In step 3, run the Installer as follows:
+This script will install docker, minikube, jq, curl etc required to run Sysdig
+Platform, after installing all dependencies the script will create a
+values.yaml and run the installer using the created values.yaml file.
+
+## Usage
+
+Copy the [script](./install.sh) to the machine that sysdig
+platform is intended to run on, if you intend using enterprise anchore copy the
+anchore license file to the same path as the script, then run:
+
+```bash
+sudo ./install.sh
+```
+
+This will prompt for quay pull secrets, sysdig license and domain name(in ec2
+this is the public hostname for the instance). It will install dependencies
+run the installer and create a sysdig platform. It also logs everything you
+see in your terminal to `/var/log/sysdig-installer.log` so this can be used
+for debugging a failed install.
+
+## Requirements.
+
+- An instance with at least 16 CPU cores, 32GB of RAM and 300GB of disk space.
+- Port 443 and 6443 granted network access (in AWS this is done with security
+groups)
+
+## Status
+
+Tested on:
+- ubuntu bionic
+
+Should work fine on:
+- amazon linux
+- centos 7
+- centos 8
+- debian buster
+- debian stretch
+- ubuntu xenial
+
+The script will not work on any OS not in above lists.
+
+## Note
+
+To need to run `kubectl` as root on the host.
+
+## Future improvements
+
+- the script will be hosted in a public location so you can `curl | sudo bash`
+the script.
+
+
+# Airgapped pov installer
+
+The airgapped image is built off a debian 9 base image.
+
+The vdmk images are present in s3://sysdig-installer/debian s3 bucket in draios-dev account in us-east.
+
+## Installation
+
+The vmdk image specified above can be imported using the import external hard disk option.
+
+The cpu, memory and disk requirements are 16cpu, 32gig and 60 gig.
+
+## Credentials
+
+The image is built user `sysdig` user with `sysdig` password and sudo access.
+
+## Running installer
+
+After logging in use the above credentials to run the pov installer in airgapped mode.
+
+```bash
+  #enter sysdig password `sysdig`
+  sudo su
+  #start installation in airgapped mode -i in short
+  ./install.sh --airgap-install
+```
+
+## Gotchas
+
+Initial copy into datastore lists the image as ~5Gig. A recopy into another folder sets the correct size to ~60gig.
+
+## Sharing Image
+
+The objects can exposed by pre-signing with an expiry token using aws cli.
+
+```bash
+aws s3 presign --expires-in 86400 s3://sysdig-installer/debian/<RELEASE-TAG>/<IMAGE_NAME>.vmdk
+```
+
+The above command produces a pre-signed url which expires in 1 day (60 * 60 * 24 = 86400). Download example below.
+
+```bash
+URL="https://sysdig-installer.s3.amazonaws.com/debian/<RELEASE-TAG>/<IMAGE_NAME>UR.vmdk?AWSAccessKeyId=<REDACTED>&Expires=1581191285&Signature=esNl8e7LLwVdNVS4FCBYSTZhJgg%3D" ; wget ${URL}
+```
+
+## Exporting as ovf
+
+Use ovftool command line tool to convert vmdk into ovf from <https://www.vmware.com/support/developer/ovf/>.
+
+A example vmx_template.vmx file in installer/single-node/.
+
+Edit setting `nvme0:0.fileName = "/tmp/ovf/sysdig-pov-image.vmdk"` in vmx_template to point to vmdk file.
+
+Running this will create a sysdig-pov-image.ovf.
 
 ```bash
-docker run \
-  -e HOST_USER=$(id -u) \
-  -e KUBECONFIG=/.kube/config \
-  -v ~/.kube:/.kube:Z \
-  -v $(pwd):/manifests:Z \
-  -v /var/run/docker.sock:/var/run/docker.sock:Z \
-  -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.0.0-5
+ovftool -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
 ```
 
-## Full Airgap Install
-
-This assumes a private docker registry is used and the installation machine
-does not have network access to pull from quay.io, but can push images to the
-private registry.
-
-In this situation, a machine with network access (called the “jump machine”)
-will pull an image containing a self-extracting tarball which can be copied to
-the installation machine.
-
-### Requirements for jump machine
-
-- Network access to quay.io
-- Docker
-- jq
-
-### Requirements for installation machine
-
-- Network access to Kubernetes cluster
-- Docker
-- Bash
-- tar
-- Network and authenticated access to the private registry
-- Edited sysdig-chart/values.yaml, with airgap registry details updated
-
-### Workflow
-
-#### On the Jump Machine
-
-- Follow the Docker Log In to quay.io steps under the Access Requirements section.
-- Pull the image containing the self-extracting tar:
-  ```bash
-  docker pull quay.io/sysdig/installer:3.0.0-5-uber
-  ```
-- Extract the tarball:
-  ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.0.0-5-uber
-  docker cp uber_image:/sysdig_installer.tar.gz .
-  docker rm uber_image
-  ```
-- Copy the tarball to the installation machine.
-
-#### On the Installation Machine:
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-- Edit the following values:
-
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-    large
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-    your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
-    name of the storage class provisioner to use when creating the configured
-    storageClassName parameter. Use hostPath or local in clusters that do not have
-    a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
-    are created manually this should be configured as none. Valid options are:
-    aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-    provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-    the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-    (OpenShift installs only) Domain name the Sysdig collector will be served on.
-    When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-    The networking construct used to expose the Sysdig API and collector. Options
-    are:
-    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
-      host ports for api and collector. This does not create a Kubernetes service.
-    - loadbalancer: creates a service of type loadbalancer and expects that
-      your Kubernetes cluster can provision a load balancer with your cloud provider.
-    - nodeport: creates a service of type nodeport. The node ports can be
-      customized with:
-      - sysdig.ingressNetworkingInsecureApiNodePort
-      - sysdig.ingressNetworkingApiNodePort
-      - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-    The URL of the airgapped (internal) docker registry. This URL is used for
-    installations where the Kubernetes cluster can not pull images directly from
-    Quay.
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-    The password for the configured airgapped_registry_username. Ignore this
-    parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-    The username for the configured airgapped_registry_name. Ignore this
-    parameter if the registry does not require authentication.
-
-- Copy the tarball file to the directory where you have your values.yaml file.
-- Run the tar file:
-  `bash sysdig_installer.tar.gz`
-- The above step extracts images, runs installer and pushes images to the remote repository in one step. The extract, push images can be redundant for successive installer runs. Setting IMAGE_EXTRACT_PUSH=false runs only the installer.
-  `IMAGE_EXTRACT_PUSH=false bash sysdig_installer.tar.gz`
-- On successful run of Installer towards the end of your terminal you should
-  see the below:
-
-  ```
-  All Pods Ready.....Continuing
-  Congratulations, your Sysdig installation was successful!
-  You can now login to the UI at "https://awesome-domain.com:443" with:
-
-  username: "configured-username@awesome-domain.com"
-  password: "awesome-password"
-  ```
-
-**NOTE**: Save the values.yaml file in a secure location; it will be used for
-future upgrades. There will also be a generated directory containing various
-Kubernetes configuration yaml files which were applied by Installer against
-your cluster. It is not necessary to keep the generated directory, as the
-Installer can regenerate is consistently with the same values.yaml file.
-
-# Upgrades
-
-See [upgrade.md](docs/upgrade.md) for upgrades documentation.
-
-# Configuration Parameters and Examples
-
-For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/configuration_parameters.md)
-
-# Advanced Configuration
-
-For advanced configuration option see [advanced.md](docs/advanced.md)
-
-# Example values.yaml
-
-- [single-node values.yaml](examples/single-node/values.yaml)
-- [openshift-with-hostpath values.yaml](examples/openshift-with-hostpath/values.yaml)
-
-# Resource requirements
-
-The below table represents the amount of resources for various cluster sizes
-in their default configuration. The `Redis HA` column indicates extra amount
-of resources required if `redisHa: true` is configured.
-
-| Application | SMALL        |            | GB              | GB            | GB      |     | MEDIUM       |            | GB              | GB            | GB      |     | LARGE |              | GB         | GB              | GB            |         |
-| ----------- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ----- | ------------ | ---------- | --------------- | ------------- | ------- |
-|             | cpu requests | cpu limits | memory requests | memory limits | storage |     | cpu requests | cpu limits | memory requests | memory limits | storage |     |       | cpu requests | cpu limits | memory requests | memory limits | storage |
-| Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
-| Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
-| Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
+Enable verbose logging and stdout.
+
+```bash
+ovftool --X:logToConsole --X:logLevel=verbose -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
+```
\ No newline at end of file
diff --git a/installer/install.sh b/installer/install.sh
new file mode 100755
index 00000000..59d1f05a
--- /dev/null
+++ b/installer/install.sh
@@ -0,0 +1,382 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# globals
+MINIMUM_CPUS=16
+MINIMUM_MEMORY_KB=31000000
+MINIMUM_DISK_IN_GB=59
+
+function logError() { echo "$@" 1>&2; }
+
+#log to file and stdout
+log_file="/var/log/sysdig-installer.log"
+exec &>> >(tee -a "$log_file")
+
+if [[ "$EUID" -ne 0 ]]; then
+  logError "This script needs to be run as root"
+  logError "Usage: sudo ./$0"
+  exit 1
+fi
+
+MINIKUBE_VERSION=v1.6.2
+KUBERNETES_VERSION=v1.16.0
+DOCKER_VERSION=18.06.3
+ROOT_LOCAL_PATH="/usr/bin"
+QUAYPULLSECRET="PLACEHOLDER"
+LICENSE="PLACEHOLDER"
+DNSNAME="PLACEHOLDER"
+AIRGAP_BUILD="false"
+AIRGAP_INSTALL="false"
+INSTALLER_IMAGE="quay.io/sysdig/installer:3.0.0-5"
+
+function writeValuesYaml() {
+  cat << EOM > values.yaml
+size: small
+quaypullsecret: $QUAYPULLSECRET
+apps: monitor secure agent
+storageClassProvisioner: hostPath
+elasticsearch:
+  hostPathNodes:
+    - minikube
+sysdig:
+  mysql:
+    hostPathNodes:
+      - minikube
+  postgresql:
+    hostPathNodes:
+      - minikube
+  cassandra:
+    hostPathNodes:
+      - minikube
+  dnsName: $DNSNAME
+  admin:
+    username: pov@sysdig.com
+  license: $LICENSE
+  resources:
+    api:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    cassandra:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    collector:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    elasticsearch:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+    worker:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+EOM
+}
+
+function checkCPU() {
+  local -r cpus=$(grep -c processor /proc/cpuinfo)
+
+  if [[ $cpus -lt $MINIMUM_CPUS ]]; then
+    logError "The number of cpus '$cpus' is less than the required number of cpus: '$MINIMUM_CPUS'"
+    exit 1
+  fi
+
+  echo "Enough cpu ✓"
+}
+
+function checkMemory() {
+  local -r memory=$(grep MemTotal /proc/meminfo | awk '{print $2}')
+
+  if [[ $memory -lt $MINIMUM_MEMORY_KB ]]; then
+    logError "The amount of memory '$memory' is less than the required amount of memory in kilobytes '$MINIMUM_MEMORY_KB'"
+    exit 1
+  fi
+
+  echo "Enough memory ✓"
+}
+
+function checkDisk() {
+  local -r diskSizeHumanReadable=$(df -h /var | tail -n1 | awk '{print $2}')
+  local -r diskSize=${diskSizeHumanReadable%G}
+
+  if [[ $diskSize -lt $MINIMUM_DISK_IN_GB ]]; then
+    logError "The volume that holds the var directory needs a minimum of '$MINIMUM_DISK_IN_GB' but currently has '$diskSize'"
+    exit 1
+  fi
+
+  echo "Enough disk ✓"
+}
+
+function preFlight() {
+  echo "Running preFlight checks"
+  checkCPU
+  checkMemory
+  checkDisk
+}
+
+function askQuestions() {
+  if [[ "${AIRGAP_BUILD}" != "true" ]]; then
+    read -rp $'Provide quay pull secret: \n' QUAYPULLSECRET
+    printf "\n"
+    read -rp $'Provide sysdig license: \n' LICENSE
+    printf "\n"
+    read -rp $'Provide domain name, this domain name should resolve to this node on port 443 and 6443: \n' DNSNAME
+    printf "\n"
+  else
+    local -r quayPullSecret="${QUAYPULLSECRET}"
+    if [[ "$quayPullSecret" == "PLACEHOLDER" ]]; then
+      logError "-q|--quaypullsecret is needed for airgap build"
+      exit 1
+    fi
+  fi
+}
+
+function dockerLogin() {
+  local -r quayPullSecret=$QUAYPULLSECRET
+  if [[ "$quayPullSecret" != "PLACEHOLDER" ]]; then
+    local -r auth=$(echo "$quayPullSecret" | base64 --decode | jq -r '.auths."quay.io".auth' | base64 --decode)
+    local -r quay_username=${auth%:*}
+    local -r quay_password=${auth#*:}
+    docker login -u "$quay_username" -p "$quay_password" quay.io
+  else
+    logError "Please rerun the script and configure quay pull secret"
+    exit 1
+  fi
+}
+
+function installUbuntuDeps() {
+  apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
+  apt-get update -qq
+  apt-get install -y apt-transport-https ca-certificates curl software-properties-common
+  curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+  add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu  $(lsb_release -cs) stable"
+  apt-get update -qq
+  apt-get install -y --allow-unauthenticated docker-ce=${DOCKER_VERSION}~ce~3-0~ubuntu
+}
+
+function installDebianDeps() {
+  apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
+  apt-get update -qq
+  apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
+  curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
+  add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
+  apt-get update -qq
+  apt-get install -y --allow-unauthenticated docker-ce=${DOCKER_VERSION}~ce~3-0~debian
+}
+
+function installCentOSDeps() {
+  local -r version=$1
+  yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
+  yum -y update
+  yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+  if [[ $version == 8 ]]; then
+    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
+  else
+    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
+  fi
+  # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
+  yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
+  yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
+  systemctl enable docker
+  systemctl start docker
+}
+
+function disableFirewalld() {
+  echo "Disabling firewald...."
+  systemctl stop firewalld
+  systemctl disable firewalld
+}
+
+function installMiniKube() {
+  curl -s -Lo minikube "https://storage.googleapis.com/minikube/releases/${MINIKUBE_VERSION}/minikube-linux-amd64"
+  chmod +x minikube
+  mv minikube "${ROOT_LOCAL_PATH}"
+}
+
+function installKubectl() {
+  curl -s -Lo kubectl "https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
+  chmod +x kubectl
+  mv kubectl "${ROOT_LOCAL_PATH}"
+}
+
+function installJq() {
+  curl -o jq -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
+  chmod +x jq
+  mv jq "${ROOT_LOCAL_PATH}"
+}
+
+function installDeps() {
+  set +e
+
+  cat << EOF > /etc/sysctl.d/k8s.conf
+  net.bridge.bridge-nf-call-ip6tables = 1
+  net.bridge.bridge-nf-call-iptables = 1
+EOF
+  modprobe br_netfilter
+  sysctl --system
+
+  source /etc/os-release
+  case $ID in
+    ubuntu)
+      installUbuntuDeps
+      if [[ ! $VERSION_CODENAME =~ ^(bionic|xenial)$ ]]; then
+        logError "ubuntu version: $VERSION_CODENAME is not supported"
+        exit 1
+      fi
+      ;;
+    debian)
+      installDebianDeps
+      if [[ ! $VERSION_CODENAME =~ ^(stretch|buster)$ ]]; then
+        logError "debian version: $VERSION_CODENAME is not supported"
+        exit 1
+      fi
+      ;;
+    centos | amzn)
+      if [[ $ID =~ ^(centos)$ ]] &&
+        [[ ! "$VERSION_ID" =~ ^(7|8) ]]; then
+        logError "$ID version: $VERSION_ID is not supported"
+        exit 1
+      fi
+      disableFirewalld
+      installCentOSDeps "$VERSION_ID"
+      ;;
+    *)
+      logError "unsupported platform $ID"
+      exit 1
+      ;;
+  esac
+  installJq
+  installMiniKube
+  installKubectl
+  set -e
+}
+
+function startDocker() {
+  systemctl enable docker
+  systemctl start docker
+  ip link set docker0 promisc on
+}
+
+function startMinikube() {
+  export MINIKUBE_HOME="/root"
+  export KUBECONFIG="/root/.kube/config"
+  minikube start --vm-driver=none --kubernetes-version=${KUBERNETES_VERSION}
+  systemctl enable kubelet
+  kubectl config use-context minikube
+  minikube update-context
+}
+
+function fixIptables() {
+  echo "Fixing iptables ..."
+  ### Install iptables rules because minikube locks out external access
+  iptables -I INPUT -t filter -p tcp --dport 443 -j ACCEPT
+  iptables -I INPUT -t filter -p tcp --dport 6443 -j ACCEPT
+  iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+}
+
+function pullImagesSysdigImages(){
+  #copy tests/resources to local
+  getSysdigImagesFromInstaller
+  #find images in resources
+  mapfile -t non_job_images < <(jq -r '.spec.template.spec.containers[]? | .image' \
+    resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
+  mapfile -t job_images < <(jq -r '.spec.jobTemplate.spec.template.spec.containers[]? | .image' \
+    resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
+  #collected images  to images obj
+  local -a images=("${non_job_images[@]}")
+  images+=("${job_images[@]}")
+  #iterate and pull image if not present
+  for image in "${images[@]}"; do
+    if [[ -z $(docker images -q "$image") ]]; then
+      logger info "Pulling $image"
+      docker pull "$image"
+    else
+      echo "$image is present"
+    fi
+  done
+  #clean up resources
+  rm -rf resources
+}
+
+function getSysdigImagesFromInstaller(){
+  #get resources from sysdig-chart/tests
+  docker create --name installer_image ${INSTALLER_IMAGE}
+  docker cp installer_image:/sysdig-chart/tests/resources .
+  docker rm  installer_image
+}
+
+function runInstaller() {
+  if [[ "${AIRGAP_INSTALL}" != "true" ]]; then
+    dockerLogin
+  fi
+  if [[ "${AIRGAP_BUILD}" == "true" ]]; then
+    docker pull "${INSTALLER_IMAGE}"
+    pullImagesSysdigImages
+  else
+    writeValuesYaml
+    docker run --net=host \
+      -e KUBECONFIG=/root/.kube/config \
+      -v /root/.kube:/root/.kube:Z \
+      -v /root/.minikube:/root/.minikube:Z \
+      -v "$(pwd)":/manifests:Z \
+      "${INSTALLER_IMAGE}"
+  fi
+}
+
+function __main() {
+  preFlight
+  askQuestions
+  if [[ "${AIRGAP_INSTALL}" != "true" ]]; then
+    installDeps
+    startDocker
+  fi
+  #minikube needs to run to set the correct context & ip during airgap run
+  startMinikube
+  if [[ "${AIRGAP_INSTALL}" != "true" ]]; then
+    fixIptables
+  fi
+  runInstaller
+}
+
+while [[ $# -gt 0 ]]
+do
+arguments="$1"
+
+case "${arguments}" in
+    -a|--airgap-build)
+    AIRGAP_BUILD="true"
+    LICENSE="installer.airgap.license"
+    DNSNAME="installer.airgap.dnsname"
+    shift # past argument
+    ;;
+    -i|--airgap-install)
+    AIRGAP_INSTALL="true"
+    LICENSE="installer.airgap.license"
+    DNSNAME="installer.airgap.dnsname"
+    shift # past argument
+    ;;
+    -q|--quaypullsecret)
+    QUAYPULLSECRET="$2"
+    shift # past argument
+    shift # past value
+    ;;
+    -h|--help)
+    echo "Help..."
+    echo "use -a|--airgap-builder to specify airgap builder"
+    echo "-q|--quaypullsecret followed by quaysecret to specify airgap builder"
+    shift # past argument
+    exit 0
+    ;;
+    *)    # unknown option
+    shift # past argument
+    logError "unknown arg $1"
+    exit 1
+    ;;
+esac
+done
+
+__main
diff --git a/installer/vmx_template.vmx b/installer/vmx_template.vmx
new file mode 100644
index 00000000..92938222
--- /dev/null
+++ b/installer/vmx_template.vmx
@@ -0,0 +1,79 @@
+.encoding = "UTF-8"
+config.version = "8"
+virtualHW.version = "14"
+vmci0.present = "TRUE"
+floppy0.present = "FALSE"
+numvcpus = "16"
+memSize = "32768"
+bios.bootRetry.delay = "10"
+powerType.suspend = "soft"
+tools.upgrade.policy = "manual"
+sched.cpu.units = "mhz"
+sched.cpu.affinity = "all"
+vm.createDate = "1580953556813202"
+ethernet0.virtualDev = "vmxnet3"
+ethernet0.networkName = "VM Network"
+ethernet0.addressType = "generated"
+ethernet0.wakeOnPcktRcv = "FALSE"
+ethernet0.uptCompatibility = "TRUE"
+ethernet0.present = "TRUE"
+displayName = "sysdig-pov-image"
+guestOS = "debian9-64"
+toolScripts.afterPowerOn = "TRUE"
+toolScripts.afterResume = "TRUE"
+toolScripts.beforeSuspend = "TRUE"
+toolScripts.beforePowerOff = "TRUE"
+tools.syncTime = "FALSE"
+uuid.bios = "56 4d 1d cb 98 dd 56 88-5e de 80 c0 94 c0 81 8e"
+uuid.location = "56 4d 1d cb 98 dd 56 88-5e de 80 c0 94 c0 81 8e"
+vc.uuid = "52 5c 60 3a b0 fe 00 bc-8d f5 a5 74 d8 33 ba 04"
+sched.cpu.min = "0"
+sched.cpu.shares = "normal"
+sched.mem.min = "0"
+sched.mem.minSize = "0"
+sched.mem.shares = "normal"
+ethernet0.generatedAddress = "00:0c:29:c0:81:8e"
+vmci0.id = "-1799323250"
+cleanShutdown = "FALSE"
+nvme0.present = "TRUE"
+nvme0:0.fileName = "/tmp/ovf/sysdig-pov-image.vmdk"
+nvme0:0.present = "TRUE"
+sched.nvme0:0.shares = "normal"
+sched.nvme0:0.throughputCap = "off"
+numa.autosize.cookie = "80001"
+numa.autosize.vcpu.maxPerVirtualNode = "8"
+tools.guest.desktop.autolock = "FALSE"
+pciBridge0.present = "TRUE"
+svga.present = "TRUE"
+pciBridge4.present = "TRUE"
+pciBridge4.virtualDev = "pcieRootPort"
+pciBridge4.functions = "8"
+pciBridge5.present = "TRUE"
+pciBridge5.virtualDev = "pcieRootPort"
+pciBridge5.functions = "8"
+pciBridge6.present = "TRUE"
+pciBridge6.virtualDev = "pcieRootPort"
+pciBridge6.functions = "8"
+pciBridge7.present = "TRUE"
+pciBridge7.virtualDev = "pcieRootPort"
+pciBridge7.functions = "8"
+hpet0.present = "TRUE"
+RemoteDisplay.maxConnections = "-1"
+sched.cpu.latencySensitivity = "normal"
+svga.autodetect = "TRUE"
+pciBridge0.pciSlotNumber = "17"
+pciBridge4.pciSlotNumber = "21"
+pciBridge5.pciSlotNumber = "22"
+pciBridge6.pciSlotNumber = "23"
+pciBridge7.pciSlotNumber = "24"
+ethernet0.pciSlotNumber = "160"
+vmci0.pciSlotNumber = "32"
+sata1.pciSlotNumber = "-1"
+ethernet0.generatedAddressOffset = "0"
+monitor.phys_bits_used = "43"
+vmotion.checkpointFBSize = "4194304"
+vmotion.checkpointSVGAPrimarySize = "16777216"
+softPowerOff = "FALSE"
+svga.guestBackedPrimaryAware = "TRUE"
+nvme0.pciSlotNumber = "192"
+nvme0:0.redo = ""

From 908de23e77531d61eccee8a5f26145720e3581f2 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Sat, 8 Feb 2020 00:08:03 +0000
Subject: [PATCH 024/156] updating installer docs

---
 installer/README.md | 442 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 330 insertions(+), 112 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 53dfb2b7..3c9caa62 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,117 +1,335 @@
-# Single node POV installer
+# Installer
+
+The Sysdig Installer tool is a collection of scripts that help automate the
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and Agent), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement
+for the earlier manual install/upgrade procedures.
+
+# Installation Overview
+
+To install, you will log in to quay.io, download a sysdig-chart/values.yaml
+file, provide a few basic parameters in it, and launch the Installer. In a
+normal installation, the rest is automatically configured and deployed.
+
+Note that you can perform a quick install if your environment has access to the
+internet, or a partial or full airgapped installation, as needed. Each is
+described below.
+
+## Prerequisites
+
+### Requirements for Installation Machine with Internet Access
+
+- Network access to Kubernetes cluster
+- Docker
+- Bash
+- jq
+- Network access to quay.io
+- A domain name you are in control of.
+
+### Additional Requirements for Airgapped Environments
+
+- Edited sysdig-chart/values.yaml, with airgap registry details updated
+- Network and authenticated access to the private registry
+
+### Access Requirements
+
+- Sysdig license key (Monitor and/or Secure)
+- Quay pull secret
+- Anchore license file (if Secure is licensed)
+- Docker Log In to quay.io
+- Retrieve Quay username and password from Quay pull secret.
+  For example:
+  ```bash
+  AUTH=$(echo <REPLACE_WITH_quaypullsecret> | base64 --decode | jq -r '.auths."quay.io".auth'| base64 --decode)
+  QUAY_USERNAME=${AUTH%:*}
+  QUAY_PASSWORD=${AUTH#*:}
+  ```
+- Log in to quay.io using the username and password retrieved above.
+  ```bash
+  docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io
+  ```
+
+# Quickstart Install
+
+This install assumes the Kubernetes cluster has network access to pull images from quay.io.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+- Edit the following values:
+
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+    large.
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+    your Sysdig purchase confirmation mail.
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+    The name of the storage class provisioner to use when creating the
+    configured storageClassName parameter. If you do not use one of those two
+    dynamic storage provisioners, then enter: hostPath and refer to the Advanced
+    examples for how to configure static storage provisioning with this option.
+    Valid options: aws, gke, hostPath
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+    provided with your Sysdig purchase confirmation mail
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+    the Sysdig APIs will be served on.
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+    (OpenShift installs only) Domain name the Sysdig collector will be served on.
+    When not configured it defaults to whatever is configured for sysdig.dnsName.
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+    The networking construct used to expose the Sysdig API and collector. Options
+    are:
+
+    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
+      host ports for api and collector. This does not create a Kubernetes service.
+    - loadbalancer: creates a service of type loadbalancer and expects that
+      your Kubernetes cluster can provision a load balancer with your cloud provider.
+    - nodeport: creates a service of type nodeport. The node ports can be
+      customized with:
+
+          - sysdig.ingressNetworkingInsecureApiNodePort
+          - sysdig.ingressNetworkingApiNodePort
+          - sysdig.ingressNetworkingCollectorNodePort
+
+      When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
+
+  **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
+  would also edit the following values:
+
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+    The URL of the airgapped (internal) docker registry. This URL is used for
+    installations where the Kubernetes cluster can not pull images directly from
+    Quay.
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+    The password for the configured airgapped_registry_username. Ignore this
+    parameter if the registry does not require authentication.
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+    The username for the configured airgapped_registry_name. Ignore this
+    parameter if the registry does not require authentication.
+
+- Run the Installer. (Note: This step differs in [Airgapped Installation
+  Options](#airgapped-installation-options).)
+  ```bash
+  docker run \
+    -e HOST_USER=$(id -u) \
+    -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z \
+    -v $(pwd):/manifests:Z \
+    quay.io/sysdig/installer:3.0.0-5
+  ```
+- On successful run of Installer towards the end of your terminal you should
+  see the below:
+
+  ```
+  All Pods Ready.....Continuing
+  Congratulations, your Sysdig installation was successful!
+  You can now login to the UI at "https://awesome-domain.com:443" with:
+
+  username: "configured-username@awesome-domain.com"
+  password: "awesome-password"
+  ```
+
+**NOTE**: Save the values.yaml file in a secure location; it will be used for
+future upgrades. There will also be a generated directory containing various
+Kubernetes configuration yaml files which were applied by Installer against
+your cluster. It is not necessary to keep the generated directory, as the
+Installer can regenerate is consistently with the same values.yaml file.
+
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
+# Airgapped Installation Options
+
+The Installer can be used to install in airgapped environments, either with
+a multi-homed installation machine that has internet access, or in an
+environment with no internet access.
+
+## Airgapped with Multi-Homed Installation Machine
+
+This assumes a private docker registry is used and the installation machine has
+network access to pull from quay.io and push images to the private registry.
+
+The Prerequisites and workflow are the same as in the Quickstart Install, with
+the following exceptions:
+
+- In step 2, add the airgap registry information.
 
-This script will install docker, minikube, jq, curl etc required to run Sysdig
-Platform, after installing all dependencies the script will create a
-values.yaml and run the installer using the created values.yaml file.
-
-## Usage
-
-Copy the [script](./install.sh) to the machine that sysdig
-platform is intended to run on, if you intend using enterprise anchore copy the
-anchore license file to the same path as the script, then run:
-
-```bash
-sudo ./install.sh
-```
-
-This will prompt for quay pull secrets, sysdig license and domain name(in ec2
-this is the public hostname for the instance). It will install dependencies
-run the installer and create a sysdig platform. It also logs everything you
-see in your terminal to `/var/log/sysdig-installer.log` so this can be used
-for debugging a failed install.
-
-## Requirements.
-
-- An instance with at least 16 CPU cores, 32GB of RAM and 300GB of disk space.
-- Port 443 and 6443 granted network access (in AWS this is done with security
-groups)
-
-## Status
-
-Tested on:
-- ubuntu bionic
-
-Should work fine on:
-- amazon linux
-- centos 7
-- centos 8
-- debian buster
-- debian stretch
-- ubuntu xenial
-
-The script will not work on any OS not in above lists.
-
-## Note
-
-To need to run `kubectl` as root on the host.
-
-## Future improvements
-
-- the script will be hosted in a public location so you can `curl | sudo bash`
-the script.
-
-
-# Airgapped pov installer
-
-The airgapped image is built off a debian 9 base image.
-
-The vdmk images are present in s3://sysdig-installer/debian s3 bucket in draios-dev account in us-east.
-
-## Installation
-
-The vmdk image specified above can be imported using the import external hard disk option.
-
-The cpu, memory and disk requirements are 16cpu, 32gig and 60 gig.
-
-## Credentials
-
-The image is built user `sysdig` user with `sysdig` password and sudo access.
-
-## Running installer
-
-After logging in use the above credentials to run the pov installer in airgapped mode.
-
-```bash
-  #enter sysdig password `sysdig`
-  sudo su
-  #start installation in airgapped mode -i in short
-  ./install.sh --airgap-install
-```
-
-## Gotchas
-
-Initial copy into datastore lists the image as ~5Gig. A recopy into another folder sets the correct size to ~60gig.
-
-## Sharing Image
-
-The objects can exposed by pre-signing with an expiry token using aws cli.
-
-```bash
-aws s3 presign --expires-in 86400 s3://sysdig-installer/debian/<RELEASE-TAG>/<IMAGE_NAME>.vmdk
-```
-
-The above command produces a pre-signed url which expires in 1 day (60 * 60 * 24 = 86400). Download example below.
-
-```bash
-URL="https://sysdig-installer.s3.amazonaws.com/debian/<RELEASE-TAG>/<IMAGE_NAME>UR.vmdk?AWSAccessKeyId=<REDACTED>&Expires=1581191285&Signature=esNl8e7LLwVdNVS4FCBYSTZhJgg%3D" ; wget ${URL}
-```
-
-## Exporting as ovf
-
-Use ovftool command line tool to convert vmdk into ovf from <https://www.vmware.com/support/developer/ovf/>.
-
-A example vmx_template.vmx file in installer/single-node/.
-
-Edit setting `nvme0:0.fileName = "/tmp/ovf/sysdig-pov-image.vmdk"` in vmx_template to point to vmdk file.
-
-Running this will create a sysdig-pov-image.ovf.
+- In step 3, run the Installer as follows:
 
 ```bash
-ovftool -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
+docker run \
+  -e HOST_USER=$(id -u) \
+  -e KUBECONFIG=/.kube/config \
+  -e IMAGE_EXTRACT_PUSH=true
+  -v ~/.kube:/.kube:Z \
+  -v $(pwd):/manifests:Z \
+  -v /var/run/docker.sock:/var/run/docker.sock:Z \
+  -v ~/.docker:/root/docker:Z \
+  quay.io/sysdig/installer:3.0.0-5
 ```
 
-Enable verbose logging and stdout.
-
-```bash
-ovftool --X:logToConsole --X:logLevel=verbose -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
-```
\ No newline at end of file
+## Full Airgap Install
+
+This assumes a private docker registry is used and the installation machine
+does not have network access to pull from quay.io, but can push images to the
+private registry.
+
+In this situation, a machine with network access (called the “jump machine”)
+will pull an image containing a self-extracting tarball which can be copied to
+the installation machine.
+
+### Requirements for jump machine
+
+- Network access to quay.io
+- Docker
+- jq
+
+### Requirements for installation machine
+
+- Network access to Kubernetes cluster
+- Docker
+- Bash
+- tar
+- Network and authenticated access to the private registry
+- Edited sysdig-chart/values.yaml, with airgap registry details updated
+
+### Workflow
+
+#### On the Jump Machine
+
+- Follow the Docker Log In to quay.io steps under the Access Requirements section.
+- Pull the image containing the self-extracting tar:
+  ```bash
+  docker pull quay.io/sysdig/installer:3.0.0-5-uber
+  ```
+- Extract the tarball:
+  ```bash
+  docker create --name uber_image quay.io/sysdig/installer:3.0.0-5-uber
+  docker cp uber_image:/sysdig_installer.tar.gz .
+  docker rm uber_image
+  ```
+- Copy the tarball to the installation machine.
+
+#### On the Installation Machine:
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+- Edit the following values:
+
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+    large
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+    your Sysdig purchase confirmation mail
+  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+    name of the storage class provisioner to use when creating the configured
+    storageClassName parameter. Use hostPath or local in clusters that do not have
+    a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
+    are created manually this should be configured as none. Valid options are:
+    aws,gke,hostPath,local,none
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+    provided with your Sysdig purchase confirmation mail
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+    the Sysdig APIs will be served on.
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+    (OpenShift installs only) Domain name the Sysdig collector will be served on.
+    When not configured it defaults to whatever is configured for sysdig.dnsName.
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+    The networking construct used to expose the Sysdig API and collector. Options
+    are:
+    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
+      host ports for api and collector. This does not create a Kubernetes service.
+    - loadbalancer: creates a service of type loadbalancer and expects that
+      your Kubernetes cluster can provision a load balancer with your cloud provider.
+    - nodeport: creates a service of type nodeport. The node ports can be
+      customized with:
+      - sysdig.ingressNetworkingInsecureApiNodePort
+      - sysdig.ingressNetworkingApiNodePort
+      - sysdig.ingressNetworkingCollectorNodePort
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+    The URL of the airgapped (internal) docker registry. This URL is used for
+    installations where the Kubernetes cluster can not pull images directly from
+    Quay.
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+    The password for the configured airgapped_registry_username. Ignore this
+    parameter if the registry does not require authentication.
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+    The username for the configured airgapped_registry_name. Ignore this
+    parameter if the registry does not require authentication.
+
+- Copy the tarball file to the directory where you have your values.yaml file.
+- Run the tar file:
+  `bash sysdig_installer.tar.gz`
+- The above step extracts images, runs installer and pushes images to the remote repository in one step. The extract, push images can be redundant for successive installer runs. Setting IMAGE_EXTRACT_PUSH=false runs only the installer.
+  `IMAGE_EXTRACT_PUSH=false bash sysdig_installer.tar.gz`
+- On successful run of Installer towards the end of your terminal you should
+  see the below:
+
+  ```
+  All Pods Ready.....Continuing
+  Congratulations, your Sysdig installation was successful!
+  You can now login to the UI at "https://awesome-domain.com:443" with:
+
+  username: "configured-username@awesome-domain.com"
+  password: "awesome-password"
+  ```
+
+**NOTE**: Save the values.yaml file in a secure location; it will be used for
+future upgrades. There will also be a generated directory containing various
+Kubernetes configuration yaml files which were applied by Installer against
+your cluster. It is not necessary to keep the generated directory, as the
+Installer can regenerate is consistently with the same values.yaml file.
+
+# Upgrades
+
+See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+
+# Configuration Parameters and Examples
+
+For the full dictionary of configuration parameters, see:
+[configuration_parameters.md](docs/configuration_parameters.md)
+
+# Advanced Configuration
+
+For advanced configuration option see [advanced.md](docs/advanced.md)
+
+# Example values.yaml
+
+- [single-node values.yaml](examples/single-node/values.yaml)
+- [openshift-with-hostpath values.yaml](examples/openshift-with-hostpath/values.yaml)
+
+# Resource requirements
+
+The below table represents the amount of resources for various cluster sizes
+in their default configuration. The `Redis HA` column indicates extra amount
+of resources required if `redisHa: true` is configured.
+
+| Application | SMALL        |            | GB              | GB            | GB      |     | MEDIUM       |            | GB              | GB            | GB      |     | LARGE |              | GB         | GB              | GB            |         |
+| ----------- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ----- | ------------ | ---------- | --------------- | ------------- | ------- |
+|             | cpu requests | cpu limits | memory requests | memory limits | storage |     | cpu requests | cpu limits | memory requests | memory limits | storage |     |       | cpu requests | cpu limits | memory requests | memory limits | storage |
+| Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
+| Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
+| Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |

From 646205343ce65fc907081199f165bc1e2535d1c6 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 26 Feb 2020 03:22:24 +0000
Subject: [PATCH 025/156] updating installer docs

---
 installer/single-node/README.md        |  65 +++++++++++
 installer/single-node/install.sh       | 154 ++++++++++++++++++++-----
 installer/single-node/vmx_template.vmx |  79 +++++++++++++
 3 files changed, 269 insertions(+), 29 deletions(-)
 create mode 100644 installer/single-node/vmx_template.vmx

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index 2d433f8f..53dfb2b7 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -50,3 +50,68 @@ To need to run `kubectl` as root on the host.
 - the script will be hosted in a public location so you can `curl | sudo bash`
 the script.
 
+
+# Airgapped pov installer
+
+The airgapped image is built off a debian 9 base image.
+
+The vdmk images are present in s3://sysdig-installer/debian s3 bucket in draios-dev account in us-east.
+
+## Installation
+
+The vmdk image specified above can be imported using the import external hard disk option.
+
+The cpu, memory and disk requirements are 16cpu, 32gig and 60 gig.
+
+## Credentials
+
+The image is built user `sysdig` user with `sysdig` password and sudo access.
+
+## Running installer
+
+After logging in use the above credentials to run the pov installer in airgapped mode.
+
+```bash
+  #enter sysdig password `sysdig`
+  sudo su
+  #start installation in airgapped mode -i in short
+  ./install.sh --airgap-install
+```
+
+## Gotchas
+
+Initial copy into datastore lists the image as ~5Gig. A recopy into another folder sets the correct size to ~60gig.
+
+## Sharing Image
+
+The objects can exposed by pre-signing with an expiry token using aws cli.
+
+```bash
+aws s3 presign --expires-in 86400 s3://sysdig-installer/debian/<RELEASE-TAG>/<IMAGE_NAME>.vmdk
+```
+
+The above command produces a pre-signed url which expires in 1 day (60 * 60 * 24 = 86400). Download example below.
+
+```bash
+URL="https://sysdig-installer.s3.amazonaws.com/debian/<RELEASE-TAG>/<IMAGE_NAME>UR.vmdk?AWSAccessKeyId=<REDACTED>&Expires=1581191285&Signature=esNl8e7LLwVdNVS4FCBYSTZhJgg%3D" ; wget ${URL}
+```
+
+## Exporting as ovf
+
+Use ovftool command line tool to convert vmdk into ovf from <https://www.vmware.com/support/developer/ovf/>.
+
+A example vmx_template.vmx file in installer/single-node/.
+
+Edit setting `nvme0:0.fileName = "/tmp/ovf/sysdig-pov-image.vmdk"` in vmx_template to point to vmdk file.
+
+Running this will create a sysdig-pov-image.ovf.
+
+```bash
+ovftool -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
+```
+
+Enable verbose logging and stdout.
+
+```bash
+ovftool --X:logToConsole --X:logLevel=verbose -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
+```
\ No newline at end of file
diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index b25b75b4..dc086d72 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -4,16 +4,18 @@ set -euo pipefail
 
 # globals
 MINIMUM_CPUS=16
-MINIMUM_MEMORY_KB=32000000
-MINIMUM_DISK_IN_GB=60
+MINIMUM_MEMORY_KB=31000000
+MINIMUM_DISK_IN_GB=59
+
+function logError() { echo "$@" 1>&2; }
 
 #log to file and stdout
 log_file="/var/log/sysdig-installer.log"
 exec &>> >(tee -a "$log_file")
 
 if [[ "$EUID" -ne 0 ]]; then
-  echo "This script needs to be run as root"
-  echo "Usage: sudo ./$0"
+  logError "This script needs to be run as root"
+  logError "Usage: sudo ./$0"
   exit 1
 fi
 
@@ -24,11 +26,15 @@ ROOT_LOCAL_PATH="/usr/bin"
 QUAYPULLSECRET="PLACEHOLDER"
 LICENSE="PLACEHOLDER"
 DNSNAME="PLACEHOLDER"
+AIRGAP_BUILD="false"
+AIRGAP_INSTALL="false"
+INSTALLER_IMAGE="quay.io/sysdig/installer:3.0.0-6"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml
 size: small
 quaypullsecret: $QUAYPULLSECRET
+apps: monitor secure agent
 storageClassProvisioner: hostPath
 elasticsearch:
   hostPathNodes:
@@ -75,7 +81,7 @@ function checkCPU() {
   local -r cpus=$(grep -c processor /proc/cpuinfo)
 
   if [[ $cpus -lt $MINIMUM_CPUS ]]; then
-    echo "The number of cpus '$cpus' is less than the required number of cpus: '$MINIMUM_CPUS'"
+    logError "The number of cpus '$cpus' is less than the required number of cpus: '$MINIMUM_CPUS'"
     exit 1
   fi
 
@@ -86,7 +92,7 @@ function checkMemory() {
   local -r memory=$(grep MemTotal /proc/meminfo | awk '{print $2}')
 
   if [[ $memory -lt $MINIMUM_MEMORY_KB ]]; then
-    echo "The amount of memory '$memory' is less than the required amount of memory in kilobytes '$MINIMUM_MEMORY_KB'"
+    logError "The amount of memory '$memory' is less than the required amount of memory in kilobytes '$MINIMUM_MEMORY_KB'"
     exit 1
   fi
 
@@ -98,7 +104,7 @@ function checkDisk() {
   local -r diskSize=${diskSizeHumanReadable%G}
 
   if [[ $diskSize -lt $MINIMUM_DISK_IN_GB ]]; then
-    echo "The volume that holds the var directory needs a minimum of '$MINIMUM_DISK_IN_GB' but currently has '$diskSize'"
+    logError "The volume that holds the var directory needs a minimum of '$MINIMUM_DISK_IN_GB' but currently has '$diskSize'"
     exit 1
   fi
 
@@ -113,12 +119,20 @@ function preFlight() {
 }
 
 function askQuestions() {
-  read -rp $'Provide quay pull secret: \n' QUAYPULLSECRET
-  printf "\n"
-  read -rp $'Provide sysdig license: \n' LICENSE
-  printf "\n"
-  read -rp $'Provide domain name, this domain name should resolve to this node on port 443 and 6443: \n' DNSNAME
-  printf "\n"
+  if [[ "${AIRGAP_BUILD}" != "true" ]]; then
+    read -rp $'Provide quay pull secret: \n' QUAYPULLSECRET
+    printf "\n"
+    read -rp $'Provide sysdig license: \n' LICENSE
+    printf "\n"
+    read -rp $'Provide domain name, this domain name should resolve to this node on port 443 and 6443: \n' DNSNAME
+    printf "\n"
+  else
+    local -r quayPullSecret="${QUAYPULLSECRET}"
+    if [[ "$quayPullSecret" == "PLACEHOLDER" ]]; then
+      logError "-q|--quaypullsecret is needed for airgap build"
+      exit 1
+    fi
+  fi
 }
 
 function dockerLogin() {
@@ -129,7 +143,8 @@ function dockerLogin() {
     local -r quay_password=${auth#*:}
     docker login -u "$quay_username" -p "$quay_password" quay.io
   else
-    echo "Please rerun the script and configure quay pull secret"
+    logError "Please rerun the script and configure quay pull secret"
+    exit 1
   fi
 }
 
@@ -209,28 +224,28 @@ EOF
     ubuntu)
       installUbuntuDeps
       if [[ ! $VERSION_CODENAME =~ ^(bionic|xenial)$ ]]; then
-        echo "ubuntu version: $VERSION_CODENAME is not supported"
+        logError "ubuntu version: $VERSION_CODENAME is not supported"
         exit 1
       fi
       ;;
     debian)
       installDebianDeps
       if [[ ! $VERSION_CODENAME =~ ^(stretch|buster)$ ]]; then
-        echo "debian version: $VERSION_CODENAME is not supported"
+        logError "debian version: $VERSION_CODENAME is not supported"
         exit 1
       fi
       ;;
     centos | amzn)
       if [[ $ID =~ ^(centos)$ ]] &&
         [[ ! "$VERSION_ID" =~ ^(7|8) ]]; then
-        echo "$ID version: $VERSION_ID is not supported"
+        logError "$ID version: $VERSION_ID is not supported"
         exit 1
       fi
       disableFirewalld
       installCentOSDeps "$VERSION_ID"
       ;;
     *)
-      echo "unsupported platform $ID"
+      logError "unsupported platform $ID"
       exit 1
       ;;
   esac
@@ -252,6 +267,7 @@ function startMinikube() {
   minikube start --vm-driver=none --kubernetes-version=${KUBERNETES_VERSION}
   systemctl enable kubelet
   kubectl config use-context minikube
+  minikube update-context
 }
 
 function fixIptables() {
@@ -262,25 +278,105 @@ function fixIptables() {
   iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 }
 
+function pullImagesSysdigImages(){
+  #copy tests/resources to local
+  getSysdigImagesFromInstaller
+  #find images in resources
+  mapfile -t non_job_images < <(jq -r '.spec.template.spec.containers[]? | .image' \
+    resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
+  mapfile -t job_images < <(jq -r '.spec.jobTemplate.spec.template.spec.containers[]? | .image' \
+    resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
+  #collected images  to images obj
+  local -a images=("${non_job_images[@]}")
+  images+=("${job_images[@]}")
+  #iterate and pull image if not present
+  for image in "${images[@]}"; do
+    if [[ -z $(docker images -q "$image") ]]; then
+      logger info "Pulling $image"
+      docker pull "$image"
+    else
+      echo "$image is present"
+    fi
+  done
+  #clean up resources
+  rm -rf resources
+}
+
+function getSysdigImagesFromInstaller(){
+  #get resources from sysdig-chart/tests
+  docker create --name installer_image ${INSTALLER_IMAGE}
+  docker cp installer_image:/sysdig-chart/tests/resources .
+  docker rm  installer_image
+}
+
 function runInstaller() {
-  dockerLogin
-  docker run --net=host \
-    -e KUBECONFIG=/root/.kube/config \
-    -v /root/.kube:/root/.kube:Z \
-    -v /root/.minikube:/root/.minikube:Z \
-    -v "$(pwd)":/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-4
+  if [[ "${AIRGAP_INSTALL}" != "true" ]]; then
+    dockerLogin
+  fi
+  if [[ "${AIRGAP_BUILD}" == "true" ]]; then
+    docker pull "${INSTALLER_IMAGE}"
+    pullImagesSysdigImages
+  else
+    writeValuesYaml
+    docker run --net=host \
+      -e KUBECONFIG=/root/.kube/config \
+      -v /root/.kube:/root/.kube:Z \
+      -v /root/.minikube:/root/.minikube:Z \
+      -v "$(pwd)":/manifests:Z \
+      "${INSTALLER_IMAGE}"
+  fi
 }
 
 function __main() {
   preFlight
   askQuestions
-  installDeps
-  writeValuesYaml
-  startDocker
+  if [[ "${AIRGAP_INSTALL}" != "true" ]]; then
+    installDeps
+    startDocker
+  fi
+  #minikube needs to run to set the correct context & ip during airgap run
   startMinikube
-  fixIptables
+  if [[ "${AIRGAP_INSTALL}" != "true" ]]; then
+    fixIptables
+  fi
   runInstaller
 }
 
+while [[ $# -gt 0 ]]
+do
+arguments="$1"
+
+case "${arguments}" in
+    -a|--airgap-build)
+    AIRGAP_BUILD="true"
+    LICENSE="installer.airgap.license"
+    DNSNAME="installer.airgap.dnsname"
+    shift # past argument
+    ;;
+    -i|--airgap-install)
+    AIRGAP_INSTALL="true"
+    LICENSE="installer.airgap.license"
+    DNSNAME="installer.airgap.dnsname"
+    shift # past argument
+    ;;
+    -q|--quaypullsecret)
+    QUAYPULLSECRET="$2"
+    shift # past argument
+    shift # past value
+    ;;
+    -h|--help)
+    echo "Help..."
+    echo "use -a|--airgap-builder to specify airgap builder"
+    echo "-q|--quaypullsecret followed by quaysecret to specify airgap builder"
+    shift # past argument
+    exit 0
+    ;;
+    *)    # unknown option
+    shift # past argument
+    logError "unknown arg $1"
+    exit 1
+    ;;
+esac
+done
+
 __main
diff --git a/installer/single-node/vmx_template.vmx b/installer/single-node/vmx_template.vmx
new file mode 100644
index 00000000..92938222
--- /dev/null
+++ b/installer/single-node/vmx_template.vmx
@@ -0,0 +1,79 @@
+.encoding = "UTF-8"
+config.version = "8"
+virtualHW.version = "14"
+vmci0.present = "TRUE"
+floppy0.present = "FALSE"
+numvcpus = "16"
+memSize = "32768"
+bios.bootRetry.delay = "10"
+powerType.suspend = "soft"
+tools.upgrade.policy = "manual"
+sched.cpu.units = "mhz"
+sched.cpu.affinity = "all"
+vm.createDate = "1580953556813202"
+ethernet0.virtualDev = "vmxnet3"
+ethernet0.networkName = "VM Network"
+ethernet0.addressType = "generated"
+ethernet0.wakeOnPcktRcv = "FALSE"
+ethernet0.uptCompatibility = "TRUE"
+ethernet0.present = "TRUE"
+displayName = "sysdig-pov-image"
+guestOS = "debian9-64"
+toolScripts.afterPowerOn = "TRUE"
+toolScripts.afterResume = "TRUE"
+toolScripts.beforeSuspend = "TRUE"
+toolScripts.beforePowerOff = "TRUE"
+tools.syncTime = "FALSE"
+uuid.bios = "56 4d 1d cb 98 dd 56 88-5e de 80 c0 94 c0 81 8e"
+uuid.location = "56 4d 1d cb 98 dd 56 88-5e de 80 c0 94 c0 81 8e"
+vc.uuid = "52 5c 60 3a b0 fe 00 bc-8d f5 a5 74 d8 33 ba 04"
+sched.cpu.min = "0"
+sched.cpu.shares = "normal"
+sched.mem.min = "0"
+sched.mem.minSize = "0"
+sched.mem.shares = "normal"
+ethernet0.generatedAddress = "00:0c:29:c0:81:8e"
+vmci0.id = "-1799323250"
+cleanShutdown = "FALSE"
+nvme0.present = "TRUE"
+nvme0:0.fileName = "/tmp/ovf/sysdig-pov-image.vmdk"
+nvme0:0.present = "TRUE"
+sched.nvme0:0.shares = "normal"
+sched.nvme0:0.throughputCap = "off"
+numa.autosize.cookie = "80001"
+numa.autosize.vcpu.maxPerVirtualNode = "8"
+tools.guest.desktop.autolock = "FALSE"
+pciBridge0.present = "TRUE"
+svga.present = "TRUE"
+pciBridge4.present = "TRUE"
+pciBridge4.virtualDev = "pcieRootPort"
+pciBridge4.functions = "8"
+pciBridge5.present = "TRUE"
+pciBridge5.virtualDev = "pcieRootPort"
+pciBridge5.functions = "8"
+pciBridge6.present = "TRUE"
+pciBridge6.virtualDev = "pcieRootPort"
+pciBridge6.functions = "8"
+pciBridge7.present = "TRUE"
+pciBridge7.virtualDev = "pcieRootPort"
+pciBridge7.functions = "8"
+hpet0.present = "TRUE"
+RemoteDisplay.maxConnections = "-1"
+sched.cpu.latencySensitivity = "normal"
+svga.autodetect = "TRUE"
+pciBridge0.pciSlotNumber = "17"
+pciBridge4.pciSlotNumber = "21"
+pciBridge5.pciSlotNumber = "22"
+pciBridge6.pciSlotNumber = "23"
+pciBridge7.pciSlotNumber = "24"
+ethernet0.pciSlotNumber = "160"
+vmci0.pciSlotNumber = "32"
+sata1.pciSlotNumber = "-1"
+ethernet0.generatedAddressOffset = "0"
+monitor.phys_bits_used = "43"
+vmotion.checkpointFBSize = "4194304"
+vmotion.checkpointSVGAPrimarySize = "16777216"
+softPowerOff = "FALSE"
+svga.guestBackedPrimaryAware = "TRUE"
+nvme0.pciSlotNumber = "192"
+nvme0:0.redo = ""

From 0dcf8f3049a811593f5ecd8fa56edb1103d41274 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 26 Feb 2020 04:21:06 +0000
Subject: [PATCH 026/156] updating installer docs

---
 installer/README.md       | 8 ++++----
 installer/docs/upgrade.md | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3c9caa62..17738bc0 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -115,7 +115,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-5
+    quay.io/sysdig/installer:3.0.0-6
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -185,7 +185,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.0.0-5
+  quay.io/sysdig/installer:3.0.0-6
 ```
 
 ## Full Airgap Install
@@ -220,11 +220,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.0.0-5-uber
+  docker pull quay.io/sysdig/installer:3.0.0-6-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.0.0-5-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.0.0-6-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 06094f63..94a93bf4 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-5
+    quay.io/sysdig/installer:3.0.0-6
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From 1d69ec5870c7e633fd761b5bc038be2f8a56d164 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 4 Mar 2020 14:43:26 +0000
Subject: [PATCH 027/156] updating installer docs

---
 installer/README.md                        |  10 +-
 installer/docs/configuration_parameters.md | 260 ++++++---------------
 installer/docs/upgrade.md                  |   5 +-
 3 files changed, 84 insertions(+), 191 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 17738bc0..e5bc730a 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -115,7 +115,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-6
+    quay.io/sysdig/installer:3.2.0-1
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -180,12 +180,12 @@ the following exceptions:
 docker run \
   -e HOST_USER=$(id -u) \
   -e KUBECONFIG=/.kube/config \
-  -e IMAGE_EXTRACT_PUSH=true
+  -e IMAGE_EXTRACT_PUSH=true \
   -v ~/.kube:/.kube:Z \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.0.0-6
+  quay.io/sysdig/installer:3.2.0-1
 ```
 
 ## Full Airgap Install
@@ -220,11 +220,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.0.0-6-uber
+  docker pull quay.io/sysdig/installer:3.2.0-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.0.0-6-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 6e0c40e1..73b2e41e 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -645,7 +645,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.0.0.5308
+  activityAuditVersion: 3.2.0.5799
 ```
 
 ## **sysdig.anchoreVersion**
@@ -660,6 +660,74 @@ sysdig:
   anchoreVersion: 0.5.1.2
 ```
 
+## **sysdig.accessKey**
+**Required**: `false`<br>
+**Description**: The AWS(or AWS compatible) accessKey to be used by Sysdig
+components to write captures in the s3 bucket.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  accessKey: my_awesome_aws_access_key
+```
+
+## **sysdig.secretKey**
+**Required**: `false`<br>
+**Description**: The AWS(or AWS compatible) secretKey to be used by Sysdig
+components to write captures in the s3 bucket.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  secretKey: my_super_secret_secret_key
+```
+
+## **sysdig.s3.enabled**
+**Required**: `false`<br>
+**Description**: This determines if the installer should enable Sysdig storing
+captures in s3.<br>
+**Options**:`true|false`<br>
+**Default**:false<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    enabled: true
+```
+
+## **sysdig.s3.endpoint**
+**Required**: `false`<br>
+**Description**: S3 endpoint for the bucket, this is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    endpoint: my.awesome.bucket.s3.aws.com
+```
+
+## **sysdig.s3.bucketName**
+**Required**: `false`<br>
+**Description**: Name of the S3 bucket to be used for captures, this is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    endpoint: my.awesome.bucket.s3.aws.com
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
@@ -902,12 +970,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 5.6.16.15<br>
+**Default**: 5.6.16.18<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 5.6.16.15
+  elasticsearchVersion: 5.6.16.18
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1017,12 +1085,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.0.0.5439<br>
+**Default**: 3.2.0.5799<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.0.0.5439
+  monitorVersion: 3.2.0.5799
 ```
 
 ## **sysdig.mysqlHa**
@@ -1406,12 +1474,12 @@ sysdig:
 **Description**: Docker image tag of HA Redis, relevant when configured
 `sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**: 4.0.12.8-ha<br>
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12.8-ha
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
 ## **sysdig.redisHa**
@@ -1944,184 +2012,6 @@ sysdig:
         memory: 2Gi
 ```
 
-## **sysdig.resources.redis-primary.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-primary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-primary:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.redis-primary.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-primary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2Gi    |
-| medium     | 2Gi    |
-| large      | 2Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-primary:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.redis-primary.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-primary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 100m   |
-| medium     | 100m   |
-| large      | 100m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-primary:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.redis-primary.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-primary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 100Mi  |
-| medium     | 100Mi  |
-| large      | 100Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-primary:
-      requests:
-        memory: 2Gi
-```
-
-## **sysdig.resources.redis-secondary.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-secondary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-secondary:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.redis-secondary.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-secondary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2Gi    |
-| medium     | 2Gi    |
-| large      | 2Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-secondary:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.redis-secondary.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-secondary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 100m   |
-| medium     | 100m   |
-| large      | 100m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-secondary:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.redis-secondary.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-secondary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 100Mi  |
-| medium     | 100Mi  |
-| large      | 100Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-secondary:
-      requests:
-        memory: 2Gi
-```
-
 ## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to redis-sentinel pods<br>
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 94a93bf4..ffc4c232 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-6
+    quay.io/sysdig/installer:3.2.0-1
   ```
 
 4. If you are fine with the differences displayed, then set value for the
@@ -93,3 +93,6 @@ To upgrade:<br>
   you intend preserving and update your values.yaml accordingly then repeat
   step 3 until you are fine with the differences. Then set scripts to deploy
   and run for the final time.
+
+5. The datastores Cassandra and ElasticSearch have onDelete update strategy and need to be manually restarted to
+   complete upgrade.

From f94950dd929c52af22223759c8ad2a6b40540498 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 6 Mar 2020 23:45:43 +0000
Subject: [PATCH 028/156] updating installer docs

---
 installer/README.md  | 442 +++++++++++--------------------------------
 installer/install.sh |   7 +-
 2 files changed, 116 insertions(+), 333 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index e5bc730a..53dfb2b7 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,335 +1,117 @@
-# Installer
-
-The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and Agent), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement
-for the earlier manual install/upgrade procedures.
-
-# Installation Overview
-
-To install, you will log in to quay.io, download a sysdig-chart/values.yaml
-file, provide a few basic parameters in it, and launch the Installer. In a
-normal installation, the rest is automatically configured and deployed.
-
-Note that you can perform a quick install if your environment has access to the
-internet, or a partial or full airgapped installation, as needed. Each is
-described below.
-
-## Prerequisites
-
-### Requirements for Installation Machine with Internet Access
-
-- Network access to Kubernetes cluster
-- Docker
-- Bash
-- jq
-- Network access to quay.io
-- A domain name you are in control of.
-
-### Additional Requirements for Airgapped Environments
-
-- Edited sysdig-chart/values.yaml, with airgap registry details updated
-- Network and authenticated access to the private registry
-
-### Access Requirements
-
-- Sysdig license key (Monitor and/or Secure)
-- Quay pull secret
-- Anchore license file (if Secure is licensed)
-- Docker Log In to quay.io
-- Retrieve Quay username and password from Quay pull secret.
-  For example:
-  ```bash
-  AUTH=$(echo <REPLACE_WITH_quaypullsecret> | base64 --decode | jq -r '.auths."quay.io".auth'| base64 --decode)
-  QUAY_USERNAME=${AUTH%:*}
-  QUAY_PASSWORD=${AUTH#*:}
-  ```
-- Log in to quay.io using the username and password retrieved above.
-  ```bash
-  docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io
-  ```
-
-# Quickstart Install
-
-This install assumes the Kubernetes cluster has network access to pull images from quay.io.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-- Edit the following values:
-
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-    large.
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-    your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
-    The name of the storage class provisioner to use when creating the
-    configured storageClassName parameter. If you do not use one of those two
-    dynamic storage provisioners, then enter: hostPath and refer to the Advanced
-    examples for how to configure static storage provisioning with this option.
-    Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-    provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-    the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-    (OpenShift installs only) Domain name the Sysdig collector will be served on.
-    When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-    The networking construct used to expose the Sysdig API and collector. Options
-    are:
-
-    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
-      host ports for api and collector. This does not create a Kubernetes service.
-    - loadbalancer: creates a service of type loadbalancer and expects that
-      your Kubernetes cluster can provision a load balancer with your cloud provider.
-    - nodeport: creates a service of type nodeport. The node ports can be
-      customized with:
-
-          - sysdig.ingressNetworkingInsecureApiNodePort
-          - sysdig.ingressNetworkingApiNodePort
-          - sysdig.ingressNetworkingCollectorNodePort
-
-      When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
-
-  **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
-  would also edit the following values:
-
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-    The URL of the airgapped (internal) docker registry. This URL is used for
-    installations where the Kubernetes cluster can not pull images directly from
-    Quay.
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-    The password for the configured airgapped_registry_username. Ignore this
-    parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-    The username for the configured airgapped_registry_name. Ignore this
-    parameter if the registry does not require authentication.
-
-- Run the Installer. (Note: This step differs in [Airgapped Installation
-  Options](#airgapped-installation-options).)
-  ```bash
-  docker run \
-    -e HOST_USER=$(id -u) \
-    -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z \
-    -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-1
-  ```
-- On successful run of Installer towards the end of your terminal you should
-  see the below:
-
-  ```
-  All Pods Ready.....Continuing
-  Congratulations, your Sysdig installation was successful!
-  You can now login to the UI at "https://awesome-domain.com:443" with:
-
-  username: "configured-username@awesome-domain.com"
-  password: "awesome-password"
-  ```
-
-**NOTE**: Save the values.yaml file in a secure location; it will be used for
-future upgrades. There will also be a generated directory containing various
-Kubernetes configuration yaml files which were applied by Installer against
-your cluster. It is not necessary to keep the generated directory, as the
-Installer can regenerate is consistently with the same values.yaml file.
-
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
-# Airgapped Installation Options
-
-The Installer can be used to install in airgapped environments, either with
-a multi-homed installation machine that has internet access, or in an
-environment with no internet access.
-
-## Airgapped with Multi-Homed Installation Machine
-
-This assumes a private docker registry is used and the installation machine has
-network access to pull from quay.io and push images to the private registry.
-
-The Prerequisites and workflow are the same as in the Quickstart Install, with
-the following exceptions:
-
-- In step 2, add the airgap registry information.
+# Single node POV installer
 
-- In step 3, run the Installer as follows:
+This script will install docker, minikube, jq, curl etc required to run Sysdig
+Platform, after installing all dependencies the script will create a
+values.yaml and run the installer using the created values.yaml file.
+
+## Usage
+
+Copy the [script](./install.sh) to the machine that sysdig
+platform is intended to run on, if you intend using enterprise anchore copy the
+anchore license file to the same path as the script, then run:
+
+```bash
+sudo ./install.sh
+```
+
+This will prompt for quay pull secrets, sysdig license and domain name(in ec2
+this is the public hostname for the instance). It will install dependencies
+run the installer and create a sysdig platform. It also logs everything you
+see in your terminal to `/var/log/sysdig-installer.log` so this can be used
+for debugging a failed install.
+
+## Requirements.
+
+- An instance with at least 16 CPU cores, 32GB of RAM and 300GB of disk space.
+- Port 443 and 6443 granted network access (in AWS this is done with security
+groups)
+
+## Status
+
+Tested on:
+- ubuntu bionic
+
+Should work fine on:
+- amazon linux
+- centos 7
+- centos 8
+- debian buster
+- debian stretch
+- ubuntu xenial
+
+The script will not work on any OS not in above lists.
+
+## Note
+
+To need to run `kubectl` as root on the host.
+
+## Future improvements
+
+- the script will be hosted in a public location so you can `curl | sudo bash`
+the script.
+
+
+# Airgapped pov installer
+
+The airgapped image is built off a debian 9 base image.
+
+The vdmk images are present in s3://sysdig-installer/debian s3 bucket in draios-dev account in us-east.
+
+## Installation
+
+The vmdk image specified above can be imported using the import external hard disk option.
+
+The cpu, memory and disk requirements are 16cpu, 32gig and 60 gig.
+
+## Credentials
+
+The image is built user `sysdig` user with `sysdig` password and sudo access.
+
+## Running installer
+
+After logging in use the above credentials to run the pov installer in airgapped mode.
+
+```bash
+  #enter sysdig password `sysdig`
+  sudo su
+  #start installation in airgapped mode -i in short
+  ./install.sh --airgap-install
+```
+
+## Gotchas
+
+Initial copy into datastore lists the image as ~5Gig. A recopy into another folder sets the correct size to ~60gig.
+
+## Sharing Image
+
+The objects can exposed by pre-signing with an expiry token using aws cli.
+
+```bash
+aws s3 presign --expires-in 86400 s3://sysdig-installer/debian/<RELEASE-TAG>/<IMAGE_NAME>.vmdk
+```
+
+The above command produces a pre-signed url which expires in 1 day (60 * 60 * 24 = 86400). Download example below.
+
+```bash
+URL="https://sysdig-installer.s3.amazonaws.com/debian/<RELEASE-TAG>/<IMAGE_NAME>UR.vmdk?AWSAccessKeyId=<REDACTED>&Expires=1581191285&Signature=esNl8e7LLwVdNVS4FCBYSTZhJgg%3D" ; wget ${URL}
+```
+
+## Exporting as ovf
+
+Use ovftool command line tool to convert vmdk into ovf from <https://www.vmware.com/support/developer/ovf/>.
+
+A example vmx_template.vmx file in installer/single-node/.
+
+Edit setting `nvme0:0.fileName = "/tmp/ovf/sysdig-pov-image.vmdk"` in vmx_template to point to vmdk file.
+
+Running this will create a sysdig-pov-image.ovf.
 
 ```bash
-docker run \
-  -e HOST_USER=$(id -u) \
-  -e KUBECONFIG=/.kube/config \
-  -e IMAGE_EXTRACT_PUSH=true \
-  -v ~/.kube:/.kube:Z \
-  -v $(pwd):/manifests:Z \
-  -v /var/run/docker.sock:/var/run/docker.sock:Z \
-  -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.0-1
+ovftool -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
 ```
 
-## Full Airgap Install
-
-This assumes a private docker registry is used and the installation machine
-does not have network access to pull from quay.io, but can push images to the
-private registry.
-
-In this situation, a machine with network access (called the “jump machine”)
-will pull an image containing a self-extracting tarball which can be copied to
-the installation machine.
-
-### Requirements for jump machine
-
-- Network access to quay.io
-- Docker
-- jq
-
-### Requirements for installation machine
-
-- Network access to Kubernetes cluster
-- Docker
-- Bash
-- tar
-- Network and authenticated access to the private registry
-- Edited sysdig-chart/values.yaml, with airgap registry details updated
-
-### Workflow
-
-#### On the Jump Machine
-
-- Follow the Docker Log In to quay.io steps under the Access Requirements section.
-- Pull the image containing the self-extracting tar:
-  ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-1-uber
-  ```
-- Extract the tarball:
-  ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-1-uber
-  docker cp uber_image:/sysdig_installer.tar.gz .
-  docker rm uber_image
-  ```
-- Copy the tarball to the installation machine.
-
-#### On the Installation Machine:
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-- Edit the following values:
-
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-    large
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-    your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
-    name of the storage class provisioner to use when creating the configured
-    storageClassName parameter. Use hostPath or local in clusters that do not have
-    a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
-    are created manually this should be configured as none. Valid options are:
-    aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-    provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-    the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-    (OpenShift installs only) Domain name the Sysdig collector will be served on.
-    When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-    The networking construct used to expose the Sysdig API and collector. Options
-    are:
-    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
-      host ports for api and collector. This does not create a Kubernetes service.
-    - loadbalancer: creates a service of type loadbalancer and expects that
-      your Kubernetes cluster can provision a load balancer with your cloud provider.
-    - nodeport: creates a service of type nodeport. The node ports can be
-      customized with:
-      - sysdig.ingressNetworkingInsecureApiNodePort
-      - sysdig.ingressNetworkingApiNodePort
-      - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-    The URL of the airgapped (internal) docker registry. This URL is used for
-    installations where the Kubernetes cluster can not pull images directly from
-    Quay.
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-    The password for the configured airgapped_registry_username. Ignore this
-    parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-    The username for the configured airgapped_registry_name. Ignore this
-    parameter if the registry does not require authentication.
-
-- Copy the tarball file to the directory where you have your values.yaml file.
-- Run the tar file:
-  `bash sysdig_installer.tar.gz`
-- The above step extracts images, runs installer and pushes images to the remote repository in one step. The extract, push images can be redundant for successive installer runs. Setting IMAGE_EXTRACT_PUSH=false runs only the installer.
-  `IMAGE_EXTRACT_PUSH=false bash sysdig_installer.tar.gz`
-- On successful run of Installer towards the end of your terminal you should
-  see the below:
-
-  ```
-  All Pods Ready.....Continuing
-  Congratulations, your Sysdig installation was successful!
-  You can now login to the UI at "https://awesome-domain.com:443" with:
-
-  username: "configured-username@awesome-domain.com"
-  password: "awesome-password"
-  ```
-
-**NOTE**: Save the values.yaml file in a secure location; it will be used for
-future upgrades. There will also be a generated directory containing various
-Kubernetes configuration yaml files which were applied by Installer against
-your cluster. It is not necessary to keep the generated directory, as the
-Installer can regenerate is consistently with the same values.yaml file.
-
-# Upgrades
-
-See [upgrade.md](docs/upgrade.md) for upgrades documentation.
-
-# Configuration Parameters and Examples
-
-For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/configuration_parameters.md)
-
-# Advanced Configuration
-
-For advanced configuration option see [advanced.md](docs/advanced.md)
-
-# Example values.yaml
-
-- [single-node values.yaml](examples/single-node/values.yaml)
-- [openshift-with-hostpath values.yaml](examples/openshift-with-hostpath/values.yaml)
-
-# Resource requirements
-
-The below table represents the amount of resources for various cluster sizes
-in their default configuration. The `Redis HA` column indicates extra amount
-of resources required if `redisHa: true` is configured.
-
-| Application | SMALL        |            | GB              | GB            | GB      |     | MEDIUM       |            | GB              | GB            | GB      |     | LARGE |              | GB         | GB              | GB            |         |
-| ----------- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ----- | ------------ | ---------- | --------------- | ------------- | ------- |
-|             | cpu requests | cpu limits | memory requests | memory limits | storage |     | cpu requests | cpu limits | memory requests | memory limits | storage |     |       | cpu requests | cpu limits | memory requests | memory limits | storage |
-| Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
-| Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
-| Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
+Enable verbose logging and stdout.
+
+```bash
+ovftool --X:logToConsole --X:logLevel=verbose -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
+```
\ No newline at end of file
diff --git a/installer/install.sh b/installer/install.sh
index 59d1f05a..c4210e7e 100755
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -28,7 +28,7 @@ LICENSE="PLACEHOLDER"
 DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
-INSTALLER_IMAGE="quay.io/sysdig/installer:3.0.0-5"
+INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-2"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml
@@ -151,7 +151,7 @@ function dockerLogin() {
 function installUbuntuDeps() {
   apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
   apt-get update -qq
-  apt-get install -y apt-transport-https ca-certificates curl software-properties-common
+  apt-get install -y apt-transport-https ca-certificates curl software-properties-common "linux-headers-$(uname -r)"
   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
   add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu  $(lsb_release -cs) stable"
   apt-get update -qq
@@ -161,7 +161,7 @@ function installUbuntuDeps() {
 function installDebianDeps() {
   apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
   apt-get update -qq
-  apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
+  apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common "linux-headers-$(uname -r)"
   curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
   add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
   apt-get update -qq
@@ -181,6 +181,7 @@ function installCentOSDeps() {
   # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
   yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
   yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
+  yum install -y "kernel-devel-$(uname -r)"
   systemctl enable docker
   systemctl start docker
 }

From 16db906896908ec8b8b3566d0f347eabef2e570d Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Sat, 7 Mar 2020 00:37:47 +0000
Subject: [PATCH 029/156] updating installer docs

---
 installer/install.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/installer/install.sh b/installer/install.sh
index c4210e7e..c5ce1949 100755
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -287,9 +287,12 @@ function pullImagesSysdigImages(){
     resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   mapfile -t job_images < <(jq -r '.spec.jobTemplate.spec.template.spec.containers[]? | .image' \
     resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
+  mapfile -t init_container_images < <(jq -r '.spec.template.spec.initContainers[]? | .image' \
+      /sysdig-chart/tests/resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   #collected images  to images obj
   local -a images=("${non_job_images[@]}")
   images+=("${job_images[@]}")
+  images+=("${init_container_images[@]}")
   #iterate and pull image if not present
   for image in "${images[@]}"; do
     if [[ -z $(docker images -q "$image") ]]; then

From a62ea464c5768e3ff82c787714774efbca8013b5 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Sat, 7 Mar 2020 00:53:34 +0000
Subject: [PATCH 030/156] updating installer docs

---
 installer/README.md                        | 442 +++++++++++++++------
 installer/docs/configuration_parameters.md |  26 +-
 installer/docs/upgrade.md                  |   2 +-
 3 files changed, 332 insertions(+), 138 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 53dfb2b7..cdfcae29 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,117 +1,335 @@
-# Single node POV installer
+# Installer
+
+The Sysdig Installer tool is a collection of scripts that help automate the
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and Agent), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement
+for the earlier manual install/upgrade procedures.
+
+# Installation Overview
+
+To install, you will log in to quay.io, download a sysdig-chart/values.yaml
+file, provide a few basic parameters in it, and launch the Installer. In a
+normal installation, the rest is automatically configured and deployed.
+
+Note that you can perform a quick install if your environment has access to the
+internet, or a partial or full airgapped installation, as needed. Each is
+described below.
+
+## Prerequisites
+
+### Requirements for Installation Machine with Internet Access
+
+- Network access to Kubernetes cluster
+- Docker
+- Bash
+- jq
+- Network access to quay.io
+- A domain name you are in control of.
+
+### Additional Requirements for Airgapped Environments
+
+- Edited sysdig-chart/values.yaml, with airgap registry details updated
+- Network and authenticated access to the private registry
+
+### Access Requirements
+
+- Sysdig license key (Monitor and/or Secure)
+- Quay pull secret
+- Anchore license file (if Secure is licensed)
+- Docker Log In to quay.io
+- Retrieve Quay username and password from Quay pull secret.
+  For example:
+  ```bash
+  AUTH=$(echo <REPLACE_WITH_quaypullsecret> | base64 --decode | jq -r '.auths."quay.io".auth'| base64 --decode)
+  QUAY_USERNAME=${AUTH%:*}
+  QUAY_PASSWORD=${AUTH#*:}
+  ```
+- Log in to quay.io using the username and password retrieved above.
+  ```bash
+  docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io
+  ```
+
+# Quickstart Install
+
+This install assumes the Kubernetes cluster has network access to pull images from quay.io.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+- Edit the following values:
+
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+    large.
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+    your Sysdig purchase confirmation mail.
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+    The name of the storage class provisioner to use when creating the
+    configured storageClassName parameter. If you do not use one of those two
+    dynamic storage provisioners, then enter: hostPath and refer to the Advanced
+    examples for how to configure static storage provisioning with this option.
+    Valid options: aws, gke, hostPath
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+    provided with your Sysdig purchase confirmation mail
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+    the Sysdig APIs will be served on.
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+    (OpenShift installs only) Domain name the Sysdig collector will be served on.
+    When not configured it defaults to whatever is configured for sysdig.dnsName.
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+    The networking construct used to expose the Sysdig API and collector. Options
+    are:
+
+    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
+      host ports for api and collector. This does not create a Kubernetes service.
+    - loadbalancer: creates a service of type loadbalancer and expects that
+      your Kubernetes cluster can provision a load balancer with your cloud provider.
+    - nodeport: creates a service of type nodeport. The node ports can be
+      customized with:
+
+          - sysdig.ingressNetworkingInsecureApiNodePort
+          - sysdig.ingressNetworkingApiNodePort
+          - sysdig.ingressNetworkingCollectorNodePort
+
+      When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
+
+  **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
+  would also edit the following values:
+
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+    The URL of the airgapped (internal) docker registry. This URL is used for
+    installations where the Kubernetes cluster can not pull images directly from
+    Quay.
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+    The password for the configured airgapped_registry_username. Ignore this
+    parameter if the registry does not require authentication.
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+    The username for the configured airgapped_registry_name. Ignore this
+    parameter if the registry does not require authentication.
+
+- Run the Installer. (Note: This step differs in [Airgapped Installation
+  Options](#airgapped-installation-options).)
+  ```bash
+  docker run \
+    -e HOST_USER=$(id -u) \
+    -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z \
+    -v $(pwd):/manifests:Z \
+    quay.io/sysdig/installer:3.2.0-2
+  ```
+- On successful run of Installer towards the end of your terminal you should
+  see the below:
+
+  ```
+  All Pods Ready.....Continuing
+  Congratulations, your Sysdig installation was successful!
+  You can now login to the UI at "https://awesome-domain.com:443" with:
+
+  username: "configured-username@awesome-domain.com"
+  password: "awesome-password"
+  ```
+
+**NOTE**: Save the values.yaml file in a secure location; it will be used for
+future upgrades. There will also be a generated directory containing various
+Kubernetes configuration yaml files which were applied by Installer against
+your cluster. It is not necessary to keep the generated directory, as the
+Installer can regenerate is consistently with the same values.yaml file.
+
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
+# Airgapped Installation Options
+
+The Installer can be used to install in airgapped environments, either with
+a multi-homed installation machine that has internet access, or in an
+environment with no internet access.
+
+## Airgapped with Multi-Homed Installation Machine
+
+This assumes a private docker registry is used and the installation machine has
+network access to pull from quay.io and push images to the private registry.
+
+The Prerequisites and workflow are the same as in the Quickstart Install, with
+the following exceptions:
+
+- In step 2, add the airgap registry information.
 
-This script will install docker, minikube, jq, curl etc required to run Sysdig
-Platform, after installing all dependencies the script will create a
-values.yaml and run the installer using the created values.yaml file.
-
-## Usage
-
-Copy the [script](./install.sh) to the machine that sysdig
-platform is intended to run on, if you intend using enterprise anchore copy the
-anchore license file to the same path as the script, then run:
-
-```bash
-sudo ./install.sh
-```
-
-This will prompt for quay pull secrets, sysdig license and domain name(in ec2
-this is the public hostname for the instance). It will install dependencies
-run the installer and create a sysdig platform. It also logs everything you
-see in your terminal to `/var/log/sysdig-installer.log` so this can be used
-for debugging a failed install.
-
-## Requirements.
-
-- An instance with at least 16 CPU cores, 32GB of RAM and 300GB of disk space.
-- Port 443 and 6443 granted network access (in AWS this is done with security
-groups)
-
-## Status
-
-Tested on:
-- ubuntu bionic
-
-Should work fine on:
-- amazon linux
-- centos 7
-- centos 8
-- debian buster
-- debian stretch
-- ubuntu xenial
-
-The script will not work on any OS not in above lists.
-
-## Note
-
-To need to run `kubectl` as root on the host.
-
-## Future improvements
-
-- the script will be hosted in a public location so you can `curl | sudo bash`
-the script.
-
-
-# Airgapped pov installer
-
-The airgapped image is built off a debian 9 base image.
-
-The vdmk images are present in s3://sysdig-installer/debian s3 bucket in draios-dev account in us-east.
-
-## Installation
-
-The vmdk image specified above can be imported using the import external hard disk option.
-
-The cpu, memory and disk requirements are 16cpu, 32gig and 60 gig.
-
-## Credentials
-
-The image is built user `sysdig` user with `sysdig` password and sudo access.
-
-## Running installer
-
-After logging in use the above credentials to run the pov installer in airgapped mode.
-
-```bash
-  #enter sysdig password `sysdig`
-  sudo su
-  #start installation in airgapped mode -i in short
-  ./install.sh --airgap-install
-```
-
-## Gotchas
-
-Initial copy into datastore lists the image as ~5Gig. A recopy into another folder sets the correct size to ~60gig.
-
-## Sharing Image
-
-The objects can exposed by pre-signing with an expiry token using aws cli.
-
-```bash
-aws s3 presign --expires-in 86400 s3://sysdig-installer/debian/<RELEASE-TAG>/<IMAGE_NAME>.vmdk
-```
-
-The above command produces a pre-signed url which expires in 1 day (60 * 60 * 24 = 86400). Download example below.
-
-```bash
-URL="https://sysdig-installer.s3.amazonaws.com/debian/<RELEASE-TAG>/<IMAGE_NAME>UR.vmdk?AWSAccessKeyId=<REDACTED>&Expires=1581191285&Signature=esNl8e7LLwVdNVS4FCBYSTZhJgg%3D" ; wget ${URL}
-```
-
-## Exporting as ovf
-
-Use ovftool command line tool to convert vmdk into ovf from <https://www.vmware.com/support/developer/ovf/>.
-
-A example vmx_template.vmx file in installer/single-node/.
-
-Edit setting `nvme0:0.fileName = "/tmp/ovf/sysdig-pov-image.vmdk"` in vmx_template to point to vmdk file.
-
-Running this will create a sysdig-pov-image.ovf.
+- In step 3, run the Installer as follows:
 
 ```bash
-ovftool -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
+docker run \
+  -e HOST_USER=$(id -u) \
+  -e KUBECONFIG=/.kube/config \
+  -e IMAGE_EXTRACT_PUSH=true \
+  -v ~/.kube:/.kube:Z \
+  -v $(pwd):/manifests:Z \
+  -v /var/run/docker.sock:/var/run/docker.sock:Z \
+  -v ~/.docker:/root/docker:Z \
+  quay.io/sysdig/installer:3.2.0-2
 ```
 
-Enable verbose logging and stdout.
-
-```bash
-ovftool --X:logToConsole --X:logLevel=verbose -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
-```
\ No newline at end of file
+## Full Airgap Install
+
+This assumes a private docker registry is used and the installation machine
+does not have network access to pull from quay.io, but can push images to the
+private registry.
+
+In this situation, a machine with network access (called the “jump machine”)
+will pull an image containing a self-extracting tarball which can be copied to
+the installation machine.
+
+### Requirements for jump machine
+
+- Network access to quay.io
+- Docker
+- jq
+
+### Requirements for installation machine
+
+- Network access to Kubernetes cluster
+- Docker
+- Bash
+- tar
+- Network and authenticated access to the private registry
+- Edited sysdig-chart/values.yaml, with airgap registry details updated
+
+### Workflow
+
+#### On the Jump Machine
+
+- Follow the Docker Log In to quay.io steps under the Access Requirements section.
+- Pull the image containing the self-extracting tar:
+  ```bash
+  docker pull quay.io/sysdig/installer:3.2.0-2-uber
+  ```
+- Extract the tarball:
+  ```bash
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-2-uber
+  docker cp uber_image:/sysdig_installer.tar.gz .
+  docker rm uber_image
+  ```
+- Copy the tarball to the installation machine.
+
+#### On the Installation Machine:
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+- Edit the following values:
+
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+    large
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+    your Sysdig purchase confirmation mail
+  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+    name of the storage class provisioner to use when creating the configured
+    storageClassName parameter. Use hostPath or local in clusters that do not have
+    a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
+    are created manually this should be configured as none. Valid options are:
+    aws,gke,hostPath,local,none
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+    provided with your Sysdig purchase confirmation mail
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+    the Sysdig APIs will be served on.
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+    (OpenShift installs only) Domain name the Sysdig collector will be served on.
+    When not configured it defaults to whatever is configured for sysdig.dnsName.
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+    The networking construct used to expose the Sysdig API and collector. Options
+    are:
+    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
+      host ports for api and collector. This does not create a Kubernetes service.
+    - loadbalancer: creates a service of type loadbalancer and expects that
+      your Kubernetes cluster can provision a load balancer with your cloud provider.
+    - nodeport: creates a service of type nodeport. The node ports can be
+      customized with:
+      - sysdig.ingressNetworkingInsecureApiNodePort
+      - sysdig.ingressNetworkingApiNodePort
+      - sysdig.ingressNetworkingCollectorNodePort
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+    The URL of the airgapped (internal) docker registry. This URL is used for
+    installations where the Kubernetes cluster can not pull images directly from
+    Quay.
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+    The password for the configured airgapped_registry_username. Ignore this
+    parameter if the registry does not require authentication.
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+    The username for the configured airgapped_registry_name. Ignore this
+    parameter if the registry does not require authentication.
+
+- Copy the tarball file to the directory where you have your values.yaml file.
+- Run the tar file:
+  `bash sysdig_installer.tar.gz`
+- The above step extracts images, runs installer and pushes images to the remote repository in one step. The extract, push images can be redundant for successive installer runs. Setting IMAGE_EXTRACT_PUSH=false runs only the installer.
+  `IMAGE_EXTRACT_PUSH=false bash sysdig_installer.tar.gz`
+- On successful run of Installer towards the end of your terminal you should
+  see the below:
+
+  ```
+  All Pods Ready.....Continuing
+  Congratulations, your Sysdig installation was successful!
+  You can now login to the UI at "https://awesome-domain.com:443" with:
+
+  username: "configured-username@awesome-domain.com"
+  password: "awesome-password"
+  ```
+
+**NOTE**: Save the values.yaml file in a secure location; it will be used for
+future upgrades. There will also be a generated directory containing various
+Kubernetes configuration yaml files which were applied by Installer against
+your cluster. It is not necessary to keep the generated directory, as the
+Installer can regenerate is consistently with the same values.yaml file.
+
+# Upgrades
+
+See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+
+# Configuration Parameters and Examples
+
+For the full dictionary of configuration parameters, see:
+[configuration_parameters.md](docs/configuration_parameters.md)
+
+# Advanced Configuration
+
+For advanced configuration option see [advanced.md](docs/advanced.md)
+
+# Example values.yaml
+
+- [single-node values.yaml](examples/single-node/values.yaml)
+- [openshift-with-hostpath values.yaml](examples/openshift-with-hostpath/values.yaml)
+
+# Resource requirements
+
+The below table represents the amount of resources for various cluster sizes
+in their default configuration. The `Redis HA` column indicates extra amount
+of resources required if `redisHa: true` is configured.
+
+| Application | SMALL        |            | GB              | GB            | GB      |     | MEDIUM       |            | GB              | GB            | GB      |     | LARGE |              | GB         | GB              | GB            |         |
+| ----------- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ----- | ------------ | ---------- | --------------- | ------------- | ------- |
+|             | cpu requests | cpu limits | memory requests | memory limits | storage |     | cpu requests | cpu limits | memory requests | memory limits | storage |     |       | cpu requests | cpu limits | memory requests | memory limits | storage |
+| Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
+| Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
+| Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 73b2e41e..93023b88 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -46,7 +46,7 @@ or local in clusters that do not have a provisioner. For setups where
 Persistent Volumes and Persistent Volume Claims are created manually this
 should be configured as `none`. If this is not configured
 [`storageClassName`](#storageclassname) needs to be configured.<br>
-**Options**: `aws|gke|hostPath|local|none`<br>
+**Options**: `aws|gke|hostPath|none`<br>
 **Default**:<br>
 **Example**:
 
@@ -119,18 +119,6 @@ airgapped_registry_username: bob+alice
 deployment: kubernetes
 ```
 
-## **localStoragehostDir**
-**Required**: `false`<br>
-**Description**: The path on the host where the local volumes are mounted
-under. This  is relevant only when `storageClassProvisioner` is `local`.<br>
-**Options**:<br>
-**Default**: `/sysdig`<br>
-**Example**:
-
-```yaml
-localStoragehostDir: /sysdig
-```
-
 ## **context**
 **Required**: `false`<br>
 **Description**: Kubernetes context to use for deploying Sysdig Platform.
@@ -1067,18 +1055,6 @@ sysdig:
   license: replace_with_your_license
 ```
 
-## **sysdig.localVolumeProvisioner**
-**Required**: `false`<br>
-**Description**: The version of the localVolumeProvisioner.<br>
-**Options**:<br>
-**Default**: v2.3.2<br>
-**Example**:
-
-```yaml
-sysdig:
-  localVolumeProvisioner: v2.3.2
-```
-
 ## **sysdig.monitorVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Monitor. **Do not modify
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index ffc4c232..37d25df2 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-1
+    quay.io/sysdig/installer:3.2.0-2
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From 72b838b90624bd274d3049664dbc71eaaac3c1c5 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 9 Mar 2020 20:24:33 +0000
Subject: [PATCH 031/156] updating installer docs

---
 installer/README.md  | 442 +++++++++++--------------------------------
 installer/install.sh |   2 +-
 2 files changed, 113 insertions(+), 331 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cdfcae29..53dfb2b7 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,335 +1,117 @@
-# Installer
-
-The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and Agent), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement
-for the earlier manual install/upgrade procedures.
-
-# Installation Overview
-
-To install, you will log in to quay.io, download a sysdig-chart/values.yaml
-file, provide a few basic parameters in it, and launch the Installer. In a
-normal installation, the rest is automatically configured and deployed.
-
-Note that you can perform a quick install if your environment has access to the
-internet, or a partial or full airgapped installation, as needed. Each is
-described below.
-
-## Prerequisites
-
-### Requirements for Installation Machine with Internet Access
-
-- Network access to Kubernetes cluster
-- Docker
-- Bash
-- jq
-- Network access to quay.io
-- A domain name you are in control of.
-
-### Additional Requirements for Airgapped Environments
-
-- Edited sysdig-chart/values.yaml, with airgap registry details updated
-- Network and authenticated access to the private registry
-
-### Access Requirements
-
-- Sysdig license key (Monitor and/or Secure)
-- Quay pull secret
-- Anchore license file (if Secure is licensed)
-- Docker Log In to quay.io
-- Retrieve Quay username and password from Quay pull secret.
-  For example:
-  ```bash
-  AUTH=$(echo <REPLACE_WITH_quaypullsecret> | base64 --decode | jq -r '.auths."quay.io".auth'| base64 --decode)
-  QUAY_USERNAME=${AUTH%:*}
-  QUAY_PASSWORD=${AUTH#*:}
-  ```
-- Log in to quay.io using the username and password retrieved above.
-  ```bash
-  docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io
-  ```
-
-# Quickstart Install
-
-This install assumes the Kubernetes cluster has network access to pull images from quay.io.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-- Edit the following values:
-
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-    large.
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-    your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
-    The name of the storage class provisioner to use when creating the
-    configured storageClassName parameter. If you do not use one of those two
-    dynamic storage provisioners, then enter: hostPath and refer to the Advanced
-    examples for how to configure static storage provisioning with this option.
-    Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-    provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-    the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-    (OpenShift installs only) Domain name the Sysdig collector will be served on.
-    When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-    The networking construct used to expose the Sysdig API and collector. Options
-    are:
-
-    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
-      host ports for api and collector. This does not create a Kubernetes service.
-    - loadbalancer: creates a service of type loadbalancer and expects that
-      your Kubernetes cluster can provision a load balancer with your cloud provider.
-    - nodeport: creates a service of type nodeport. The node ports can be
-      customized with:
-
-          - sysdig.ingressNetworkingInsecureApiNodePort
-          - sysdig.ingressNetworkingApiNodePort
-          - sysdig.ingressNetworkingCollectorNodePort
-
-      When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
-
-  **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
-  would also edit the following values:
-
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-    The URL of the airgapped (internal) docker registry. This URL is used for
-    installations where the Kubernetes cluster can not pull images directly from
-    Quay.
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-    The password for the configured airgapped_registry_username. Ignore this
-    parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-    The username for the configured airgapped_registry_name. Ignore this
-    parameter if the registry does not require authentication.
-
-- Run the Installer. (Note: This step differs in [Airgapped Installation
-  Options](#airgapped-installation-options).)
-  ```bash
-  docker run \
-    -e HOST_USER=$(id -u) \
-    -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z \
-    -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-2
-  ```
-- On successful run of Installer towards the end of your terminal you should
-  see the below:
-
-  ```
-  All Pods Ready.....Continuing
-  Congratulations, your Sysdig installation was successful!
-  You can now login to the UI at "https://awesome-domain.com:443" with:
-
-  username: "configured-username@awesome-domain.com"
-  password: "awesome-password"
-  ```
-
-**NOTE**: Save the values.yaml file in a secure location; it will be used for
-future upgrades. There will also be a generated directory containing various
-Kubernetes configuration yaml files which were applied by Installer against
-your cluster. It is not necessary to keep the generated directory, as the
-Installer can regenerate is consistently with the same values.yaml file.
-
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
-# Airgapped Installation Options
-
-The Installer can be used to install in airgapped environments, either with
-a multi-homed installation machine that has internet access, or in an
-environment with no internet access.
-
-## Airgapped with Multi-Homed Installation Machine
-
-This assumes a private docker registry is used and the installation machine has
-network access to pull from quay.io and push images to the private registry.
-
-The Prerequisites and workflow are the same as in the Quickstart Install, with
-the following exceptions:
-
-- In step 2, add the airgap registry information.
+# Single node POV installer
 
-- In step 3, run the Installer as follows:
+This script will install docker, minikube, jq, curl etc required to run Sysdig
+Platform, after installing all dependencies the script will create a
+values.yaml and run the installer using the created values.yaml file.
+
+## Usage
+
+Copy the [script](./install.sh) to the machine that sysdig
+platform is intended to run on, if you intend using enterprise anchore copy the
+anchore license file to the same path as the script, then run:
+
+```bash
+sudo ./install.sh
+```
+
+This will prompt for quay pull secrets, sysdig license and domain name(in ec2
+this is the public hostname for the instance). It will install dependencies
+run the installer and create a sysdig platform. It also logs everything you
+see in your terminal to `/var/log/sysdig-installer.log` so this can be used
+for debugging a failed install.
+
+## Requirements.
+
+- An instance with at least 16 CPU cores, 32GB of RAM and 300GB of disk space.
+- Port 443 and 6443 granted network access (in AWS this is done with security
+groups)
+
+## Status
+
+Tested on:
+- ubuntu bionic
+
+Should work fine on:
+- amazon linux
+- centos 7
+- centos 8
+- debian buster
+- debian stretch
+- ubuntu xenial
+
+The script will not work on any OS not in above lists.
+
+## Note
+
+To need to run `kubectl` as root on the host.
+
+## Future improvements
+
+- the script will be hosted in a public location so you can `curl | sudo bash`
+the script.
+
+
+# Airgapped pov installer
+
+The airgapped image is built off a debian 9 base image.
+
+The vdmk images are present in s3://sysdig-installer/debian s3 bucket in draios-dev account in us-east.
+
+## Installation
+
+The vmdk image specified above can be imported using the import external hard disk option.
+
+The cpu, memory and disk requirements are 16cpu, 32gig and 60 gig.
+
+## Credentials
+
+The image is built user `sysdig` user with `sysdig` password and sudo access.
+
+## Running installer
+
+After logging in use the above credentials to run the pov installer in airgapped mode.
+
+```bash
+  #enter sysdig password `sysdig`
+  sudo su
+  #start installation in airgapped mode -i in short
+  ./install.sh --airgap-install
+```
+
+## Gotchas
+
+Initial copy into datastore lists the image as ~5Gig. A recopy into another folder sets the correct size to ~60gig.
+
+## Sharing Image
+
+The objects can exposed by pre-signing with an expiry token using aws cli.
+
+```bash
+aws s3 presign --expires-in 86400 s3://sysdig-installer/debian/<RELEASE-TAG>/<IMAGE_NAME>.vmdk
+```
+
+The above command produces a pre-signed url which expires in 1 day (60 * 60 * 24 = 86400). Download example below.
+
+```bash
+URL="https://sysdig-installer.s3.amazonaws.com/debian/<RELEASE-TAG>/<IMAGE_NAME>UR.vmdk?AWSAccessKeyId=<REDACTED>&Expires=1581191285&Signature=esNl8e7LLwVdNVS4FCBYSTZhJgg%3D" ; wget ${URL}
+```
+
+## Exporting as ovf
+
+Use ovftool command line tool to convert vmdk into ovf from <https://www.vmware.com/support/developer/ovf/>.
+
+A example vmx_template.vmx file in installer/single-node/.
+
+Edit setting `nvme0:0.fileName = "/tmp/ovf/sysdig-pov-image.vmdk"` in vmx_template to point to vmdk file.
+
+Running this will create a sysdig-pov-image.ovf.
 
 ```bash
-docker run \
-  -e HOST_USER=$(id -u) \
-  -e KUBECONFIG=/.kube/config \
-  -e IMAGE_EXTRACT_PUSH=true \
-  -v ~/.kube:/.kube:Z \
-  -v $(pwd):/manifests:Z \
-  -v /var/run/docker.sock:/var/run/docker.sock:Z \
-  -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.0-2
+ovftool -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
 ```
 
-## Full Airgap Install
-
-This assumes a private docker registry is used and the installation machine
-does not have network access to pull from quay.io, but can push images to the
-private registry.
-
-In this situation, a machine with network access (called the “jump machine”)
-will pull an image containing a self-extracting tarball which can be copied to
-the installation machine.
-
-### Requirements for jump machine
-
-- Network access to quay.io
-- Docker
-- jq
-
-### Requirements for installation machine
-
-- Network access to Kubernetes cluster
-- Docker
-- Bash
-- tar
-- Network and authenticated access to the private registry
-- Edited sysdig-chart/values.yaml, with airgap registry details updated
-
-### Workflow
-
-#### On the Jump Machine
-
-- Follow the Docker Log In to quay.io steps under the Access Requirements section.
-- Pull the image containing the self-extracting tar:
-  ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-2-uber
-  ```
-- Extract the tarball:
-  ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-2-uber
-  docker cp uber_image:/sysdig_installer.tar.gz .
-  docker rm uber_image
-  ```
-- Copy the tarball to the installation machine.
-
-#### On the Installation Machine:
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-- Edit the following values:
-
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
-    large
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
-    your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
-    name of the storage class provisioner to use when creating the configured
-    storageClassName parameter. Use hostPath or local in clusters that do not have
-    a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
-    are created manually this should be configured as none. Valid options are:
-    aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
-    provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
-    the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
-    (OpenShift installs only) Domain name the Sysdig collector will be served on.
-    When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
-    The networking construct used to expose the Sysdig API and collector. Options
-    are:
-    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
-      host ports for api and collector. This does not create a Kubernetes service.
-    - loadbalancer: creates a service of type loadbalancer and expects that
-      your Kubernetes cluster can provision a load balancer with your cloud provider.
-    - nodeport: creates a service of type nodeport. The node ports can be
-      customized with:
-      - sysdig.ingressNetworkingInsecureApiNodePort
-      - sysdig.ingressNetworkingApiNodePort
-      - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
-    The URL of the airgapped (internal) docker registry. This URL is used for
-    installations where the Kubernetes cluster can not pull images directly from
-    Quay.
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
-    The password for the configured airgapped_registry_username. Ignore this
-    parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
-    The username for the configured airgapped_registry_name. Ignore this
-    parameter if the registry does not require authentication.
-
-- Copy the tarball file to the directory where you have your values.yaml file.
-- Run the tar file:
-  `bash sysdig_installer.tar.gz`
-- The above step extracts images, runs installer and pushes images to the remote repository in one step. The extract, push images can be redundant for successive installer runs. Setting IMAGE_EXTRACT_PUSH=false runs only the installer.
-  `IMAGE_EXTRACT_PUSH=false bash sysdig_installer.tar.gz`
-- On successful run of Installer towards the end of your terminal you should
-  see the below:
-
-  ```
-  All Pods Ready.....Continuing
-  Congratulations, your Sysdig installation was successful!
-  You can now login to the UI at "https://awesome-domain.com:443" with:
-
-  username: "configured-username@awesome-domain.com"
-  password: "awesome-password"
-  ```
-
-**NOTE**: Save the values.yaml file in a secure location; it will be used for
-future upgrades. There will also be a generated directory containing various
-Kubernetes configuration yaml files which were applied by Installer against
-your cluster. It is not necessary to keep the generated directory, as the
-Installer can regenerate is consistently with the same values.yaml file.
-
-# Upgrades
-
-See [upgrade.md](docs/upgrade.md) for upgrades documentation.
-
-# Configuration Parameters and Examples
-
-For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/configuration_parameters.md)
-
-# Advanced Configuration
-
-For advanced configuration option see [advanced.md](docs/advanced.md)
-
-# Example values.yaml
-
-- [single-node values.yaml](examples/single-node/values.yaml)
-- [openshift-with-hostpath values.yaml](examples/openshift-with-hostpath/values.yaml)
-
-# Resource requirements
-
-The below table represents the amount of resources for various cluster sizes
-in their default configuration. The `Redis HA` column indicates extra amount
-of resources required if `redisHa: true` is configured.
-
-| Application | SMALL        |            | GB              | GB            | GB      |     | MEDIUM       |            | GB              | GB            | GB      |     | LARGE |              | GB         | GB              | GB            |         |
-| ----------- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ----- | ------------ | ---------- | --------------- | ------------- | ------- |
-|             | cpu requests | cpu limits | memory requests | memory limits | storage |     | cpu requests | cpu limits | memory requests | memory limits | storage |     |       | cpu requests | cpu limits | memory requests | memory limits | storage |
-| Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
-| Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
-| Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
+Enable verbose logging and stdout.
+
+```bash
+ovftool --X:logToConsole --X:logLevel=verbose -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
+```
\ No newline at end of file
diff --git a/installer/install.sh b/installer/install.sh
index c5ce1949..4acfceca 100755
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -288,7 +288,7 @@ function pullImagesSysdigImages(){
   mapfile -t job_images < <(jq -r '.spec.jobTemplate.spec.template.spec.containers[]? | .image' \
     resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   mapfile -t init_container_images < <(jq -r '.spec.template.spec.initContainers[]? | .image' \
-      /sysdig-chart/tests/resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
+    resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   #collected images  to images obj
   local -a images=("${non_job_images[@]}")
   images+=("${job_images[@]}")

From 51f50395b7205ddf605c262be86f2d8dcd869bc6 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 12 Mar 2020 23:00:51 +0000
Subject: [PATCH 032/156] updating installer docs

---
 installer/single-node/install.sh | 37 +++++++++++++++++++++++++++++---
 1 file changed, 34 insertions(+), 3 deletions(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index dc086d72..7b75c785 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -28,7 +28,7 @@ LICENSE="PLACEHOLDER"
 DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
-INSTALLER_IMAGE="quay.io/sysdig/installer:3.0.0-6"
+INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-2"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml
@@ -151,7 +151,7 @@ function dockerLogin() {
 function installUbuntuDeps() {
   apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
   apt-get update -qq
-  apt-get install -y apt-transport-https ca-certificates curl software-properties-common
+  apt-get install -y apt-transport-https ca-certificates curl software-properties-common "linux-headers-$(uname -r)"
   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
   add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu  $(lsb_release -cs) stable"
   apt-get update -qq
@@ -161,7 +161,7 @@ function installUbuntuDeps() {
 function installDebianDeps() {
   apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
   apt-get update -qq
-  apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
+  apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common "linux-headers-$(uname -r)"
   curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
   add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
   apt-get update -qq
@@ -181,6 +181,25 @@ function installCentOSDeps() {
   # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
   yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
   yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
+  yum install -y "kernel-devel-$(uname -r)"
+  systemctl enable docker
+  systemctl start docker
+}
+
+function installRhelOSDeps() {
+  local -r version=$1
+  yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
+  yum -y update
+  if [[ $version == 7 ]]; then
+    yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
+  else
+    yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
+  fi
+  # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
+  yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
+  yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
   systemctl enable docker
   systemctl start docker
 }
@@ -244,6 +263,15 @@ EOF
       disableFirewalld
       installCentOSDeps "$VERSION_ID"
       ;;
+    rhel)
+      if [[ $ID =~ ^(rhel)$ ]] &&
+        [[ ! "$VERSION_ID" =~ ^(7) ]]; then
+        echo "$ID version: $VERSION_ID is not supported"
+        exit 1
+      fi
+      disableFirewalld
+      installRhelOSDeps "$VERSION_ID"
+      ;;
     *)
       logError "unsupported platform $ID"
       exit 1
@@ -286,9 +314,12 @@ function pullImagesSysdigImages(){
     resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   mapfile -t job_images < <(jq -r '.spec.jobTemplate.spec.template.spec.containers[]? | .image' \
     resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
+  mapfile -t init_container_images < <(jq -r '.spec.template.spec.initContainers[]? | .image' \
+    resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   #collected images  to images obj
   local -a images=("${non_job_images[@]}")
   images+=("${job_images[@]}")
+  images+=("${init_container_images[@]}")
   #iterate and pull image if not present
   for image in "${images[@]}"; do
     if [[ -z $(docker images -q "$image") ]]; then

From 4a07735013d5745c7dce5c4446dfab340b596f20 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 18 Mar 2020 00:20:59 +0000
Subject: [PATCH 033/156] updating installer docs

---
 installer/single-node/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 7b75c785..7aa8ca62 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -28,7 +28,7 @@ LICENSE="PLACEHOLDER"
 DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
-INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-2"
+INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-3"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml

From 53c8051a7c703d29e85211aa44dfea4f7a32c59e Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 18 Mar 2020 22:30:43 +0000
Subject: [PATCH 034/156] updating installer docs

---
 installer/README.md                        | 447 +++++++++++++++------
 installer/docs/configuration_parameters.md | 139 ++++++-
 installer/docs/upgrade.md                  |   2 +-
 3 files changed, 460 insertions(+), 128 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 53dfb2b7..52b615d1 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,117 +1,340 @@
-# Single node POV installer
+# Installer
+
+The Sysdig Installer tool is a collection of scripts that help automate the
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and Agent), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement
+for the earlier manual install/upgrade procedures.
+
+# Installation Overview
+
+To install, you will log in to quay.io, download a sysdig-chart/values.yaml
+file, provide a few basic parameters in it, and launch the Installer. In a
+normal installation, the rest is automatically configured and deployed.
+
+Note that you can perform a quick install if your environment has access to the
+internet, or a partial or full airgapped installation, as needed. Each is
+described below.
+
+## Prerequisites
+
+### Requirements for Installation Machine with Internet Access
+
+- Network access to Kubernetes cluster
+- Docker
+- Bash
+- jq
+- Network access to quay.io
+- A domain name you are in control of.
+
+### Additional Requirements for Airgapped Environments
+
+- Edited sysdig-chart/values.yaml, with airgap registry details updated
+- Network and authenticated access to the private registry
+
+### Access Requirements
+
+- Sysdig license key (Monitor and/or Secure)
+- Quay pull secret
+- Anchore license file (if Secure is licensed)
+- Docker Log In to quay.io
+- Retrieve Quay username and password from Quay pull secret.
+  For example:
+  ```bash
+  AUTH=$(echo <REPLACE_WITH_quaypullsecret> | base64 --decode | jq -r '.auths."quay.io".auth'| base64 --decode)
+  QUAY_USERNAME=${AUTH%:*}
+  QUAY_PASSWORD=${AUTH#*:}
+  ```
+- Log in to quay.io using the username and password retrieved above.
+  ```bash
+  docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io
+  ```
+
+# Quickstart Install
+
+This install assumes the Kubernetes cluster has network access to pull images from quay.io.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+- Edit the following values:
+
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+    large.
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+    your Sysdig purchase confirmation mail.
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+    The name of the storage class provisioner to use when creating the
+    configured storageClassName parameter. If you do not use one of those two
+    dynamic storage provisioners, then enter: hostPath and refer to the Advanced
+    examples for how to configure static storage provisioning with this option.
+    Valid options: aws, gke, hostPath
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+    provided with your Sysdig purchase confirmation mail
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+    the Sysdig APIs will be served on.
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+    (OpenShift installs only) Domain name the Sysdig collector will be served on.
+    When not configured it defaults to whatever is configured for sysdig.dnsName.
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+    The networking construct used to expose the Sysdig API and collector. Options
+    are:
+
+    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
+      host ports for api and collector. This does not create a Kubernetes service.
+    - loadbalancer: creates a service of type loadbalancer and expects that
+      your Kubernetes cluster can provision a load balancer with your cloud provider.
+    - nodeport: creates a service of type nodeport. The node ports can be
+      customized with:
+
+          - sysdig.ingressNetworkingInsecureApiNodePort
+          - sysdig.ingressNetworkingApiNodePort
+          - sysdig.ingressNetworkingCollectorNodePort
+
+      When not configured `sysdig.ingressNetworking` defaults to `hostnetwork`.
+
+  **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
+  would also edit the following values:
+
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+    The URL of the airgapped (internal) docker registry. This URL is used for
+    installations where the Kubernetes cluster can not pull images directly from
+    Quay.
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+    This defines custom repository prefix for airgapped_registry.
+    Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+    The password for the configured airgapped_registry_username. Ignore this
+    parameter if the registry does not require authentication.
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+    The username for the configured airgapped_registry_name. Ignore this
+    parameter if the registry does not require authentication.
+
+- Run the Installer. (Note: This step differs in [Airgapped Installation
+  Options](#airgapped-installation-options).)
+  ```bash
+  docker run \
+    -e HOST_USER=$(id -u) \
+    -e KUBECONFIG=/.kube/config \
+    -v ~/.kube:/.kube:Z \
+    -v $(pwd):/manifests:Z \
+    quay.io/sysdig/installer:3.2.0-3
+  ```
+- On successful run of Installer towards the end of your terminal you should
+  see the below:
+
+  ```
+  All Pods Ready.....Continuing
+  Congratulations, your Sysdig installation was successful!
+  You can now login to the UI at "https://awesome-domain.com:443" with:
+
+  username: "configured-username@awesome-domain.com"
+  password: "awesome-password"
+  ```
+
+**NOTE**: Save the values.yaml file in a secure location; it will be used for
+future upgrades. There will also be a generated directory containing various
+Kubernetes configuration yaml files which were applied by Installer against
+your cluster. It is not necessary to keep the generated directory, as the
+Installer can regenerate is consistently with the same values.yaml file.
+
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
+# Airgapped Installation Options
+
+The Installer can be used to install in airgapped environments, either with
+a multi-homed installation machine that has internet access, or in an
+environment with no internet access.
+
+## Airgapped with Multi-Homed Installation Machine
+
+This assumes a private docker registry is used and the installation machine has
+network access to pull from quay.io and push images to the private registry.
+
+The Prerequisites and workflow are the same as in the Quickstart Install, with
+the following exceptions:
+
+- In step 2, add the airgap registry information.
 
-This script will install docker, minikube, jq, curl etc required to run Sysdig
-Platform, after installing all dependencies the script will create a
-values.yaml and run the installer using the created values.yaml file.
-
-## Usage
-
-Copy the [script](./install.sh) to the machine that sysdig
-platform is intended to run on, if you intend using enterprise anchore copy the
-anchore license file to the same path as the script, then run:
-
-```bash
-sudo ./install.sh
-```
-
-This will prompt for quay pull secrets, sysdig license and domain name(in ec2
-this is the public hostname for the instance). It will install dependencies
-run the installer and create a sysdig platform. It also logs everything you
-see in your terminal to `/var/log/sysdig-installer.log` so this can be used
-for debugging a failed install.
-
-## Requirements.
-
-- An instance with at least 16 CPU cores, 32GB of RAM and 300GB of disk space.
-- Port 443 and 6443 granted network access (in AWS this is done with security
-groups)
-
-## Status
-
-Tested on:
-- ubuntu bionic
-
-Should work fine on:
-- amazon linux
-- centos 7
-- centos 8
-- debian buster
-- debian stretch
-- ubuntu xenial
-
-The script will not work on any OS not in above lists.
-
-## Note
-
-To need to run `kubectl` as root on the host.
-
-## Future improvements
-
-- the script will be hosted in a public location so you can `curl | sudo bash`
-the script.
-
-
-# Airgapped pov installer
-
-The airgapped image is built off a debian 9 base image.
-
-The vdmk images are present in s3://sysdig-installer/debian s3 bucket in draios-dev account in us-east.
-
-## Installation
-
-The vmdk image specified above can be imported using the import external hard disk option.
-
-The cpu, memory and disk requirements are 16cpu, 32gig and 60 gig.
-
-## Credentials
-
-The image is built user `sysdig` user with `sysdig` password and sudo access.
-
-## Running installer
-
-After logging in use the above credentials to run the pov installer in airgapped mode.
-
-```bash
-  #enter sysdig password `sysdig`
-  sudo su
-  #start installation in airgapped mode -i in short
-  ./install.sh --airgap-install
-```
-
-## Gotchas
-
-Initial copy into datastore lists the image as ~5Gig. A recopy into another folder sets the correct size to ~60gig.
-
-## Sharing Image
-
-The objects can exposed by pre-signing with an expiry token using aws cli.
-
-```bash
-aws s3 presign --expires-in 86400 s3://sysdig-installer/debian/<RELEASE-TAG>/<IMAGE_NAME>.vmdk
-```
-
-The above command produces a pre-signed url which expires in 1 day (60 * 60 * 24 = 86400). Download example below.
-
-```bash
-URL="https://sysdig-installer.s3.amazonaws.com/debian/<RELEASE-TAG>/<IMAGE_NAME>UR.vmdk?AWSAccessKeyId=<REDACTED>&Expires=1581191285&Signature=esNl8e7LLwVdNVS4FCBYSTZhJgg%3D" ; wget ${URL}
-```
-
-## Exporting as ovf
-
-Use ovftool command line tool to convert vmdk into ovf from <https://www.vmware.com/support/developer/ovf/>.
-
-A example vmx_template.vmx file in installer/single-node/.
-
-Edit setting `nvme0:0.fileName = "/tmp/ovf/sysdig-pov-image.vmdk"` in vmx_template to point to vmdk file.
-
-Running this will create a sysdig-pov-image.ovf.
+- In step 3, run the Installer as follows:
 
 ```bash
-ovftool -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
+docker run \
+  -e HOST_USER=$(id -u) \
+  -e KUBECONFIG=/.kube/config \
+  -v ~/.kube:/.kube:Z \
+  -v $(pwd):/manifests:Z \
+  -v /var/run/docker.sock:/var/run/docker.sock:Z \
+  -v ~/.docker:/root/docker:Z \
+  quay.io/sysdig/installer:3.2.0-3
 ```
 
-Enable verbose logging and stdout.
-
-```bash
-ovftool --X:logToConsole --X:logLevel=verbose -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
-```
\ No newline at end of file
+## Full Airgap Install
+
+This assumes a private docker registry is used and the installation machine
+does not have network access to pull from quay.io, but can push images to the
+private registry.
+
+In this situation, a machine with network access (called the “jump machine”)
+will pull an image containing a self-extracting tarball which can be copied to
+the installation machine.
+
+### Requirements for jump machine
+
+- Network access to quay.io
+- Docker
+- jq
+
+### Requirements for installation machine
+
+- Network access to Kubernetes cluster
+- Docker
+- Bash
+- tar
+- Network and authenticated access to the private registry
+- Edited sysdig-chart/values.yaml, with airgap registry details updated
+
+### Workflow
+
+#### On the Jump Machine
+
+- Follow the Docker Log In to quay.io steps under the Access Requirements section.
+- Pull the image containing the self-extracting tar:
+  ```bash
+  docker pull quay.io/sysdig/installer:3.2.0-3-uber
+  ```
+- Extract the tarball:
+  ```bash
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-3-uber
+  docker cp uber_image:/sysdig_installer.tar.gz .
+  docker rm uber_image
+  ```
+- Copy the tarball to the installation machine.
+
+#### On the Installation Machine:
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+- Edit the following values:
+
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
+    large
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+    your Sysdig purchase confirmation mail
+  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+    name of the storage class provisioner to use when creating the configured
+    storageClassName parameter. Use hostPath or local in clusters that do not have
+    a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
+    are created manually this should be configured as none. Valid options are:
+    aws,gke,hostPath,local,none
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+    provided with your Sysdig purchase confirmation mail
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+    the Sysdig APIs will be served on.
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+    (OpenShift installs only) Domain name the Sysdig collector will be served on.
+    When not configured it defaults to whatever is configured for sysdig.dnsName.
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+    The networking construct used to expose the Sysdig API and collector. Options
+    are:
+    - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
+      host ports for api and collector. This does not create a Kubernetes service.
+    - loadbalancer: creates a service of type loadbalancer and expects that
+      your Kubernetes cluster can provision a load balancer with your cloud provider.
+    - nodeport: creates a service of type nodeport. The node ports can be
+      customized with:
+      - sysdig.ingressNetworkingInsecureApiNodePort
+      - sysdig.ingressNetworkingApiNodePort
+      - sysdig.ingressNetworkingCollectorNodePort
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+    The URL of the airgapped (internal) docker registry. This URL is used for
+    installations where the Kubernetes cluster can not pull images directly from
+    Quay.
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+      This defines custom repository prefix for airgapped_registry.
+      Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+    The password for the configured airgapped_registry_username. Ignore this
+    parameter if the registry does not require authentication.
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+    The username for the configured airgapped_registry_name. Ignore this
+    parameter if the registry does not require authentication.
+
+- Copy the tarball file to the directory where you have your values.yaml file.
+- Run the tar file:
+  `bash sysdig_installer.tar.gz`
+- The above step extracts images, runs installer and pushes images to the remote repository in one step. The extract, push images can be redundant for successive installer runs. Setting IMAGE_EXTRACT_PUSH=false runs only the installer.
+  `IMAGE_EXTRACT_PUSH=false bash sysdig_installer.tar.gz`
+- On successful run of Installer towards the end of your terminal you should
+  see the below:
+
+  ```
+  All Pods Ready.....Continuing
+  Congratulations, your Sysdig installation was successful!
+  You can now login to the UI at "https://awesome-domain.com:443" with:
+
+  username: "configured-username@awesome-domain.com"
+  password: "awesome-password"
+  ```
+
+**NOTE**: Save the values.yaml file in a secure location; it will be used for
+future upgrades. There will also be a generated directory containing various
+Kubernetes configuration yaml files which were applied by Installer against
+your cluster. It is not necessary to keep the generated directory, as the
+Installer can regenerate is consistently with the same values.yaml file.
+
+# Upgrades
+
+See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+
+# Configuration Parameters and Examples
+
+For the full dictionary of configuration parameters, see:
+[configuration_parameters.md](docs/configuration_parameters.md)
+
+# Advanced Configuration
+
+For advanced configuration option see [advanced.md](docs/advanced.md)
+
+# Example values.yaml
+
+- [single-node values.yaml](examples/single-node/values.yaml)
+- [openshift-with-hostpath values.yaml](examples/openshift-with-hostpath/values.yaml)
+
+# Resource requirements
+
+The below table represents the amount of resources for various cluster sizes
+in their default configuration. The `Redis HA` column indicates extra amount
+of resources required if `redisHa: true` is configured.
+
+| Application | SMALL        |            | GB              | GB            | GB      |     | MEDIUM       |            | GB              | GB            | GB      |     | LARGE |              | GB         | GB              | GB            |         |
+| ----------- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ----- | ------------ | ---------- | --------------- | ------------- | ------- |
+|             | cpu requests | cpu limits | memory requests | memory limits | storage |     | cpu requests | cpu limits | memory requests | memory limits | storage |     |       | cpu requests | cpu limits | memory requests | memory limits | storage |
+| Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
+| Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
+| Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 93023b88..ece02624 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -83,6 +83,19 @@ details.<br>
 airgapped_registry_name: my-awesome-domain.docker.io
 ```
 
+## **airgapped_repository_prefix**
+**Required**: `false`<br>
+**Description**: This defines custom repository prefix for airgapped_registry.
+Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag<br>
+**Options**:<br>
+**Default**: sysdig<br>
+**Example**:
+
+```yaml
+#tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
+airgapped_repository_prefix: foo/bar
+```
+
 ## **airgapped_registry_password**
 **Required**: `false`
 **Description**: The password for the configured
@@ -188,30 +201,30 @@ cloudProvider:
   create_loadbalancer: true
 ```
 
-## **cloudProvider.isMultiAZ**
+## **cloudProvider.name**
 **Required**: `false`<br>
-**Description**: Specifies whether the underlying Kubernetes cluster is
-deployed in multiple availability zones. The parameter requires
-[`cloudProvider.name`](#cloudprovidername) to be configured. <br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The name of the cloud provider Sysdig Platform will run on.<br>
+**Options**: `aws|gke`<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 cloudProvider:
-  isMultiAZ: false
+  name: aws
 ```
 
-## **cloudProvider.name**
+## **cloudProvider.isMultiAZ**
 **Required**: `false`<br>
-**Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gke|ibm`<br>
-**Default**:<br>
+**Description**: Specifies whether the underlying Kubernetes cluster is
+deployed in multiple availability zones. The parameter requires
+[`cloudProvider.name`](#cloudprovidername) to be configured. <br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 cloudProvider:
-  name: aws
+  isMultiAZ: false
 ```
 
 ## **cloudProvider.region**
@@ -691,7 +704,7 @@ sysdig:
 ## **sysdig.s3.endpoint**
 **Required**: `false`<br>
 **Description**: S3 endpoint for the bucket, this is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured<br>
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured. This is not required if using an AWS S3 Bucket for captures.<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -910,7 +923,7 @@ sysdig:
   collectorPort: 7000
 ```
 
-## **sysdig.customCA**
+## **sysdig.certificate.customCA**
 **Required**: `false`<br>
 **Description**:
 The Sysdig platform may sometimes open connections over SSL to certain external services, including:
@@ -939,7 +952,8 @@ values.yaml
 
 ```yaml
 sysdig:
-  customCA: true
+  certificate:
+    customCA: true
 ```
 
 ## **sysdig.dnsName**
@@ -3465,6 +3479,101 @@ sysdig:
   collectorReplicaCount: 7
 ```
 
+## **sysdig.activityAuditWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  2  |
+| large      |  4  |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditWorkerReplicaCount: 20
+```
+
+## **sysdig.activityAuditApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditApiReplicaCount: 20
+```
+
+## **sysdig.policyAdvisorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  policyAdvisorReplicaCount: 20
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 2
+```
+
+## **sysdig.scanningApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Scanning API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningApiReplicaCount: 3
+```
+
 ## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
 **Description**: Number of ElasticSearch replicas, this is a noop for clusters of
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 37d25df2..fcf2c320 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-2
+    quay.io/sysdig/installer:3.2.0-3
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From d2220edaa9f4a7572ef05728a58207ccd1629d47 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 25 Mar 2020 19:55:18 +0000
Subject: [PATCH 035/156] updating installer docs

---
 installer/README.md        | 8 ++++----
 installer/docs/advanced.md | 9 +++++++++
 installer/docs/upgrade.md  | 2 +-
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 52b615d1..08a380ef 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -118,7 +118,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-3
+    quay.io/sysdig/installer:3.2.0-4
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -187,7 +187,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.0-3
+  quay.io/sysdig/installer:3.2.0-4
 ```
 
 ## Full Airgap Install
@@ -222,11 +222,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-3-uber
+  docker pull quay.io/sysdig/installer:3.2.0-4-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-3-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-4-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index c940cc2d..8c5de38a 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -86,6 +86,15 @@ docker run  \
   quay.io/sysdig/installer:<InstallerVersion>
 ```
 
+### Running airgapped EKS
+
+```bash
+EKS=true bash sysdig_installer.tar.gz
+```
+
+The above ensures the `~/.aws` directory is correctly mounted for the airgap
+installer container.
+
 ### Exposing the sysdig endpoint
 Get the external ip/endpoint for the ingress service.
 ```bash
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index fcf2c320..1f57ebfd 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-3
+    quay.io/sysdig/installer:3.2.0-4
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From cc6990bde94d5016fe7f160a41d0d069c7e6a5f2 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 25 Mar 2020 20:00:08 +0000
Subject: [PATCH 036/156] updating installer docs

---
 installer/single-node/install.sh | 77 ++++++++++++++++----------------
 1 file changed, 38 insertions(+), 39 deletions(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 7aa8ca62..21f8056d 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -28,7 +28,7 @@ LICENSE="PLACEHOLDER"
 DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
-INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-3"
+INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-4"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml
@@ -306,7 +306,7 @@ function fixIptables() {
   iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 }
 
-function pullImagesSysdigImages(){
+function pullImagesSysdigImages() {
   #copy tests/resources to local
   getSysdigImagesFromInstaller
   #find images in resources
@@ -333,11 +333,11 @@ function pullImagesSysdigImages(){
   rm -rf resources
 }
 
-function getSysdigImagesFromInstaller(){
+function getSysdigImagesFromInstaller() {
   #get resources from sysdig-chart/tests
   docker create --name installer_image ${INSTALLER_IMAGE}
   docker cp installer_image:/sysdig-chart/tests/resources .
-  docker rm  installer_image
+  docker rm installer_image
 }
 
 function runInstaller() {
@@ -373,41 +373,40 @@ function __main() {
   runInstaller
 }
 
-while [[ $# -gt 0 ]]
-do
-arguments="$1"
-
-case "${arguments}" in
-    -a|--airgap-build)
-    AIRGAP_BUILD="true"
-    LICENSE="installer.airgap.license"
-    DNSNAME="installer.airgap.dnsname"
-    shift # past argument
-    ;;
-    -i|--airgap-install)
-    AIRGAP_INSTALL="true"
-    LICENSE="installer.airgap.license"
-    DNSNAME="installer.airgap.dnsname"
-    shift # past argument
-    ;;
-    -q|--quaypullsecret)
-    QUAYPULLSECRET="$2"
-    shift # past argument
-    shift # past value
-    ;;
-    -h|--help)
-    echo "Help..."
-    echo "use -a|--airgap-builder to specify airgap builder"
-    echo "-q|--quaypullsecret followed by quaysecret to specify airgap builder"
-    shift # past argument
-    exit 0
-    ;;
-    *)    # unknown option
-    shift # past argument
-    logError "unknown arg $1"
-    exit 1
-    ;;
-esac
+while [[ $# -gt 0 ]]; do
+  arguments="$1"
+
+  case "${arguments}" in
+    -a | --airgap-build)
+      AIRGAP_BUILD="true"
+      LICENSE="installer.airgap.license"
+      DNSNAME="installer.airgap.dnsname"
+      shift # past argument
+      ;;
+    -i | --airgap-install)
+      AIRGAP_INSTALL="true"
+      LICENSE="installer.airgap.license"
+      DNSNAME="installer.airgap.dnsname"
+      shift # past argument
+      ;;
+    -q | --quaypullsecret)
+      QUAYPULLSECRET="$2"
+      shift # past argument
+      shift # past value
+      ;;
+    -h | --help)
+      echo "Help..."
+      echo "use -a|--airgap-builder to specify airgap builder"
+      echo "-q|--quaypullsecret followed by quaysecret to specify airgap builder"
+      shift # past argument
+      exit 0
+      ;;
+    *) # unknown option
+      shift # past argument
+      logError "unknown arg $1"
+      exit 1
+      ;;
+  esac
 done
 
 __main

From de3cc57f3dc867f223d779ca69904a37c09763c0 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 26 Mar 2020 23:33:01 +0000
Subject: [PATCH 037/156] updating installer docs

---
 installer/README.md       | 8 ++++----
 installer/docs/upgrade.md | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 08a380ef..a2b377b0 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -118,7 +118,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-4
+    quay.io/sysdig/installer:3.2.0-5
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -187,7 +187,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.0-4
+  quay.io/sysdig/installer:3.2.0-5
 ```
 
 ## Full Airgap Install
@@ -222,11 +222,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-4-uber
+  docker pull quay.io/sysdig/installer:3.2.0-5-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-4-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-5-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 1f57ebfd..58cf64b8 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-4
+    quay.io/sysdig/installer:3.2.0-5
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From cb60a260a008ebea90f9447a65d76d28ef966c42 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 6 Apr 2020 18:47:01 +0000
Subject: [PATCH 038/156] updating installer docs

---
 installer/single-node/README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index 53dfb2b7..ca0bb34c 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -7,8 +7,7 @@ values.yaml and run the installer using the created values.yaml file.
 ## Usage
 
 Copy the [script](./install.sh) to the machine that sysdig
-platform is intended to run on, if you intend using enterprise anchore copy the
-anchore license file to the same path as the script, then run:
+platform is intended to run on, then run:
 
 ```bash
 sudo ./install.sh

From 6abe0459be8334e3b9d66388c93f8c7fc6b8ed55 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 6 Apr 2020 23:57:49 +0000
Subject: [PATCH 039/156] updating installer docs

---
 installer/single-node/install.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 21f8056d..6bc42600 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -6,6 +6,9 @@ set -euo pipefail
 MINIMUM_CPUS=16
 MINIMUM_MEMORY_KB=31000000
 MINIMUM_DISK_IN_GB=59
+ADDITIONAL_IMAGES=(
+  "sysdig/falco_rules_installer:latest"
+)
 
 function logError() { echo "$@" 1>&2; }
 
@@ -318,6 +321,7 @@ function pullImagesSysdigImages() {
     resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   #collected images  to images obj
   local -a images=("${non_job_images[@]}")
+  images+=("${ADDITIONAL_IMAGES[@]}")
   images+=("${job_images[@]}")
   images+=("${init_container_images[@]}")
   #iterate and pull image if not present

From 7b7307145961604d31198cb94cf3e87c44ad1911 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 22 Apr 2020 20:28:54 +0000
Subject: [PATCH 040/156] updating installer docs

---
 installer/README.md       | 8 ++++----
 installer/docs/upgrade.md | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index a2b377b0..19efecfe 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -118,7 +118,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-5
+    quay.io/sysdig/installer:3.2.0-6
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -187,7 +187,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.0-5
+  quay.io/sysdig/installer:3.2.0-6
 ```
 
 ## Full Airgap Install
@@ -222,11 +222,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-5-uber
+  docker pull quay.io/sysdig/installer:3.2.0-6-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-5-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-6-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 58cf64b8..f3f9aaa3 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-5
+    quay.io/sysdig/installer:3.2.0-6
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From 149e688487a8d3e886cac6fcdfa96b6cfd5ce467 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 22 Apr 2020 21:04:31 +0000
Subject: [PATCH 041/156] updating installer docs

---
 installer/README.md                        |  15 +-
 installer/docs/advanced.md                 |   9 -
 installer/docs/configuration_parameters.md | 423 +++++++++++----------
 installer/docs/upgrade.md                  |   5 +-
 4 files changed, 230 insertions(+), 222 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 19efecfe..a8a7b0e7 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -100,9 +100,6 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
-    This defines custom repository prefix for airgapped_registry.
-    Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
   - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
@@ -118,7 +115,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-6
+    quay.io/sysdig/installer:3.0.0-7
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -183,11 +180,12 @@ the following exceptions:
 docker run \
   -e HOST_USER=$(id -u) \
   -e KUBECONFIG=/.kube/config \
+  -e IMAGE_EXTRACT_PUSH=true
   -v ~/.kube:/.kube:Z \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.0-6
+  quay.io/sysdig/installer:3.0.0-7
 ```
 
 ## Full Airgap Install
@@ -222,11 +220,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-6-uber
+  docker pull quay.io/sysdig/installer:3.0.0-7-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-6-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.0.0-7-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -274,9 +272,6 @@ the installation machine.
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
-      This defines custom repository prefix for airgapped_registry.
-      Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
   - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 8c5de38a..c940cc2d 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -86,15 +86,6 @@ docker run  \
   quay.io/sysdig/installer:<InstallerVersion>
 ```
 
-### Running airgapped EKS
-
-```bash
-EKS=true bash sysdig_installer.tar.gz
-```
-
-The above ensures the `~/.aws` directory is correctly mounted for the airgap
-installer container.
-
 ### Exposing the sysdig endpoint
 Get the external ip/endpoint for the ingress service.
 ```bash
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index ece02624..6e0c40e1 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -46,7 +46,7 @@ or local in clusters that do not have a provisioner. For setups where
 Persistent Volumes and Persistent Volume Claims are created manually this
 should be configured as `none`. If this is not configured
 [`storageClassName`](#storageclassname) needs to be configured.<br>
-**Options**: `aws|gke|hostPath|none`<br>
+**Options**: `aws|gke|hostPath|local|none`<br>
 **Default**:<br>
 **Example**:
 
@@ -83,19 +83,6 @@ details.<br>
 airgapped_registry_name: my-awesome-domain.docker.io
 ```
 
-## **airgapped_repository_prefix**
-**Required**: `false`<br>
-**Description**: This defines custom repository prefix for airgapped_registry.
-Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag<br>
-**Options**:<br>
-**Default**: sysdig<br>
-**Example**:
-
-```yaml
-#tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
-airgapped_repository_prefix: foo/bar
-```
-
 ## **airgapped_registry_password**
 **Required**: `false`
 **Description**: The password for the configured
@@ -132,6 +119,18 @@ airgapped_registry_username: bob+alice
 deployment: kubernetes
 ```
 
+## **localStoragehostDir**
+**Required**: `false`<br>
+**Description**: The path on the host where the local volumes are mounted
+under. This  is relevant only when `storageClassProvisioner` is `local`.<br>
+**Options**:<br>
+**Default**: `/sysdig`<br>
+**Example**:
+
+```yaml
+localStoragehostDir: /sysdig
+```
+
 ## **context**
 **Required**: `false`<br>
 **Description**: Kubernetes context to use for deploying Sysdig Platform.
@@ -201,18 +200,6 @@ cloudProvider:
   create_loadbalancer: true
 ```
 
-## **cloudProvider.name**
-**Required**: `false`<br>
-**Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gke`<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-cloudProvider:
-  name: aws
-```
-
 ## **cloudProvider.isMultiAZ**
 **Required**: `false`<br>
 **Description**: Specifies whether the underlying Kubernetes cluster is
@@ -227,6 +214,18 @@ cloudProvider:
   isMultiAZ: false
 ```
 
+## **cloudProvider.name**
+**Required**: `false`<br>
+**Description**: The name of the cloud provider Sysdig Platform will run on.<br>
+**Options**: `aws|gke|ibm`<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+cloudProvider:
+  name: aws
+```
+
 ## **cloudProvider.region**
 **Required**: `false`<br>
 **Description**: The cloud provider region the underlying Kubernetes Cluster
@@ -646,7 +645,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.2.0.5799
+  activityAuditVersion: 3.0.0.5308
 ```
 
 ## **sysdig.anchoreVersion**
@@ -661,74 +660,6 @@ sysdig:
   anchoreVersion: 0.5.1.2
 ```
 
-## **sysdig.accessKey**
-**Required**: `false`<br>
-**Description**: The AWS(or AWS compatible) accessKey to be used by Sysdig
-components to write captures in the s3 bucket.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  accessKey: my_awesome_aws_access_key
-```
-
-## **sysdig.secretKey**
-**Required**: `false`<br>
-**Description**: The AWS(or AWS compatible) secretKey to be used by Sysdig
-components to write captures in the s3 bucket.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  secretKey: my_super_secret_secret_key
-```
-
-## **sysdig.s3.enabled**
-**Required**: `false`<br>
-**Description**: This determines if the installer should enable Sysdig storing
-captures in s3.<br>
-**Options**:`true|false`<br>
-**Default**:false<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    enabled: true
-```
-
-## **sysdig.s3.endpoint**
-**Required**: `false`<br>
-**Description**: S3 endpoint for the bucket, this is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured. This is not required if using an AWS S3 Bucket for captures.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    endpoint: my.awesome.bucket.s3.aws.com
-```
-
-## **sysdig.s3.bucketName**
-**Required**: `false`<br>
-**Description**: Name of the S3 bucket to be used for captures, this is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    endpoint: my.awesome.bucket.s3.aws.com
-```
-
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
@@ -923,7 +854,7 @@ sysdig:
   collectorPort: 7000
 ```
 
-## **sysdig.certificate.customCA**
+## **sysdig.customCA**
 **Required**: `false`<br>
 **Description**:
 The Sysdig platform may sometimes open connections over SSL to certain external services, including:
@@ -952,8 +883,7 @@ values.yaml
 
 ```yaml
 sysdig:
-  certificate:
-    customCA: true
+  customCA: true
 ```
 
 ## **sysdig.dnsName**
@@ -972,12 +902,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 5.6.16.18<br>
+**Default**: 5.6.16.15<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 5.6.16.18
+  elasticsearchVersion: 5.6.16.15
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1069,18 +999,30 @@ sysdig:
   license: replace_with_your_license
 ```
 
+## **sysdig.localVolumeProvisioner**
+**Required**: `false`<br>
+**Description**: The version of the localVolumeProvisioner.<br>
+**Options**:<br>
+**Default**: v2.3.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  localVolumeProvisioner: v2.3.2
+```
+
 ## **sysdig.monitorVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Monitor. **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.2.0.5799<br>
+**Default**: 3.0.0.5439<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.2.0.5799
+  monitorVersion: 3.0.0.5439
 ```
 
 ## **sysdig.mysqlHa**
@@ -1464,12 +1406,12 @@ sysdig:
 **Description**: Docker image tag of HA Redis, relevant when configured
 `sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
+**Default**: 4.0.12.8-ha<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12-1.0.1
+  redisHaVersion: 4.0.12.8-ha
 ```
 
 ## **sysdig.redisHa**
@@ -2002,6 +1944,184 @@ sysdig:
         memory: 2Gi
 ```
 
+## **sysdig.resources.redis-primary.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to redis-primary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-primary:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-primary.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to redis-primary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2Gi    |
+| medium     | 2Gi    |
+| large      | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-primary:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.redis-primary.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule redis-primary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100m   |
+| medium     | 100m   |
+| large      | 100m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-primary:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-primary.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule redis-primary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100Mi  |
+| medium     | 100Mi  |
+| large      | 100Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-primary:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.redis-secondary.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to redis-secondary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-secondary:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-secondary.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to redis-secondary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2Gi    |
+| medium     | 2Gi    |
+| large      | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-secondary:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.redis-secondary.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule redis-secondary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100m   |
+| medium     | 100m   |
+| large      | 100m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-secondary:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-secondary.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule redis-secondary pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      | 100Mi  |
+| medium     | 100Mi  |
+| large      | 100Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-secondary:
+      requests:
+        memory: 2Gi
+```
+
 ## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to redis-sentinel pods<br>
@@ -3479,101 +3599,6 @@ sysdig:
   collectorReplicaCount: 7
 ```
 
-## **sysdig.activityAuditWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  2  |
-| large      |  4  |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditWorkerReplicaCount: 20
-```
-
-## **sysdig.activityAuditApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditApiReplicaCount: 20
-```
-
-## **sysdig.policyAdvisorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
-
-**Example**:
-
-```yaml
-sysdig:
-  policyAdvisorReplicaCount: 20
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 2
-```
-
-## **sysdig.scanningApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningApiReplicaCount: 3
-```
-
 ## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
 **Description**: Number of ElasticSearch replicas, this is a noop for clusters of
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index f3f9aaa3..9bd41485 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-6
+    quay.io/sysdig/installer:3.0.0-7
   ```
 
 4. If you are fine with the differences displayed, then set value for the
@@ -93,6 +93,3 @@ To upgrade:<br>
   you intend preserving and update your values.yaml accordingly then repeat
   step 3 until you are fine with the differences. Then set scripts to deploy
   and run for the final time.
-
-5. The datastores Cassandra and ElasticSearch have onDelete update strategy and need to be manually restarted to
-   complete upgrade.

From 58c519ca041f10e26b9aba5be2265264337359b2 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 28 Apr 2020 18:54:49 +0000
Subject: [PATCH 042/156] updating installer docs

---
 installer/single-node/install.sh | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 6bc42600..b34e4026 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -193,13 +193,8 @@ function installRhelOSDeps() {
   local -r version=$1
   yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
   yum -y update
-  if [[ $version == 7 ]]; then
-    yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
-  else
-    yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
-    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
-  fi
+  yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+  yum install -y yum-utils device-mapper-persistent-data lvm2 curl
   # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
   yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
   yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
@@ -237,8 +232,12 @@ function installDeps() {
   cat << EOF > /etc/sysctl.d/k8s.conf
   net.bridge.bridge-nf-call-ip6tables = 1
   net.bridge.bridge-nf-call-iptables = 1
+  net.ipv4.ip_forward = 1
 EOF
   modprobe br_netfilter
+  swapoff -a
+  systemctl mask "*.swap"
+  sed -i.bak '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
   sysctl --system
 
   source /etc/os-release

From 5951d1c6609b0e65d1b677d076963522b83e6ef4 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 12 May 2020 22:57:17 +0000
Subject: [PATCH 043/156] updating installer docs

---
 installer/README.md                        |  15 +-
 installer/docs/advanced.md                 |   9 +
 installer/docs/configuration_parameters.md | 423 ++++++++++-----------
 installer/docs/upgrade.md                  |   5 +-
 4 files changed, 222 insertions(+), 230 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index a8a7b0e7..89c84428 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -100,6 +100,9 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+    This defines custom repository prefix for airgapped_registry.
+    Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
   - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
@@ -115,7 +118,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-7
+    quay.io/sysdig/installer:3.2.0-7
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -180,12 +183,11 @@ the following exceptions:
 docker run \
   -e HOST_USER=$(id -u) \
   -e KUBECONFIG=/.kube/config \
-  -e IMAGE_EXTRACT_PUSH=true
   -v ~/.kube:/.kube:Z \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.0.0-7
+  quay.io/sysdig/installer:3.2.0-7
 ```
 
 ## Full Airgap Install
@@ -220,11 +222,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.0.0-7-uber
+  docker pull quay.io/sysdig/installer:3.2.0-7-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.0.0-7-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-7-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -272,6 +274,9 @@ the installation machine.
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+      This defines custom repository prefix for airgapped_registry.
+      Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
   - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index c940cc2d..8c5de38a 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -86,6 +86,15 @@ docker run  \
   quay.io/sysdig/installer:<InstallerVersion>
 ```
 
+### Running airgapped EKS
+
+```bash
+EKS=true bash sysdig_installer.tar.gz
+```
+
+The above ensures the `~/.aws` directory is correctly mounted for the airgap
+installer container.
+
 ### Exposing the sysdig endpoint
 Get the external ip/endpoint for the ingress service.
 ```bash
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 6e0c40e1..ece02624 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -46,7 +46,7 @@ or local in clusters that do not have a provisioner. For setups where
 Persistent Volumes and Persistent Volume Claims are created manually this
 should be configured as `none`. If this is not configured
 [`storageClassName`](#storageclassname) needs to be configured.<br>
-**Options**: `aws|gke|hostPath|local|none`<br>
+**Options**: `aws|gke|hostPath|none`<br>
 **Default**:<br>
 **Example**:
 
@@ -83,6 +83,19 @@ details.<br>
 airgapped_registry_name: my-awesome-domain.docker.io
 ```
 
+## **airgapped_repository_prefix**
+**Required**: `false`<br>
+**Description**: This defines custom repository prefix for airgapped_registry.
+Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag<br>
+**Options**:<br>
+**Default**: sysdig<br>
+**Example**:
+
+```yaml
+#tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
+airgapped_repository_prefix: foo/bar
+```
+
 ## **airgapped_registry_password**
 **Required**: `false`
 **Description**: The password for the configured
@@ -119,18 +132,6 @@ airgapped_registry_username: bob+alice
 deployment: kubernetes
 ```
 
-## **localStoragehostDir**
-**Required**: `false`<br>
-**Description**: The path on the host where the local volumes are mounted
-under. This  is relevant only when `storageClassProvisioner` is `local`.<br>
-**Options**:<br>
-**Default**: `/sysdig`<br>
-**Example**:
-
-```yaml
-localStoragehostDir: /sysdig
-```
-
 ## **context**
 **Required**: `false`<br>
 **Description**: Kubernetes context to use for deploying Sysdig Platform.
@@ -200,30 +201,30 @@ cloudProvider:
   create_loadbalancer: true
 ```
 
-## **cloudProvider.isMultiAZ**
+## **cloudProvider.name**
 **Required**: `false`<br>
-**Description**: Specifies whether the underlying Kubernetes cluster is
-deployed in multiple availability zones. The parameter requires
-[`cloudProvider.name`](#cloudprovidername) to be configured. <br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The name of the cloud provider Sysdig Platform will run on.<br>
+**Options**: `aws|gke`<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 cloudProvider:
-  isMultiAZ: false
+  name: aws
 ```
 
-## **cloudProvider.name**
+## **cloudProvider.isMultiAZ**
 **Required**: `false`<br>
-**Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gke|ibm`<br>
-**Default**:<br>
+**Description**: Specifies whether the underlying Kubernetes cluster is
+deployed in multiple availability zones. The parameter requires
+[`cloudProvider.name`](#cloudprovidername) to be configured. <br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 cloudProvider:
-  name: aws
+  isMultiAZ: false
 ```
 
 ## **cloudProvider.region**
@@ -645,7 +646,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.0.0.5308
+  activityAuditVersion: 3.2.0.5799
 ```
 
 ## **sysdig.anchoreVersion**
@@ -660,6 +661,74 @@ sysdig:
   anchoreVersion: 0.5.1.2
 ```
 
+## **sysdig.accessKey**
+**Required**: `false`<br>
+**Description**: The AWS(or AWS compatible) accessKey to be used by Sysdig
+components to write captures in the s3 bucket.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  accessKey: my_awesome_aws_access_key
+```
+
+## **sysdig.secretKey**
+**Required**: `false`<br>
+**Description**: The AWS(or AWS compatible) secretKey to be used by Sysdig
+components to write captures in the s3 bucket.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  secretKey: my_super_secret_secret_key
+```
+
+## **sysdig.s3.enabled**
+**Required**: `false`<br>
+**Description**: This determines if the installer should enable Sysdig storing
+captures in s3.<br>
+**Options**:`true|false`<br>
+**Default**:false<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    enabled: true
+```
+
+## **sysdig.s3.endpoint**
+**Required**: `false`<br>
+**Description**: S3 endpoint for the bucket, this is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured. This is not required if using an AWS S3 Bucket for captures.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    endpoint: my.awesome.bucket.s3.aws.com
+```
+
+## **sysdig.s3.bucketName**
+**Required**: `false`<br>
+**Description**: Name of the S3 bucket to be used for captures, this is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    endpoint: my.awesome.bucket.s3.aws.com
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
@@ -854,7 +923,7 @@ sysdig:
   collectorPort: 7000
 ```
 
-## **sysdig.customCA**
+## **sysdig.certificate.customCA**
 **Required**: `false`<br>
 **Description**:
 The Sysdig platform may sometimes open connections over SSL to certain external services, including:
@@ -883,7 +952,8 @@ values.yaml
 
 ```yaml
 sysdig:
-  customCA: true
+  certificate:
+    customCA: true
 ```
 
 ## **sysdig.dnsName**
@@ -902,12 +972,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 5.6.16.15<br>
+**Default**: 5.6.16.18<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 5.6.16.15
+  elasticsearchVersion: 5.6.16.18
 ```
 
 ## **sysdig.haproxyVersion**
@@ -999,30 +1069,18 @@ sysdig:
   license: replace_with_your_license
 ```
 
-## **sysdig.localVolumeProvisioner**
-**Required**: `false`<br>
-**Description**: The version of the localVolumeProvisioner.<br>
-**Options**:<br>
-**Default**: v2.3.2<br>
-**Example**:
-
-```yaml
-sysdig:
-  localVolumeProvisioner: v2.3.2
-```
-
 ## **sysdig.monitorVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Monitor. **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.0.0.5439<br>
+**Default**: 3.2.0.5799<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.0.0.5439
+  monitorVersion: 3.2.0.5799
 ```
 
 ## **sysdig.mysqlHa**
@@ -1406,12 +1464,12 @@ sysdig:
 **Description**: Docker image tag of HA Redis, relevant when configured
 `sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**: 4.0.12.8-ha<br>
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12.8-ha
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
 ## **sysdig.redisHa**
@@ -1944,184 +2002,6 @@ sysdig:
         memory: 2Gi
 ```
 
-## **sysdig.resources.redis-primary.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-primary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-primary:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.redis-primary.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-primary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2Gi    |
-| medium     | 2Gi    |
-| large      | 2Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-primary:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.redis-primary.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-primary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 100m   |
-| medium     | 100m   |
-| large      | 100m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-primary:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.redis-primary.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-primary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 100Mi  |
-| medium     | 100Mi  |
-| large      | 100Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-primary:
-      requests:
-        memory: 2Gi
-```
-
-## **sysdig.resources.redis-secondary.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-secondary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-secondary:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.redis-secondary.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-secondary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2Gi    |
-| medium     | 2Gi    |
-| large      | 2Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-secondary:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.redis-secondary.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-secondary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 100m   |
-| medium     | 100m   |
-| large      | 100m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-secondary:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.redis-secondary.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-secondary pods<br>
-**Options**:<br>
-**Default**:
-
-|cluster-size|requests|
-|------------|--------|
-| small      | 100Mi  |
-| medium     | 100Mi  |
-| large      | 100Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    redis-secondary:
-      requests:
-        memory: 2Gi
-```
-
 ## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to redis-sentinel pods<br>
@@ -3599,6 +3479,101 @@ sysdig:
   collectorReplicaCount: 7
 ```
 
+## **sysdig.activityAuditWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  2  |
+| large      |  4  |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditWorkerReplicaCount: 20
+```
+
+## **sysdig.activityAuditApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditApiReplicaCount: 20
+```
+
+## **sysdig.policyAdvisorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  policyAdvisorReplicaCount: 20
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 2
+```
+
+## **sysdig.scanningApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Scanning API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningApiReplicaCount: 3
+```
+
 ## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
 **Description**: Number of ElasticSearch replicas, this is a noop for clusters of
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 9bd41485..4ba32f7e 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.0.0-7
+    quay.io/sysdig/installer:3.2.0-7
   ```
 
 4. If you are fine with the differences displayed, then set value for the
@@ -93,3 +93,6 @@ To upgrade:<br>
   you intend preserving and update your values.yaml accordingly then repeat
   step 3 until you are fine with the differences. Then set scripts to deploy
   and run for the final time.
+
+5. The datastores Cassandra and ElasticSearch have onDelete update strategy and need to be manually restarted to
+   complete upgrade.

From e3502c16a2281678af20070075ce3e17f66c8943 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 15 May 2020 15:40:22 +0000
Subject: [PATCH 044/156] updating installer docs

---
 installer/README.md                        |  8 ++++----
 installer/docs/configuration_parameters.md | 24 ++++++++++++++++++++++
 installer/docs/upgrade.md                  |  2 +-
 3 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 89c84428..1cea73b8 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -118,7 +118,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-7
+    quay.io/sysdig/installer:3.2.0-8
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -187,7 +187,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.0-7
+  quay.io/sysdig/installer:3.2.0-8
 ```
 
 ## Full Airgap Install
@@ -222,11 +222,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-7-uber
+  docker pull quay.io/sysdig/installer:3.2.0-8-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-7-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-8-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index ece02624..2cadefd8 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -3262,6 +3262,30 @@ sysdig:
   restrictPasswordLogin: true
 ```
 
+## **sysdig.feedsDBVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of feedsDB.<br>
+**Options**:<br>
+**Default**: latest<br>
+**Example**:
+
+```yaml
+sysdig:
+  feedsDBVersion: latest
+```
+
+## **sysdig.feedsAPIVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of feedsAPI.<br>
+**Options**:<br>
+**Default**: latest<br>
+**Example**:
+
+```yaml
+sysdig:
+  feedsAPIVersion: latest
+```
+
 ## **sysdig.rsyslogVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of rsyslog, relevant only when configured
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 4ba32f7e..90a465ef 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-7
+    quay.io/sysdig/installer:3.2.0-8
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From b57754e164ea1a005c1504043c29ad0ed8688422 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 18 May 2020 15:46:55 +0000
Subject: [PATCH 045/156] updating installer docs

---
 installer/single-node/README.md  |  3 ++-
 installer/single-node/install.sh | 19 ++++++++-----------
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index ca0bb34c..53dfb2b7 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -7,7 +7,8 @@ values.yaml and run the installer using the created values.yaml file.
 ## Usage
 
 Copy the [script](./install.sh) to the machine that sysdig
-platform is intended to run on, then run:
+platform is intended to run on, if you intend using enterprise anchore copy the
+anchore license file to the same path as the script, then run:
 
 ```bash
 sudo ./install.sh
diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index b34e4026..4e0daac2 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -6,9 +6,6 @@ set -euo pipefail
 MINIMUM_CPUS=16
 MINIMUM_MEMORY_KB=31000000
 MINIMUM_DISK_IN_GB=59
-ADDITIONAL_IMAGES=(
-  "sysdig/falco_rules_installer:latest"
-)
 
 function logError() { echo "$@" 1>&2; }
 
@@ -31,7 +28,7 @@ LICENSE="PLACEHOLDER"
 DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
-INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-4"
+INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-9"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml
@@ -193,8 +190,13 @@ function installRhelOSDeps() {
   local -r version=$1
   yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
   yum -y update
-  yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-  yum install -y yum-utils device-mapper-persistent-data lvm2 curl
+  if [[ $version == 7 ]]; then
+    yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
+  else
+    yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
+  fi
   # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
   yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
   yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
@@ -232,12 +234,8 @@ function installDeps() {
   cat << EOF > /etc/sysctl.d/k8s.conf
   net.bridge.bridge-nf-call-ip6tables = 1
   net.bridge.bridge-nf-call-iptables = 1
-  net.ipv4.ip_forward = 1
 EOF
   modprobe br_netfilter
-  swapoff -a
-  systemctl mask "*.swap"
-  sed -i.bak '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
   sysctl --system
 
   source /etc/os-release
@@ -320,7 +318,6 @@ function pullImagesSysdigImages() {
     resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   #collected images  to images obj
   local -a images=("${non_job_images[@]}")
-  images+=("${ADDITIONAL_IMAGES[@]}")
   images+=("${job_images[@]}")
   images+=("${init_container_images[@]}")
   #iterate and pull image if not present

From b2c43f4ceb8b290f1a60ebb774b3f233cf4e3685 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 18 May 2020 17:15:51 +0000
Subject: [PATCH 046/156] updating installer docs

---
 installer/README.md       | 8 ++++----
 installer/docs/upgrade.md | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 1cea73b8..874ca7eb 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -118,7 +118,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-8
+    quay.io/sysdig/installer:3.2.0-9
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -187,7 +187,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.0-8
+  quay.io/sysdig/installer:3.2.0-9
 ```
 
 ## Full Airgap Install
@@ -222,11 +222,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-8-uber
+  docker pull quay.io/sysdig/installer:3.2.0-9-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-8-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-9-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 90a465ef..74d4db54 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-8
+    quay.io/sysdig/installer:3.2.0-9
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From bcd8ad297c444245f330f173102882c46adbde71 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 2 Jun 2020 22:24:24 +0000
Subject: [PATCH 047/156] updating installer docs

---
 installer/README.md                        |   9 +-
 installer/docs/configuration_parameters.md | 206 ++++++++++++++++-----
 installer/docs/upgrade.md                  |   2 +-
 3 files changed, 165 insertions(+), 52 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 874ca7eb..017a1e1a 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -34,7 +34,6 @@ described below.
 
 - Sysdig license key (Monitor and/or Secure)
 - Quay pull secret
-- Anchore license file (if Secure is licensed)
 - Docker Log In to quay.io
 - Retrieve Quay username and password from Quay pull secret.
   For example:
@@ -118,7 +117,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-9
+    quay.io/sysdig/installer:3.2.0-4
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -187,7 +186,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.0-9
+  quay.io/sysdig/installer:3.2.0-4
 ```
 
 ## Full Airgap Install
@@ -222,11 +221,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-9-uber
+  docker pull quay.io/sysdig/installer:3.2.0-4-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-9-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-4-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 2cadefd8..22edbca1 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -305,6 +305,35 @@ elasticsearch:
   hostname: external.elasticsearch.cluster
 ```
 
+## **elasticsearch.useES6**
+**Required**: `false`<br>
+**Description**: Install Elasticsearch 6.8.x along with user authentication and TLS-encrypted data-in-transit
+using Elasticsearch's native TLS Encrpytion.
+If TLS Encrpytion is enabled Installer does the following in the provided order:
+  1. Checks for existing Elasticsearch certificates in the provided environment to setup ES cluster. (applicable for upgrades)
+  2. If they are not present Installer autogenerates tls certificates and uses them to setup es cluster.
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  useES6: true
+```
+
+## **elasticsearch.tlsencryption.adminUser**
+**Required**: `false`<br>
+**Description**: The user bound to the ElasticSearch admin role.<br>
+**Options**: <br>
+**Default**: `sysdig`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  tlsencryption:
+    adminUser: admin
+```
+
 ## ~~**elasticsearch.searchguard.enabled**~~ (**Deprecated**)
 **Required**: `false`<br>
 **Description**: Enables user authentication and TLS-encrypted data-in-transit
@@ -646,25 +675,25 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.2.0.5799
+  activityAuditVersion: 3.2.0.6373
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.5.1.2<br>
+**Default**: 0.5.1.3<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.5.1.2
+  anchoreVersion: 0.5.1.3
 ```
 
 ## **sysdig.accessKey**
 **Required**: `false`<br>
-**Description**: The AWS(or AWS compatible) accessKey to be used by Sysdig
-components to write captures in the s3 bucket.<br>
+**Description**: The AWS (or AWS compatible) accessKey to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -676,8 +705,8 @@ sysdig:
 
 ## **sysdig.secretKey**
 **Required**: `false`<br>
-**Description**: The AWS(or AWS compatible) secretKey to be used by Sysdig
-components to write captures in the s3 bucket.<br>
+**Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -689,8 +718,7 @@ sysdig:
 
 ## **sysdig.s3.enabled**
 **Required**: `false`<br>
-**Description**: This determines if the installer should enable Sysdig storing
-captures in s3.<br>
+**Description**: Specifies if storing Sysdig Captures in S3 or S3-compatible storage is enabled.<br>
 **Options**:`true|false`<br>
 **Default**:false<br>
 **Example**:
@@ -703,8 +731,8 @@ sysdig:
 
 ## **sysdig.s3.endpoint**
 **Required**: `false`<br>
-**Description**: S3 endpoint for the bucket, this is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured. This is not required if using an AWS S3 Bucket for captures.<br>
+**Description**: S3-compatible endpoint for the bucket, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured. This option is not required if using an AWS S3 Bucket for captures.<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -712,13 +740,13 @@ sysdig:
 ```yaml
 sysdig:
   s3:
-    endpoint: my.awesome.bucket.s3.aws.com
+    endpoint: s3.us-south.cloud-object-storage.appdomain.cloud
 ```
 
 ## **sysdig.s3.bucketName**
 **Required**: `false`<br>
-**Description**: Name of the S3 bucket to be used for captures, this is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured<br>
+**Description**: Name of the S3 bucket to be used for captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -726,7 +754,7 @@ sysdig:
 ```yaml
 sysdig:
   s3:
-    endpoint: my.awesome.bucket.s3.aws.com
+    bucketName: my_awesome_bucket
 ```
 
 ## **sysdig.cassandraVersion**
@@ -1075,12 +1103,72 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.2.0.5799<br>
+**Default**: 3.2.0.6373<br>
+**Example**:
+
+```yaml
+sysdig:
+  monitorVersion: 3.2.0.6373
+```
+
+## **sysdig.scanningVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of the Sysdig Scanning components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:<br>
+**Default**: 3.2.0.6373<br>
+**Example**:
+
+```yaml
+sysdig:
+  scanningVersion: 3.2.0.6373
+```
+
+## **sysdig.sysdigAPIVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of Sysdig API components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:<br>
+**Default**: 3.2.0.6373<br>
+**Example**:
+
+```yaml
+sysdig:
+  sysdigAPIVersion: 3.2.0.6373
+```
+
+## **sysdig.sysdigCollectorVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of Sysdig Collector components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:<br>
+**Default**: 3.2.0.6373<br>
+**Example**:
+
+```yaml
+sysdig:
+  sysdigCollectorVersion: 3.2.0.6373
+```
+
+## **sysdig.sysdigWorkerVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of Sysdig Worker components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:<br>
+**Default**: 3.2.0.6373<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.2.0.5799
+  sysdigWorkerVersion: 3.2.0.6373
 ```
 
 ## **sysdig.mysqlHa**
@@ -1095,28 +1183,40 @@ sysdig:
   mysqlHa: false
 ```
 
+## **sysdig.useMySQL8**
+**Required**: `false`<br>
+**Description**: Determines if standalone mysql should run MySQL8.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  useMySQL8: true
+```
+
 ## **sysdig.mysqlHaVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of MySQL used for HA.<br>
 **Options**:<br>
-**Default**: 8.0.16.2<br>
+**Default**: 8.0.16.3<br>
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlHaVersion: 8.0.16.2
+  mysqlHaVersion: 8.0.16.3
 ```
 
 ## **sysdig.mysqlHaAgentVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of MySQL Agent used for HA.<br>
 **Options**:<br>
-**Default**: 0.1.1.5<br>
+**Default**: 0.1.1.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlHaAgentVersion: 0.1.1.5
+  mysqlHaAgentVersion: 0.1.1.6
 ```
 
 ## **sysdig.mysqlVersion**
@@ -1131,6 +1231,18 @@ sysdig:
   mysqlVersion: 5.6.44.0
 ```
 
+## **sysdig.mysql8Version**
+**Required**: `false`<br>
+**Description**: The docker image tag of MySQL8.<br>
+**Options**:<br>
+**Default**: 8.0.16.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  mysqlVersion: 8.0.16.0
+```
+
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
 **Description**: If set, the installer does not create a local mysql cluster
@@ -1446,6 +1558,32 @@ sysdig:
     user: alice
 ```
 
+## **sysdig.secure.anchore.customCerts**
+**Required**: `false`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
+**Example**:
+
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
+```yaml
+sysdig:
+  secure:
+    anchore:
+      customCerts: true
+```
 
 ## **sysdig.redisVersion**
 **Required**: `false`<br>
@@ -3262,30 +3400,6 @@ sysdig:
   restrictPasswordLogin: true
 ```
 
-## **sysdig.feedsDBVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of feedsDB.<br>
-**Options**:<br>
-**Default**: latest<br>
-**Example**:
-
-```yaml
-sysdig:
-  feedsDBVersion: latest
-```
-
-## **sysdig.feedsAPIVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of feedsAPI.<br>
-**Options**:<br>
-**Default**: latest<br>
-**Example**:
-
-```yaml
-sysdig:
-  feedsAPIVersion: latest
-```
-
 ## **sysdig.rsyslogVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of rsyslog, relevant only when configured
@@ -3727,7 +3841,7 @@ this has to be configured. The key must match the certificate in
 ```yaml
 sysdig:
   certificate:
-    crt: certs/server.key
+    key: certs/server.key
 ```
 
 ## **sysdig.collector.dnsName**
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 74d4db54..1f57ebfd 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-9
+    quay.io/sysdig/installer:3.2.0-4
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From fdbdadc0ebbb600818aefb91c7c38838561362ae Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 11 Jun 2020 15:23:07 +0000
Subject: [PATCH 048/156] updating installer docs

---
 installer/README.md                        |   9 +-
 installer/docs/configuration_parameters.md | 206 +++++----------------
 installer/docs/upgrade.md                  |   2 +-
 3 files changed, 52 insertions(+), 165 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 017a1e1a..1e3be28e 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -34,6 +34,7 @@ described below.
 
 - Sysdig license key (Monitor and/or Secure)
 - Quay pull secret
+- Anchore license file (if Secure is licensed)
 - Docker Log In to quay.io
 - Retrieve Quay username and password from Quay pull secret.
   For example:
@@ -117,7 +118,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-4
+    quay.io/sysdig/installer:3.2.2-1
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
@@ -186,7 +187,7 @@ docker run \
   -v $(pwd):/manifests:Z \
   -v /var/run/docker.sock:/var/run/docker.sock:Z \
   -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.0-4
+  quay.io/sysdig/installer:3.2.2-1
 ```
 
 ## Full Airgap Install
@@ -221,11 +222,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-4-uber
+  docker pull quay.io/sysdig/installer:3.2.2-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-4-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.2.2-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 22edbca1..9e67bb81 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -305,35 +305,6 @@ elasticsearch:
   hostname: external.elasticsearch.cluster
 ```
 
-## **elasticsearch.useES6**
-**Required**: `false`<br>
-**Description**: Install Elasticsearch 6.8.x along with user authentication and TLS-encrypted data-in-transit
-using Elasticsearch's native TLS Encrpytion.
-If TLS Encrpytion is enabled Installer does the following in the provided order:
-  1. Checks for existing Elasticsearch certificates in the provided environment to setup ES cluster. (applicable for upgrades)
-  2. If they are not present Installer autogenerates tls certificates and uses them to setup es cluster.
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-elasticsearch:
-  useES6: true
-```
-
-## **elasticsearch.tlsencryption.adminUser**
-**Required**: `false`<br>
-**Description**: The user bound to the ElasticSearch admin role.<br>
-**Options**: <br>
-**Default**: `sysdig`<br>
-**Example**:
-
-```yaml
-elasticsearch:
-  tlsencryption:
-    adminUser: admin
-```
-
 ## ~~**elasticsearch.searchguard.enabled**~~ (**Deprecated**)
 **Required**: `false`<br>
 **Description**: Enables user authentication and TLS-encrypted data-in-transit
@@ -675,25 +646,25 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.2.0.6373
+  activityAuditVersion: 3.2.2.6509
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.5.1.3<br>
+**Default**: 0.5.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.5.1.3
+  anchoreVersion: 0.5.1.2
 ```
 
 ## **sysdig.accessKey**
 **Required**: `false`<br>
-**Description**: The AWS (or AWS compatible) accessKey to be used by Sysdig
-components to communicate with AWS (or an AWS compatible API).<br>
+**Description**: The AWS(or AWS compatible) accessKey to be used by Sysdig
+components to write captures in the s3 bucket.<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -705,8 +676,8 @@ sysdig:
 
 ## **sysdig.secretKey**
 **Required**: `false`<br>
-**Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
-components to communicate with AWS (or an AWS compatible API).<br>
+**Description**: The AWS(or AWS compatible) secretKey to be used by Sysdig
+components to write captures in the s3 bucket.<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -718,7 +689,8 @@ sysdig:
 
 ## **sysdig.s3.enabled**
 **Required**: `false`<br>
-**Description**: Specifies if storing Sysdig Captures in S3 or S3-compatible storage is enabled.<br>
+**Description**: This determines if the installer should enable Sysdig storing
+captures in s3.<br>
 **Options**:`true|false`<br>
 **Default**:false<br>
 **Example**:
@@ -731,8 +703,8 @@ sysdig:
 
 ## **sysdig.s3.endpoint**
 **Required**: `false`<br>
-**Description**: S3-compatible endpoint for the bucket, this option is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured. This option is not required if using an AWS S3 Bucket for captures.<br>
+**Description**: S3 endpoint for the bucket, this is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured. This is not required if using an AWS S3 Bucket for captures.<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -740,13 +712,13 @@ sysdig:
 ```yaml
 sysdig:
   s3:
-    endpoint: s3.us-south.cloud-object-storage.appdomain.cloud
+    endpoint: my.awesome.bucket.s3.aws.com
 ```
 
 ## **sysdig.s3.bucketName**
 **Required**: `false`<br>
-**Description**: Name of the S3 bucket to be used for captures, this option is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
+**Description**: Name of the S3 bucket to be used for captures, this is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -754,7 +726,7 @@ sysdig:
 ```yaml
 sysdig:
   s3:
-    bucketName: my_awesome_bucket
+    endpoint: my.awesome.bucket.s3.aws.com
 ```
 
 ## **sysdig.cassandraVersion**
@@ -1103,72 +1075,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.2.0.6373<br>
-**Example**:
-
-```yaml
-sysdig:
-  monitorVersion: 3.2.0.6373
-```
-
-## **sysdig.scanningVersion**
-**Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Scanning components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
-this unless you know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:<br>
-**Default**: 3.2.0.6373<br>
-**Example**:
-
-```yaml
-sysdig:
-  scanningVersion: 3.2.0.6373
-```
-
-## **sysdig.sysdigAPIVersion**
-**Required**: `false`<br>
-**Description**: The docker image tag of Sysdig API components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
-this unless you know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:<br>
-**Default**: 3.2.0.6373<br>
-**Example**:
-
-```yaml
-sysdig:
-  sysdigAPIVersion: 3.2.0.6373
-```
-
-## **sysdig.sysdigCollectorVersion**
-**Required**: `false`<br>
-**Description**: The docker image tag of Sysdig Collector components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
-this unless you know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:<br>
-**Default**: 3.2.0.6373<br>
-**Example**:
-
-```yaml
-sysdig:
-  sysdigCollectorVersion: 3.2.0.6373
-```
-
-## **sysdig.sysdigWorkerVersion**
-**Required**: `false`<br>
-**Description**: The docker image tag of Sysdig Worker components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
-this unless you know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:<br>
-**Default**: 3.2.0.6373<br>
+**Default**: 3.2.2.6509<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.2.0.6373
+  monitorVersion: 3.2.2.6509
 ```
 
 ## **sysdig.mysqlHa**
@@ -1183,40 +1095,28 @@ sysdig:
   mysqlHa: false
 ```
 
-## **sysdig.useMySQL8**
-**Required**: `false`<br>
-**Description**: Determines if standalone mysql should run MySQL8.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  useMySQL8: true
-```
-
 ## **sysdig.mysqlHaVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of MySQL used for HA.<br>
 **Options**:<br>
-**Default**: 8.0.16.3<br>
+**Default**: 8.0.16.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlHaVersion: 8.0.16.3
+  mysqlHaVersion: 8.0.16.2
 ```
 
 ## **sysdig.mysqlHaAgentVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of MySQL Agent used for HA.<br>
 **Options**:<br>
-**Default**: 0.1.1.6<br>
+**Default**: 0.1.1.5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlHaAgentVersion: 0.1.1.6
+  mysqlHaAgentVersion: 0.1.1.5
 ```
 
 ## **sysdig.mysqlVersion**
@@ -1231,18 +1131,6 @@ sysdig:
   mysqlVersion: 5.6.44.0
 ```
 
-## **sysdig.mysql8Version**
-**Required**: `false`<br>
-**Description**: The docker image tag of MySQL8.<br>
-**Options**:<br>
-**Default**: 8.0.16.0<br>
-**Example**:
-
-```yaml
-sysdig:
-  mysqlVersion: 8.0.16.0
-```
-
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
 **Description**: If set, the installer does not create a local mysql cluster
@@ -1558,32 +1446,6 @@ sysdig:
     user: alice
 ```
 
-## **sysdig.secure.anchore.customCerts**
-**Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
-
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
-**Example**:
-
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
-
-```yaml
-sysdig:
-  secure:
-    anchore:
-      customCerts: true
-```
 
 ## **sysdig.redisVersion**
 **Required**: `false`<br>
@@ -3400,6 +3262,30 @@ sysdig:
   restrictPasswordLogin: true
 ```
 
+## **sysdig.feedsDBVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of feedsDB.<br>
+**Options**:<br>
+**Default**: latest<br>
+**Example**:
+
+```yaml
+sysdig:
+  feedsDBVersion: latest
+```
+
+## **sysdig.feedsAPIVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of feedsAPI.<br>
+**Options**:<br>
+**Default**: latest<br>
+**Example**:
+
+```yaml
+sysdig:
+  feedsAPIVersion: latest
+```
+
 ## **sysdig.rsyslogVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of rsyslog, relevant only when configured
@@ -3841,7 +3727,7 @@ this has to be configured. The key must match the certificate in
 ```yaml
 sysdig:
   certificate:
-    key: certs/server.key
+    crt: certs/server.key
 ```
 
 ## **sysdig.collector.dnsName**
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 1f57ebfd..33c4a1c3 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -81,7 +81,7 @@ To upgrade:<br>
     -e KUBECONFIG=/.kube/config \
     -v ~/.kube:/.kube:Z \
     -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.0-4
+    quay.io/sysdig/installer:3.2.2-1
   ```
 
 4. If you are fine with the differences displayed, then set value for the

From cb2713c27934626604b440aeb07ef0b4bc85772b Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 11 Jun 2020 15:59:45 +0000
Subject: [PATCH 049/156] updating installer docs

---
 installer/single-node/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 4e0daac2..99c9c3ad 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -28,7 +28,7 @@ LICENSE="PLACEHOLDER"
 DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
-INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-9"
+INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.2-1"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml

From 38644ceb916c6a04be554761fc53de21d4cf310a Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 11 Jun 2020 22:07:14 +0000
Subject: [PATCH 050/156] updating installer docs

---
 installer/single-node/README.md  |  3 +--
 installer/single-node/install.sh | 41 ++++++++++++++++++++++++--------
 2 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index 53dfb2b7..ca0bb34c 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -7,8 +7,7 @@ values.yaml and run the installer using the created values.yaml file.
 ## Usage
 
 Copy the [script](./install.sh) to the machine that sysdig
-platform is intended to run on, if you intend using enterprise anchore copy the
-anchore license file to the same path as the script, then run:
+platform is intended to run on, then run:
 
 ```bash
 sudo ./install.sh
diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 99c9c3ad..0558551b 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -6,6 +6,9 @@ set -euo pipefail
 MINIMUM_CPUS=16
 MINIMUM_MEMORY_KB=31000000
 MINIMUM_DISK_IN_GB=59
+ADDITIONAL_IMAGES=(
+  "sysdig/falco_rules_installer:latest"
+)
 
 function logError() { echo "$@" 1>&2; }
 
@@ -28,7 +31,8 @@ LICENSE="PLACEHOLDER"
 DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
-INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.2-1"
+RUN_INSTALLER="false"
+INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-9"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml
@@ -190,13 +194,8 @@ function installRhelOSDeps() {
   local -r version=$1
   yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
   yum -y update
-  if [[ $version == 7 ]]; then
-    yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
-  else
-    yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
-    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
-  fi
+  yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+  yum install -y yum-utils device-mapper-persistent-data lvm2 curl
   # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
   yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
   yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
@@ -234,8 +233,12 @@ function installDeps() {
   cat << EOF > /etc/sysctl.d/k8s.conf
   net.bridge.bridge-nf-call-ip6tables = 1
   net.bridge.bridge-nf-call-iptables = 1
+  net.ipv4.ip_forward = 1
 EOF
   modprobe br_netfilter
+  swapoff -a
+  systemctl mask "*.swap"
+  sed -i.bak '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
   sysctl --system
 
   source /etc/os-release
@@ -318,6 +321,7 @@ function pullImagesSysdigImages() {
     resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   #collected images  to images obj
   local -a images=("${non_job_images[@]}")
+  images+=("${ADDITIONAL_IMAGES[@]}")
   images+=("${job_images[@]}")
   images+=("${init_container_images[@]}")
   #iterate and pull image if not present
@@ -359,6 +363,17 @@ function runInstaller() {
 }
 
 function __main() {
+
+  if [[ "${RUN_INSTALLER}" == "true" ]]; then
+    #single node installer just runs installer and returns early
+     docker run --net=host \
+      -e KUBECONFIG=/root/.kube/config \
+      -v /root/.kube:/root/.kube:Z \
+      -v /root/.minikube:/root/.minikube:Z \
+      -v "$(pwd)":/manifests:Z \
+      "${INSTALLER_IMAGE}"
+    exit 0
+  fi
   preFlight
   askQuestions
   if [[ "${AIRGAP_INSTALL}" != "true" ]]; then
@@ -389,6 +404,10 @@ while [[ $# -gt 0 ]]; do
       DNSNAME="installer.airgap.dnsname"
       shift # past argument
       ;;
+    -r | --run-installer)
+      RUN_INSTALLER="true"
+      shift # past value
+      ;;
     -q | --quaypullsecret)
       QUAYPULLSECRET="$2"
       shift # past argument
@@ -396,8 +415,10 @@ while [[ $# -gt 0 ]]; do
       ;;
     -h | --help)
       echo "Help..."
-      echo "use -a|--airgap-builder to specify airgap builder"
-      echo "-q|--quaypullsecret followed by quaysecret to specify airgap builder"
+      echo "-a | --airgap-builder to specify airgap builder"
+      echo "-i | --airgap-install to run as airgap install mode"
+      echo "-r | --run-installer  to run the installer alone"
+      echo "-q | --quaypullsecret followed by quaysecret to specify airgap builder"
       shift # past argument
       exit 0
       ;;

From 90c99883c5b6934608117f5e1ec7a1013aad918b Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Sat, 13 Jun 2020 05:03:11 +0000
Subject: [PATCH 051/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 9e67bb81..93226241 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -646,7 +646,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.2.2.6509
+  activityAuditVersion: 3.2.3.6525
 ```
 
 ## **sysdig.anchoreVersion**
@@ -1075,12 +1075,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.2.2.6509<br>
+**Default**: 3.2.3.6525<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.2.2.6509
+  monitorVersion: 3.2.3.6525
 ```
 
 ## **sysdig.mysqlHa**

From 45f0973d62a6fe5e7096d2b7e2c156c3fe5cbd6d Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 22 Jun 2020 15:35:44 +0000
Subject: [PATCH 052/156] updating installer docs

---
 installer/single-node/install.sh | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 0558551b..754b0b75 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -186,8 +186,6 @@ function installCentOSDeps() {
   yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
   yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
   yum install -y "kernel-devel-$(uname -r)"
-  systemctl enable docker
-  systemctl start docker
 }
 
 function installRhelOSDeps() {
@@ -199,8 +197,6 @@ function installRhelOSDeps() {
   # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
   yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
   yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
-  systemctl enable docker
-  systemctl start docker
 }
 
 function disableFirewalld() {
@@ -280,16 +276,37 @@ EOF
       exit 1
       ;;
   esac
+  startDocker
   installJq
   installMiniKube
   installKubectl
   set -e
 }
 
+
 function startDocker() {
   systemctl enable docker
   systemctl start docker
-  ip link set docker0 promisc on
+}
+
+#There is a work around for a bug in minikube
+function setDocker0Promisc() {
+  mkdir -p /usr/lib/systemd/system/
+  cat << EOF > /usr/lib/systemd/system/docker0-promisc.service
+[Unit]
+Description=Setup promisc on docker0 interface
+Wants=docker.service
+After=docker.service
+[Service]
+Type=oneshot
+ExecStart=/sbin/ip link set docker0 promisc on
+RemainAfterExit=true
+StandardOutput=journal
+[Install]
+WantedBy=multi-user.target
+EOF
+  systemctl enable docker0-promisc
+  systemctl start docker0-promisc
 }
 
 function startMinikube() {
@@ -378,7 +395,7 @@ function __main() {
   askQuestions
   if [[ "${AIRGAP_INSTALL}" != "true" ]]; then
     installDeps
-    startDocker
+    setDocker0Promisc
   fi
   #minikube needs to run to set the correct context & ip during airgap run
   startMinikube

From ad007d3c043bdc3e185963106304a5b1bebcba83 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 17 Jul 2020 09:12:51 +0000
Subject: [PATCH 053/156] updating installer docs

---
 installer/README.md                        |   79 +-
 installer/docs/configuration_parameters.md | 1309 +++++++++++++++++++-
 installer/docs/upgrade.md                  |   25 +-
 3 files changed, 1304 insertions(+), 109 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 1e3be28e..23291fb8 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,7 +1,9 @@
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and Agent), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
+Agent), for environments using Kubernetes or OpenShift. Use the Installer to
+install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
 # Installation Overview
@@ -18,10 +20,7 @@ described below.
 
 ### Requirements for Installation Machine with Internet Access
 
-- Network access to Kubernetes cluster
-- Docker
-- Bash
-- jq
+- kubectl or oc binary
 - Network access to quay.io
 - A domain name you are in control of.
 
@@ -34,19 +33,6 @@ described below.
 
 - Sysdig license key (Monitor and/or Secure)
 - Quay pull secret
-- Anchore license file (if Secure is licensed)
-- Docker Log In to quay.io
-- Retrieve Quay username and password from Quay pull secret.
-  For example:
-  ```bash
-  AUTH=$(echo <REPLACE_WITH_quaypullsecret> | base64 --decode | jq -r '.auths."quay.io".auth'| base64 --decode)
-  QUAY_USERNAME=${AUTH%:*}
-  QUAY_PASSWORD=${AUTH#*:}
-  ```
-- Log in to quay.io using the username and password retrieved above.
-  ```bash
-  docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io
-  ```
 
 # Quickstart Install
 
@@ -110,26 +96,25 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
-- Run the Installer. (Note: This step differs in [Airgapped Installation
-  Options](#airgapped-installation-options).)
+- Download the installer binary that matches your OS from the
+  [sysdigcloud-kubernetes releases
+  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
+- Run the Installer.
   ```bash
-  docker run \
-    -e HOST_USER=$(id -u) \
-    -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z \
-    -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.2-1
+  ./installer deploy
   ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
 
   ```
-  All Pods Ready.....Continuing
   Congratulations, your Sysdig installation was successful!
   You can now login to the UI at "https://awesome-domain.com:443" with:
 
   username: "configured-username@awesome-domain.com"
   password: "awesome-password"
+
+  Collector endpoint for connecting agents is: awesome-domain.com
+  Collector port is: 6443
   ```
 
 **NOTE**: Save the values.yaml file in a secure location; it will be used for
@@ -176,19 +161,16 @@ The Prerequisites and workflow are the same as in the Quickstart Install, with
 the following exceptions:
 
 - In step 2, add the airgap registry information.
-
-- In step 3, run the Installer as follows:
-
+- Make the installer push sysdig images to the airgapped registry by running:
 ```bash
-docker run \
-  -e HOST_USER=$(id -u) \
-  -e KUBECONFIG=/.kube/config \
-  -v ~/.kube:/.kube:Z \
-  -v $(pwd):/manifests:Z \
-  -v /var/run/docker.sock:/var/run/docker.sock:Z \
-  -v ~/.docker:/root/docker:Z \
-  quay.io/sysdig/installer:3.2.2-1
+./installer airgap
 ```
+  That will pull all the images into `images_archive` directory as tar files
+  and push them to the airgapped registry
+- Run the Installer.
+  ```bash
+  ./installer deploy
+  ```
 
 ## Full Airgap Install
 
@@ -210,8 +192,6 @@ the installation machine.
 
 - Network access to Kubernetes cluster
 - Docker
-- Bash
-- tar
 - Network and authenticated access to the private registry
 - Edited sysdig-chart/values.yaml, with airgap registry details updated
 
@@ -222,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.2.2-1-uber
+  docker pull quay.io/sysdig/installer:3.2.0-9-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.2-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.2.0-9-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -285,10 +265,17 @@ the installation machine.
     parameter if the registry does not require authentication.
 
 - Copy the tarball file to the directory where you have your values.yaml file.
-- Run the tar file:
-  `bash sysdig_installer.tar.gz`
-- The above step extracts images, runs installer and pushes images to the remote repository in one step. The extract, push images can be redundant for successive installer runs. Setting IMAGE_EXTRACT_PUSH=false runs only the installer.
-  `IMAGE_EXTRACT_PUSH=false bash sysdig_installer.tar.gz`
+- Run:
+```bash
+installer airgap --tar-file sysdig_installer.tar.gz
+```
+The above step will extract the images into `images_archive` directory
+relative to where the installer was run and push the images to the
+airgapped_registry
+- Run the Installer:
+  ```bash
+  ./installer deploy
+  ```
 - On successful run of Installer towards the end of your terminal you should
   see the below:
 
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 93226241..425142b8 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -305,6 +305,35 @@ elasticsearch:
   hostname: external.elasticsearch.cluster
 ```
 
+## **elasticsearch.useES6**
+**Required**: `false`<br>
+**Description**: Install Elasticsearch 6.8.x along with user authentication and TLS-encrypted data-in-transit
+using Elasticsearch's native TLS Encrpytion.
+If TLS Encrpytion is enabled Installer does the following in the provided order:
+  1. Checks for existing Elasticsearch certificates in the provided environment to setup ES cluster. (applicable for upgrades)
+  2. If they are not present Installer autogenerates tls certificates and uses them to setup es cluster.
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  useES6: true
+```
+
+## **elasticsearch.tlsencryption.adminUser**
+**Required**: `false`<br>
+**Description**: The user bound to the ElasticSearch admin role.<br>
+**Options**: <br>
+**Default**: `sysdig`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  tlsencryption:
+    adminUser: admin
+```
+
 ## ~~**elasticsearch.searchguard.enabled**~~ (**Deprecated**)
 **Required**: `false`<br>
 **Description**: Enables user authentication and TLS-encrypted data-in-transit
@@ -646,25 +675,37 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.2.3.6525
+  activityAuditVersion: 3.5.0.6725
+```
+
+## **sysdig.profilingVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Profiling services.<br>
+**Options**:<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Example**:
+
+```yaml
+sysdig:
+  profilingVersion: 3.5.0.6725
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.5.1.2<br>
+**Default**: 0.6.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.5.1.2
+  anchoreVersion: 0.6.1.2
 ```
 
 ## **sysdig.accessKey**
 **Required**: `false`<br>
-**Description**: The AWS(or AWS compatible) accessKey to be used by Sysdig
-components to write captures in the s3 bucket.<br>
+**Description**: The AWS (or AWS compatible) accessKey to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -676,8 +717,8 @@ sysdig:
 
 ## **sysdig.secretKey**
 **Required**: `false`<br>
-**Description**: The AWS(or AWS compatible) secretKey to be used by Sysdig
-components to write captures in the s3 bucket.<br>
+**Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -689,8 +730,7 @@ sysdig:
 
 ## **sysdig.s3.enabled**
 **Required**: `false`<br>
-**Description**: This determines if the installer should enable Sysdig storing
-captures in s3.<br>
+**Description**: Specifies if storing Sysdig Captures in S3 or S3-compatible storage is enabled.<br>
 **Options**:`true|false`<br>
 **Default**:false<br>
 **Example**:
@@ -703,8 +743,8 @@ sysdig:
 
 ## **sysdig.s3.endpoint**
 **Required**: `false`<br>
-**Description**: S3 endpoint for the bucket, this is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured. This is not required if using an AWS S3 Bucket for captures.<br>
+**Description**: S3-compatible endpoint for the bucket, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured. This option is not required if using an AWS S3 Bucket for captures.<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -712,13 +752,13 @@ sysdig:
 ```yaml
 sysdig:
   s3:
-    endpoint: my.awesome.bucket.s3.aws.com
+    endpoint: s3.us-south.cloud-object-storage.appdomain.cloud
 ```
 
 ## **sysdig.s3.bucketName**
 **Required**: `false`<br>
-**Description**: Name of the S3 bucket to be used for captures, this is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured<br>
+**Description**: Name of the S3 bucket to be used for captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
 **Options**:<br>
 **Default**:<br>
 **Example**:
@@ -726,7 +766,7 @@ sysdig:
 ```yaml
 sysdig:
   s3:
-    endpoint: my.awesome.bucket.s3.aws.com
+    bucketName: my_awesome_bucket
 ```
 
 ## **sysdig.cassandraVersion**
@@ -1029,6 +1069,20 @@ sysdig:
   ingressNetworkingInsecureApiNodePort: 30000
 ```
 
+## **sysdig.ingressLoadBalancerAnnotation**
+**Required**: `false`<br>
+**Description**: Annotations that will be added to the
+`haproxy-ingress-service` object, this is useful to set annotations related to
+creating internal loadbalancers.<br>
+**Options**: <br>
+**Example**:
+
+```yaml
+sysdig:
+  ingressLoadBalancerAnnotation:
+    cloud.google.com/load-balancer-type: Internal
+```
+
 ## **sysdig.ingressNetworkingApiNodePort**
 **Required**: `false`<br>
 **Description**: When [`sysdig.ingressNetworking`](#sysdigingressnetworking)
@@ -1075,12 +1129,72 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.2.3.6525<br>
+**Default**: 3.5.0.6725<br>
+**Example**:
+
+```yaml
+sysdig:
+  monitorVersion: 3.5.0.6725
+```
+
+## **sysdig.scanningVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of the Sysdig Scanning components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:<br>
+**Default**: 3.5.0.6725<br>
+**Example**:
+
+```yaml
+sysdig:
+  scanningVersion: 3.5.0.6725
+```
+
+## **sysdig.sysdigAPIVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of Sysdig API components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:<br>
+**Default**: 3.5.0.6725<br>
+**Example**:
+
+```yaml
+sysdig:
+  sysdigAPIVersion: 3.5.0.6725
+```
+
+## **sysdig.sysdigCollectorVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of Sysdig Collector components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:<br>
+**Default**: 3.5.0.6725<br>
+**Example**:
+
+```yaml
+sysdig:
+  sysdigCollectorVersion: 3.5.0.6725
+```
+
+## **sysdig.sysdigWorkerVersion**
+**Required**: `false`<br>
+**Description**: The docker image tag of Sysdig Worker components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:<br>
+**Default**: 3.5.0.6725<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.2.3.6525
+  sysdigWorkerVersion: 3.5.0.6725
 ```
 
 ## **sysdig.mysqlHa**
@@ -1095,28 +1209,40 @@ sysdig:
   mysqlHa: false
 ```
 
+## **sysdig.useMySQL8**
+**Required**: `false`<br>
+**Description**: Determines if standalone mysql should run MySQL8.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  useMySQL8: true
+```
+
 ## **sysdig.mysqlHaVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of MySQL used for HA.<br>
 **Options**:<br>
-**Default**: 8.0.16.2<br>
+**Default**: 8.0.16.3<br>
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlHaVersion: 8.0.16.2
+  mysqlHaVersion: 8.0.16.3
 ```
 
 ## **sysdig.mysqlHaAgentVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of MySQL Agent used for HA.<br>
 **Options**:<br>
-**Default**: 0.1.1.5<br>
+**Default**: 0.1.1.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlHaAgentVersion: 0.1.1.5
+  mysqlHaAgentVersion: 0.1.1.6
 ```
 
 ## **sysdig.mysqlVersion**
@@ -1131,6 +1257,18 @@ sysdig:
   mysqlVersion: 5.6.44.0
 ```
 
+## **sysdig.mysql8Version**
+**Required**: `false`<br>
+**Description**: The docker image tag of MySQL8.<br>
+**Options**:<br>
+**Default**: 8.0.16.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  mysqlVersion: 8.0.16.0
+```
+
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
 **Description**: If set, the installer does not create a local mysql cluster
@@ -1333,7 +1471,7 @@ sysdig:
 **Description**: Determines if a [web
 proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
 used by Anchore for fetching CVE feed from
-[https://ancho.re.](https://ancho.re.)<br>
+[https://ancho.re](https://ancho.re.) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
 **Default**: `false`<br>
 
@@ -1446,6 +1584,32 @@ sysdig:
     user: alice
 ```
 
+## **sysdig.secure.anchore.customCerts**
+**Required**: `false`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
+**Example**:
+
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
+```yaml
+sysdig:
+  secure:
+    anchore:
+      customCerts: true
+```
 
 ## **sysdig.redisVersion**
 **Required**: `false`<br>
@@ -2180,6 +2344,95 @@ sysdig:
         memory: 200Mi
 ```
 
+## **sysdig.resources.timescale-adapter.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4      |
+| medium     | 4      |
+| large      | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    timescale-adapter:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.timescale-adapter.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 4Gi    |
+| medium     | 4Gi    |
+| large      | 16Gi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    timescale-adapter:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.timescale-adapter.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  1     |
+| medium     |  1     |
+| large      |  4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    timescale-adapter:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.timescale-adapter.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   4Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    timescale-adapter:
+      requests:
+        memory: 200Mi
+```
+
 ## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to api pods<br>
@@ -3248,62 +3501,922 @@ sysdig:
         memory: 50Mi
 ```
 
-## **sysdig.restrictPasswordLogin**
+## **sysdig.resources.profiling-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  restrictPasswordLogin: true
+  resources:
+    profiling-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.feedsDBVersion**
+## **sysdig.resources.profiling-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of feedsDB.<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
 **Options**:<br>
-**Default**: latest<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  feedsDBVersion: latest
+  resources:
+    profiling-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.feedsAPIVersion**
+## **sysdig.resources.profiling-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of feedsAPI.<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
 **Options**:<br>
-**Default**: latest<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  feedsAPIVersion: latest
+  resources:
+    profiling-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.rsyslogVersion**
+## **sysdig.resources.profiling-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
 **Options**:<br>
-**Default**: 8.34.0.7<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  rsyslogVersion: 8.34.0.7
+  resources:
+    profiling-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.smtpFromAddress**
+## **sysdig.resources.profiling-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.profiling-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.secure-overview-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-overview-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1Gi    |
+| medium     | 1Gi    |
+| large      | 1Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.secure-overview-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  500m  |
+| medium     |  500m  |
+| large      |  500m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-overview-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  512Mi |
+| medium     |  512Mi |
+| large      |  512Mi |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
+```
+
+## **sysdig.resources.secure-prometheus.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-prometheus.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 8Gi    |
+| medium     | 8Gi    |
+| large      | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.secure-prometheus.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  500m  |
+| medium     |  500m  |
+| large      |  500m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-prometheus.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  2Gi   |
+| medium     |  2Gi   |
+| large      |  2Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.events-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-gatherer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 2      |
+| medium     | 2      |
+| large      | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.events-gatherer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      |   1Gi  |
+| medium     |   1Gi  |
+| large      |   1Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.events-gatherer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-gatherer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250Mi |
+| medium     |  250Mi |
+| large      |  250Mi |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-dispatcher.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      |  250Mi |
+| medium     |  250Mi |
+| large      |  250Mi |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-dispatcher.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   50Mi |
+| medium     |   50Mi |
+| large      |   50Mi |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      |  500Mi |
+| medium     |  500Mi |
+| large      |  500Mi |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |   50Mi |
+| medium     |   50Mi |
+| large      |   50Mi |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        memory:  50Mi
+```
+
+## **sysdig.resources.events-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 200Mi  |
+| medium     | 200Mi  |
+| large      | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.events-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
@@ -3638,6 +4751,106 @@ sysdig:
   workerReplicaCount: 7
 ```
 
+## **sysdig.eventsGathererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  2  |
+| large      |  4  |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsGathererReplicaCount: 2
+```
+
+## **sysdig.eventsAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsAPIReplicaCount: 1
+```
+
+## **sysdig.eventsDispatcherReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsDispatcherReplicaCount: 1
+```
+
+## **sysdig.eventsForwarderReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  2  |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderReplicaCount: 2
+```
+
+## **sysdig.eventsForwarderAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderAPIReplicaCount: 1
+```
+
 ## **sysdig.admin.username**
 **Required**: `true`<br>
 **Description**: Sysdig Platform super admin user. This will be used for
@@ -3727,7 +4940,7 @@ this has to be configured. The key must match the certificate in
 ```yaml
 sysdig:
   certificate:
-    crt: certs/server.key
+    key: certs/server.key
 ```
 
 ## **sysdig.collector.dnsName**
@@ -3904,12 +5117,12 @@ agent:
 **Description**: Version of agent to install.<br>
 _**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
 **Options**: <br>
-**Default**: `0.93.1`<br>
+**Default**: `latest`<br>
 **Example**:
 
 ```yaml
 agent:
-  version: latest
+  version: 1.10.1
 ```
 
 ## **agent.useSSL**
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 33c4a1c3..17fd8ca7 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -72,21 +72,16 @@ To upgrade:<br>
   The username for the configured airgapped_registry_name. Ignore this
   parameter if the registry does not require authentication.
 
-3. Run the Installer. (Note: This step differs for Airgapped Installations,
-  see [Airgapped Installation
-  Options](../README.md#airgapped-Installation-Options).) 
+3. Run the Installer (if you are in airgapped environment make sure you follow
+instructions from installation on how to get the images to your airgapped
+registry)
   ```bash
-  docker run \
-    -e HOST_USER=$(id -u) \
-    -e KUBECONFIG=/.kube/config \
-    -v ~/.kube:/.kube:Z \
-    -v $(pwd):/manifests:Z \
-    quay.io/sysdig/installer:3.2.2-1
+  ./installer diff
+  ```
+4. If you are fine with the differences displayed, then run:
+  ```bash
+  ./installer deploy
   ```
-
-4. If you are fine with the differences displayed, then set value for the
-  `scripts` parameter in your values.yaml to `deploy` and rerun the Installer
-  as in Step 3.<br>
   If you find differences that you want to preserve you should
   look in the [Configuration Parameters](docs/configuration_parameters.md)
   documentation for the configuration parameter that matches the difference
@@ -94,5 +89,5 @@ To upgrade:<br>
   step 3 until you are fine with the differences. Then set scripts to deploy
   and run for the final time.
 
-5. The datastores Cassandra and ElasticSearch have onDelete update strategy and need to be manually restarted to
-   complete upgrade.
+5. The datastores Cassandra and ElasticSearch have onDelete update strategy
+  and need to be manually restarted to complete upgrade.

From 75f5cfb6fa32a82ea7a678665219eaf6969a1aa5 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 17 Jul 2020 19:38:40 +0000
Subject: [PATCH 054/156] updating installer docs

---
 installer/single-node/install.sh | 46 +++++++++++---------------------
 1 file changed, 16 insertions(+), 30 deletions(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 754b0b75..88757c23 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -32,7 +32,6 @@ DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
 RUN_INSTALLER="false"
-INSTALLER_IMAGE="quay.io/sysdig/installer:3.2.0-9"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml
@@ -152,6 +151,12 @@ function dockerLogin() {
   fi
 }
 
+function downloadInstallerBinary() {
+  curl -o installer -L https://github.com/draios/sysdigcloud-kubernetes/releases/download/3.5.0/installer-linux-amd64
+  chmod +x installer
+  mv installer "${ROOT_LOCAL_PATH}"
+}
+
 function installUbuntuDeps() {
   apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
   apt-get update -qq
@@ -233,7 +238,7 @@ function installDeps() {
 EOF
   modprobe br_netfilter
   swapoff -a
-  systemctl mask "*.swap"
+  systemctl mask '*.swap'
   sed -i.bak '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
   sysctl --system
 
@@ -283,7 +288,6 @@ EOF
   set -e
 }
 
-
 function startDocker() {
   systemctl enable docker
   systemctl start docker
@@ -327,15 +331,13 @@ function fixIptables() {
 }
 
 function pullImagesSysdigImages() {
-  #copy tests/resources to local
-  getSysdigImagesFromInstaller
   #find images in resources
   mapfile -t non_job_images < <(jq -r '.spec.template.spec.containers[]? | .image' \
-    resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
+    /opt/sysdig-chart/resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   mapfile -t job_images < <(jq -r '.spec.jobTemplate.spec.template.spec.containers[]? | .image' \
-    resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
+    /opt/sysdig-chart/resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   mapfile -t init_container_images < <(jq -r '.spec.template.spec.initContainers[]? | .image' \
-    resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
+    /opt/sysdig-chart/resources/*/sysdig.json 2> /dev/null | sort -u | grep 'quay\|docker.io')
   #collected images  to images obj
   local -a images=("${non_job_images[@]}")
   images+=("${ADDITIONAL_IMAGES[@]}")
@@ -351,31 +353,20 @@ function pullImagesSysdigImages() {
     fi
   done
   #clean up resources
-  rm -rf resources
-}
-
-function getSysdigImagesFromInstaller() {
-  #get resources from sysdig-chart/tests
-  docker create --name installer_image ${INSTALLER_IMAGE}
-  docker cp installer_image:/sysdig-chart/tests/resources .
-  docker rm installer_image
+  rm -rf /opt/sysdig-chart
 }
 
 function runInstaller() {
   if [[ "${AIRGAP_INSTALL}" != "true" ]]; then
-    dockerLogin
+    downloadInstallerBinary
   fi
   if [[ "${AIRGAP_BUILD}" == "true" ]]; then
-    docker pull "${INSTALLER_IMAGE}"
+    downloadInstallerBinary
+    dockerLogin
     pullImagesSysdigImages
   else
     writeValuesYaml
-    docker run --net=host \
-      -e KUBECONFIG=/root/.kube/config \
-      -v /root/.kube:/root/.kube:Z \
-      -v /root/.minikube:/root/.minikube:Z \
-      -v "$(pwd)":/manifests:Z \
-      "${INSTALLER_IMAGE}"
+    installer deploy
   fi
 }
 
@@ -383,12 +374,7 @@ function __main() {
 
   if [[ "${RUN_INSTALLER}" == "true" ]]; then
     #single node installer just runs installer and returns early
-     docker run --net=host \
-      -e KUBECONFIG=/root/.kube/config \
-      -v /root/.kube:/root/.kube:Z \
-      -v /root/.minikube:/root/.minikube:Z \
-      -v "$(pwd)":/manifests:Z \
-      "${INSTALLER_IMAGE}"
+    installer deploy
     exit 0
   fi
   preFlight

From be1a87fc3a7d2491aff682007be25f57d5fa0b95 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 30 Jul 2020 08:30:21 +0000
Subject: [PATCH 055/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 1464 ++++++++++----------
 1 file changed, 739 insertions(+), 725 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 425142b8..d21cd78a 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -1318,6 +1318,20 @@ sysdig:
       - my-cool-host1.com
 ```
 
+## **sysdig.mysql.maxConnections**
+**Required**: `false`<br>
+**Description**: The maximum permitted number of simultaneous client connections.<br>
+**Options**:<br>
+**Default**: `1024`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    maxConnections: 1024
+```
+
 ## **sysdig.mysql.password**
 **Required**: `false`<br>
 **Description**: The password of the MySQL user that the Sysdig Platform backend
@@ -1654,11 +1668,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits|
-|------------|------|
-| small      | 2    |
-| medium     | 4    |
-| large      | 8    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
@@ -1676,11 +1690,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits|
-|------------|------|
-| small      | 8Gi  |
-| medium     | 8Gi  |
-| large      | 8Gi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
@@ -1698,11 +1712,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 1      |
-| medium     | 2      |
-| large      | 4      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
@@ -1720,11 +1734,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 2Gi    |
-| medium     | 2Gi    |
-| large      | 2Gi    |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
@@ -1742,11 +1756,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits|
-|------------|------|
-| small      | 2    |
-| medium     | 4    |
-| large      | 8    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
@@ -1764,11 +1778,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits|
-|------------|------|
-| small      | 8Gi  |
-| medium     | 8Gi  |
-| large      | 8Gi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
@@ -1786,11 +1800,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 1      |
-| medium     | 2      |
-| large      | 4      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
@@ -1808,11 +1822,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 4Gi    |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
@@ -1830,11 +1844,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits|
-|------------|------|
-| small      | 500m |
-| medium     | 500m |
-| large      | 500m |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
 **Example**:
 
@@ -1852,11 +1866,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits|
-|------------|------|
-| small      | 500Mi|
-| medium     | 500Mi|
-| large      | 500Mi|
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
@@ -1874,11 +1888,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 250m   |
-| medium     | 250m   |
-| large      | 250m   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -1896,11 +1910,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 100Mi  |
-| medium     | 100Mi  |
-| large      | 100Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
@@ -1950,11 +1964,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 500m   |
-| medium     | 500m   |
-| large      | 500m   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
@@ -1972,11 +1986,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 1Gi    |
-| medium     | 1Gi    |
-| large      | 1Gi    |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
@@ -1994,11 +2008,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 4      |
-| large      | 4      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
@@ -2016,11 +2030,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 8Gi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -2039,11 +2053,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 500m   |
-| medium     | 1      |
-| large      | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
@@ -2061,11 +2075,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 1Gi    |
-| large      | 2Gi    |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
@@ -2083,11 +2097,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
@@ -2105,11 +2119,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2Gi    |
-| medium     | 2Gi    |
-| large      | 2Gi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -2128,11 +2142,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 100m   |
-| medium     | 100m   |
-| large      | 100m   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
@@ -2150,11 +2164,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 100Mi  |
-| medium     | 100Mi  |
-| large      | 100Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
@@ -2172,11 +2186,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 300m   |
-| medium     | 300m   |
-| large      | 300m   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
@@ -2194,11 +2208,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 20Mi   |
-| medium     | 20Mi   |
-| large      | 20Mi   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -2217,11 +2231,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50m   |
-| medium     |  50m   |
-| large      |  50m   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
@@ -2239,11 +2253,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   5Mi  |
-| medium     |   5Mi  |
-| large      |   5Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
@@ -2261,11 +2275,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 300m   |
-| medium     | 300m   |
-| large      | 300m   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
@@ -2283,11 +2297,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 20Mi   |
-| medium     | 20Mi   |
-| large      | 20Mi   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -2306,11 +2320,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50m   |
-| medium     |  50m   |
-| large      |  50m   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
@@ -2328,11 +2342,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   5Mi  |
-| medium     |   5Mi  |
-| large      |   5Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
@@ -2350,11 +2364,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4      |
-| medium     | 4      |
-| large      | 16     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
@@ -2372,11 +2386,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 16Gi   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -2395,11 +2409,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  1     |
-| medium     |  1     |
-| large      |  4     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
@@ -2417,11 +2431,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   4Gi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
@@ -2439,11 +2453,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4      |
-| medium     | 4      |
-| large      | 16     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
@@ -2461,11 +2475,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 16Gi   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -2484,11 +2498,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  1     |
-| medium     |  1     |
-| large      |  4     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
@@ -2506,11 +2520,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   4Gi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
@@ -2528,11 +2542,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4      |
-| medium     | 4      |
-| large      | 16     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
@@ -2550,11 +2564,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 16Gi   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -2573,11 +2587,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  1     |
-| medium     |  1     |
-| large      |  4     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
@@ -2595,11 +2609,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   4Gi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
@@ -2617,11 +2631,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4      |
-| medium     | 4      |
-| large      | 16     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
@@ -2639,11 +2653,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 16Gi   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -2662,11 +2676,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  1     |
-| medium     |  1     |
-| large      |  4     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
@@ -2684,11 +2698,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   4Gi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
@@ -2706,11 +2720,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4      |
-| medium     | 4      |
-| large      | 4      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
@@ -2728,11 +2742,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 4Gi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -2751,11 +2765,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  500m  |
-| medium     |  1     |
-| large      |  1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
@@ -2773,11 +2787,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   1Gi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
@@ -2795,11 +2809,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4      |
-| medium     | 4      |
-| large      | 4      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
@@ -2817,11 +2831,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 4Gi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -2840,11 +2854,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  500m  |
-| medium     |  1     |
-| large      |  1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
@@ -2862,11 +2876,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   1Gi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
@@ -2884,11 +2898,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4      |
-| medium     | 4      |
-| large      | 4      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
@@ -2906,11 +2920,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 4Gi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -2929,11 +2943,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  500m  |
-| medium     |  1     |
-| large      |  1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
@@ -2951,11 +2965,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   1Gi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
@@ -2974,11 +2988,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4      |
-| medium     | 4      |
-| large      | 4      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
@@ -2996,11 +3010,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 4Gi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3019,11 +3033,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  500m  |
-| medium     |  1     |
-| large      |  1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
@@ -3041,11 +3055,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   1Gi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
@@ -3063,11 +3077,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4      |
-| medium     | 4      |
-| large      | 4      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
@@ -3085,11 +3099,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 4Gi    |
-| medium     | 4Gi    |
-| large      | 4Gi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3108,11 +3122,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  1  |
-| medium     |  1     |
-| large      |  1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
@@ -3130,11 +3144,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   1Gi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
@@ -3152,11 +3166,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
@@ -3174,11 +3188,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      |  2Gi   |
-| medium     |  2Gi   |
-| large      |  2Gi   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -3197,11 +3211,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -3219,11 +3233,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  1Gi   |
-| medium     |  1Gi   |
-| large      |  1Gi   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
@@ -3241,11 +3255,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
@@ -3263,11 +3277,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
@@ -3285,11 +3299,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -3307,11 +3321,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
@@ -3329,11 +3343,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
@@ -3351,11 +3365,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -3374,11 +3388,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -3396,11 +3410,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
@@ -3418,11 +3432,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 250m   |
-| medium     | 250m   |
-| large      | 250m   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
@@ -3440,11 +3454,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 200Mi  |
-| medium     | 200Mi  |
-| large      | 200Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
 
 
 **Example**:
@@ -3463,11 +3477,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -3485,11 +3499,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
@@ -3507,11 +3521,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
@@ -3529,11 +3543,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
@@ -3551,11 +3565,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -3573,11 +3587,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
@@ -3595,11 +3609,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
@@ -3617,11 +3631,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -3640,11 +3654,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -3662,11 +3676,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
@@ -3684,11 +3698,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
@@ -3706,11 +3720,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1Gi    |
-| medium     | 1Gi    |
-| large      | 1Gi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -3729,11 +3743,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  500m  |
-| medium     |  500m  |
-| large      |  500m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
@@ -3751,11 +3765,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  512Mi |
-| medium     |  512Mi |
-| large      |  512Mi |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
 
 **Example**:
 
@@ -3773,11 +3787,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
@@ -3795,11 +3809,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 8Gi    |
-| medium     | 8Gi    |
-| large      | 8Gi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -3818,11 +3832,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  500m  |
-| medium     |  500m  |
-| large      |  500m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
@@ -3840,11 +3854,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  2Gi   |
-| medium     |  2Gi   |
-| large      |  2Gi   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
@@ -3862,11 +3876,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
@@ -3884,11 +3898,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
@@ -3906,11 +3920,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -3928,11 +3942,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
@@ -3950,11 +3964,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 2      |
-| medium     | 2      |
-| large      | 2      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
@@ -3972,11 +3986,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      |   1Gi  |
-| medium     |   1Gi  |
-| large      |   1Gi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 **Example**:
 
@@ -3994,11 +4008,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -4016,11 +4030,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250Mi |
-| medium     |  250Mi |
-| large      |  250Mi |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
 
 **Example**:
 
@@ -4038,11 +4052,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
@@ -4060,11 +4074,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      |  250Mi |
-| medium     |  250Mi |
-| large      |  250Mi |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
 
 **Example**:
 
@@ -4082,11 +4096,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -4104,11 +4118,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   50Mi |
-| medium     |   50Mi |
-| large      |   50Mi |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
@@ -4126,11 +4140,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
@@ -4148,11 +4162,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
@@ -4170,11 +4184,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -4192,11 +4206,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
@@ -4214,11 +4228,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
@@ -4236,11 +4250,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      |  500Mi |
-| medium     |  500Mi |
-| large      |  500Mi |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
@@ -4258,11 +4272,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -4280,11 +4294,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |   50Mi |
-| medium     |   50Mi |
-| large      |   50Mi |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
@@ -4302,11 +4316,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
@@ -4324,11 +4338,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 200Mi  |
-| medium     | 200Mi  |
-| large      | 200Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
 
 
 **Example**:
@@ -4347,11 +4361,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
@@ -4369,11 +4383,11 @@ sysdig:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
@@ -4524,11 +4538,11 @@ clusters of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
@@ -4543,11 +4557,11 @@ sysdig:
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
@@ -4563,11 +4577,11 @@ sysdig:
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  3  |
-| large      |  5  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
@@ -4583,11 +4597,11 @@ sysdig:
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  3  |
-| large      |  6  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
 
 **Example**:
 
@@ -4603,11 +4617,11 @@ clusters of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  3  |
-| large      |  5  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
@@ -4622,11 +4636,11 @@ sysdig:
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  2  |
-| large      |  4  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
 
 **Example**:
 
@@ -4641,11 +4655,11 @@ sysdig:
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
@@ -4660,11 +4674,11 @@ sysdig:
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
@@ -4679,11 +4693,11 @@ sysdig:
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
@@ -4698,11 +4712,11 @@ sysdig:
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
@@ -4718,11 +4732,11 @@ sysdig:
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  3  |
-| large      |  6  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
 
 **Example**:
 
@@ -4738,11 +4752,11 @@ of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  3  |
-| large      |  5  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
@@ -4758,11 +4772,11 @@ of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  2  |
-| large      |  4  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
 
 **Example**:
 
@@ -4778,11 +4792,11 @@ of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
@@ -4798,11 +4812,11 @@ of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
@@ -4818,11 +4832,11 @@ of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  2  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
 
 **Example**:
 
@@ -4838,11 +4852,11 @@ of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
 
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
@@ -5777,11 +5791,11 @@ agent:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits|
-|------------|------|
-| small      | 3    |
-| medium     | 5    |
-| large      | 8    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
 
 **Example**:
 
@@ -5798,11 +5812,11 @@ agent:
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits|
-|------------|------|
-| small      | 3Gi  |
-| medium     | 6Gi  |
-| large      | 10Gi |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
 
 **Example**:
 
@@ -5819,11 +5833,11 @@ agent:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 1      |
-| medium     | 3      |
-| large      | 5      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
 
 **Example**:
 
@@ -5840,11 +5854,11 @@ agent:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 1Gi    |
-| medium     | 3Gi    |
-| large      | 6Gi    |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
 
 **Example**:
 
@@ -5861,11 +5875,11 @@ agent:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 512    |
-| medium     | 1024   |
-| large      | 2048   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
 **Example**:
 
@@ -5882,11 +5896,11 @@ agent:
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      | 512    |
-| medium     | 2048   |
-| large      | 4096   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
 
 **Example**:
 

From d8818546d31a500bbe4c95385198021631104b04 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 13 Aug 2020 15:29:40 +0000
Subject: [PATCH 056/156] updating installer docs

---
 installer/single-node/README.md  | 15 +++++++++++++++
 installer/single-node/install.sh | 15 +++------------
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index ca0bb34c..a03fbb11 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -4,6 +4,21 @@ This script will install docker, minikube, jq, curl etc required to run Sysdig
 Platform, after installing all dependencies the script will create a
 values.yaml and run the installer using the created values.yaml file.
 
+## Download Installer
+Single Node script is integrated into installer. Download/Copy installer binary to get the single node installer script.
+
+Running "installer single-node" creates a install.sh file in current working directory.
+
+```bash
+sudo su
+#execute permissions for installer installer
+chmod u+x installer-linux-amd64
+#installer needs to be in PATH
+cp installer-linux-amd64 /usr/bin/installer
+#get single node installer script
+installer single-node
+```
+
 ## Usage
 
 Copy the [script](./install.sh) to the machine that sysdig
diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 88757c23..b7f037e1 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -32,6 +32,7 @@ DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
 RUN_INSTALLER="false"
+INSTALLER_BINARY="installer"
 
 function writeValuesYaml() {
   cat << EOM > values.yaml
@@ -151,12 +152,6 @@ function dockerLogin() {
   fi
 }
 
-function downloadInstallerBinary() {
-  curl -o installer -L https://github.com/draios/sysdigcloud-kubernetes/releases/download/3.5.0/installer-linux-amd64
-  chmod +x installer
-  mv installer "${ROOT_LOCAL_PATH}"
-}
-
 function installUbuntuDeps() {
   apt-get remove -y docker docker-engine docker.io containerd runc > /dev/null 2>&1
   apt-get update -qq
@@ -357,16 +352,12 @@ function pullImagesSysdigImages() {
 }
 
 function runInstaller() {
-  if [[ "${AIRGAP_INSTALL}" != "true" ]]; then
-    downloadInstallerBinary
-  fi
   if [[ "${AIRGAP_BUILD}" == "true" ]]; then
-    downloadInstallerBinary
     dockerLogin
     pullImagesSysdigImages
   else
     writeValuesYaml
-    installer deploy
+    ${INSTALLER_BINARY} deploy
   fi
 }
 
@@ -374,7 +365,7 @@ function __main() {
 
   if [[ "${RUN_INSTALLER}" == "true" ]]; then
     #single node installer just runs installer and returns early
-    installer deploy
+    ${INSTALLER_BINARY} deploy
     exit 0
   fi
   preFlight

From 4b643d6f6dffee75e0cc47c6280e27036eaa456f Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 21 Aug 2020 15:18:36 +0000
Subject: [PATCH 057/156] updating installer docs

---
 installer/README.md                        | 29 +++++++++++++++++++--
 installer/docs/configuration_parameters.md | 30 +++++++++++-----------
 2 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 23291fb8..b6adc1b8 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.2.0-9-uber
+  docker pull quay.io/sysdig/installer:3.5.1-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.2.0-9-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -303,6 +303,31 @@ See [upgrade.md](docs/upgrade.md) for upgrades documentation.
 For the full dictionary of configuration parameters, see:
 [configuration_parameters.md](docs/configuration_parameters.md)
 
+# Permissions
+
+## General
+* CRU on the sysdig namespace
+* CRU on StorageClass (only Read is required if the storageClass already exists)
+* CRUD on Secrets/ServiceAccount/ConfigMap/Deployment/CronJob/Job/StatefulSet/Service/DaemonSet in the sysdig namespace.
+* CRUD on role/rolebinding in sysdig namespace (if sysdig ingress controller is deployed)
+* CRU on the ingress-controller(this is the name of the object) ClusterRole/ClusterRoleBinding (if sysdig ingress controller is deployed)
+* Get Nodes (for validations).
+
+## MultiAZ enabled
+* CRU on the node-labels-to-files(this is the name of the object) ClusterRole/ClusterRoleBinding (for multi-AZ deployments)
+
+## HostPath
+* CRU on PV
+* CRU on PVC in sysdig namespace
+
+## Openshift
+* CRUD on route in the sysdig namespace
+* CRUD on openshift SCC in the sysdig namespace
+
+## Network policies enabled
+* CRUD on networkpolicies in sysdig namespace (if networkpolicies are enabled, this is an alpha feature customers should not enable it)
+
+
 # Advanced Configuration
 
 For advanced configuration option see [advanced.md](docs/advanced.md)
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index d21cd78a..8d896edd 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -675,7 +675,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.5.0.6725
+  activityAuditVersion: 3.5.1.7018
 ```
 
 ## **sysdig.profilingVersion**
@@ -687,7 +687,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 3.5.0.6725
+  profilingVersion: 3.5.1.7018
 ```
 
 ## **sysdig.anchoreVersion**
@@ -699,7 +699,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.6.1.2
+  anchoreVersion: 0.6.1.6
 ```
 
 ## **sysdig.accessKey**
@@ -1129,12 +1129,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.0.6725<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.5.0.6725
+  monitorVersion: 3.5.1.7018
 ```
 
 ## **sysdig.scanningVersion**
@@ -1144,12 +1144,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.0.6725<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.5.0.6725
+  scanningVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1159,12 +1159,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.0.6725<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.5.0.6725
+  sysdigAPIVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1174,12 +1174,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.0.6725<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.5.0.6725
+  sysdigCollectorVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1189,12 +1189,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.0.6725<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.5.0.6725
+  sysdigWorkerVersion: 3.5.1.7018
 ```
 
 ## **sysdig.mysqlHa**
@@ -1225,12 +1225,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of MySQL used for HA.<br>
 **Options**:<br>
-**Default**: 8.0.16.3<br>
+**Default**: 8.0.16.4<br>
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlHaVersion: 8.0.16.3
+  mysqlHaVersion: 8.0.16.4
 ```
 
 ## **sysdig.mysqlHaAgentVersion**

From aa8440e818f57206659d6fbc0d5655dddc9013d3 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 22 Oct 2020 21:03:35 +0000
Subject: [PATCH 058/156] updating installer docs

---
 .../overlays/patch.yaml                       | 20 +++++++
 .../values.yaml                               | 11 ++++
 .../node-labels-and-taints/values.yaml        | 52 +++++++++++++++++++
 3 files changed, 83 insertions(+)
 create mode 100644 installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml
 create mode 100644 installer/examples/elasticsearch-init-vmmaxmapcount/values.yaml
 create mode 100644 installer/examples/node-labels-and-taints/values.yaml

diff --git a/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml b/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml
new file mode 100644
index 00000000..36f2954a
--- /dev/null
+++ b/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml
@@ -0,0 +1,20 @@
+#This patchfile adds an initcontainer to ElasticSearch and sets vmmaxmap count in ES hosts
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: sysdigcloud-elasticsearch
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: elasticsearch-init-vmmaxmapcount
+          image: quay.io/sysdig/elasticsearch:<CURRENT_ES_VERSION>
+          securityContext:
+            privileged: true
+            runAsUser: 0
+          command:
+            - sysctl
+            - -w
+          args:
+            - vm.max_map_count=262144
\ No newline at end of file
diff --git a/installer/examples/elasticsearch-init-vmmaxmapcount/values.yaml b/installer/examples/elasticsearch-init-vmmaxmapcount/values.yaml
new file mode 100644
index 00000000..efb0330a
--- /dev/null
+++ b/installer/examples/elasticsearch-init-vmmaxmapcount/values.yaml
@@ -0,0 +1,11 @@
+apps: monitor
+schema_version: 1.0.0
+size: small
+quaypullsecret: <PLEASE_REPLACE>
+storageClassProvisioner: aws
+sysdig:
+  ingressNetworking: loadbalancer
+  admin:
+    username: foo@bar.com
+  license: <PLEASE_REPLACE>
+  dnsName: foo.bar
diff --git a/installer/examples/node-labels-and-taints/values.yaml b/installer/examples/node-labels-and-taints/values.yaml
new file mode 100644
index 00000000..5b06e9b5
--- /dev/null
+++ b/installer/examples/node-labels-and-taints/values.yaml
@@ -0,0 +1,52 @@
+# Node labels and node taints can be combined to ensure only Sysdig platform pods run on a particular node, the example below show starting from the `tolerations` sections shows how to configure the installer to take advantage of labels and tolerations.
+size: medium
+# Replace with quay.io pull secrets provided by the sales team.
+quaypullsecret: <PLEASE_REPLACE>
+# Acceptable values here are awe|gke|none|hostPath, change this to none and configure storageClassName if you want to use an existing storageClass
+storageClassProvisioner: hostPath
+# Uncomment the below to specify an existing storageClass, if not configured a storageClass is created with the configured storageClassProvisioner
+# storageClassName: sysdig
+elasticsearch:
+  hostPathNodes:
+    # replace with the name section of kubectl get nodes
+    - my-awesome-node01
+    - my-awesome-node02
+    - my-awesome-node03
+sysdig:
+  mysql:
+    hostPathNodes:
+      # replace with the name section of kubectl get nodes
+      - my-awesome-node01
+  postgresql:
+    hostPathNodes:
+      # replace with the name section of kubectl get nodes
+      - my-awesome-node01
+  cassandra:
+    hostPathNodes:
+      # replace with the name section of kubectl get nodes
+      - my-awesome-node01
+      - my-awesome-node02
+      - my-awesome-node03
+  # Replace with domain name the api should be served on.
+  dnsName: <PLEASE_REPLACE>
+  admin:
+    username: pov@sysdig.com
+  # Replace with license provided by the sales team.
+  license: <PLEASE_REPLACE>
+
+  # Everything below here is the core piece of this configuration.
+
+  # Nodes needs to have been assigned the taint dedicated=sysdig:NoSchedule, e.g:
+  # kubectl taint my-awesome-node01 dedicated=sysdig:NoSchedule
+  # for the below to work.
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
+# Nodes needs to have been assigned labels role=sysdig for the below to work
+# e.g: kubectl label nodes my-awesome-node01 role=sysdig
+# for the below to work.
+nodeaffinityLabel:
+  key: role
+  value: sysdig

From adeb7a7ab636b88d2539c58ccc6c69b277f8bb7c Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 29 Oct 2020 17:44:50 +0000
Subject: [PATCH 059/156] updating installer docs

---
 installer/single-node/install.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index b7f037e1..af49cb3a 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -43,6 +43,11 @@ storageClassProvisioner: hostPath
 elasticsearch:
   hostPathNodes:
     - minikube
+hostPathCustomPaths:
+  cassandra: /var/lib/cassandra
+  elasticsearch: /var/lib/elasticsearch
+  mysql: /var/lib/mysql
+  postgresql: /var/lib/postgresql/data/pgdata
 sysdig:
   mysql:
     hostPathNodes:

From e267ac919bae34388c5c8c4abdcfad475a1b688a Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 9 Nov 2020 18:03:33 +0000
Subject: [PATCH 060/156] updating installer docs

---
 installer/README.md                        |    4 +-
 installer/docs/configuration_parameters.md | 1230 ++++++++++++++++++--
 2 files changed, 1128 insertions(+), 106 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index b6adc1b8..09dabd31 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.5.1-1-uber
+  docker pull quay.io/sysdig/installer:3.6.0-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.6.0-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 8d896edd..761d6896 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -675,7 +675,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.5.1.7018
+  activityAuditVersion: 3.6.0.7691
 ```
 
 ## **sysdig.profilingVersion**
@@ -687,7 +687,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 3.5.1.7018
+  profilingVersion: 3.6.0.7691
 ```
 
 ## **sysdig.anchoreVersion**
@@ -699,7 +699,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.6.1.6
+  anchoreVersion: 0.8.1.2
 ```
 
 ## **sysdig.accessKey**
@@ -1129,12 +1129,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 3.6.0.7691<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.5.1.7018
+  monitorVersion: 3.6.0.7691
 ```
 
 ## **sysdig.scanningVersion**
@@ -1144,12 +1144,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 3.6.0.7691<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.5.1.7018
+  scanningVersion: 3.6.0.7691
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1159,12 +1159,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 3.6.0.7691<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.5.1.7018
+  sysdigAPIVersion: 3.6.0.7691
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1174,12 +1174,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 3.6.0.7691<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.5.1.7018
+  sysdigCollectorVersion: 3.6.0.7691
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1189,12 +1189,27 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 3.6.0.7691<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.5.1.7018
+  sysdigWorkerVersion: 3.6.0.7691
+```
+
+## **sysdig.enableAlerter**
+**Required**: `false`<br>
+**Description**: This creates a separate deployment for Alerters while
+disabling this functionality in workers. **Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  enableAlerter: true
 ```
 
 ## **sysdig.mysqlHa**
@@ -1387,6 +1402,60 @@ sysdig:
   natsStreamingVersion: 0.16.2.1
 ```
 
+## **sysdig.nats.secure.enabled**
+**Required**: `false`<br>
+**Description**: NATS Streaming TLS enabled.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+```
+
+## **sysdig.nats.ha.enabled**
+**Required**: `false`<br>
+**Description**: NATS Streaming HA (High Availability) enabled.<br>
+**Options**:<br>
+**Default**: false<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ha:
+      enabled: false
+```
+
+## **sysdig.nats.urlha**
+**Required**: `false`<br>
+**Description**: NATS Streaming URL for HA deployment.<br>
+**Options**:<br>
+**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
+```
+
+## **sysdig.nats.urltls**
+**Required**: `false`<br>
+**Description**: NATS Streaming URL for TLS enabled.<br>
+**Options**:<br>
+**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    urltls: nats://sysdigcloud-nats-streaming-tls:4222
+```
+
 ## **sysdig.openshiftUrl**
 **Required**: `false`<br>
 **Description**: Openshift API url along with its port number, this is
@@ -1485,7 +1554,7 @@ sysdig:
 **Description**: Determines if a [web
 proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
 used by Anchore for fetching CVE feed from
-[https://ancho.re](https://ancho.re.) and by the events forwarder to forward to HTTP based targets.<br>
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
 **Default**: `false`<br>
 
@@ -1597,6 +1666,108 @@ sysdig:
     enable: true
     user: alice
 ```
+## **sysdig.slack.client.id**
+**Required**: `false`<br>
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `awesomeclientid`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client: 
+      id: 2255883163.123123123534
+```
+
+## **sysdig.slack.client.secret**
+**Required**: `false`<br>
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `awesomeclientsecret`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
+```
+
+## **sysdig.slack.client.scope**
+**Required**: `false`<br>
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `incoming-webhook`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client: 
+      scope: incoming-webhook
+```
+
+## **sysdig.slack.client.endpoint**
+**Required**: `false`<br>
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
+
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
+```
+
+## **sysdig.slack.client.oauth.endpoint**
+**Required**: `false`<br>
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
+
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
+```
+
+## **sysdig.inactivitySettings.trackerEnabled**
+**Required**: `false`<br>
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+
+**Example**:
+```yaml
+sysdig:
+  inactivitySettings:
+    trackerEnabled: true
+```
+
+## **sysdig.inactivitySettings.trackerTimeout**
+**Required**: `false`<br>
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
+
+**Example**:
+```yaml
+sysdig:
+  inactivitySettings:
+    trackerTimeout: 900
+```
+
 
 ## **sysdig.secure.anchore.customCerts**
 **Required**: `false`<br>
@@ -2545,7 +2716,7 @@ sysdig:
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 4      |
+| medium       | 8      |
 | large        | 16     |
 
 **Example**:
@@ -2567,7 +2738,7 @@ sysdig:
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 4Gi    |
+| medium       | 8Gi    |
 | large        | 16Gi   |
 
 
@@ -2590,7 +2761,7 @@ sysdig:
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
+| medium       | 2        |
 | large        | 4        |
 
 **Example**:
@@ -2612,7 +2783,7 @@ sysdig:
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
+| medium       | 2Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -2625,6 +2796,95 @@ sysdig:
         memory: 200Mi
 ```
 
+## **sysdig.resources.alerter.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.alerter.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to alerter pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.alerter.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.alerter.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      requests:
+        memory: 200Mi
+```
+
 ## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to collector pods<br>
@@ -2827,7 +3087,591 @@ sysdig:
 
 ## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.anchore-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.scanning-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.scanning-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      requests:
+        memory: 200Mi
+```
+
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.scanningalertmgr.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.scanningalertmgr.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.scanningalertmgr.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-retention-mgr:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-retention-mgr:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-retention-mgr:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-retention-mgr:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.secure.scanning.retentionMgr.cronjob**
+**Required**: `false`<br>
+**Description**: Retention manager Cronjob<br>
+**Options**:<br>
+**Default**: 0 3 * * *<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
+```
+
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+**Required**: `false`<br>
+**Description**: Max execution duration for the retention policy<br>
+**Options**:<br>
+**Default**: 23h<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
+```
+
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+**Required**: `false`<br>
+**Description**: Grace period for the retention policy<br>
+**Options**:<br>
+**Default**: 168h<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
+```
+
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+**Required**: `false`<br>
+**Description**: Artifical delay after each image deletion<br>
+**Options**:<br>
+**Default**: 1s<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
+```
+
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+**Required**: `false`<br>
+**Description**: Scanning GRPC endpoint<br>
+**Options**:<br>
+**Default**: sysdigcloud-scanning-api:6000<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+```
+
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+**Required**: `false`<br>
+**Description**: Scanning DB engine<br>
+**Options**:<br>
+**Default**: mysql<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
+```
+
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
+**Required**: `false`<br>
+**Description**: Default value for the date policy<br>
+**Options**:<br>
+**Default**: 90<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
+```
+
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the tags policy<br>
+**Options**:<br>
+**Default**: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
+
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
+```
+
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 500m   |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-ve-janitor:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-ve-janitor:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-ve-janitor:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-ve-janitor:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.policy-advisor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    policy-advisor:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.policy-advisor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2843,20 +3687,20 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    policy-advisor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
 | large        | 1        |
 
@@ -2865,14 +3709,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    policy-advisor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2887,44 +3731,44 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    policy-advisor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    netsec-api:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -2932,21 +3776,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    netsec-api:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
+| small        | 300m     |
+| medium       | 500m     |
 | large        | 1        |
 
 **Example**:
@@ -2954,14 +3798,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    netsec-api:
       requests:
-        cpu: 2
+        cpu: 300m
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2976,45 +3820,44 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    netsec-api:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    netsec-ingest:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -3022,14 +3865,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    netsec-ingest:
       limits:
-        memory: 10Mi
+        memory: 4Gi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3044,66 +3887,67 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    netsec-ingest:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
-      requests:
-        memory: 200Mi
+    netsec-ingest:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    netsec-janitor:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -3111,21 +3955,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    netsec-janitor:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
+| small        | 300m     |
+| medium       | 500m     |
 | large        | 1        |
 
 **Example**:
@@ -3133,14 +3977,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    netsec-janitor:
       requests:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3155,9 +3999,9 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    netsec-janitor:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
 ## **sysdig.resources.nats-streaming.limits.cpu**
@@ -4687,6 +5531,44 @@ sysdig:
   policyAdvisorReplicaCount: 20
 ```
 
+## **sysdig.netsecApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecApiReplicaCount: 1
+```
+
+## **sysdig.netsecIngestReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecIngestReplicaCount: 1
+```
+
 ## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
 **Description**: Number of Anchore Core replicas.<br>
@@ -4765,6 +5647,26 @@ sysdig:
   workerReplicaCount: 7
 ```
 
+## **sysdig.alerterReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
 ## **sysdig.eventsGathererReplicaCount**
 **Required**: `false`<br>
 **Description**: Number of events gatherer replicas, this is a noop for clusters
@@ -5051,6 +5953,20 @@ sysdig:
       -XX:-UseContainerSupport
 ```
 
+## **sysdig.alerter.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
 ## **agent.apiKey**
 **Required**: `false`<br>
 **Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
@@ -5200,6 +6116,18 @@ agent:
   capturesEnabled: false
 ```
 
+## **agent.feature_mode**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
+**Example**:
+
+```yaml
+agent:
+  feature_mode: troubleshooting
+```
+
 ## **agent.timezone**
 **Required**: `false`<br>
 **Description**: Set daemonset timezone.<br>
@@ -5251,6 +6179,34 @@ agent:
     noProxy: your-awesome-no-proxy.com
 ```
 
+## **agent.snaplenPortRange.start**
+**Required**: `false`<br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.snaplenPortRange.end**
+**Required**: `false`<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
 ## **agent.customKernelModules.enabled**
 **Required**: `false`<br>
 **Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
@@ -5413,7 +6369,7 @@ agent:
 **Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
 _**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
 **Options**: <br>
-**Default**: `200`<br>
+**Default**: `40`<br>
 **Example**:
 
 ```yaml
@@ -5910,3 +6866,69 @@ agent:
     watchdog:
       cointerface: 1024
 ```
+
+## **sysdig.eventsForwarderEnabledIntegrations**
+**Required**: `false`<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Options**:<br>
+**Default**: ""<br>
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+```
+
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+**Required**: `false`<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Options**:<br>
+**Default**: "5"<br>
+**Example**:
+
+```yaml
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
+```
+
+## **sysdig.secure.scanning.veJanitor.cronjob**
+**Required**: `false`<br>
+**Description**: Cronjob schedule<br>
+**Options**:<br>
+**Default**: "0 0 * * *"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
+```
+
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+**Required**: `false`<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
+```
+
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+**Required**: `false`<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
+```

From 0d4c5b039fb414529378810032c4f0781ad99ffc Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 17 Nov 2020 17:33:21 +0000
Subject: [PATCH 061/156] updating installer docs

---
 installer/single-node/README.md  | 13 +++++++++++++
 installer/single-node/install.sh | 18 ++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index a03fbb11..362aab9a 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -28,6 +28,19 @@ platform is intended to run on, then run:
 sudo ./install.sh
 ```
 
+## Help
+
+```bash
+sudo ./install.sh -h
+#prints help
+Help...
+-a | --airgap-builder to specify airgap builder
+-i | --airgap-install to run as airgap install mode
+-r | --run-installer  to run the installer alone
+-q | --quaypullsecret followed by quaysecret to specify airgap builder
+-d | --delete-sysdig deletes sysdig namespace, persistent volumes and data from disk
+```
+
 This will prompt for quay pull secrets, sysdig license and domain name(in ec2
 this is the public hostname for the instance). It will install dependencies
 run the installer and create a sysdig platform. It also logs everything you
diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index af49cb3a..7a2a1c2b 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -32,6 +32,7 @@ DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
 RUN_INSTALLER="false"
+DELETE_SYSDIG="false"
 INSTALLER_BINARY="installer"
 
 function writeValuesYaml() {
@@ -368,6 +369,18 @@ function runInstaller() {
 
 function __main() {
 
+  if [[ "${DELETE_SYSDIG}" == "true" ]]; then
+    data_directories=$(kubectl get pv -o json | jq '.items[].spec.hostPath.path')
+    kubectl delete ns sysdig || true
+    kubectl delete pv --all || true
+    for data_directory in ${data_directories}
+    do
+      echo "deleteing ${data_directory}"
+      rm -rf "${data_directory}"
+    done
+    exit 0
+  fi
+
   if [[ "${RUN_INSTALLER}" == "true" ]]; then
     #single node installer just runs installer and returns early
     ${INSTALLER_BINARY} deploy
@@ -412,12 +425,17 @@ while [[ $# -gt 0 ]]; do
       shift # past argument
       shift # past value
       ;;
+    -d | --delete-sysdig)
+      DELETE_SYSDIG="true"
+      shift # past value
+      ;;
     -h | --help)
       echo "Help..."
       echo "-a | --airgap-builder to specify airgap builder"
       echo "-i | --airgap-install to run as airgap install mode"
       echo "-r | --run-installer  to run the installer alone"
       echo "-q | --quaypullsecret followed by quaysecret to specify airgap builder"
+      echo "-d | --delete-sysdig deletes sysdig namespace, persistent volumes and data from disk"
       shift # past argument
       exit 0
       ;;

From ce3623c6010b0287213c85b5a4f3020ab6282c9b Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 17 Nov 2020 18:22:32 +0000
Subject: [PATCH 062/156] updating installer docs

---
 installer/single-node/install.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 7a2a1c2b..42d09874 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -286,9 +286,18 @@ EOF
   installJq
   installMiniKube
   installKubectl
+  setSystemctlVmMaxMapCount
+
   set -e
 }
 
+function setSystemctlVmMaxMapCount() {
+    #set for running ElasticSearch as non-root
+    VM_MAX_MAP_COUNT=${VM_MAX_MAP_COUNT:-262144}
+    readonly VM_MAX_MAP_COUNT
+    sysctl -w vm.max_map_count="${VM_MAX_MAP_COUNT}"
+}
+
 function startDocker() {
   systemctl enable docker
   systemctl start docker

From 03f6531e5d3ca8c1f0c6534f1a7fd177e37082c9 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 17 Nov 2020 23:35:19 +0000
Subject: [PATCH 063/156] updating installer docs

---
 installer/single-node/install.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 42d09874..88daf3ff 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -287,10 +287,19 @@ EOF
   installMiniKube
   installKubectl
   setSystemctlVmMaxMapCount
+  writeEtcHosts
 
   set -e
 }
 
+function writeEtcHosts() {
+  if ! grep -q "127.0.0.1 ${DNSNAME}" /etc/hosts; then
+    #for sni agents to connect to collector via 127.0.0.1
+    echo -e "\n#setting hostname for agents to connect" >> /etc/hosts
+    echo -e "127.0.0.1 ${DNSNAME}" >> /etc/hosts
+  fi
+}
+
 function setSystemctlVmMaxMapCount() {
     #set for running ElasticSearch as non-root
     VM_MAX_MAP_COUNT=${VM_MAX_MAP_COUNT:-262144}

From f26ff6cdcc14fbda2ca14b408f7dad8242e3d973 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 20 Nov 2020 16:32:55 +0000
Subject: [PATCH 064/156] updating installer docs

---
 installer/examples/rbac/README.md             |  31 ++++++
 .../examples/rbac/fullaccess/clusterrole.yaml |  60 ++++++++++
 .../rbac/fullaccess/clusterrolebinding.yaml   |  13 +++
 installer/examples/rbac/fullaccess/role.yaml  | 103 ++++++++++++++++++
 .../examples/rbac/fullaccess/rolebinding.yaml |  14 +++
 installer/examples/rbac/fullaccess/sa.yaml    |   6 +
 .../examples/rbac/readonly/clusterrole.yaml   |  35 ++++++
 .../rbac/readonly/clusterrolebinding.yaml     |  13 +++
 installer/examples/rbac/readonly/role.yaml    |  54 +++++++++
 .../examples/rbac/readonly/rolebinding.yaml   |  14 +++
 installer/examples/rbac/readonly/sa.yaml      |   6 +
 11 files changed, 349 insertions(+)
 create mode 100644 installer/examples/rbac/README.md
 create mode 100644 installer/examples/rbac/fullaccess/clusterrole.yaml
 create mode 100644 installer/examples/rbac/fullaccess/clusterrolebinding.yaml
 create mode 100644 installer/examples/rbac/fullaccess/role.yaml
 create mode 100644 installer/examples/rbac/fullaccess/rolebinding.yaml
 create mode 100644 installer/examples/rbac/fullaccess/sa.yaml
 create mode 100644 installer/examples/rbac/readonly/clusterrole.yaml
 create mode 100644 installer/examples/rbac/readonly/clusterrolebinding.yaml
 create mode 100644 installer/examples/rbac/readonly/role.yaml
 create mode 100644 installer/examples/rbac/readonly/rolebinding.yaml
 create mode 100644 installer/examples/rbac/readonly/sa.yaml

diff --git a/installer/examples/rbac/README.md b/installer/examples/rbac/README.md
new file mode 100644
index 00000000..b5908716
--- /dev/null
+++ b/installer/examples/rbac/README.md
@@ -0,0 +1,31 @@
+# RBAC for Installer (work in progress) v0.0.0a
+
+- RBAC resources required to run the `installer`
+
+- each of the three directories contains YAMLs for a specific case:
+
+[readonly](readonly)
+- readonly access to the namespace and minimal resources necessary for the installer to 
+  `generate` and `secure-diff` the existing install (or for a new install)
+
+[external-ingress](external-ingress)
+- more restrictive RBAC access rights by using an external `ingress` object
+- TBD
+  
+[fullaccess](fullaccess)
+- allows the execution of `installer` as-is, including rights for `StorageClass` and `IngressController`
+
+[openshift](openshift)
+- TBD
+
+## Instructions
+
+- for each usecase we provide YAMLs to create the necessary RBAC resources
+
+- this example assumes that Sysdig will be installed in the `sysdigcloud` namespace
+
+- apply these YAMLs to your cluster from an `admin` level account
+
+- create a `kubeconfig` for the ServiceAccount installer
+
+- use the `kubeconfig` to execute the installer
diff --git a/installer/examples/rbac/fullaccess/clusterrole.yaml b/installer/examples/rbac/fullaccess/clusterrole.yaml
new file mode 100644
index 00000000..b989b23c
--- /dev/null
+++ b/installer/examples/rbac/fullaccess/clusterrole.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: installer
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - patch
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - nodes
+  - persistentvolumes
+  - pods
+  - secrets
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - create
+  - update
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  - clusterroles
+  verbs:
+  - get
+  - list
+  - create
+  - update
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs:
+  - list
+  - get
+  - watch
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses/status
+  verbs:
+  - update
diff --git a/installer/examples/rbac/fullaccess/clusterrolebinding.yaml b/installer/examples/rbac/fullaccess/clusterrolebinding.yaml
new file mode 100644
index 00000000..3697f88c
--- /dev/null
+++ b/installer/examples/rbac/fullaccess/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: installer
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
diff --git a/installer/examples/rbac/fullaccess/role.yaml b/installer/examples/rbac/fullaccess/role.yaml
new file mode 100644
index 00000000..1ee55027
--- /dev/null
+++ b/installer/examples/rbac/fullaccess/role.yaml
@@ -0,0 +1,103 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: sysdigcloud
+  name: installer
+rules:
+  - apiGroups: 
+      - 'extensions'
+    resources: 
+      - ingresses
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - update
+      - delete
+  - apiGroups:
+      - 'policy'
+    resources:
+      - poddisruptionbudgets
+    verbs:
+      - create
+      - update
+      - get
+      - list
+      - patch
+  - apiGroups:
+      - '*'
+    resources:
+      - networkpolicies
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - '*'
+    resources:
+      - cronjobs
+      - configmaps
+      - deployments
+      - deployments/scale
+      - daemonsets
+      - endpoints
+      - events
+      - jobs
+      - namespaces
+      - podtemplates
+      - podsecuritypolicies
+      - pods
+      - pods/log
+      - pods/exec
+      - pod/delete
+      - pod/status
+      - podpreset
+      - persistentvolumeclaims
+      - replicationcontrollers
+      - replicasets
+      - secrets
+      - services
+      - serviceaccounts
+      - statefulsets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - '*'
+    resources:
+      - storageclasses
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - '*'
+    resources:
+      - namespace
+    verbs:
+      - create
+      - get
+      - list
+      - update
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - roles
+      - rolebindings
+    verbs:
+      - create
+      - update
+      - delete
+      - get
+      - list
+
diff --git a/installer/examples/rbac/fullaccess/rolebinding.yaml b/installer/examples/rbac/fullaccess/rolebinding.yaml
new file mode 100644
index 00000000..19845dc6
--- /dev/null
+++ b/installer/examples/rbac/fullaccess/rolebinding.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: installer
+  namespace: sysdigcloud
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: installer
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
diff --git a/installer/examples/rbac/fullaccess/sa.yaml b/installer/examples/rbac/fullaccess/sa.yaml
new file mode 100644
index 00000000..a8c086bd
--- /dev/null
+++ b/installer/examples/rbac/fullaccess/sa.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: installer
+  namespace: sysdigcloud
diff --git a/installer/examples/rbac/readonly/clusterrole.yaml b/installer/examples/rbac/readonly/clusterrole.yaml
new file mode 100644
index 00000000..5107d58f
--- /dev/null
+++ b/installer/examples/rbac/readonly/clusterrole.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: installer-readonly
+rules:
+- apiGroups:
+    - ""
+  resources:
+    - persistentvolumes
+  verbs:
+    - get
+    - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  - clusterroles
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs:
+  - list
+  - get
diff --git a/installer/examples/rbac/readonly/clusterrolebinding.yaml b/installer/examples/rbac/readonly/clusterrolebinding.yaml
new file mode 100644
index 00000000..518a8a42
--- /dev/null
+++ b/installer/examples/rbac/readonly/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer-readonly
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: installer-readonly
+subjects:
+- kind: ServiceAccount
+  name: installer-readonly
+  namespace: sysdigcloud
diff --git a/installer/examples/rbac/readonly/role.yaml b/installer/examples/rbac/readonly/role.yaml
new file mode 100644
index 00000000..4d195152
--- /dev/null
+++ b/installer/examples/rbac/readonly/role.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: sysdigcloud
+  name: installer-readonly
+rules:
+  - apiGroups: 
+      - 'extensions'
+    resources: 
+      - ingresses
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - '*'
+    resources:
+      - cronjobs
+      - configmaps
+      - deployments
+      - daemonsets
+      - jobs
+      - namespaces
+      - pods
+      - persistentvolumeclaims
+      - secrets
+      - services
+      - serviceaccounts
+      - statefulsets
+    verbs:
+      - get
+      - list
+#  - apiGroups:
+#      - '*'
+#    resources:
+#      - storageclasses
+#    verbs:
+#      - get
+#      - list
+  - apiGroups:
+      - '*'
+    resources:
+      - namespace
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - roles
+      - rolebindings
+    verbs:
+      - get
+      - list
diff --git a/installer/examples/rbac/readonly/rolebinding.yaml b/installer/examples/rbac/readonly/rolebinding.yaml
new file mode 100644
index 00000000..ce55ef7a
--- /dev/null
+++ b/installer/examples/rbac/readonly/rolebinding.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: installer-readony
+  namespace: sysdigcloud
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: installer-readonly
+subjects:
+- kind: ServiceAccount
+  name: installer-readonly
+  namespace: sysdigcloud
diff --git a/installer/examples/rbac/readonly/sa.yaml b/installer/examples/rbac/readonly/sa.yaml
new file mode 100644
index 00000000..e14c7c13
--- /dev/null
+++ b/installer/examples/rbac/readonly/sa.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: installer-readonly
+  namespace: sysdigcloud

From d9b978ec93bacd3e504f2f46827ee0671d5e87e9 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 23 Nov 2020 09:51:54 +0000
Subject: [PATCH 065/156] updating installer docs

---
 installer/README.md                        |  4 ++--
 installer/docs/configuration_parameters.md | 26 +++++++++++-----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 09dabd31..0fb567c5 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.6.0-1-uber
+  docker pull quay.io/sysdig/installer:3.6.1-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.6.0-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.6.1-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 761d6896..ec16aead 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -675,7 +675,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.6.0.7691
+  activityAuditVersion: 3.6.1.7758
 ```
 
 ## **sysdig.profilingVersion**
@@ -687,7 +687,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 3.6.0.7691
+  profilingVersion: 3.6.1.7758
 ```
 
 ## **sysdig.anchoreVersion**
@@ -699,7 +699,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.2
+  anchoreVersion: 0.8.1.8
 ```
 
 ## **sysdig.accessKey**
@@ -1129,12 +1129,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.0.7691<br>
+**Default**: 3.6.1.7758<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.6.0.7691
+  monitorVersion: 3.6.1.7758
 ```
 
 ## **sysdig.scanningVersion**
@@ -1144,12 +1144,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.0.7691<br>
+**Default**: 3.6.1.7758<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.6.0.7691
+  scanningVersion: 3.6.1.7758
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1159,12 +1159,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.0.7691<br>
+**Default**: 3.6.1.7758<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.6.0.7691
+  sysdigAPIVersion: 3.6.1.7758
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1174,12 +1174,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.0.7691<br>
+**Default**: 3.6.1.7758<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.6.0.7691
+  sysdigCollectorVersion: 3.6.1.7758
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1189,12 +1189,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.0.7691<br>
+**Default**: 3.6.1.7758<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.6.0.7691
+  sysdigWorkerVersion: 3.6.1.7758
 ```
 
 ## **sysdig.enableAlerter**

From 23df1b77afe1d55561a4d13978452b9eacc99da7 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 11 Dec 2020 17:54:53 +0000
Subject: [PATCH 066/156] updating installer docs

---
 installer/single-node/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 88daf3ff..9431eed4 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -388,7 +388,7 @@ function runInstaller() {
 function __main() {
 
   if [[ "${DELETE_SYSDIG}" == "true" ]]; then
-    data_directories=$(kubectl get pv -o json | jq '.items[].spec.hostPath.path')
+    data_directories=$(kubectl get pv -o json | jq -r '.items[].spec.hostPath.path')
     kubectl delete ns sysdig || true
     kubectl delete pv --all || true
     for data_directory in ${data_directories}

From 75f8bf7231139a1287d7e3217908160695879fbf Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 14 Dec 2020 10:58:22 +0000
Subject: [PATCH 067/156] updating installer docs

---
 installer/README.md                        |  4 ++--
 installer/docs/configuration_parameters.md | 24 +++++++++++-----------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 0fb567c5..75b50451 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.6.1-1-uber
+  docker pull quay.io/sysdig/installer:3.6.2-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.6.1-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.6.2-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index ec16aead..7f80fb79 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -675,7 +675,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.6.1.7758
+  activityAuditVersion: 3.6.2.7998
 ```
 
 ## **sysdig.profilingVersion**
@@ -687,7 +687,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 3.6.1.7758
+  profilingVersion: 3.6.2.7998
 ```
 
 ## **sysdig.anchoreVersion**
@@ -1129,12 +1129,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.1.7758<br>
+**Default**: 3.6.2.7998<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.6.1.7758
+  monitorVersion: 3.6.2.7998
 ```
 
 ## **sysdig.scanningVersion**
@@ -1144,12 +1144,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.1.7758<br>
+**Default**: 3.6.2.7998<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.6.1.7758
+  scanningVersion: 3.6.2.7998
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1159,12 +1159,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.1.7758<br>
+**Default**: 3.6.2.7998<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.6.1.7758
+  sysdigAPIVersion: 3.6.2.7998
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1174,12 +1174,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.1.7758<br>
+**Default**: 3.6.2.7998<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.6.1.7758
+  sysdigCollectorVersion: 3.6.2.7998
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1189,12 +1189,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.1.7758<br>
+**Default**: 3.6.2.7998<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.6.1.7758
+  sysdigWorkerVersion: 3.6.2.7998
 ```
 
 ## **sysdig.enableAlerter**

From da55d4a01f6bc8f4580e609149c4072ee263e2da Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 14 Dec 2020 16:35:52 +0000
Subject: [PATCH 068/156] updating installer docs

---
 installer/single-node/install.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 9431eed4..efd16155 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -390,6 +390,7 @@ function __main() {
   if [[ "${DELETE_SYSDIG}" == "true" ]]; then
     data_directories=$(kubectl get pv -o json | jq -r '.items[].spec.hostPath.path')
     kubectl delete ns sysdig || true
+    kubectl delete ns agent || true
     kubectl delete pv --all || true
     for data_directory in ${data_directories}
     do

From 485a6018dcec2c7b73163eede1ae66895207c6c9 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 22 Jan 2021 19:25:07 +0000
Subject: [PATCH 069/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 7f80fb79..2fe0ef09 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -1020,6 +1020,18 @@ sysdig:
   elasticsearchVersion: 5.6.16.18
 ```
 
+## **sysdig.elasticsearch6Version**
+**Required**: `false`<br>
+**Description**: The docker image tag of Elasticsearch 6.<br>
+**Options**:<br>
+**Default**: 6.8.6.6<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchVersion: 6.8.6.6
+```
+
 ## **sysdig.haproxyVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of HAProxy ingress controller. The

From 4fff321388efb896de1db01483f2287e544522b6 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 3 Feb 2021 22:39:34 +0000
Subject: [PATCH 070/156] updating installer docs

---
 installer/single-node/README.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index 362aab9a..da27a6f9 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -21,9 +21,6 @@ installer single-node
 
 ## Usage
 
-Copy the [script](./install.sh) to the machine that sysdig
-platform is intended to run on, then run:
-
 ```bash
 sudo ./install.sh
 ```
@@ -141,4 +138,4 @@ Enable verbose logging and stdout.
 
 ```bash
 ovftool --X:logToConsole --X:logLevel=verbose -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
-```
\ No newline at end of file
+```

From 2e0b465ec324a03983d11db513389e93c7ee6810 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 24 Feb 2021 06:33:19 +0000
Subject: [PATCH 071/156] updating installer docs

---
 installer/single-node/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index efd16155..69b0acae 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -304,7 +304,7 @@ function setSystemctlVmMaxMapCount() {
     #set for running ElasticSearch as non-root
     VM_MAX_MAP_COUNT=${VM_MAX_MAP_COUNT:-262144}
     readonly VM_MAX_MAP_COUNT
-    sysctl -w vm.max_map_count="${VM_MAX_MAP_COUNT}"
+    sysctl -w vm.max_map_count="${VM_MAX_MAP_COUNT}" | tee -a /etc/sysctl.conf
 }
 
 function startDocker() {

From daadca35a9917becc8a228a27a60c8290b0028ff Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 25 Feb 2021 23:11:59 +0000
Subject: [PATCH 072/156] updating installer docs

---
 installer/single-node/install.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 69b0acae..7c1f846a 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -57,6 +57,7 @@ sysdig:
     hostPathNodes:
       - minikube
   cassandra:
+    jvmOptions: -Xmx500m -Xms500m
     hostPathNodes:
       - minikube
   dnsName: $DNSNAME

From 50666f89c3d932bbbf82512cd2a533d4708ce360 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 15 Mar 2021 17:12:48 +0000
Subject: [PATCH 073/156] updating installer docs

---
 installer/single-node/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 7c1f846a..a9572f3a 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -395,7 +395,7 @@ function __main() {
     kubectl delete pv --all || true
     for data_directory in ${data_directories}
     do
-      echo "deleteing ${data_directory}"
+      echo "deleting ${data_directory}"
       rm -rf "${data_directory}"
     done
     exit 0

From eeb25a7708124e0f4c2116d312eba515dd75fddb Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 30 Mar 2021 20:46:48 +0000
Subject: [PATCH 074/156] updating installer docs

---
 installer/single-node/install.sh | 52 ++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index a9572f3a..d081d74c 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -69,6 +69,14 @@ sysdig:
       requests:
         cpu: 500m
         memory: 1Gi
+    apiNginx:
+      requests:
+        cpu: 50m
+        memory: 100Mi
+    apiEmailRenderer:
+      requests:
+        cpu: 50m
+        memory: 100Mi
     cassandra:
       requests:
         cpu: 500m
@@ -85,6 +93,50 @@ sysdig:
       requests:
         cpu: 500m
         memory: 1Gi
+    anchore-catalog:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+    anchore-policy-engine:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+    anchore-worker:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+    scanning-api:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+    scanningalertmgr:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+    scanning-retention-mgr:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+    secure-prometheus:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+    netsec-api:
+      requests:
+        cpu: 300m
+        memory: 500Mi
+    netsec-ingest:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+    policy-advisor:
+      requests:
+        cpu: 500m
+        memory: 500Mi
+    scanning-reporting-worker:
+      requests:
+        cpu: 500m
+        memory: 500Mi
 EOM
 }
 

From 4cb41e35d9052fac56880884b03701daa153b15e Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 30 Mar 2021 22:31:21 +0000
Subject: [PATCH 075/156] updating installer docs

---
 installer/single-node/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index d081d74c..669b8419 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -419,7 +419,7 @@ function pullImagesSysdigImages() {
   for image in "${images[@]}"; do
     if [[ -z $(docker images -q "$image") ]]; then
       logger info "Pulling $image"
-      docker pull "$image"
+      docker pull "$image" || true
     else
       echo "$image is present"
     fi

From 370ed3b88ff952c9becbb3023c6b3fe37aadc096 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 31 Mar 2021 16:57:26 +0000
Subject: [PATCH 076/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 +
 installer/docs/configuration_parameters.md | 7116 +++++++++++++-------
 3 files changed, 4811 insertions(+), 2357 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 75b50451..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [sysdigcloud-kubernetes releases
-  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
+  [installer releases
+  page](https://github.com/draios/installer/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.6.2-1-uber
+  docker pull quay.io/sysdig/installer:3.5.1-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.6.2-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 8c5de38a..6617e8ba 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,3 +104,47 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
+
+## Airgapped installations
+
+### Method for automatically updating the feeds database in airgapped environments
+This is a procedure that can be used to automatically update the feeds database:
+
+1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
+2. move the file from the jumpbox server to the customer airgapped environment (optional)
+3. load the image file and push it to the customer's airgapped image registry
+4. restart the pod sysdigcloud-feeds-db
+5. restart the pod feeds-api
+
+Finally, steps 1 to 5 will be performed periodically once a day.
+
+This is an example script that contains all the steps:
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/vuln-feed-database:latest
+# Save image
+docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
+# Optionally move image
+mv vuln-feed-database.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
+ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
+# Restart database pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
+# Restart feeds-api pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
+```
+
+The script can be scheduled using a cron job that run every day
+```bash
+0 8 * * * feeds-database-update.sh >/dev/null 2>&1
+```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 2fe0ef09..91f846cb 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`
+**Required**: `false`<br>
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -666,6 +666,51 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
+## **pvStorageSize.large.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    nats: 10Gi
+```
+
+## **pvStorageSize.medium.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    nats: 10Gi
+```
+
+## **pvStorageSize.small.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    nats: 10Gi
+```
+
 ## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Activity Audit services.<br>
@@ -675,7 +720,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.6.2.7998
+  activityAuditVersion: 4.0.0.9075
 ```
 
 ## **sysdig.profilingVersion**
@@ -687,7 +732,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 3.6.2.7998
+  profilingVersion: 4.0.0.9075
 ```
 
 ## **sysdig.anchoreVersion**
@@ -699,7 +744,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.8
+  anchoreVersion: 0.8.1.18
 ```
 
 ## **sysdig.accessKey**
@@ -715,6 +760,19 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
+## **sysdig.awsRegion**
+**Required**: `false`<br>
+**Description**: The AWS (or AWS compatible) region to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  awsRegion: my_aws_region
+```
+
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -772,7 +830,7 @@ sysdig:
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**:<br>
+**Options**: <br>
 **Default**: 2.1.21.13<br>
 **Example**:
 
@@ -781,6 +839,31 @@ sysdig:
   cassandraVersion: 2.1.21.16
 ```
 
+## **sysdig.cassandra.useCassandra3**
+**Required**: `false`<br>
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    useCassandra3: false
+```
+
+## **sysdig.Cassandra3Version**
+**Required**: `false`<br>
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
+**Options**: <br>
+**Default**: `3.11.7.0`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra3Version: 3.11.7.0
+```
+
 ## **sysdig.cassandra.external**
 **Required**: `false`<br>
 **Description**: If set does not create a local Cassandra cluster, tries connecting to an external Cassandra cluster.
@@ -813,7 +896,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`false`<br>
+**Default**:`true`<br>
 **Example**:
 
 ```yaml
@@ -825,9 +908,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. <br>
+**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -917,7 +1000,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `-Xms4g -Xmx4g`<br>
 **Example**:
 
 ```yaml
@@ -971,22 +1054,31 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
+   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
+PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
+in the same level as `values.yaml`.<br>
 
-This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
+certs/custom-java-certs/certificate3.p12
+certs/custom-java-certs/certificate3.p12.passwd
+
+
 values.yaml
 ```
 
@@ -1022,14 +1114,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch 6.<br>
+**Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
 **Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 6.8.6.6
+  elasticsearch6Version: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1141,12 +1233,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.2.7998<br>
+**Default**: 4.0.0.9075<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.6.2.7998
+  monitorVersion: 4.0.0.9075
 ```
 
 ## **sysdig.scanningVersion**
@@ -1156,12 +1248,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.2.7998<br>
+**Default**: 4.0.0.9075<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.6.2.7998
+  scanningVersion: 4.0.0.9075
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1171,12 +1263,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.2.7998<br>
+**Default**: 4.0.0.9075<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.6.2.7998
+  sysdigAPIVersion: 4.0.0.9075
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1186,12 +1278,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.2.7998<br>
+**Default**: 4.0.0.9075<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.6.2.7998
+  sysdigCollectorVersion: 4.0.0.9075
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1201,12 +1293,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.2.7998<br>
+**Default**: 4.0.0.9075<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.6.2.7998
+  sysdigWorkerVersion: 4.0.0.9075
 ```
 
 ## **sysdig.enableAlerter**
@@ -1224,6 +1316,75 @@ sysdig:
   enableAlerter: true
 ```
 
+## **sysdig.alertingSystem.enabled**
+**Required**: `false`<br>
+**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    enabled: true
+```
+
+## **sysdig.alertingSystem.alertManager.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertManager.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifier.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertNotifier.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      apiToken: A_VALID_TOKEN
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1298,8 +1459,7 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster
-instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1428,6 +1588,36 @@ sysdig:
       enabled: true
 ```
 
+## **sysdig.nats.secure.username**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS username<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS password<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1521,1185 +1711,1146 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.mysqlToPostgresMigrationVersion**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
 **Options**:<br>
-**Default**: [] <br>
-
+**Default**: 1.2.5-mysql-to-postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.postgresql.rootUser**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: Root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Default**: `postgres`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
+  postgresql:
+    rootUser: postgres
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.postgresql.rootDb**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: Root database of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `false`<br>
-
+**Default**: `anchore`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  postgresql:
+    rootDb: anchore
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.postgresql.rootPassword**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: Password for the root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**:<br>
-
+**Default**: Autogenerated 16 alphanumeric characters<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  postgresql:
+    rootPassword: my_root_password
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.postgresql.primary**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
-**Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  postgresql:
+    primary: true
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.postgresql.external**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**:<br>
-**Default**:<br>
-
+**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  postgresql:
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+    sysdig:
+      host: my-sysdig-db-external.com
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**: [] <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
-
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.postgresDatabases.anchore**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**:<br>
-**Default**:<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.postgresDatabases.profiling**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `awesomeclientid`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `awesomeclientsecret`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.postgresDatabases.scanning**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `incoming-webhook`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.postgresDatabases.reporting**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  postgresql:
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.postgresDatabases.padvisor**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.postgresDatabases.sysdig**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerEnabled: true
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.inactivitySettings.trackerTimeout**
+## **sysdig.postgresDatabases.serviceOwnerManagement**
 **Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    serviceOwnerManagement:
+      host: my-som-db-external.com
+      port: 5432
+      db: som_db
+      username: som_user
+      password: my_som_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
-
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
-
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    beacon:
+      host: my-beacon-db-external.com
+      port: 5432
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
-**Options**:<br>
-**Default**: 4.0.12.7<br>
+**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    quartz:
+      host: my-quartz-db-external.com
+      port: 5432
+      db: quartz_db
+      username: quartz_user
+      password: my_quartz_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.postgresDatabases.compliance**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
-**Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
+**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12-1.0.1
+  postgresql:
+    external: true
+  postgresDatabases:
+    compliance:
+      host: my-compliance-db-external.com
+      port: 5432
+      db: compliance_db
+      username: compliance_user
+      password: my_compliance_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.redisHa**
+## **sysdig.postgresDatabases.admissionController**
 **Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHa: false
+  postgresql:
+    external: true
+  postgresDatabases:
+    admissionController:
+      host: my-admission-controller-db-external.com
+      port: 5432
+      db: admission_controller_db
+      username: admission_controller_user
+      password: my_admission_controller_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.postgresDatabases.rapidResponse**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
-
+**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-rapid-response-db-external.com
+      port: 5432
+      db: rapid_response_db
+      username: rapid_response_user
+      password: my_rapid_response_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
-| large        | 4Gi      |
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        memory: 8Gi
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        cpu: 2
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        memory: 2Gi
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        cpu: 2
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        memory: 8Gi
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
-
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.saml.certificate.name**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The filename of the certificate that will be used for signing SAML requests. 
+The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
+the certificate name used when creating the certificate.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        cpu: 2
+  saml:
+    certificate:
+      name: saml-cert.p12
 ```
-
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.saml.certificate.password**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: The password required to read the certificate that will be used for signing SAML requests. 
+If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        memory: 2Gi
+  saml:
+    certificate:
+      name: saml-cert.p12
+      password: changeit
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 4      |
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        cpu: 2
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 8Gi    |
-
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        memory: 8Gi
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
-**Options**:<br>
-**Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+## **sysdig.secure.anchore.customCerts**
+**Required**: `false`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        cpu: 2
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.secure.anchore.enableMetrics**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+**Description**:
+Allow Anchore to export prometheus metrics.
 
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        memory: 2Gi
-```
+  secure:
+    anchore:
+      enableMetrics: true
+```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        cpu: 2
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Default**: 4.0.12-1.0.1<br>
+**Example**:
 
+```yaml
+sysdig:
+  redisHaVersion: 4.0.12-1.0.1
+```
 
+## **sysdig.redisHa**
+**Required**: `false`<br>
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        memory: 1Gi
+  redisHa: false
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.useRedis6**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
-**Options**:<br>
-**Default**:
+**Description**: Determines if redis should be installed with version 6.x<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+```yaml
+sysdig:
+  useRedis6: false
+```
 
+## **sysdig.redis6Version**
+**Required**: `false`<br>
+**Description**: Docker image tag of Redis 6, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
+**Options**:<br>
+**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        cpu: 2
+  redis6Version: 6.0.10.1
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.redis6SentinelVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: Docker image tag of Redis Sentinel, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
+**Default**: 6.0.10.1<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+```yaml
+sysdig:
+  redis6SentinelVersion: 6.0.10.1
+```
 
+## **sysdig.redis6ExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
+**Options**:<br>
+**Default**: 1.15.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        memory: 2Gi
+  redis6ExporterVersion: 1.15.1.1
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 8Gi      |
+| medium       | 8Gi      |
+| large        | 8Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       requests:
-        memory: 200Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: The amount of cpu assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api pods<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api pods<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api pods<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api pods<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2707,51 +2858,51 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| medium       | 4Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -2759,88 +2910,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -2848,88 +2999,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -2937,88 +3088,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3026,58 +3177,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3085,21 +3236,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3107,7 +3258,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3115,36 +3266,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3152,200 +3303,197 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.ingressControllerHaProxy.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 250Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       limits:
-        memory: 10Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.ingressControllerHaProxy.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 125m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.ingressControllerRsyslog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 50Mi   |
+| medium       | 100Mi  |
+| large        | 100Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m     |
+| medium       | 50m     |
+| large        | 50m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.ingressControllerRsyslog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 20Mi     |
+| medium       | 20Mi     |
+| large        | 20Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       requests:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3353,21 +3501,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3375,7 +3523,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3383,36 +3531,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3420,189 +3568,229 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
+## **sysdig.resources.apiNginx.limits.cpu**
 **Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
+**Description**: The amount of cpu assigned to nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 0 3 * * *<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
+  resources:
+    apiNginx:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.apiNginx.limits.memory**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of memory assigned to nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 23h<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
+  resources:
+    apiNginx:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+## **sysdig.resources.apiNginx.requests.cpu**
 **Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
+**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 168h<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    apiNginx:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.apiNginx.requests.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory required to schedule nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 1s<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
+  resources:
+    apiNginx:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+## **sysdig.resources.apiEmailRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    apiEmailRenderer:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.apiEmailRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: mysql<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
+  resources:
+    apiEmailRenderer:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
+## **sysdig.resources.apiEmailRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default value for the date policy<br>
+**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: 90<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
+  resources:
+    apiEmailRenderer:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+## **sysdig.resources.apiEmailRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
+**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: 5<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
-**Options**:<br>
-**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
+  resources:
+    apiEmailRenderer:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
-| large        | 1      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3610,88 +3798,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3699,88 +3887,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3788,36 +3976,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       requests:
-        cpu: 300m
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3825,141 +4013,141 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    anchore-core:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
+## **sysdig.resources.anchore-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    anchore-api:
       limits:
-        memory: 4Gi
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.resources.anchore-catalog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
-      requests:
-        cpu: 500m
+    anchore-catalog:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.requests.memory**
+## **sysdig.resources.anchore-policy-engine.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    anchore-policy-engine:
       limits:
-        memory: 2Gi
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    anchore-core:
       limits:
-        cpu: 1
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+
+## **sysdig.resources.anchore-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -3967,265 +4155,268 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    anchore-api:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+
+## **sysdig.resources.anchore-catalog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
-      requests:
-        cpu: 1
+    anchore-catalog:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+
+## **sysdig.resources.anchore-policy-engine.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
-      requests:
-        memory: 1Gi
+    anchore-policy-engine:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
-      limits:
+    anchore-core:
+      requests:
         cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.resources.anchore-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
+    anchore-api:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    anchore-policy-engine:
       requests:
-        memory: 1Gi
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
-      limits:
-        cpu: 2
+    anchore-core:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
+## **sysdig.resources.anchore-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
+    anchore-api:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    anchore-policy-engine:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4233,88 +4424,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       limits:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4322,176 +4513,178 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       limits:
-        memory: 200Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-api.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-api.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4499,243 +4692,203 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-worker.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-overview-api.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**: 0 3 * * *<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
 ```
 
-## **sysdig.resources.secure-overview-api.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Description**: Max execution duration for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        memory: 1Gi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.secure-overview-api.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
+**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
 ```
 
-## **sysdig.resources.secure-overview-api.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Description**: Artifical delay after each image deletion<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
-
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        memory: 512Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.secure-prometheus.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.resources.secure-prometheus.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Description**: Scanning DB engine<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
-
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        memory: 8Gi
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.secure-prometheus.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
 ```
 
-## **sysdig.resources.secure-prometheus.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Description**: Default value for the tags policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 5<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        memory: 2Gi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
 ```
 
-## **sysdig.resources.events-api.limits.cpu**
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
+| small        | 300m   |
+| medium       | 500m   |
 | large        | 1      |
 
 **Example**:
@@ -4743,322 +4896,327 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-api.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-gatherer.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.events-gatherer.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Description**: The amount of memory assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.events-gatherer.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.events-gatherer.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    admission-controller-api:
       requests:
-        memory: 250Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.events-dispatcher.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-dispatcher.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Description**: The amount of memory assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 256Mi  |
+| medium     | 256Mi  |
+| large      | 256Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       limits:
-        memory: 250Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-dispatcher.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  100m  |
+| medium     |  100m  |
+| large      |  100m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       requests:
-        cpu: 250m
+        cpu: 100m
 ```
 
-## **sysdig.resources.events-dispatcher.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    admission-controller-api-pg-migrate:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.cpu**
+## **sysdig.resources.reporting-init.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Description**: The amount of cpu assigned to reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.memory**
+## **sysdig.resources.reporting-init.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Description**: The amount of memory assigned to reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       limits:
-        memory: 500Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.cpu**
+## **sysdig.resources.reporting-init.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Description**: The amount of cpu required to schedule reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       requests:
-        cpu: 250m
+        cpu: 100m
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.memory**
+## **sysdig.resources.reporting-init.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Description**: The amount of memory required to schedule reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
@@ -5073,1874 +5231,4126 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.events-forwarder.limits.cpu**
+## **sysdig.resources.reporting-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Description**: The amount of cpu assigned to reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1500m    |
+| medium       | 1500m    |
+| large        | 1500m    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       limits:
-        cpu: 1
+        cpu: 1500m
 ```
 
-## **sysdig.resources.events-forwarder.limits.memory**
+## **sysdig.resources.reporting-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Description**: The amount of memory assigned to reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1536Mi   |
+| medium       | 1536Mi   |
+| large        | 1536Mi   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       limits:
-        memory: 500Mi
+        memory: 1536Mi
 ```
 
-## **sysdig.resources.events-forwarder.requests.cpu**
+## **sysdig.resources.reporting-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Description**: The amount of cpu required to schedule reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       requests:
-        cpu: 250m
+        cpu: 200m
 ```
 
-## **sysdig.resources.events-forwarder.requests.memory**
+## **sysdig.resources.reporting-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Description**: The amount of memory required to schedule reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       requests:
-        memory:  50Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-janitor.limits.cpu**
+## **sysdig.resources.reporting-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Description**: The amount of cpu assigned to reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2        |
+| medium       | 2        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-janitor.limits.memory**
+## **sysdig.resources.reporting-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
+**Description**: The amount of memory assigned to reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 16Gi     |
+| medium       | 16Gi     |
+| large        | 16Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       limits:
-        memory: 200Mi
+        memory: 16Gi
 ```
 
-## **sysdig.resources.events-janitor.requests.cpu**
+## **sysdig.resources.reporting-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Description**: The amount of cpu required to schedule reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       requests:
-        cpu: 250m
+        cpu: 200m
 ```
 
-## **sysdig.resources.events-janitor.requests.memory**
+## **sysdig.resources.reporting-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Description**: The amount of memory required to schedule reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 10Gi     |
+| medium       | 10Gi     |
+| large        | 10Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       requests:
-        memory: 50Mi
+        memory: 10Gi
 ```
 
-## **sysdig.restrictPasswordLogin**
+## **sysdig.secure.scanning.reporting.debug**
 **Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable logging at debug level<br>
+**Options**:<br>
+**Default**: false<br>
 **Example**:
 
 ```yaml
 sysdig:
-  restrictPasswordLogin: true
+  secure:
+    scanning:
+      reporting:
+        debug: false
 ```
 
-## **sysdig.rsyslogVersion**
+## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
+**Description**: Reporting GRPC endpoint<br>
 **Options**:<br>
-**Default**: 8.34.0.7<br>
+**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  rsyslogVersion: 8.34.0.7
+  secure:
+    scanning:
+      reporting:
+        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
 ```
 
-## **sysdig.smtpFromAddress**
+## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpFromAddress: from-address@my-company.com
+  secure:
+    scanning:
+      reporting:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.smtpPassword**
+## **sysdig.secure.scanning.reporting.storageDriver**
 **Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Storage kind for generated reports<br>
+**Options**: postgres, fs, s3<br>
+**Default**: postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
+  secure:
+    scanning:
+      reporting:
+        storageDriver: postgres
 ```
 
-## **sysdig.smtpProtocolSSL**
+## **sysdig.secure.scanning.reporting.storageCompression**
 **Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: Compression format for generated reports<br>
+**Options**: zip, gzip, none<br>
+**Default**: zip<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolSSL: true
+  secure:
+    scanning:
+      reporting:
+        storageCompression: zip
 ```
 
-## **sysdig.smtpProtocolTLS**
+## **sysdig.secure.scanning.reporting.storageFsDir**
 **Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The directory where reports will saved (required when using `fs` driver)<br>
+**Options**: <br>
+**Default**: .<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolTLS: true
+  secure:
+    scanning:
+      reporting:
+        storageFsDir: /reports
 ```
 
-## **sysdig.smtpServer**
+## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
 **Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
+**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
 **Options**: <br>
-**Default**:<br>
+**Default**: 1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServer: smtp.gmail.com
+  secure:
+    scanning:
+      reporting:
+        storagePostgresRetentionDays: 1
 ```
 
-## **sysdig.smtpServerPort**
+## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
+**Description**: The sleep interval between two runs of the reporting worker<br>
+**Options**: <br>
+**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServerPort: 587<br>
+  secure:
+    scanning:
+      reporting:
+        workerSleepTime: 120s
 ```
 
-## **sysdig.smtpUser**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  smtpUser: bob+alice@gmail.com<br>
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
-## **sysdig.tolerations**
-**Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
+  resources:
+    policy-advisor:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 5
+  resources:
+    policy-advisor:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.anchoreWorkerReplicaCount**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreWorkerReplicaCount: 5
+  resources:
+    policy-advisor:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.apiReplicaCount**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  apiReplicaCount: 5
+  resources:
+    policy-advisor:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.cassandraReplicaCount**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraReplicaCount: 20
+  resources:
+    netsec-api:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.collectorReplicaCount**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  collectorReplicaCount: 7
+  resources:
+    netsec-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.activityAuditWorkerReplicaCount**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditWorkerReplicaCount: 20
+  resources:
+    netsec-api:
+      requests:
+        cpu: 300m
 ```
 
-## **sysdig.activityAuditApiReplicaCount**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditApiReplicaCount: 20
+  resources:
+    netsec-api:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.policyAdvisorReplicaCount**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  policyAdvisorReplicaCount: 20
+  resources:
+    netsec-ingest:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.netsecApiReplicaCount**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  netsecApiReplicaCount: 1
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 4Gi
 ```
 
-## **sysdig.netsecIngestReplicaCount**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  netsecIngestReplicaCount: 1
+  resources:
+    netsec-ingest:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 2
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.scanningApiReplicaCount**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  scanningApiReplicaCount: 3
+  resources:
+    netsec-janitor:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.elasticsearchReplicaCount**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchReplicaCount: 20
+  resources:
+    netsec-janitor:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.workerReplicaCount**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  workerReplicaCount: 7
+  resources:
+    netsec-janitor:
+      requests:
+        cpu: 1
 ```
 
-## **sysdig.alerterReplicaCount**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  alerterReplicaCount: 7
+  resources:
+    netsec-janitor:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.eventsGathererReplicaCount**
+## **sysdig.resources.nats-streaming.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsGathererReplicaCount: 2
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.eventsAPIReplicaCount**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsAPIReplicaCount: 1
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.eventsDispatcherReplicaCount**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsDispatcherReplicaCount: 1
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.eventsForwarderReplicaCount**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderReplicaCount: 2
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.eventsForwarderAPIReplicaCount**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderAPIReplicaCount: 1
+  resources:
+    activity-audit-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
+## **sysdig.resources.activity-audit-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
+  resources:
+    activity-audit-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.admin.password**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
+  resources:
+    activity-audit-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.api.jvmOptions**
+## **sysdig.resources.activity-audit-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.certificate.generate**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    generate: true
+  resources:
+    activity-audit-worker:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.certificate.crt**
+## **sysdig.resources.activity-audit-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    crt: certs/server.crt
+  resources:
+    activity-audit-worker:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.certificate.key**
+## **sysdig.resources.activity-audit-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    key: certs/server.key
+  resources:
+    activity-audit-worker:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.collector.dnsName**
+## **sysdig.resources.activity-audit-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
+  resources:
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.collector.jvmOptions**
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+  resources:
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
 ```
 
-## **sysdig.collector.certificate.generate**
+## **sysdig.resources.activity-audit-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      generate: true
+  resources:
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
 ```
 
-## **sysdig.collector.certificate.crt**
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
-**Example**:
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
+  resources:
+    activity-audit-janitor:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.collector.certificate.key**
+## **sysdig.resources.activity-audit-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
+  resources:
+    activity-audit-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.profiling-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.profiling-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.secure-overview-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-overview-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.secure-overview-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-overview-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
+```
+
+## **sysdig.resources.secure-prometheus.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-prometheus.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.secure-prometheus.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-prometheus.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.events-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-gatherer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.events-gatherer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.events-gatherer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-gatherer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-dispatcher.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-dispatcher.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        memory:  50Mi
+```
+
+## **sysdig.resources.events-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.events-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+**Required**: `false`<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+**Required**: `false`<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+**Required**: `false`<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+**Required**: `false`<br>
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br>
+```
+
+## **sysdig.smtpUser**
+**Required**: `false`<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br>
+```
+
+## **sysdig.tolerations**
+**Required**: `false`<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 5
+```
+
+## **sysdig.anchoreAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore API replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreAPIReplicaCount: 4
+```
+
+## **sysdig.anchoreCatalogReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCatalogReplicaCount: 4
+```
+
+## **sysdig.anchorePolicyEngineReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchorePolicyEngineReplicaCount: 4
+```
+
+## **sysdig.anchoreWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreWorkerReplicaCount: 5
+```
+
+## **sysdig.apiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  apiReplicaCount: 5
+```
+
+## **sysdig.cassandraReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandraReplicaCount: 20
+```
+
+## **sysdig.collectorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  collectorReplicaCount: 7
+```
+
+## **sysdig.activityAuditWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditWorkerReplicaCount: 20
+```
+
+## **sysdig.activityAuditApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditApiReplicaCount: 20
+```
+
+## **sysdig.policyAdvisorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  policyAdvisorReplicaCount: 20
+```
+
+## **sysdig.scanningAdmissionControllerAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of scanning Admission Controller API replicas, this is
+a noop for clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningAdmissionControllerAPIReplicaCount: 1
+```
+
+## **sysdig.netsecApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecApiReplicaCount: 1
+```
+
+## **sysdig.netsecIngestReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecIngestReplicaCount: 1
+```
+## **sysdig.netsecCommunicationShards**
+**Required**: `false`<br>
+**Description**: Number of Netsec communications index shards.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 9     |
+| large        | 15    |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecCommunicationShards: 5
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 2
+```
+
+## **sysdig.scanningApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Scanning API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningApiReplicaCount: 3
+```
+
+## **sysdig.elasticsearchReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchReplicaCount: 20
+```
+
+## **sysdig.workerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  workerReplicaCount: 7
+```
+
+## **sysdig.alerterReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
+## **sysdig.eventsGathererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsGathererReplicaCount: 2
+```
+
+## **sysdig.eventsAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsAPIReplicaCount: 1
+```
+
+## **sysdig.eventsDispatcherReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsDispatcherReplicaCount: 1
+```
+
+## **sysdig.eventsForwarderReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderReplicaCount: 2
+```
+
+## **sysdig.eventsForwarderAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderAPIReplicaCount: 1
+```
+
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
+```
+
+## **sysdig.admin.password**
+**Required**: `false`<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    password: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.api.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+```
+
+## **sysdig.certificate.generate**
+**Required**: `false`<br>
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    generate: true
+```
+
+## **sysdig.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    crt: certs/server.crt
+```
+
+## **sysdig.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    key: certs/server.key
+```
+
+## **sysdig.collector.dnsName**
+**Required**: `false`<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
+```
+
+## **sysdig.collector.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.collector.certificate.generate**
+**Required**: `false`<br>
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      generate: true
+```
+
+## **sysdig.collector.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
+```
+
+## **sysdig.collector.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
+```
+
+## **sysdig.worker.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  apiKey: replace_with_your_monitor_access_key
+```
+
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    settings:
+      limit: 1500
+```
+
+## **agent.collectorEndpoint**
+**Required**: `false`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
+```
+
+## **agent.collectorPort**
+**Required**: `false`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
+**Example**:
+
+```yaml
+agent:
+  collectorPort: 6443
+```
+
+## **agent.namespace**
+**Required**: `false`<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Options**: <br>
+**Default**: `agent`<br>
+**Example**:
+
+```yaml
+agent:
+  namespace: sysdig-agent
+```
+
+## **agent.useSlim**
+**Required**: `false`<br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  useSlim: true
+```
+
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
+**Example**:
+
+```yaml
+agent:
+  version: 1.10.1
+```
+
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  useSSL: false
+```
+
+## **agent.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  verifySSL: false
+```
+
+## **agent.clusterName**
+**Required**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
+**Example**:
+
+```yaml
+agent:
+  clusterName: false
+```
+
+## **agent.tags**
+**Required**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  tags: environment:production linux:ubuntu
+```
+
+## **agent.capturesEnabled**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  capturesEnabled: false
+```
+
+## **agent.feature_mode**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
+**Example**:
+
+```yaml
+agent:
+  feature_mode: troubleshooting
+```
+
+## **agent.timezone**
+**Required**: `false`<br>
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  timezone: America/New_York.
+```
+
+## **agent.proxy.httpProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
+```
+
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
+```
+
+## **agent.proxy.noProxy**
+**Required**: `false`<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
+```
+
+## **agent.snaplenPortRange.start**
+**Required**: `false`<br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.snaplenPortRange.end**
+**Required**: `false`<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.customKernelModules.enabled**
+**Required**: `false`<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  customKernelModules:
+    enabled: true
+```
+
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    enabled: true
+```
+
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    commandLineCapturesEnabled: true
 ```
 
-## **sysdig.worker.jvmOptions**
+## **agent.secure.memoryDumpEnabled**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  secure:
+    memoryDumpEnabled: true
 ```
 
-## **sysdig.alerter.jvmOptions**
+## **agent.secure.settings.k8sAuditServerURL**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
 ```
 
-## **agent.apiKey**
+## **agent.secure.settings.k8sAuditServerPort**
 **Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
 **Example**:
 
 ```yaml
 agent:
-  apiKey: replace_with_your_monitor_access_key
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
 ```
 
-## **agent.appChecks.settings.limit**
+## **agent.prometheus.enabled**
 **Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    settings:
-      limit: 1500
+  prometheus:
+    enabled: true
 ```
 
-## **agent.collectorEndpoint**
+## **agent.prometheus.settings.interval**
 **Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
 **Example**:
 
 ```yaml
 agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
+  prometheus:
+    settings:
+      interval: 30
 ```
 
-## **agent.collectorPort**
+## **agent.prometheus.settings.logErrors**
 **Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  collectorPort: 6443
+  prometheus:
+    settings:
+      logErrors: true
 ```
 
-## **agent.namespace**
+## **agent.prometheus.settings.maxMetrics**
 **Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
 **Options**: <br>
-**Default**: `agent`<br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  namespace: sysdig-agent
+  prometheus:
+    settings:
+      maxMetrics: 1000
 ```
 
-## **agent.useSlim**
+## **agent.prometheus.settings.maxMetricsPerProcess**
 **Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  useSlim: true
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
 ```
 
-## **agent.version**
+## **agent.prometheus.settings.maxTagsPerMetric**
 **Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
 **Options**: <br>
-**Default**: `latest`<br>
+**Default**: `40`<br>
 **Example**:
 
 ```yaml
 agent:
-  version: 1.10.1
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
 ```
 
-## **agent.useSSL**
+## **agent.prometheus.settings.histograms**
 **Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
 **Options**: `true|false`<br>
 **Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  useSSL: false
+  prometheus:
+    settings:
+      histograms: 3000
 ```
 
-## **agent.verifySSL**
+## **agent.statsd.enabled**
 **Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  verifySSL: false
+  statsd:
+    enabled: true
 ```
 
-## **agent.clusterName**
+## **agent.statsd.settings.limit**
 **Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
 **Options**: <br>
-**Default**: `production`<br>
+**Default**: `100`<br>
 **Example**:
 
 ```yaml
 agent:
-  clusterName: false
+  statsd:
+    settings:
+      limit: 1000
 ```
 
-## **agent.tags**
+## **agent.jmx.enabled**
 **Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  tags: environment:production linux:ubuntu
+  jmx:
+    enabled: true
 ```
 
-## **agent.capturesEnabled**
+## **agent.jmx.settings.limit**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  capturesEnabled: false
+  jmx:
+    settings:
+      limit: 1000
 ```
 
-## **agent.feature_mode**
+## **agent.ebpf.enabled**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  feature_mode: troubleshooting
+  ebpf:
+    enabled: true
 ```
 
-## **agent.timezone**
+## **agent.ebpf.settings.mountEtcVolume**
 **Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  timezone: America/New_York.
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
 ```
 
-## **agent.proxy.httpProxy**
+## **agent.appChecks.elasticsearch.authEnabled**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
+  appChecks:
+    elasticsearch:
+      authEnabled: true
 ```
 
-## **agent.proxy.httpsProxy**
+## **agent.appChecks.elasticsearch.url**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
 ```
 
-## **agent.proxy.noProxy**
+## **agent.appChecks.elasticsearch.port**
 **Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
+  appChecks:
+    elasticsearch:
+      port: 9200
 ```
 
-## **agent.snaplenPortRange.start**
+## **agent.appChecks.elasticsearch.username**
 **Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: <br>
-**Default**: `0`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  appChecks:
+    elasticsearch:
+      username: readonly
 ```
 
-## **agent.snaplenPortRange.end**
+## **agent.appChecks.elasticsearch.password**
 **Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: <br>
-**Default**: `0`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **agent.customKernelModules.enabled**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  customKernelModules:
-    enabled: true
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **agent.secure.enabled**
-**Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    enabled: true
+  appChecks:
+    kafka:
+      enabled: true
 ```
 
-## **agent.secure.commandLineCapturesEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    commandLineCapturesEnabled: true
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **agent.secure.memoryDumpEnabled**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  secure:
-    memoryDumpEnabled: true
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **agent.secure.settings.k8sAuditServerURL**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **agent.secure.settings.k8sAuditServerPort**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **agent.prometheus.enabled**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    enabled: true
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **agent.prometheus.settings.interval**
-**Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      interval: 30
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **agent.prometheus.settings.logErrors**
-**Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      logErrors: true
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **agent.prometheus.settings.maxMetrics**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Whether to enable mysql app check.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **agent.prometheus.settings.maxMetricsPerProcess**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **agent.prometheus.settings.maxTagsPerMetric**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **agent.prometheus.settings.histograms**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      histograms: 3000
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **agent.statsd.enabled**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
+
 **Example**:
 
 ```yaml
 agent:
-  statsd:
-    enabled: true
+  resources:
+    limits:
+      cpu: 2
 ```
 
-## **agent.statsd.settings.limit**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
+**Description**:  The amount of memory assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
+
 **Example**:
 
 ```yaml
 agent:
-  statsd:
-    settings:
-      limit: 1000
+  resources:
+    limits:
+      memory: 2
 ```
 
-## **agent.jmx.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+## **agent.resources.requests.cpu**
+**Required**: `false`<br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
+
 **Example**:
 
 ```yaml
 agent:
-  jmx:
-    enabled: true
+  resources:
+    requests:
+      cpu: 2
 ```
 
-## **agent.jmx.settings.limit**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
+
 **Example**:
 
 ```yaml
 agent:
-  jmx:
-    settings:
-      limit: 1000
+  resources:
+    requests:
+      memory: 2
 ```
 
-## **agent.ebpf.enabled**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
+
 **Example**:
 
 ```yaml
 agent:
-  ebpf:
-    enabled: true
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **agent.ebpf.settings.mountEtcVolume**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
+
 **Example**:
 
 ```yaml
 agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **agent.appChecks.elasticsearch.authEnabled**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Options**:<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **agent.appChecks.elasticsearch.url**
+## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
 **Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Max duration after the last ping from an AC before it is considered
+disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
+**Options**:<br>
+**Default**: 10m<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        maxDurationBeforeDisconnection: 20m
 ```
 
-## **agent.appChecks.elasticsearch.port**
+## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
 **Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: TTL of the cache for the cluster configuration. It should be
+used by the AC as polling interval to retrieve the updated cluster configuration
+from the API. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        confTTLDuration: 10m
 ```
 
-## **agent.appChecks.elasticsearch.username**
+## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
 **Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: TTL of an AC ping. It should be used by the AC as polling
+interval to perform a HEAD on the ping endpoint to notify it's still alive and
+connected. It cannot be greater than 30m and it cannot be greater than
+maxDurationBeforeDisconnection<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        pingTTLDuration: 8m
 ```
 
-## **agent.appChecks.elasticsearch.password**
+## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Max duration of the cluster configuration cache. The API returns
+this value as max-age in seconds and the FE uses it for caching the cluster
+configuration. FE also asks for a new cluster configuration using this value
+as time interval. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        clusterConfCacheMaxDuration: 9m
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Options**:<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.scanning.veJanitor.cronjob**
+**Required**: `false`<br>
+**Description**: Cronjob schedule<br>
+**Options**:<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enabled: true
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+**Required**: `false`<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **agent.appChecks.kafka.url**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```
 
-## **agent.appChecks.kafka.port**
+
+## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: This creates a deployment for Metadata-Service
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      port: 9200
+sysdig:
+  metadataService:
+    enabled: true
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **sysdig.resources.metadataService.limits.cpu**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The amount of cpu assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
 ```
 
-## **agent.appChecks.kafka.zk.port**
-**Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+## **sysdig.resources.metadataService.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+## **sysdig.resources.metadataService.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      enabled: true
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+sysdig:
+  metadataServiceReplicaCount: 4
 ```
 
-## **agent.appChecks.mysql.user**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+sysdig:
+  metadataServiceVersion: 1.0.1.12
 ```
 
-## **agent.appChecks.mysql.password**
+## **sysdig.secure.activityAudit.janitor.retentionDays**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Retention period for Activity Audit data.<br>
+**Options**:<br>
+**Default**: 90<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+sysdig:
+  secure:
+    activityAudit:
+      janitor:
+        retentionDays: 90
 ```
 
-## **agent.resources.limits.cpu**
+## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
+**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      cpu: 2
+    rapid-response-connector:
+      limits:
+        cpu: 1
 ```
 
-## **agent.resources.limits.memory**
+## **sysdig.resources.rapid-response-connector.limits.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
+**Description**: The amount of memory assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      memory: 2
+    rapid-response-connector:
+      limits:
+        memory: 500Mi
 ```
 
-## **agent.resources.requests.cpu**
+## **sysdig.resources.rapid-response-connector.requests.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      cpu: 2
+    rapid-response-connector:
+      requests:
+        cpu: 250m
 ```
 
-## **agent.resources.requests.memory**
+## **sysdig.resources.rapid-response-connector.requests.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
+**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      memory: 2
+    rapid-response-connector:
+      requests:
+        memory: 50Mi
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **sysdig.rapidResponseConnectorReplicaCount**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Description**: Number of Sysdig rapid-response-connector replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+sysdig:
+  rapidResponseConnectorReplicaCount: 1
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **sysdig.secure.rapidResponse.enabled**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Description**: Whether to deploy rapid response or not.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Default**: false<br>
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+sysdig:
+  secure:
+    rapidResponse:
+      enabled: false
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **sysdig.secure.rapidResponse.validationCodeLength**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Description**: Length of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: ""<br>
+**Default**: 6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+  secure:
+    rapidResponse:
+      validationCodeLength: 8
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: "5"<br>
+**Default**: 180<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+  secure:
+    rapidResponse:
+      validationCodeSecondsDuration: 8
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
+**Description**: Global duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Default**: 7200<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+    rapidResponse:
+      sessionTotalSecondsTTL: 7200
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+
+## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Description**: Idle duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "disable"<br>
+**Default**: 300<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+    rapidResponse:
+      sessionIdleSecondsTTL: 300
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+
+## **sysdig.secure.scanning.feedsEnabled**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
-**Example**:
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
+**Example**:
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+    scanning:
+      feedsEnabled: true
+```
+
+## **sysdig.feedsAPIVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds API version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsAPIVersion: 0.5.0
+```
+
+## **sysdig.feedsDBVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds database version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsDBVersion: 0.5.0-2020-03-11
 ```

From 5956d0775a15a0cce8c01f93db3f3b5000c88ec5 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 5 Apr 2021 17:05:39 +0000
Subject: [PATCH 077/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 24 +++++++++++-----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 91f846cb..39fab975 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -720,7 +720,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 4.0.0.9075
+  activityAuditVersion: 4.0.0.9120
 ```
 
 ## **sysdig.profilingVersion**
@@ -732,7 +732,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 4.0.0.9075
+  profilingVersion: 4.0.0.9120
 ```
 
 ## **sysdig.anchoreVersion**
@@ -1233,12 +1233,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.0.9075<br>
+**Default**: 4.0.0.9120<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 4.0.0.9075
+  monitorVersion: 4.0.0.9120
 ```
 
 ## **sysdig.scanningVersion**
@@ -1248,12 +1248,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.0.9075<br>
+**Default**: 4.0.0.9120<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 4.0.0.9075
+  scanningVersion: 4.0.0.9120
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1263,12 +1263,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.0.9075<br>
+**Default**: 4.0.0.9120<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 4.0.0.9075
+  sysdigAPIVersion: 4.0.0.9120
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1278,12 +1278,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.0.9075<br>
+**Default**: 4.0.0.9120<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 4.0.0.9075
+  sysdigCollectorVersion: 4.0.0.9120
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1293,12 +1293,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.0.9075<br>
+**Default**: 4.0.0.9120<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 4.0.0.9075
+  sysdigWorkerVersion: 4.0.0.9120
 ```
 
 ## **sysdig.enableAlerter**

From 11154be68ebe035af4b77d3ac180db57d7fb2386 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 27 Apr 2021 16:20:47 +0000
Subject: [PATCH 078/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 92 +++++++++++++++++++++-
 1 file changed, 91 insertions(+), 1 deletion(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 39fab975..d5260dfd 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -744,7 +744,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.18
+  anchoreVersion: 0.8.1.21
 ```
 
 ## **sysdig.accessKey**
@@ -5517,6 +5517,96 @@ sysdig:
         storagePostgresRetentionDays: 1
 ```
 
+## **sysdig.secure.scanning.reporting.storageS3Bucket**
+**Required**: `false`<br>
+**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3Bucket: secure-scanning-reporting
+```
+
+## **sysdig.secure.scanning.reporting.storageS3Prefix**
+**Required**: `false`<br>
+**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3Prefix: reports
+```
+
+## **sysdig.secure.scanning.reporting.storageS3Endpoint**
+**Required**: `false`<br>
+**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3Endpoint: s3.example.com
+```
+
+## **sysdig.secure.scanning.reporting.storageS3Region**
+**Required**: `false`<br>
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3Region: us-east-1
+```
+
+## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
+**Required**: `false`<br>
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
+```
+
+## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
+**Required**: `false`<br>
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+```
+
 ## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
 **Description**: The sleep interval between two runs of the reporting worker<br>

From 47bca9748a73cbce0788691d78b644316ee22980 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Sat, 22 May 2021 00:58:23 +0000
Subject: [PATCH 079/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 78 +++++++++++-----------
 1 file changed, 38 insertions(+), 40 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index d5260dfd..8eb142ac 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -711,30 +711,6 @@ pvStorageSize:
     nats: 10Gi
 ```
 
-## **sysdig.activityAuditVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Activity Audit services.<br>
-**Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditVersion: 4.0.0.9120
-```
-
-## **sysdig.profilingVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Profiling services.<br>
-**Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
-**Example**:
-
-```yaml
-sysdig:
-  profilingVersion: 4.0.0.9120
-```
-
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
@@ -1233,27 +1209,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.0.9120<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 4.0.0.9120
+  monitorVersion: 3.5.1.7018
 ```
 
-## **sysdig.scanningVersion**
+## **sysdig.secureVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Scanning components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Secure, if this is not 
+configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.0.9120<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 4.0.0.9120
+  secureVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1263,12 +1239,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.0.9120<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 4.0.0.9120
+  sysdigAPIVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1278,12 +1254,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.0.9120<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 4.0.0.9120
+  sysdigCollectorVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1293,12 +1269,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.0.9120<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 4.0.0.9120
+  sysdigWorkerVersion: 3.5.1.7018
 ```
 
 ## **sysdig.enableAlerter**
@@ -1880,7 +1856,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
@@ -1888,7 +1864,6 @@ sysdig:
   postgresql:
     external: true
   postgresDatabases:
-    useNonAdminUsers: true
     policies:
       host: my-policies-db-external.com
       port: 5432
@@ -2017,7 +1992,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
 **Example**:
 
 ```yaml
@@ -2038,6 +2013,29 @@ sysdig:
       adminpassword: my_root_user_password
 ```
 
+## **sysdig.postgresDatabases.promBeacon**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    promBeacon:
+      host: my-prom-beacon-db-external.com
+      port: 5432
+      db: prom_beacon_db
+      username: prom_beacon_user
+      password: my_prom_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
 ## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
 **Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>

From cb1c47024928d37aebb3482ba8e82ac851635898 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 24 Jun 2021 09:29:31 +0000
Subject: [PATCH 080/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 92 +++++++++++++---------
 1 file changed, 53 insertions(+), 39 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 8eb142ac..75cf3bdf 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -711,6 +711,30 @@ pvStorageSize:
     nats: 10Gi
 ```
 
+## **sysdig.activityAuditVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Activity Audit services.<br>
+**Options**:<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditVersion: 4.0.2.9723
+```
+
+## **sysdig.profilingVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Profiling services.<br>
+**Options**:<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Example**:
+
+```yaml
+sysdig:
+  profilingVersion: 4.0.2.9723
+```
+
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
@@ -720,7 +744,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.21
+  anchoreVersion: 0.8.1.25
 ```
 
 ## **sysdig.accessKey**
@@ -1209,27 +1233,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 4.0.2.9723<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.5.1.7018
+  monitorVersion: 4.0.2.9723
 ```
 
-## **sysdig.secureVersion**
+## **sysdig.scanningVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Secure, if this is not 
-configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Scanning components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 4.0.2.9723<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 3.5.1.7018
+  scanningVersion: 4.0.2.9723
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1239,12 +1263,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 4.0.2.9723<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.5.1.7018
+  sysdigAPIVersion: 4.0.2.9723
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1254,12 +1278,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 4.0.2.9723<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.5.1.7018
+  sysdigCollectorVersion: 4.0.2.9723
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1269,12 +1293,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 4.0.2.9723<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.5.1.7018
+  sysdigWorkerVersion: 4.0.2.9723
 ```
 
 ## **sysdig.enableAlerter**
@@ -1856,7 +1880,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
@@ -1864,6 +1888,7 @@ sysdig:
   postgresql:
     external: true
   postgresDatabases:
+    useNonAdminUsers: true
     policies:
       host: my-policies-db-external.com
       port: 5432
@@ -1992,7 +2017,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
@@ -2013,29 +2038,6 @@ sysdig:
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.promBeacon**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    promBeacon:
-      host: my-prom-beacon-db-external.com
-      port: 5432
-      db: prom_beacon_db
-      username: prom_beacon_user
-      password: my_prom_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
 ## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
 **Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
@@ -9031,6 +9033,18 @@ sysdig:
   scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
+## **sysdig.scanningAlertMgrForceAutoScan**
+**Required**: `false`<br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Options**:<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  scanningAlertMgrForceAutoScan: false
+```
+
 ## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
 **Description**: Cronjob schedule<br>

From 89907070b2f2049e0013326857e1e0a009b64815 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 17 Aug 2021 00:18:13 +0000
Subject: [PATCH 081/156] updating installer docs

---
 installer/single-node/install.sh | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index 669b8419..a9a1500b 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -47,12 +47,8 @@ elasticsearch:
 hostPathCustomPaths:
   cassandra: /var/lib/cassandra
   elasticsearch: /var/lib/elasticsearch
-  mysql: /var/lib/mysql
   postgresql: /var/lib/postgresql/data/pgdata
 sysdig:
-  mysql:
-    hostPathNodes:
-      - minikube
   postgresql:
     hostPathNodes:
       - minikube

From 17dc6d01f09637eea7e4bdbbb0a957e6dcab1931 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 27 Aug 2021 12:38:25 +0000
Subject: [PATCH 082/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 28 +++++++++++-----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 75cf3bdf..76525b47 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -720,7 +720,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 4.0.2.9723
+  activityAuditVersion: 4.0.3.10243
 ```
 
 ## **sysdig.profilingVersion**
@@ -732,19 +732,19 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 4.0.2.9723
+  profilingVersion: 4.0.3.10243
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.6.1.2<br>
+**Default**: 0.8.1.30<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.25
+  anchoreVersion: 0.8.1.30
 ```
 
 ## **sysdig.accessKey**
@@ -1233,12 +1233,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.2.9723<br>
+**Default**: 4.0.3.10243<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 4.0.2.9723
+  monitorVersion: 4.0.3.10243
 ```
 
 ## **sysdig.scanningVersion**
@@ -1248,12 +1248,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.2.9723<br>
+**Default**: 4.0.3.10243<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 4.0.2.9723
+  scanningVersion: 4.0.3.10243
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1263,12 +1263,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.2.9723<br>
+**Default**: 4.0.3.10243<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 4.0.2.9723
+  sysdigAPIVersion: 4.0.3.10243
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1278,12 +1278,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.2.9723<br>
+**Default**: 4.0.3.10243<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 4.0.2.9723
+  sysdigCollectorVersion: 4.0.3.10243
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1293,12 +1293,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.2.9723<br>
+**Default**: 4.0.3.10243<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 4.0.2.9723
+  sysdigWorkerVersion: 4.0.3.10243
 ```
 
 ## **sysdig.enableAlerter**

From 9f618661134328ec017b1dea0ed3f8d9cf0eee10 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 27 Aug 2021 14:58:34 +0000
Subject: [PATCH 083/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 746 +++++++++++++++++++--
 1 file changed, 685 insertions(+), 61 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 76525b47..d5baefa3 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -72,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
-and [full airgap instructions](../usage.md#full-airgap-installation) for more
+multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
+and [full airgap instructions](../README.md#full-airgap-install) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -124,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift`<br>
+**Options**: `iks|kubernetes|openshift|goldman`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -321,6 +321,33 @@ elasticsearch:
   useES6: true
 ```
 
+## **elasticsearch.enableMetrics**
+**Required**: `false`<br>
+**Description**:
+Allow Elasticsearch to export prometheus metrics.
+
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  enableMetrics: true
+```
+
+## **sysdig.elasticsearchExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
+`elasticsearch.enableMetrics` is `true`.<br>
+**Options**:<br>
+**Default**: v1.2.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchExporterVersion: v1.2.0
+```
+
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -711,40 +738,16 @@ pvStorageSize:
     nats: 10Gi
 ```
 
-## **sysdig.activityAuditVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Activity Audit services.<br>
-**Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditVersion: 4.0.3.10243
-```
-
-## **sysdig.profilingVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Profiling services.<br>
-**Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
-**Example**:
-
-```yaml
-sysdig:
-  profilingVersion: 4.0.3.10243
-```
-
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.30<br>
+**Default**: 0.8.1.32<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.30
+  anchoreVersion: 0.8.1.32
 ```
 
 ## **sysdig.accessKey**
@@ -827,23 +830,49 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
+## **sysdig.s3.capturesFolder**
+**Required**: `false`<br>
+**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    capturesFolder: my_captures_folder
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
 **Options**: <br>
-**Default**: 2.1.21.13<br>
+**Default**: 2.1.22.4<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.16
+  cassandraVersion: 2.1.22.4
+```
+
+## **sysdig.cassandraExporterVersion**
+**Required**: `false`<br>
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
+**Options**: <br>
+**Default**: latest<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraExporterVersion: latest
 ```
 
 ## **sysdig.cassandra.useCassandra3**
 **Required**: `false`<br>
 **Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -856,12 +885,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
 **Options**: <br>
-**Default**: `3.11.7.0`<br>
+**Default**: `3.11.11.1`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.7.0
+  cassandra3Version: 3.11.11.1
 ```
 
 ## **sysdig.cassandra.external**
@@ -920,6 +949,19 @@ sysdig:
    ssl: true
 ```
 
+## **sysdig.cassandra.enableMetrics**
+**Required**: `false`<br>
+**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   enableMetrics: true
+```
+
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1116,12 +1158,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.6<br>
+**Default**: 6.8.6.12<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.6
+  elasticsearch6Version: 6.8.6.12
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1233,27 +1275,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.3.10243<br>
+**Default**: 5.0.0.10244<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 4.0.3.10243
+  monitorVersion: 5.0.0.10244
 ```
 
-## **sysdig.scanningVersion**
+## **sysdig.secureVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Scanning components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Secure, if this is not 
+configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.3.10243<br>
+**Default**: 5.0.0.10244<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 4.0.3.10243
+  secureVersion: 5.0.0.10244
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1263,12 +1305,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.3.10243<br>
+**Default**: 5.0.0.10244<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 4.0.3.10243
+  sysdigAPIVersion: 5.0.0.10244
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1278,12 +1320,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.3.10243<br>
+**Default**: 5.0.0.10244<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 4.0.3.10243
+  sysdigCollectorVersion: 5.0.0.10244
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1293,12 +1335,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.3.10243<br>
+**Default**: 5.0.0.10244<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 4.0.3.10243
+  sysdigWorkerVersion: 5.0.0.10244
 ```
 
 ## **sysdig.enableAlerter**
@@ -1554,24 +1596,36 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.6.0.1<br>
+**Default**: 0.7.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.6.0.1
+  natsExporterVersion: 0.7.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.16.2.1<br>
+**Default**: 0.22.0.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.16.2.1
+  natsStreamingVersion: 0.22.0.2
+```
+
+## **sysdig.natsStreamingInitVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming init.<br>
+**Options**:<br>
+**Default**: 0.22.0.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingInitVersion: 0.22.0.2
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1701,7 +1755,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure`.<br>
+is `monitor secure` and when `postgres.HA.enabled` is false.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1813,6 +1867,250 @@ sysdig:
       - my-cool-host1.com
 ```
 
+## **sysdig.postgresql.pgParameters**
+**Required**: `false`<br>
+**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Options**:<br>
+**Default**: ``<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:      
+    pgParameters:
+      max_connections: '1024'
+      shared_buffers: '110MB'
+```
+
+
+## **sysdig.postgresql.ha.enabled**
+**Required**: `false`<br>
+**Description**: true if you want to deploy postgreSQL in HA mode.
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      enabled: true
+```
+
+## **sysdig.postgresql.ha.spiloVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the postgreSQL node in HA mode.
+**Options**:<br>
+**Default**: `2.0-p7`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      spiloVersion: 2.0-p7
+```
+
+## **sysdig.postgresql.ha.operatorVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
+**Options**:<br>
+**Default**: `v1.6.3`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      operatorVersion: v1.6.3
+```
+
+## **sysdig.postgresql.ha.exporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      exporterVersion: v0.3
+```
+
+## **sysdig.postgresql.ha.clusterDomain**
+**Required**: `false`<br>
+**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
+**Options**:<br>
+**Default**: `cluster.local`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      clusterDomain: cluster.local
+```
+
+## **sysdig.postgresql.ha.replicas**
+**Required**: `false`<br>
+**Description**: number of replicas for postgreSQL nodes in HA mode.
+**Options**:<br>
+**Default**: `3`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      replicas: 3
+```
+
+
+## **sysdig.postgresql.ha.enableExporter**
+**Required**: `false`<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `true`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      enableExporter: true
+```
+
+## **sysdig.postgresql.ha.migrate.retryCount**
+**Required**: `false`<br>
+**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Options**: `true|false`<br>
+**Default**: `3600`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retryCount: 3600
+```
+
+## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
+**Required**: `false`<br>
+**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
+**Options**:<br>
+**Default**: `10`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retrySleepSeconds: 10
+```
+
+## **sysdig.postgresql.ha.migrate.retainBackup**
+**Required**: `false`<br>
+**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retainBackup: true
+```
+
+## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the migration job from postgres single node to HA mode.
+**Options**:<br>
+**Default**: `postgres-to-postgres-ha-0.0.4`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        migrationJobImageVersion: v0.1
+```
+
+## **sysdig.postgresql.ha.customTls.enabled**
+**Required**: `false`<br>
+**Description**: If set to true will pass to the target pg crd the option to add
+custom certificates and CA
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+```
+
+## **sysdig.postgresql.ha.customTls.crtSecretName**
+**Required**: `false`<br>
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container certificate and key that will be used in postgres HA for ssl
+NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+```
+
+## **sysdig.postgresql.ha.customTls.caSecretName**
+**Required**: `false`<br>
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container the CA certificate that will be used in postgres HA for ssl
+NOTE: the CA certificate file must be called `ca.crt`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+       caSecretName: sysdigcloud-postgres-tls-ca
+
+```
+
 ## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
 **Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
@@ -1880,7 +2178,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
@@ -1888,7 +2186,6 @@ sysdig:
   postgresql:
     external: true
   postgresDatabases:
-    useNonAdminUsers: true
     policies:
       host: my-policies-db-external.com
       port: 5432
@@ -2017,7 +2314,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
 **Example**:
 
 ```yaml
@@ -2029,9 +2326,32 @@ sysdig:
     beacon:
       host: my-beacon-db-external.com
       port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.promBeacon**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    promBeacon:
+      host: my-prom-beacon-db-external.com
+      port: 5432
+      db: prom_beacon_db
+      username: prom_beacon_user
+      password: my_prom_beacon_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
@@ -8011,6 +8331,18 @@ sysdig:
     certificate:
       key: certs/collector.key
 ```
+## **sysdig.worker.enabled**
+**Required**: `false`<br>
+**Description**: Enables Sysdig Worker component<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    enabled: true
+```
 
 ## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
@@ -9090,7 +9422,7 @@ sysdig:
 
 ## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: This creates a deployment for Metadata-Service
+**Description**: Whether to enable metadata-service or not
 **Do not modify this unless you
 know what you are doing as modifying it could have unintended
 consequences**<br>
@@ -9225,6 +9557,157 @@ sysdig:
   metadataServiceVersion: 1.0.1.12
 ```
 
+## **sysdig.helmRenderer.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  helmRenderer:
+    enabled: true
+```
+
+## **sysdig.resources.helmRenderer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.helmRenderer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.helmRenderer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.helmRenderer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.helmRendererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
+**Example**:
+
+```yaml
+sysdig:
+  helmRendererReplicaCount: 4
+```
+
+## **sysdig.helmRendererVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 0.1.32<br>
+**Example**:
+
+```yaml
+sysdig:
+  helmRendererVersion: 0.1.32
+```
+
+## **sysdig.secure.activityAudit.enabled**
+**Required**: `false`<br>
+**Description**: Enable activity audit for Sysdig secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    activityAudit:
+      enabled: true
+```
+
 ## **sysdig.secure.activityAudit.janitor.retentionDays**
 **Required**: `false`<br>
 **Description**: Retention period for Activity Audit data.<br>
@@ -9240,6 +9723,147 @@ sysdig:
         retentionDays: 90
 ```
 
+## **sysdig.secure.anchore.enabled**
+**Required**: `false`<br>
+**Description**: Enable anchore for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    anchore:
+      enabled: true
+```
+
+## **sysdig.secure.compliance.enabled**
+**Required**: `false`<br>
+**Description**: Enable compliance for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    compliance:
+      enabled: true
+```
+
+## **sysdig.secure.netsec.enabled**
+**Required**: `false`<br>
+**Description**: Enable netsec for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    netsec:
+      enabled: true
+```
+
+## **sysdig.secure.overview.enabled**
+**Required**: `false`<br>
+**Description**: Enable overview for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    overview:
+      enabled: true
+```
+
+## **sysdig.secure.padvisor.enabled**
+**Required**: `false`<br>
+**Description**: Enable policy advisor for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    padvisor:
+      enabled: true
+```
+
+## **sysdig.secure.profiling.enabled**
+**Required**: `false`<br>
+**Description**: Enable profiling for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    profiling:
+      enabled: true
+```
+
+## **sysdig.secure.scanning.reporting.enabled**
+**Required**: `false`<br>
+**Description**: Enable reporting for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        enabled: true
+```
+
+## **sysdig.secure.scanning.enabled**
+**Required**: `false`<br>
+**Description**: Enable scanning for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      enabled: true
+```
+
+## **sysdig.secure.events.enabled**
+**Required**: `false`<br>
+**Description**: Enable events for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      enabled: true
+```
+
+## **sysdig.secure.eventsForwarder.enabled**
+**Required**: `false`<br>
+**Description**: Enable events forwarder for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      enabled: true
+```
+
 ## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to rapid-response-connector pods<br>

From 73c5bfbd0a11942621d949325c2af93eb3a008f4 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 8 Sep 2021 19:47:10 +0000
Subject: [PATCH 084/156] updating installer docs

---
 installer/single-node/README.md  | 10 +++-
 installer/single-node/install.sh | 93 +++++++++++++++++++++++++++-----
 2 files changed, 90 insertions(+), 13 deletions(-)

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index da27a6f9..83833d64 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -58,7 +58,6 @@ Tested on:
 Should work fine on:
 - amazon linux
 - centos 7
-- centos 8
 - debian buster
 - debian stretch
 - ubuntu xenial
@@ -139,3 +138,12 @@ Enable verbose logging and stdout.
 ```bash
 ovftool --X:logToConsole --X:logLevel=verbose -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
 ```
+
+## Base AMI for VMDK
+
+- this is the AMI used as base to produce the VMDK
+
+
+|       AMI Name         |          id           |
+| ---------------------- | --------------------- |
+| CentOS 7.8.2003 x86_64 | ami-06cf02a98a61f9f5e |
diff --git a/installer/single-node/install.sh b/installer/single-node/install.sh
index a9a1500b..d82429da 100755
--- a/installer/single-node/install.sh
+++ b/installer/single-node/install.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-set -euo pipefail
+set -euox pipefail
 
 # globals
 MINIMUM_CPUS=16
@@ -32,6 +32,8 @@ DNSNAME="PLACEHOLDER"
 AIRGAP_BUILD="false"
 AIRGAP_INSTALL="false"
 RUN_INSTALLER="false"
+IP_ADDRESS="PLACEHOLDER"
+GATEWAY="PLACEHOLDER"
 DELETE_SYSDIG="false"
 INSTALLER_BINARY="installer"
 
@@ -134,6 +136,18 @@ sysdig:
         cpu: 500m
         memory: 500Mi
 EOM
+
+#append airgap config to values.yaml - sets up feeds db & slim agent
+if [[ "$AIRGAP_INSTALL" == "true" ]]; then
+  cat << EOM >> values.yaml
+  secure:
+    scanning:
+      feedsEnabled: true
+agent:
+  useSlim: true
+EOM
+fi
+
 }
 
 function checkCPU() {
@@ -185,6 +199,16 @@ function askQuestions() {
     printf "\n"
     read -rp $'Provide domain name, this domain name should resolve to this node on port 443 and 6443: \n' DNSNAME
     printf "\n"
+    if [[ "${AIRGAP_INSTALL}" == "true" ]]; then
+      if systemctl is-active --quiet sysdig-networking; then
+        echo "skipping static ip section. sysdig-networking service is active"
+      else
+        read -rp $'Provide provide a static ip with mask (eg. 192.168.100.10/24)  for this instance: \n' IP_ADDRESS
+        printf "\n"
+        read -rp $'Provide gateway address (eg. 192.168.100.254): \n' GATEWAY
+        printf "\n"
+      fi
+    fi
   else
     local -r quayPullSecret="${QUAYPULLSECRET}"
     if [[ "$quayPullSecret" == "PLACEHOLDER" ]]; then
@@ -228,23 +252,18 @@ function installDebianDeps() {
 }
 
 function installCentOSDeps() {
-  local -r version=$1
   yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
   yum -y update
   yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-  if [[ $version == 8 ]]; then
-    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
-  else
-    yum install -y yum-utils device-mapper-persistent-data lvm2 curl
-  fi
+  yum install -y yum-utils device-mapper-persistent-data lvm2 curl
   # Copied from https://github.com/kubernetes/kops/blob/b92babeda277df27b05236d852b5c0dc0803ce5d/nodeup/pkg/model/docker.go#L758-L764
   yum install -y http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm
   yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm
-  yum install -y "kernel-devel-$(uname -r)"
+  yum install -y kernel-devel kernel-headers
+
 }
 
 function installRhelOSDeps() {
-  local -r version=$1
   yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
   yum -y update
   yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
@@ -381,6 +400,46 @@ EOF
   systemctl start docker0-promisc
 }
 
+function writeStaticIpScript(){
+  local -r interface=$1
+  cat << EOF > /usr/bin/setup-sysdig-networking.sh
+#!/bin/bash
+
+/sbin/ip link set ${interface} up
+/sbin/ip address add ${IP_ADDRESS} dev ${interface}
+/sbin/route add default gw ${GATEWAY}  ${interface}
+EOF
+  chmod 755 /usr/bin/setup-sysdig-networking.sh
+}
+
+function setupSystemdUnit(){
+  local -r interface=$1
+  cat << EOF > /usr/lib/systemd/system/sysdig-networking.service
+[Unit]
+Description=Setup sysdig networking
+After=network.service
+Wants=network.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/setup-sysdig-networking.sh
+ExecStop=/sbin/ip link set ${interface} down
+RemainAfterExit=true
+StandardOutput=journal
+
+[Install]
+WantedBy=multi-user.target
+EOF
+  systemctl enable sysdig-networking
+  systemctl start  sysdig-networking
+}
+
+function setupStaticIp(){
+  local -r interface=$(grep -v -E "veth|lo|docker0" /proc/net/dev | tail -n+3 | cut -d ":" -f1)
+  writeStaticIpScript "${interface}"
+  setupSystemdUnit "${interface}"
+}
+
 function startMinikube() {
   export MINIKUBE_HOME="/root"
   export KUBECONFIG="/root/.kube/config"
@@ -393,9 +452,9 @@ function startMinikube() {
 function fixIptables() {
   echo "Fixing iptables ..."
   ### Install iptables rules because minikube locks out external access
-  iptables -I INPUT -t filter -p tcp --dport 443 -j ACCEPT
-  iptables -I INPUT -t filter -p tcp --dport 6443 -j ACCEPT
-  iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+  iptables -I INPUT -t filter -p tcp --dport 443 -j ACCEPT -w 60
+  iptables -I INPUT -t filter -p tcp --dport 6443 -j ACCEPT -w 60
+  iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -w 60
 }
 
 function pullImagesSysdigImages() {
@@ -428,6 +487,8 @@ function runInstaller() {
   if [[ "${AIRGAP_BUILD}" == "true" ]]; then
     dockerLogin
     pullImagesSysdigImages
+    yum install -y python-pip
+    pip install yq
   else
     writeValuesYaml
     ${INSTALLER_BINARY} deploy
@@ -460,6 +521,14 @@ function __main() {
     installDeps
     setDocker0Promisc
   fi
+  #use user provided answers to setup static ip
+  if [[ "${AIRGAP_INSTALL}" == "true" ]]; then
+    if systemctl is-active --quiet sysdig-networking; then
+      echo "sysdig-networking is active skipping setupStaticIp"
+    else
+      setupStaticIp
+    fi
+  fi
   #minikube needs to run to set the correct context & ip during airgap run
   startMinikube
   if [[ "${AIRGAP_INSTALL}" != "true" ]]; then

From 752eab0d8363602828ee8eeb29aaabc7935bb5ef Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 28 Sep 2021 20:44:06 +0000
Subject: [PATCH 085/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 746 ++-------------------
 1 file changed, 61 insertions(+), 685 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index d5baefa3..ef64756b 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -72,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
-and [full airgap instructions](../README.md#full-airgap-install) for more
+multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
+and [full airgap instructions](../usage.md#full-airgap-installation) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -124,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift|goldman`<br>
+**Options**: `iks|kubernetes|openshift`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -321,33 +321,6 @@ elasticsearch:
   useES6: true
 ```
 
-## **elasticsearch.enableMetrics**
-**Required**: `false`<br>
-**Description**:
-Allow Elasticsearch to export prometheus metrics.
-
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-elasticsearch:
-  enableMetrics: true
-```
-
-## **sysdig.elasticsearchExporterVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
-`elasticsearch.enableMetrics` is `true`.<br>
-**Options**:<br>
-**Default**: v1.2.0<br>
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchExporterVersion: v1.2.0
-```
-
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -738,16 +711,40 @@ pvStorageSize:
     nats: 10Gi
 ```
 
+## **sysdig.activityAuditVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Activity Audit services.<br>
+**Options**:<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditVersion: 4.0.3.10243
+```
+
+## **sysdig.profilingVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Profiling services.<br>
+**Options**:<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Example**:
+
+```yaml
+sysdig:
+  profilingVersion: 4.0.3.10243
+```
+
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.32<br>
+**Default**: 0.8.1.30<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.32
+  anchoreVersion: 0.8.1.30
 ```
 
 ## **sysdig.accessKey**
@@ -830,49 +827,23 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
-## **sysdig.s3.capturesFolder**
-**Required**: `false`<br>
-**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    capturesFolder: my_captures_folder
-```
-
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
 **Options**: <br>
-**Default**: 2.1.22.4<br>
+**Default**: 2.1.21.13<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.22.4
-```
-
-## **sysdig.cassandraExporterVersion**
-**Required**: `false`<br>
-**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
-**Options**: <br>
-**Default**: latest<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraExporterVersion: latest
+  cassandraVersion: 2.1.21.16
 ```
 
 ## **sysdig.cassandra.useCassandra3**
 **Required**: `false`<br>
 **Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -885,12 +856,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
 **Options**: <br>
-**Default**: `3.11.11.1`<br>
+**Default**: `3.11.7.0`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.11.1
+  cassandra3Version: 3.11.7.0
 ```
 
 ## **sysdig.cassandra.external**
@@ -949,19 +920,6 @@ sysdig:
    ssl: true
 ```
 
-## **sysdig.cassandra.enableMetrics**
-**Required**: `false`<br>
-**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
- cassandra:
-   enableMetrics: true
-```
-
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1158,12 +1116,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.12<br>
+**Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.12
+  elasticsearch6Version: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1275,27 +1233,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.0.10244<br>
+**Default**: 4.0.4.10358<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.0.10244
+  monitorVersion: 4.0.3.10243
 ```
 
-## **sysdig.secureVersion**
+## **sysdig.scanningVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Secure, if this is not 
-configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Scanning components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.0.10244<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.0.10244
+  scanningVersion: 4.0.3.10243
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1305,12 +1263,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.0.10244<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.0.10244
+  sysdigAPIVersion: 4.0.3.10243
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1320,12 +1278,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.0.10244<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.0.10244
+  sysdigCollectorVersion: 4.0.3.10243
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1335,12 +1293,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.0.10244<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.0.10244
+  sysdigWorkerVersion: 4.0.3.10243
 ```
 
 ## **sysdig.enableAlerter**
@@ -1596,36 +1554,24 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.7.0.1<br>
+**Default**: 0.6.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.7.0.1
+  natsExporterVersion: 0.6.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.22.0.2<br>
+**Default**: 0.16.2.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.22.0.2
-```
-
-## **sysdig.natsStreamingInitVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of NATS streaming init.<br>
-**Options**:<br>
-**Default**: 0.22.0.2<br>
-**Example**:
-
-```yaml
-sysdig:
-  natsStreamingInitVersion: 0.22.0.2
+  natsStreamingVersion: 0.16.2.1
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1755,7 +1701,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure` and when `postgres.HA.enabled` is false.<br>
+is `monitor secure`.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1867,250 +1813,6 @@ sysdig:
       - my-cool-host1.com
 ```
 
-## **sysdig.postgresql.pgParameters**
-**Required**: `false`<br>
-**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
-**Options**:<br>
-**Default**: ``<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:      
-    pgParameters:
-      max_connections: '1024'
-      shared_buffers: '110MB'
-```
-
-
-## **sysdig.postgresql.ha.enabled**
-**Required**: `false`<br>
-**Description**: true if you want to deploy postgreSQL in HA mode.
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      enabled: true
-```
-
-## **sysdig.postgresql.ha.spiloVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL node in HA mode.
-**Options**:<br>
-**Default**: `2.0-p7`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      spiloVersion: 2.0-p7
-```
-
-## **sysdig.postgresql.ha.operatorVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
-**Options**:<br>
-**Default**: `v1.6.3`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      operatorVersion: v1.6.3
-```
-
-## **sysdig.postgresql.ha.exporterVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
-**Options**:<br>
-**Default**: `latest`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      exporterVersion: v0.3
-```
-
-## **sysdig.postgresql.ha.clusterDomain**
-**Required**: `false`<br>
-**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
-**Options**:<br>
-**Default**: `cluster.local`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      clusterDomain: cluster.local
-```
-
-## **sysdig.postgresql.ha.replicas**
-**Required**: `false`<br>
-**Description**: number of replicas for postgreSQL nodes in HA mode.
-**Options**:<br>
-**Default**: `3`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      replicas: 3
-```
-
-
-## **sysdig.postgresql.ha.enableExporter**
-**Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
-**Options**:<br>
-**Default**: `true`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      enableExporter: true
-```
-
-## **sysdig.postgresql.ha.migrate.retryCount**
-**Required**: `false`<br>
-**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
-**Options**: `true|false`<br>
-**Default**: `3600`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retryCount: 3600
-```
-
-## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
-**Required**: `false`<br>
-**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
-**Options**:<br>
-**Default**: `10`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retrySleepSeconds: 10
-```
-
-## **sysdig.postgresql.ha.migrate.retainBackup**
-**Required**: `false`<br>
-**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retainBackup: true
-```
-
-## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of the migration job from postgres single node to HA mode.
-**Options**:<br>
-**Default**: `postgres-to-postgres-ha-0.0.4`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        migrationJobImageVersion: v0.1
-```
-
-## **sysdig.postgresql.ha.customTls.enabled**
-**Required**: `false`<br>
-**Description**: If set to true will pass to the target pg crd the option to add
-custom certificates and CA
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-```
-
-## **sysdig.postgresql.ha.customTls.crtSecretName**
-**Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container certificate and key that will be used in postgres HA for ssl
-NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
-```
-
-## **sysdig.postgresql.ha.customTls.caSecretName**
-**Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container the CA certificate that will be used in postgres HA for ssl
-NOTE: the CA certificate file must be called `ca.crt`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
-       caSecretName: sysdigcloud-postgres-tls-ca
-
-```
-
 ## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
 **Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
@@ -2178,7 +1880,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
@@ -2186,6 +1888,7 @@ sysdig:
   postgresql:
     external: true
   postgresDatabases:
+    useNonAdminUsers: true
     policies:
       host: my-policies-db-external.com
       port: 5432
@@ -2314,7 +2017,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
@@ -2326,32 +2029,9 @@ sysdig:
     beacon:
       host: my-beacon-db-external.com
       port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.promBeacon**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    promBeacon:
-      host: my-prom-beacon-db-external.com
-      port: 5432
-      db: prom_beacon_db
-      username: prom_beacon_user
-      password: my_prom_beacon_user_password
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
@@ -8331,18 +8011,6 @@ sysdig:
     certificate:
       key: certs/collector.key
 ```
-## **sysdig.worker.enabled**
-**Required**: `false`<br>
-**Description**: Enables Sysdig Worker component<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    enabled: true
-```
 
 ## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
@@ -9422,7 +9090,7 @@ sysdig:
 
 ## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: Whether to enable metadata-service or not
+**Description**: This creates a deployment for Metadata-Service
 **Do not modify this unless you
 know what you are doing as modifying it could have unintended
 consequences**<br>
@@ -9557,157 +9225,6 @@ sysdig:
   metadataServiceVersion: 1.0.1.12
 ```
 
-## **sysdig.helmRenderer.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  helmRenderer:
-    enabled: true
-```
-
-## **sysdig.resources.helmRenderer.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.helmRenderer.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        memory: 10Mi
-```
-
-## **sysdig.resources.helmRenderer.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.helmRenderer.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.helmRendererReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
-
-**Example**:
-
-```yaml
-sysdig:
-  helmRendererReplicaCount: 4
-```
-
-## **sysdig.helmRendererVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 0.1.32<br>
-**Example**:
-
-```yaml
-sysdig:
-  helmRendererVersion: 0.1.32
-```
-
-## **sysdig.secure.activityAudit.enabled**
-**Required**: `false`<br>
-**Description**: Enable activity audit for Sysdig secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    activityAudit:
-      enabled: true
-```
-
 ## **sysdig.secure.activityAudit.janitor.retentionDays**
 **Required**: `false`<br>
 **Description**: Retention period for Activity Audit data.<br>
@@ -9723,147 +9240,6 @@ sysdig:
         retentionDays: 90
 ```
 
-## **sysdig.secure.anchore.enabled**
-**Required**: `false`<br>
-**Description**: Enable anchore for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    anchore:
-      enabled: true
-```
-
-## **sysdig.secure.compliance.enabled**
-**Required**: `false`<br>
-**Description**: Enable compliance for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    compliance:
-      enabled: true
-```
-
-## **sysdig.secure.netsec.enabled**
-**Required**: `false`<br>
-**Description**: Enable netsec for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    netsec:
-      enabled: true
-```
-
-## **sysdig.secure.overview.enabled**
-**Required**: `false`<br>
-**Description**: Enable overview for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    overview:
-      enabled: true
-```
-
-## **sysdig.secure.padvisor.enabled**
-**Required**: `false`<br>
-**Description**: Enable policy advisor for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    padvisor:
-      enabled: true
-```
-
-## **sysdig.secure.profiling.enabled**
-**Required**: `false`<br>
-**Description**: Enable profiling for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    profiling:
-      enabled: true
-```
-
-## **sysdig.secure.scanning.reporting.enabled**
-**Required**: `false`<br>
-**Description**: Enable reporting for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        enabled: true
-```
-
-## **sysdig.secure.scanning.enabled**
-**Required**: `false`<br>
-**Description**: Enable scanning for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      enabled: true
-```
-
-## **sysdig.secure.events.enabled**
-**Required**: `false`<br>
-**Description**: Enable events for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    events:
-      enabled: true
-```
-
-## **sysdig.secure.eventsForwarder.enabled**
-**Required**: `false`<br>
-**Description**: Enable events forwarder for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    eventsForwarder:
-      enabled: true
-```
-
 ## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to rapid-response-connector pods<br>

From 106e05ff5913f759ca966ea65dc2129205e0955e Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 28 Oct 2021 08:40:36 +0000
Subject: [PATCH 086/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index ef64756b..08f53d8b 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -720,7 +720,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 4.0.3.10243
+  activityAuditVersion: 4.0.5.10596
 ```
 
 ## **sysdig.profilingVersion**
@@ -732,7 +732,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 4.0.3.10243
+  profilingVersion: 4.0.5.10596
 ```
 
 ## **sysdig.anchoreVersion**
@@ -1233,12 +1233,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.4.10358<br>
+**Default**: 4.0.5.10596<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 4.0.3.10243
+  monitorVersion: 4.0.5.10596
 ```
 
 ## **sysdig.scanningVersion**
@@ -1253,7 +1253,7 @@ consequences**<br>
 
 ```yaml
 sysdig:
-  scanningVersion: 4.0.3.10243
+  scanningVersion: 4.0.5.10596
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1268,7 +1268,7 @@ consequences**<br>
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 4.0.3.10243
+  sysdigAPIVersion: 4.0.5.10596
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1283,7 +1283,7 @@ consequences**<br>
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 4.0.3.10243
+  sysdigCollectorVersion: 4.0.5.10596
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1298,7 +1298,7 @@ consequences**<br>
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 4.0.3.10243
+  sysdigWorkerVersion: 4.0.5.10596
 ```
 
 ## **sysdig.enableAlerter**

From e5c857e5e875f52db87545462c777b6d05e19ca4 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 17 Nov 2021 15:43:31 +0000
Subject: [PATCH 087/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 774 +++++++++++++++++++--
 1 file changed, 712 insertions(+), 62 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 08f53d8b..3314c64f 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -72,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
-and [full airgap instructions](../usage.md#full-airgap-installation) for more
+multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
+and [full airgap instructions](../README.md#full-airgap-install) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -124,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift`<br>
+**Options**: `iks|kubernetes|openshift|goldman`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -321,6 +321,33 @@ elasticsearch:
   useES6: true
 ```
 
+## **elasticsearch.enableMetrics**
+**Required**: `false`<br>
+**Description**:
+Allow Elasticsearch to export prometheus metrics.
+
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  enableMetrics: true
+```
+
+## **sysdig.elasticsearchExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
+`elasticsearch.enableMetrics` is `true`.<br>
+**Options**:<br>
+**Default**: v1.2.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchExporterVersion: v1.2.0
+```
+
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -711,40 +738,16 @@ pvStorageSize:
     nats: 10Gi
 ```
 
-## **sysdig.activityAuditVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Activity Audit services.<br>
-**Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditVersion: 4.0.5.10596
-```
-
-## **sysdig.profilingVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Profiling services.<br>
-**Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
-**Example**:
-
-```yaml
-sysdig:
-  profilingVersion: 4.0.5.10596
-```
-
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.30<br>
+**Default**: 0.8.1.32<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.30
+  anchoreVersion: 0.8.1.32
 ```
 
 ## **sysdig.accessKey**
@@ -827,23 +830,49 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
+## **sysdig.s3.capturesFolder**
+**Required**: `false`<br>
+**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    capturesFolder: my_captures_folder
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
 **Options**: <br>
-**Default**: 2.1.21.13<br>
+**Default**: 2.1.22.4<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraVersion: 2.1.22.4
+```
+
+## **sysdig.cassandraExporterVersion**
+**Required**: `false`<br>
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
+**Options**: <br>
+**Default**: latest<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.16
+  cassandraExporterVersion: latest
 ```
 
 ## **sysdig.cassandra.useCassandra3**
 **Required**: `false`<br>
 **Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -856,12 +885,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
 **Options**: <br>
-**Default**: `3.11.7.0`<br>
+**Default**: `3.11.11.1`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.7.0
+  cassandra3Version: 3.11.11.1
 ```
 
 ## **sysdig.cassandra.external**
@@ -920,6 +949,19 @@ sysdig:
    ssl: true
 ```
 
+## **sysdig.cassandra.enableMetrics**
+**Required**: `false`<br>
+**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   enableMetrics: true
+```
+
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1116,12 +1158,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.6<br>
+**Default**: 6.8.6.12<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.6
+  elasticsearch6Version: 6.8.6.12
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1233,27 +1275,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.5.10596<br>
+**Default**: 5.0.1.10735<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 4.0.5.10596
+  monitorVersion: 5.0.1.10735
 ```
 
-## **sysdig.scanningVersion**
+## **sysdig.secureVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Scanning components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Secure, if this is not 
+configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.1.10735<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 4.0.5.10596
+  secureVersion: 5.0.1.10735
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1263,12 +1305,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.1.10735<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 4.0.5.10596
+  sysdigAPIVersion: 5.0.1.10735
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1278,12 +1320,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.1.10735<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 4.0.5.10596
+  sysdigCollectorVersion: 5.0.1.10735
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1293,12 +1335,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.1.10735<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 4.0.5.10596
+  sysdigWorkerVersion: 5.0.1.10735
 ```
 
 ## **sysdig.enableAlerter**
@@ -1320,7 +1362,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
 **Options**:`true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -1385,6 +1427,32 @@ sysdig:
       apiToken: A_VALID_TOKEN
 ```
 
+## **sysdig.alertingSystem.alertNotifierReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertNotifier<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifierReplicaCount: 3
+```
+
+## **sysdig.alertingSystem.alertManagerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertManager<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManagerReplicaCount: 3
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1554,24 +1622,36 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.6.0.1<br>
+**Default**: 0.7.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.6.0.1
+  natsExporterVersion: 0.7.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.16.2.1<br>
+**Default**: 0.22.0.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingVersion: 0.22.0.2
+```
+
+## **sysdig.natsStreamingInitVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming init.<br>
+**Options**:<br>
+**Default**: 0.22.0.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.16.2.1
+  natsStreamingInitVersion: 0.22.0.2
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1701,7 +1781,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure`.<br>
+is `monitor secure` and when `postgres.HA.enabled` is false.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1813,6 +1893,250 @@ sysdig:
       - my-cool-host1.com
 ```
 
+## **sysdig.postgresql.pgParameters**
+**Required**: `false`<br>
+**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Options**:<br>
+**Default**: ``<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:      
+    pgParameters:
+      max_connections: '1024'
+      shared_buffers: '110MB'
+```
+
+
+## **sysdig.postgresql.ha.enabled**
+**Required**: `false`<br>
+**Description**: true if you want to deploy postgreSQL in HA mode.
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      enabled: true
+```
+
+## **sysdig.postgresql.ha.spiloVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the postgreSQL node in HA mode.
+**Options**:<br>
+**Default**: `2.0-p7`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      spiloVersion: 2.0-p7
+```
+
+## **sysdig.postgresql.ha.operatorVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
+**Options**:<br>
+**Default**: `v1.6.3`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      operatorVersion: v1.6.3
+```
+
+## **sysdig.postgresql.ha.exporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      exporterVersion: v0.3
+```
+
+## **sysdig.postgresql.ha.clusterDomain**
+**Required**: `false`<br>
+**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
+**Options**:<br>
+**Default**: `cluster.local`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      clusterDomain: cluster.local
+```
+
+## **sysdig.postgresql.ha.replicas**
+**Required**: `false`<br>
+**Description**: number of replicas for postgreSQL nodes in HA mode.
+**Options**:<br>
+**Default**: `3`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      replicas: 3
+```
+
+
+## **sysdig.postgresql.ha.enableExporter**
+**Required**: `false`<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `true`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      enableExporter: true
+```
+
+## **sysdig.postgresql.ha.migrate.retryCount**
+**Required**: `false`<br>
+**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Options**: `true|false`<br>
+**Default**: `3600`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retryCount: 3600
+```
+
+## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
+**Required**: `false`<br>
+**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
+**Options**:<br>
+**Default**: `10`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retrySleepSeconds: 10
+```
+
+## **sysdig.postgresql.ha.migrate.retainBackup**
+**Required**: `false`<br>
+**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retainBackup: true
+```
+
+## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the migration job from postgres single node to HA mode.
+**Options**:<br>
+**Default**: `postgres-to-postgres-ha-0.0.4`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        migrationJobImageVersion: v0.1
+```
+
+## **sysdig.postgresql.ha.customTls.enabled**
+**Required**: `false`<br>
+**Description**: If set to true will pass to the target pg crd the option to add
+custom certificates and CA
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+```
+
+## **sysdig.postgresql.ha.customTls.crtSecretName**
+**Required**: `false`<br>
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container certificate and key that will be used in postgres HA for ssl
+NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+```
+
+## **sysdig.postgresql.ha.customTls.caSecretName**
+**Required**: `false`<br>
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container the CA certificate that will be used in postgres HA for ssl
+NOTE: the CA certificate file must be called `ca.crt`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+       caSecretName: sysdigcloud-postgres-tls-ca
+
+```
+
 ## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
 **Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
@@ -1880,7 +2204,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
@@ -1888,7 +2212,6 @@ sysdig:
   postgresql:
     external: true
   postgresDatabases:
-    useNonAdminUsers: true
     policies:
       host: my-policies-db-external.com
       port: 5432
@@ -2017,7 +2340,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
 **Example**:
 
 ```yaml
@@ -2029,9 +2352,32 @@ sysdig:
     beacon:
       host: my-beacon-db-external.com
       port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.promBeacon**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    promBeacon:
+      host: my-prom-beacon-db-external.com
+      port: 5432
+      db: prom_beacon_db
+      username: prom_beacon_user
+      password: my_prom_beacon_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
@@ -8011,6 +8357,18 @@ sysdig:
     certificate:
       key: certs/collector.key
 ```
+## **sysdig.worker.enabled**
+**Required**: `false`<br>
+**Description**: Enables Sysdig Worker component<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    enabled: true
+```
 
 ## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
@@ -9090,7 +9448,7 @@ sysdig:
 
 ## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: This creates a deployment for Metadata-Service
+**Description**: Whether to enable metadata-service or not
 **Do not modify this unless you
 know what you are doing as modifying it could have unintended
 consequences**<br>
@@ -9225,6 +9583,157 @@ sysdig:
   metadataServiceVersion: 1.0.1.12
 ```
 
+## **sysdig.helmRenderer.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  helmRenderer:
+    enabled: true
+```
+
+## **sysdig.resources.helmRenderer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.helmRenderer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.helmRenderer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.helmRenderer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.helmRendererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
+**Example**:
+
+```yaml
+sysdig:
+  helmRendererReplicaCount: 4
+```
+
+## **sysdig.helmRendererVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 0.1.32<br>
+**Example**:
+
+```yaml
+sysdig:
+  helmRendererVersion: 0.1.32
+```
+
+## **sysdig.secure.activityAudit.enabled**
+**Required**: `false`<br>
+**Description**: Enable activity audit for Sysdig secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    activityAudit:
+      enabled: true
+```
+
 ## **sysdig.secure.activityAudit.janitor.retentionDays**
 **Required**: `false`<br>
 **Description**: Retention period for Activity Audit data.<br>
@@ -9240,6 +9749,147 @@ sysdig:
         retentionDays: 90
 ```
 
+## **sysdig.secure.anchore.enabled**
+**Required**: `false`<br>
+**Description**: Enable anchore for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    anchore:
+      enabled: true
+```
+
+## **sysdig.secure.compliance.enabled**
+**Required**: `false`<br>
+**Description**: Enable compliance for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    compliance:
+      enabled: true
+```
+
+## **sysdig.secure.netsec.enabled**
+**Required**: `false`<br>
+**Description**: Enable netsec for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    netsec:
+      enabled: true
+```
+
+## **sysdig.secure.overview.enabled**
+**Required**: `false`<br>
+**Description**: Enable overview for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    overview:
+      enabled: true
+```
+
+## **sysdig.secure.padvisor.enabled**
+**Required**: `false`<br>
+**Description**: Enable policy advisor for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    padvisor:
+      enabled: true
+```
+
+## **sysdig.secure.profiling.enabled**
+**Required**: `false`<br>
+**Description**: Enable profiling for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    profiling:
+      enabled: true
+```
+
+## **sysdig.secure.scanning.reporting.enabled**
+**Required**: `false`<br>
+**Description**: Enable reporting for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        enabled: true
+```
+
+## **sysdig.secure.scanning.enabled**
+**Required**: `false`<br>
+**Description**: Enable scanning for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      enabled: true
+```
+
+## **sysdig.secure.events.enabled**
+**Required**: `false`<br>
+**Description**: Enable events for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      enabled: true
+```
+
+## **sysdig.secure.eventsForwarder.enabled**
+**Required**: `false`<br>
+**Description**: Enable events forwarder for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      enabled: true
+```
+
 ## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to rapid-response-connector pods<br>

From 526552ab46b5755dbbf19c9b0aee01f9fe510ef2 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 7 Dec 2021 12:35:42 +0000
Subject: [PATCH 088/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 3314c64f..274762dc 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -1275,12 +1275,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.1.10735<br>
+**Default**: 5.0.2.10900<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.1.10735
+  monitorVersion: 5.0.2.10900
 ```
 
 ## **sysdig.secureVersion**
@@ -1290,12 +1290,12 @@ configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.1.10735<br>
+**Default**: 5.0.2.10900<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.1.10735
+  secureVersion: 5.0.2.10900
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1305,12 +1305,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.1.10735<br>
+**Default**: 5.0.2.10900<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.1.10735
+  sysdigAPIVersion: 5.0.2.10900
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1320,12 +1320,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.1.10735<br>
+**Default**: 5.0.2.10900<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.1.10735
+  sysdigCollectorVersion: 5.0.2.10900
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1335,12 +1335,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.1.10735<br>
+**Default**: 5.0.2.10900<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.1.10735
+  sysdigWorkerVersion: 5.0.2.10900
 ```
 
 ## **sysdig.enableAlerter**

From 7749a2ae542621dfa25b405c5756f090708d1d5e Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 14 Dec 2021 12:15:28 +0000
Subject: [PATCH 089/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 274762dc..1ce1ce02 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -1275,12 +1275,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.2.10900<br>
+**Default**: 5.0.3.10976<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.2.10900
+  monitorVersion: 5.0.3.10976
 ```
 
 ## **sysdig.secureVersion**
@@ -1290,12 +1290,12 @@ configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.2.10900<br>
+**Default**: 5.0.3.10976<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.2.10900
+  secureVersion: 5.0.3.10976
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1305,12 +1305,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.2.10900<br>
+**Default**: 5.0.3.10976<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.2.10900
+  sysdigAPIVersion: 5.0.3.10976
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1320,12 +1320,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.2.10900<br>
+**Default**: 5.0.3.10976<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.2.10900
+  sysdigCollectorVersion: 5.0.3.10976
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1335,12 +1335,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.2.10900<br>
+**Default**: 5.0.3.10976<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.2.10900
+  sysdigWorkerVersion: 5.0.3.10976
 ```
 
 ## **sysdig.enableAlerter**

From ef117e1713921afba73aff0e660629cf868ba0bf Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 14 Dec 2021 16:05:59 +0000
Subject: [PATCH 090/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 -
 installer/docs/configuration_parameters.md | 8102 ++++++--------------
 3 files changed, 2474 insertions(+), 5680 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..045d019d 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [installer releases
-  page](https://github.com/draios/installer/releases).
+  [sysdigcloud-kubernetes releases
+  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.5.1-1-uber
+  docker pull quay.io/sysdig/installer:3.6.3-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.6.3-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 6617e8ba..8c5de38a 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,47 +104,3 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
-
-## Airgapped installations
-
-### Method for automatically updating the feeds database in airgapped environments
-This is a procedure that can be used to automatically update the feeds database:
-
-1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
-2. move the file from the jumpbox server to the customer airgapped environment (optional)
-3. load the image file and push it to the customer's airgapped image registry
-4. restart the pod sysdigcloud-feeds-db
-5. restart the pod feeds-api
-
-Finally, steps 1 to 5 will be performed periodically once a day.
-
-This is an example script that contains all the steps:
-```bash
-#!/bin/bash
-QUAY_USERNAME="<change_me>"
-QUAY_PASSWORD="<change_me>"
-
-# Download image
-docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/vuln-feed-database:latest
-# Save image
-docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
-# Optionally move image
-mv vuln-feed-database.tar /var/shared-folder
-# Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
-# Push image remotely
-ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
-ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
-# Restart database pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
-# Restart feeds-api pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
-```
-
-The script can be scheduled using a cron job that run every day
-```bash
-0 8 * * * feeds-database-update.sh >/dev/null 2>&1
-```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 1ce1ce02..2bdc1b80 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -72,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
-and [full airgap instructions](../README.md#full-airgap-install) for more
+multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
+and [full airgap instructions](../usage.md#full-airgap-installation) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`<br>
+**Required**: `false`
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -124,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift|goldman`<br>
+**Options**: `iks|kubernetes|openshift`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -321,33 +321,6 @@ elasticsearch:
   useES6: true
 ```
 
-## **elasticsearch.enableMetrics**
-**Required**: `false`<br>
-**Description**:
-Allow Elasticsearch to export prometheus metrics.
-
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-elasticsearch:
-  enableMetrics: true
-```
-
-## **sysdig.elasticsearchExporterVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
-`elasticsearch.enableMetrics` is `true`.<br>
-**Options**:<br>
-**Default**: v1.2.0<br>
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchExporterVersion: v1.2.0
-```
-
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -693,61 +666,40 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
-**Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
-**Options**:<br>
-**Default**: 10Gi<br>
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    nats: 10Gi
-```
-
-## **pvStorageSize.medium.nats**
+## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Description**: Docker image tag of Activity Audit services.<br>
 **Options**:<br>
-**Default**: 10Gi<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
-pvStorageSize:
-  medium:
-    nats: 10Gi
+sysdig:
+  activityAuditVersion: 3.6.3.10985
 ```
 
-## **pvStorageSize.small.nats**
+## **sysdig.profilingVersion**
 **Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Description**: Docker image tag of Profiling services.<br>
 **Options**:<br>
-**Default**: 10Gi<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
-pvStorageSize:
-  small:
-    nats: 10Gi
+sysdig:
+  profilingVersion: 3.6.3.10985
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.32<br>
+**Default**: 0.6.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.32
+  anchoreVersion: 0.8.1.8
 ```
 
 ## **sysdig.accessKey**
@@ -763,19 +715,6 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
-## **sysdig.awsRegion**
-**Required**: `false`<br>
-**Description**: The AWS (or AWS compatible) region to be used by Sysdig
-components to communicate with AWS (or an AWS compatible API).<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  awsRegion: my_aws_region
-```
-
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -830,67 +769,16 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
-## **sysdig.s3.capturesFolder**
-**Required**: `false`<br>
-**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    capturesFolder: my_captures_folder
-```
-
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**: <br>
-**Default**: 2.1.22.4<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraVersion: 2.1.22.4
-```
-
-## **sysdig.cassandraExporterVersion**
-**Required**: `false`<br>
-**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
-**Options**: <br>
-**Default**: latest<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraExporterVersion: latest
-```
-
-## **sysdig.cassandra.useCassandra3**
-**Required**: `false`<br>
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandra:
-    useCassandra3: false
-```
-
-## **sysdig.Cassandra3Version**
-**Required**: `false`<br>
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
-**Options**: <br>
-**Default**: `3.11.11.1`<br>
+**Options**:<br>
+**Default**: 2.1.21.13<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.11.1
+  cassandraVersion: 2.1.21.16
 ```
 
 ## **sysdig.cassandra.external**
@@ -925,7 +813,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`true`<br>
+**Default**:`false`<br>
 **Example**:
 
 ```yaml
@@ -937,9 +825,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
+**Description**: Enables cassandra server and clients communicate over ssl. <br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -949,19 +837,6 @@ sysdig:
    ssl: true
 ```
 
-## **sysdig.cassandra.enableMetrics**
-**Required**: `false`<br>
-**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
- cassandra:
-   enableMetrics: true
-```
-
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1042,7 +917,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**: `-Xms4g -Xmx4g`<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
@@ -1096,31 +971,22 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
-   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
-
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
-PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
 
-This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
-in the same level as `values.yaml`.<br>
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
-certs/custom-java-certs/certificate3.p12
-certs/custom-java-certs/certificate3.p12.passwd
-
-
 values.yaml
 ```
 
@@ -1156,14 +1022,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch.<br>
+**Description**: The docker image tag of Elasticsearch 6.<br>
 **Options**:<br>
-**Default**: 6.8.6.12<br>
+**Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.12
+  elasticsearchVersion: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1275,27 +1141,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.3.10976<br>
+**Default**: 3.6.3.10985<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.3.10976
+  monitorVersion: 3.6.3.10985
 ```
 
-## **sysdig.secureVersion**
+## **sysdig.scanningVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Secure, if this is not 
-configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Scanning components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.3.10976<br>
+**Default**: 3.6.3.10985<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.3.10976
+  scanningVersion: 3.6.3.10985
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1305,12 +1171,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.3.10976<br>
+**Default**: 3.6.3.10985<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.3.10976
+  sysdigAPIVersion: 3.6.3.10985
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1320,12 +1186,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.3.10976<br>
+**Default**: 3.6.3.10985<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.3.10976
+  sysdigCollectorVersion: 3.6.3.10985
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1335,12 +1201,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.3.10976<br>
+**Default**: 3.6.3.10985<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.3.10976
+  sysdigWorkerVersion: 3.6.3.10985
 ```
 
 ## **sysdig.enableAlerter**
@@ -1358,101 +1224,6 @@ sysdig:
   enableAlerter: true
 ```
 
-## **sysdig.alertingSystem.enabled**
-**Required**: `false`<br>
-**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    enabled: true
-```
-
-## **sysdig.alertingSystem.alertManager.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertManager.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      apiToken: A_VALID_TOKEN
-```
-
-## **sysdig.alertingSystem.alertNotifier.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertNotifier.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      apiToken: A_VALID_TOKEN
-```
-
-## **sysdig.alertingSystem.alertNotifierReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertNotifier<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifierReplicaCount: 3
-```
-
-## **sysdig.alertingSystem.alertManagerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertManager<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManagerReplicaCount: 3
-```
-
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1527,7 +1298,8 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster
+instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1622,36 +1394,24 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.7.0.1<br>
+**Default**: 0.6.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.7.0.1
+  natsExporterVersion: 0.6.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.22.0.2<br>
-**Example**:
-
-```yaml
-sysdig:
-  natsStreamingVersion: 0.22.0.2
-```
-
-## **sysdig.natsStreamingInitVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of NATS streaming init.<br>
-**Options**:<br>
-**Default**: 0.22.0.2<br>
+**Default**: 0.16.2.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingInitVersion: 0.22.0.2
+  natsStreamingVersion: 0.16.2.1
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1668,36 +1428,6 @@ sysdig:
       enabled: true
 ```
 
-## **sysdig.nats.secure.username**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS username<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS password<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1781,7 +1511,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure` and when `postgres.HA.enabled` is false.<br>
+is `monitor secure`.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1791,730 +1521,597 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: 1.2.5-mysql-to-postgres<br>
+**Default**: [] <br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.postgresql.rootUser**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: Root user of the in-cluster postgresql instance.<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**: `postgres`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootUser: postgres
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
 ```
 
-## **sysdig.postgresql.rootDb**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: Root database of the in-cluster postgresql instance.<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**: `anchore`<br>
+**Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootDb: anchore
+  proxy:
+    enable: true
 ```
 
-## **sysdig.postgresql.rootPassword**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: Password for the root user of the in-cluster postgresql instance.<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**: Autogenerated 16 alphanumeric characters<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootPassword: my_root_password
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.postgresql.primary**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
+**Options**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-```
-
-## **sysdig.postgresql.external**
-**Required**: `false`<br>
-**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-    sysdig:
-      host: my-sysdig-db-external.com
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**: [] <br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.postgresql.pgParameters**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**: ``<br>
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:      
-    pgParameters:
-      max_connections: '1024'
-      shared_buffers: '110MB'
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-
-## **sysdig.postgresql.ha.enabled**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: true if you want to deploy postgreSQL in HA mode.
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      enabled: true
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.postgresql.ha.spiloVersion**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL node in HA mode.
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**: `2.0-p7`<br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      spiloVersion: 2.0-p7
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.postgresql.ha.operatorVersion**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `v1.6.3`<br>
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      operatorVersion: v1.6.3
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.postgresql.ha.exporterVersion**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `latest`<br>
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      exporterVersion: v0.3
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.postgresql.ha.clusterDomain**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `cluster.local`<br>
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      clusterDomain: cluster.local
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.postgresql.ha.replicas**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: number of replicas for postgreSQL nodes in HA mode.
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `3`<br>
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      replicas: 3
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-
-## **sysdig.postgresql.ha.enableExporter**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      enableExporter: true
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
 
-## **sysdig.postgresql.ha.migrate.retryCount**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
 **Options**: `true|false`<br>
-**Default**: `3600`<br>
+**Default**: `false`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retryCount: 3600
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
-**Options**:<br>
-**Default**: `10`<br>
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retrySleepSeconds: 10
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.postgresql.ha.migrate.retainBackup**
+
+## **sysdig.secure.anchore.customCerts**
 **Required**: `false`<br>
-**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retainBackup: true
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: Docker image tag of the migration job from postgres single node to HA mode.
+**Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**: `postgres-to-postgres-ha-0.0.4`<br>
-
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        migrationJobImageVersion: v0.1
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.postgresql.ha.customTls.enabled**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: If set to true will pass to the target pg crd the option to add
-custom certificates and CA
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
+**Options**:<br>
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.postgresql.ha.customTls.crtSecretName**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container certificate and key that will be used in postgres HA for ssl
-NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
-
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
+  redisHa: false
 ```
 
-## **sysdig.postgresql.ha.customTls.caSecretName**
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container the CA certificate that will be used in postgres HA for ssl
-NOTE: the CA certificate file must be called `ca.crt`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
-       caSecretName: sysdigcloud-postgres-tls-ca
-
+  resources:
+    cassandra:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.useNonAdminUsers**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+**Description**: The amount of memory assigned to cassandra pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-    profiling:
-      host: my-profiling-db-external.com
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
-## **sysdig.postgresDatabases.anchore**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-      port: 5432
-      db: anchore_db
-      username: anchore_user
-      password: my_anchore_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.postgresDatabases.profiling**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    profiling:
-      host: my-profiling-db-external.com
-      port: 5432
-      db: anchore_db
-      username: profiling_user
-      password: my_profiling_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.policies**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    policies:
-      host: my-policies-db-external.com
-      port: 5432
-      db: policies_db
-      username: policies_user
-      password: my_policies_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.postgresDatabases.scanning**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    scanning:
-      host: my-scanning-db-external.com
-      port: 5432
-      db: scanning_db
-      username: scanning_user
-      password: my_scanning_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
-## **sysdig.postgresDatabases.reporting**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    reporting:
-      host: my-reporting-db-external.com
-      port: 5432
-      db: reporting_db
-      username: reporting_user
-      password: my_reporting_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.padvisor**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-      port: 5432
-      db: padvisor_db
-      username: padvisor_user
-      password: my_padvisor_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
-## **sysdig.postgresDatabases.sysdig**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    sysdig:
-      host: my-sysdig-db-external.com
-      port: 5432
-      db: sysdig_db
-      username: sysdig_user
-      password: my_sysdig_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.postgresDatabases.serviceOwnerManagement**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    serviceOwnerManagement:
-      host: my-som-db-external.com
-      port: 5432
-      db: som_db
-      username: som_user
-      password: my_som_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
-## **sysdig.postgresDatabases.beacon**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    beacon:
-      host: my-beacon-db-external.com
-      port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.promBeacon**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
-**Example**:
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    promBeacon:
-      host: my-prom-beacon-db-external.com
-      port: 5432
-      db: prom_beacon_db
-      username: prom_beacon_user
-      password: my_prom_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
 
-## **sysdig.postgresDatabases.quartz**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    quartz:
-      host: my-quartz-db-external.com
-      port: 5432
-      db: quartz_db
-      username: quartz_user
-      password: my_quartz_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.postgresDatabases.compliance**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
-**Example**:
+**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    compliance:
-      host: my-compliance-db-external.com
-      port: 5432
-      db: compliance_db
-      username: compliance_user
-      password: my_compliance_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
-## **sysdig.postgresDatabases.admissionController**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    admissionController:
-      host: my-admission-controller-db-external.com
-      port: 5432
-      db: admission_controller_db
-      username: admission_controller_user
-      password: my_admission_controller_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    mysql-router:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.rapidResponse**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-rapid-response-db-external.com
-      port: 5432
-      db: rapid_response_db
-      username: rapid_response_user
-      password: my_rapid_response_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    mysql-router:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
+  resources:
+    mysql-router:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `false`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  resources:
+    mysql-router:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
 **Default**:<br>
 
@@ -2522,414 +2119,483 @@ is configured.<br>
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  resources:
+    mysql:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  resources:
+    mysql:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  resources:
+    mysql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  resources:
+    mysql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  resources:
+    postgresql:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 8Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  resources:
+    postgresql:
+      limits:
+        memory: 8Gi
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
-**Default**: `awesomeclientid`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  resources:
+    postgresql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
-**Default**: `awesomeclientsecret`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  resources:
+    postgresql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
-**Default**: `incoming-webhook`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  resources:
+    redis:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  resources:
+    redis:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  resources:
+    redis:
+      requests:
+        cpu: 2
 ```
-## **sysdig.saml.certificate.name**
+
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The filename of the certificate that will be used for signing SAML requests. 
-The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
-the certificate name used when creating the certificate.<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
+  resources:
+    redis:
+      requests:
+        memory: 2Gi
 ```
-## **sysdig.saml.certificate.password**
+
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The password required to read the certificate that will be used for signing SAML requests. 
-If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
-      password: changeit
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
 
-**Example**:
-```yaml
-sysdig:
-  inactivitySettings:
-    trackerEnabled: true
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
-## **sysdig.inactivitySettings.trackerTimeout**
-**Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
 
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
-**Example**:
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
+**Example**:
 
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.anchore.enableMetrics**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**:
-Allow Anchore to export prometheus metrics.
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
-**Options**: `true|false`<br>
-**Default**: false<br>
 **Example**:
+
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      enableMetrics: true
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 4.0.12.7<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
-**Example**:
-
-```yaml
-sysdig:
-  redisHaVersion: 4.0.12-1.0.1
-```
+**Default**:
 
-## **sysdig.redisHa**
-**Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
-```yaml
-sysdig:
-  redisHa: false
-```
 
-## **sysdig.useRedis6**
-**Required**: `false`<br>
-**Description**: Determines if redis should be installed with version 6.x<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  useRedis6: false
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.redis6Version**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis 6, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 6.0.10.1<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  redis6Version: 6.0.10.1
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
-## **sysdig.redis6SentinelVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Redis Sentinel, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
-**Options**:<br>
-**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redis6SentinelVersion: 6.0.10.1
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.redis6ExporterVersion**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 1.15.1.1<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redis6ExporterVersion: 1.15.1.1
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
 ```
 
-
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
+| medium       | 1        |
 | large        | 4        |
 
 **Example**:
@@ -2937,87 +2603,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8Gi      |
-| medium       | 8Gi      |
-| large        | 8Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       requests:
-        memory: 8Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Description**: The amount of cpu assigned to api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Description**: The amount of memory assigned to api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Description**: The amount of cpu required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
+| medium       | 1        |
 | large        | 4        |
 
 **Example**:
@@ -3025,21 +2692,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Description**: The amount of memory required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -3047,200 +2714,214 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3248,7 +2929,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3256,88 +2937,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500Mi    |
+| small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3345,88 +3026,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3434,88 +3115,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3523,58 +3204,59 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3582,21 +3264,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3604,7 +3286,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 16Gi   |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3612,36 +3294,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
+| small        | 500m     |
 | medium       | 1        |
-| large        | 4        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3649,227 +3331,278 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       limits:
-        memory: 2Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
+**Default**: 0 3 * * *<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 125m   |
-| medium       | 250m   |
-| large        | 250m   |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
+```
 
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+**Required**: `false`<br>
+**Description**: Max execution duration for the retention policy<br>
+**Options**:<br>
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 168h<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 50Mi   |
-| medium       | 100Mi  |
-| large        | 100Mi  |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
+```
 
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+**Required**: `false`<br>
+**Description**: Artifical delay after each image deletion<br>
+**Options**:<br>
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      limits:
-        memory: 1Gi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
+**Default**: sysdigcloud-scanning-api:6000<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m     |
-| medium       | 50m     |
-| large        | 50m     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+```
 
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+**Required**: `false`<br>
+**Description**: Scanning DB engine<br>
+**Options**:<br>
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 90<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 20Mi     |
-| medium       | 20Mi     |
-| large        | 20Mi     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the tags policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      requests:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
+```
+
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api containers in api pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 300m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api containers in api pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3877,88 +3610,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api containers in api pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api containers in api pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.apiNginx.limits.cpu**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nginx containers in api pods<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.apiNginx.limits.memory**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nginx containers in api pods<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3966,88 +3699,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.apiNginx.requests.cpu**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.apiNginx.requests.memory**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nginx containers in api pods<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       requests:
-        memory: 100Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.cpu**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.memory**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4055,88 +3788,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.apiEmailRenderer.requests.cpu**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 300m     |
 | medium       | 500m     |
-| large        | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       requests:
-        cpu: 500m
+        cpu: 300m
 ```
 
-## **sysdig.resources.apiEmailRenderer.requests.memory**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       requests:
-        memory: 100Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| medium       | 6Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -4144,88 +3877,89 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       limits:
-        memory: 10Mi
+        memory: 4Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
-      requests:
-        memory: 200Mi
+    netsec-ingest:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4233,88 +3967,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       requests:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.nats-streaming.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4322,36 +4056,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       limits:
-        memory: 10Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4359,87 +4093,109 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    activity-audit-api:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.limits.cpu**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-api pods<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
+    activity-audit-api:
       limits:
-        cpu: 1
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-catalog.limits.cpu**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        cpu: 1
+    activity-audit-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-policy-engine.limits.cpu**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4454,22 +4210,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-worker:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.activity-audit-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4477,292 +4233,265 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    activity-audit-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-
-## **sysdig.resources.anchore-api.limits.memory**
+## **sysdig.resources.activity-audit-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-api pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      limits:
-        memory: 10Mi
+    activity-audit-worker:
+      requests:
+        cpu: 250m
 ```
 
-
-## **sysdig.resources.anchore-catalog.limits.memory**
+## **sysdig.resources.activity-audit-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-catalog pods<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        memory: 10Mi
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
 ```
 
-
-## **sysdig.resources.anchore-policy-engine.limits.memory**
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-janitor:
       limits:
-        memory: 10Mi
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    anchore-core:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.anchore-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-api pods<br>
-**Options**:<br>
-**Default**:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        cpu: 2
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    activity-audit-janitor:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-janitor:
       requests:
-        cpu: 2
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.profiling-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
-      requests:
-        memory: 200Mi
+    profiling-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.requests.memory**
+## **sysdig.resources.profiling-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-api pods<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        memory: 200Mi
+    profiling-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.memory**
+## **sysdig.resources.profiling-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    profiling-api:
       requests:
-        memory: 200Mi
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.memory**
+## **sysdig.resources.profiling-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    profiling-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.profiling-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.profiling-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4770,88 +4499,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.profiling-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.profiling-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.secure-overview-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.secure-overview-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -4859,89 +4588,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.secure-overview-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.secure-overview-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       requests:
-        memory: 200Mi
+        memory: 512Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.secure-prometheus.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.secure-prometheus.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -4949,620 +4677,565 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.secure-prometheus.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.secure-prometheus.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.events-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.events-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.events-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.events-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
+## **sysdig.resources.events-gatherer.limits.cpu**
 **Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
 **Options**:<br>
-**Default**: 0 3 * * *<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.events-gatherer.limits.memory**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
 **Options**:<br>
-**Default**: 23h<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+## **sysdig.resources.events-gatherer.requests.cpu**
 **Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
 **Options**:<br>
-**Default**: 168h<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.events-gatherer.requests.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
 **Options**:<br>
-**Default**: 1s<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+## **sysdig.resources.events-dispatcher.limits.cpu**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.events-dispatcher.limits.memory**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
 **Options**:<br>
-**Default**: mysql<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
-```
-
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
-**Required**: `false`<br>
-**Description**: Default value for the date policy<br>
-**Options**:<br>
-**Default**: 90<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
-```
-
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
-**Options**:<br>
-**Default**: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
-```
-
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
-**Options**:<br>
-**Default**: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
-```
-
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanning-ve-janitor:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
-
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-dispatcher:
       limits:
-        memory: 10Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.events-dispatcher.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-dispatcher:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.events-dispatcher.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-dispatcher:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
+## **sysdig.resources.events-forwarder-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api containers<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder-api:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
+## **sysdig.resources.events-forwarder-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api containers<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder-api:
       limits:
         memory: 500Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
+## **sysdig.resources.events-forwarder-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
+## **sysdig.resources.events-forwarder-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api containers<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api:
+    events-forwarder-api:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
+## **sysdig.resources.events-forwarder.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-forwarder:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
+## **sysdig.resources.events-forwarder.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 256Mi  |
-| medium     | 256Mi  |
-| large      | 256Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-forwarder:
       limits:
-        memory: 256Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
+## **sysdig.resources.events-forwarder.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  100m  |
-| medium     |  100m  |
-| large      |  100m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-forwarder:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
+## **sysdig.resources.events-forwarder.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api-pg-migrate:
+    events-forwarder:
       requests:
-        memory: 50Mi
+        memory:  50Mi
 ```
 
-## **sysdig.resources.reporting-init.limits.cpu**
+## **sysdig.resources.events-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-init pods<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.reporting-init.limits.memory**
+## **sysdig.resources.events-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-init pods<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       limits:
-        memory: 256Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.reporting-init.requests.cpu**
+## **sysdig.resources.events-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-init pods<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.reporting-init.requests.memory**
+## **sysdig.resources.events-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-init pods<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -5577,4532 +5250,1697 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.reporting-api.limits.cpu**
+## **sysdig.restrictPasswordLogin**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1500m    |
-| medium       | 1500m    |
-| large        | 1500m    |
-
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      limits:
-        cpu: 1500m
+  restrictPasswordLogin: true
 ```
 
-## **sysdig.resources.reporting-api.limits.memory**
+## **sysdig.rsyslogVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-api pods<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1536Mi   |
-| medium       | 1536Mi   |
-| large        | 1536Mi   |
-
+**Default**: 8.34.0.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      limits:
-        memory: 1536Mi
+  rsyslogVersion: 8.34.0.7
 ```
 
-## **sysdig.resources.reporting-api.requests.cpu**
+## **sysdig.smtpFromAddress**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-api pods<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      requests:
-        cpu: 200m
+  smtpFromAddress: from-address@my-company.com
 ```
 
-## **sysdig.resources.reporting-api.requests.memory**
+## **sysdig.smtpPassword**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-api pods<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      requests:
-        memory: 256Mi
+  smtpPassword: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.reporting-worker.limits.cpu**
+## **sysdig.smtpProtocolSSL**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2        |
-| medium       | 2        |
-| large        | 2        |
-
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      limits:
-        cpu: 2
+  smtpProtocolSSL: true
 ```
 
-## **sysdig.resources.reporting-worker.limits.memory**
+## **sysdig.smtpProtocolTLS**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 16Gi     |
-| medium       | 16Gi     |
-| large        | 16Gi     |
-
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      limits:
-        memory: 16Gi
+  smtpProtocolTLS: true
 ```
 
-## **sysdig.resources.reporting-worker.requests.cpu**
+## **sysdig.smtpServer**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
-
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      requests:
-        cpu: 200m
+  smtpServer: smtp.gmail.com
 ```
 
-## **sysdig.resources.reporting-worker.requests.memory**
+## **sysdig.smtpServerPort**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 10Gi     |
-| medium       | 10Gi     |
-| large        | 10Gi     |
-
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      requests:
-        memory: 10Gi
+  smtpServerPort: 587<br>
 ```
 
-## **sysdig.secure.scanning.reporting.debug**
+## **sysdig.smtpUser**
 **Required**: `false`<br>
-**Description**: Enable logging at debug level<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
 **Options**:<br>
-**Default**: false<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        debug: false
+  smtpUser: bob+alice@gmail.com<br>
 ```
 
-## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
+## **sysdig.tolerations**
 **Required**: `false`<br>
-**Description**: Reporting GRPC endpoint<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
 ```
 
-## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  anchoreCoreReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageDriver**
+## **sysdig.anchoreWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: Storage kind for generated reports<br>
-**Options**: postgres, fs, s3<br>
-**Default**: postgres<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageDriver: postgres
+  anchoreWorkerReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageCompression**
+## **sysdig.apiReplicaCount**
 **Required**: `false`<br>
-**Description**: Compression format for generated reports<br>
-**Options**: zip, gzip, none<br>
-**Default**: zip<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageCompression: zip
+  apiReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageFsDir**
+## **sysdig.cassandraReplicaCount**
 **Required**: `false`<br>
-**Description**: The directory where reports will saved (required when using `fs` driver)<br>
-**Options**: <br>
-**Default**: .<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageFsDir: /reports
+  cassandraReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
+## **sysdig.collectorReplicaCount**
 **Required**: `false`<br>
-**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
-**Options**: <br>
-**Default**: 1<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storagePostgresRetentionDays: 1
+  collectorReplicaCount: 7
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Bucket**
+## **sysdig.activityAuditWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Bucket: secure-scanning-reporting
+  activityAuditWorkerReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Prefix**
+## **sysdig.activityAuditApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Prefix: reports
+  activityAuditApiReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Endpoint**
+## **sysdig.policyAdvisorReplicaCount**
 **Required**: `false`<br>
-**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Endpoint: s3.example.com
+  policyAdvisorReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Region**
+## **sysdig.netsecApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Region: us-east-1
+  netsecApiReplicaCount: 1
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
+## **sysdig.netsecIngestReplicaCount**
 **Required**: `false`<br>
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
+  netsecIngestReplicaCount: 1
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-```
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
-## **sysdig.secure.scanning.reporting.workerSleepTime**
-**Required**: `false`<br>
-**Description**: The sleep interval between two runs of the reporting worker<br>
-**Options**: <br>
-**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        workerSleepTime: 120s
+  anchoreCoreReplicaCount: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.scanningApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: Number of Scanning API replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        cpu: 2
+  scanningApiReplicaCount: 3
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        memory: 10Mi
+  elasticsearchReplicaCount: 20
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.workerReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        cpu: 2
+  workerReplicaCount: 7
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.alerterReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        memory: 200Mi
+  alerterReplicaCount: 7
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.eventsGathererReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        cpu: 1
+  eventsGathererReplicaCount: 2
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.eventsAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        memory: 1Gi
+  eventsAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.eventsDispatcherReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        cpu: 300m
+  eventsDispatcherReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.eventsForwarderReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        memory: 1Gi
+  eventsForwarderReplicaCount: 2
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.eventsForwarderAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        cpu: 1
+  eventsForwarderAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
-
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 4Gi
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.admin.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    netsec-ingest:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.netsec-ingest.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
-
-**Example**:
+**Default**:<br>
+**Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 2Gi
+  admin:
+    password: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.api.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        cpu: 1
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+## **sysdig.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        memory: 1Gi
+  certificate:
+    generate: true
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+## **sysdig.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        cpu: 1
+  certificate:
+    crt: certs/server.crt
 ```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+## **sysdig.certificate.key**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        memory: 1Gi
+  certificate:
+    key: certs/server.key
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.collector.dnsName**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        cpu: 2
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.collector.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.collector.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
+  collector:
+    certificate:
+      generate: true
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.collector.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        memory: 1Gi
+  collector:
+    certificate:
+      crt: certs/collector.crt
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.collector.certificate.key**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        cpu: 2
+  collector:
+    certificate:
+      key: certs/collector.key
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.activity-audit-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.activity-audit-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.activity-audit-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.profiling-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.profiling-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.secure-overview-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-overview-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.secure-overview-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-overview-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        memory: 512Mi
-```
-
-## **sysdig.resources.secure-prometheus.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-prometheus.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        memory: 8Gi
-```
-
-## **sysdig.resources.secure-prometheus.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-prometheus.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        memory: 2Gi
-```
-
-## **sysdig.resources.events-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-gatherer.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.events-gatherer.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.events-gatherer.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-gatherer.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-dispatcher.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-dispatcher.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        memory:  50Mi
-```
-
-## **sysdig.resources.events-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.events-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.restrictPasswordLogin**
-**Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  restrictPasswordLogin: true
-```
-
-## **sysdig.rsyslogVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
-**Options**:<br>
-**Default**: 8.34.0.7<br>
-**Example**:
-
-```yaml
-sysdig:
-  rsyslogVersion: 8.34.0.7
-```
-
-## **sysdig.smtpFromAddress**
-**Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpFromAddress: from-address@my-company.com
-```
-
-## **sysdig.smtpPassword**
-**Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.smtpProtocolSSL**
-**Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolSSL: true
-```
-
-## **sysdig.smtpProtocolTLS**
-**Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolTLS: true
-```
-
-## **sysdig.smtpServer**
-**Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServer: smtp.gmail.com
-```
-
-## **sysdig.smtpServerPort**
-**Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServerPort: 587<br>
-```
-
-## **sysdig.smtpUser**
-**Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpUser: bob+alice@gmail.com<br>
-```
-
-## **sysdig.tolerations**
-**Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 5
-```
-
-## **sysdig.anchoreAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore API replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreAPIReplicaCount: 4
-```
-
-## **sysdig.anchoreCatalogReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCatalogReplicaCount: 4
-```
-
-## **sysdig.anchorePolicyEngineReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchorePolicyEngineReplicaCount: 4
-```
-
-## **sysdig.anchoreWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreWorkerReplicaCount: 5
-```
-
-## **sysdig.apiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  apiReplicaCount: 5
-```
-
-## **sysdig.cassandraReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  cassandraReplicaCount: 20
-```
-
-## **sysdig.collectorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  collectorReplicaCount: 7
-```
-
-## **sysdig.activityAuditWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditWorkerReplicaCount: 20
-```
-
-## **sysdig.activityAuditApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditApiReplicaCount: 20
-```
-
-## **sysdig.policyAdvisorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  policyAdvisorReplicaCount: 20
-```
-
-## **sysdig.scanningAdmissionControllerAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of scanning Admission Controller API replicas, this is
-a noop for clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningAdmissionControllerAPIReplicaCount: 1
-```
-
-## **sysdig.netsecApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecApiReplicaCount: 1
-```
-
-## **sysdig.netsecIngestReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecIngestReplicaCount: 1
-```
-## **sysdig.netsecCommunicationShards**
-**Required**: `false`<br>
-**Description**: Number of Netsec communications index shards.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 3     |
-| medium       | 9     |
-| large        | 15    |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecCommunicationShards: 5
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 2
-```
-
-## **sysdig.scanningApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningApiReplicaCount: 3
-```
-
-## **sysdig.elasticsearchReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchReplicaCount: 20
-```
-
-## **sysdig.workerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  workerReplicaCount: 7
-```
-
-## **sysdig.alerterReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
-## **sysdig.eventsGathererReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsGathererReplicaCount: 2
-```
-
-## **sysdig.eventsAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsAPIReplicaCount: 1
-```
-
-## **sysdig.eventsDispatcherReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsDispatcherReplicaCount: 1
-```
-
-## **sysdig.eventsForwarderReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderReplicaCount: 2
-```
-
-## **sysdig.eventsForwarderAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderAPIReplicaCount: 1
-```
-
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
-```
-
-## **sysdig.admin.password**
-**Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.api.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
-```
-
-## **sysdig.certificate.generate**
-**Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    generate: true
-```
-
-## **sysdig.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    crt: certs/server.crt
-```
-
-## **sysdig.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    key: certs/server.key
-```
-
-## **sysdig.collector.dnsName**
-**Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
-```
-
-## **sysdig.collector.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.collector.certificate.generate**
-**Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      generate: true
-```
-
-## **sysdig.collector.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
-```
-
-## **sysdig.collector.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
-```
-## **sysdig.worker.enabled**
-**Required**: `false`<br>
-**Description**: Enables Sysdig Worker component<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    enabled: true
-```
-
-## **sysdig.worker.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **agent.apiKey**
-**Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  apiKey: replace_with_your_monitor_access_key
-```
-
-## **agent.appChecks.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    settings:
-      limit: 1500
-```
-
-## **agent.collectorEndpoint**
-**Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
-```
-
-## **agent.collectorPort**
-**Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
-**Example**:
-
-```yaml
-agent:
-  collectorPort: 6443
-```
-
-## **agent.namespace**
-**Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
-**Options**: <br>
-**Default**: `agent`<br>
-**Example**:
-
-```yaml
-agent:
-  namespace: sysdig-agent
-```
-
-## **agent.useSlim**
-**Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  useSlim: true
-```
-
-## **agent.version**
-**Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
-**Options**: <br>
-**Default**: `latest`<br>
-**Example**:
-
-```yaml
-agent:
-  version: 1.10.1
-```
-
-## **agent.useSSL**
-**Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  useSSL: false
-```
-
-## **agent.verifySSL**
-**Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  verifySSL: false
-```
-
-## **agent.clusterName**
-**Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
-**Example**:
-
-```yaml
-agent:
-  clusterName: false
-```
-
-## **agent.tags**
-**Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  tags: environment:production linux:ubuntu
-```
-
-## **agent.capturesEnabled**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  capturesEnabled: false
-```
-
-## **agent.feature_mode**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
-**Example**:
-
-```yaml
-agent:
-  feature_mode: troubleshooting
-```
-
-## **agent.timezone**
-**Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  timezone: America/New_York.
-```
-
-## **agent.proxy.httpProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
-```
-
-## **agent.proxy.httpsProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
-```
-
-## **agent.proxy.noProxy**
-**Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
-```
-
-## **agent.snaplenPortRange.start**
-**Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.snaplenPortRange.end**
-**Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.customKernelModules.enabled**
-**Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  customKernelModules:
-    enabled: true
-```
-
-## **agent.secure.enabled**
-**Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    enabled: true
-```
-
-## **agent.secure.commandLineCapturesEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    commandLineCapturesEnabled: true
-```
-
-## **agent.secure.memoryDumpEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    memoryDumpEnabled: true
-```
-
-## **agent.secure.settings.k8sAuditServerURL**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
-```
-
-## **agent.secure.settings.k8sAuditServerPort**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
-```
-
-## **agent.prometheus.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    enabled: true
-```
-
-## **agent.prometheus.settings.interval**
-**Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
-```
-
-## **agent.prometheus.settings.logErrors**
-**Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
-```
-
-## **agent.prometheus.settings.maxMetrics**
-**Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
-```
-
-## **agent.prometheus.settings.maxMetricsPerProcess**
-**Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
-```
-
-## **agent.prometheus.settings.maxTagsPerMetric**
-**Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
-```
-
-## **agent.prometheus.settings.histograms**
-**Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      histograms: 3000
-```
-
-## **agent.statsd.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    enabled: true
-```
-
-## **agent.statsd.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
-```
-
-## **agent.jmx.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    enabled: true
-```
-
-## **agent.jmx.settings.limit**
-**Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    settings:
-      limit: 1000
-```
-
-## **agent.ebpf.enabled**
-**Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    enabled: true
-```
-
-## **agent.ebpf.settings.mountEtcVolume**
-**Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
-```
-
-## **agent.appChecks.elasticsearch.authEnabled**
-**Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
-```
-
-## **agent.appChecks.elasticsearch.url**
-**Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
-```
-
-## **agent.appChecks.elasticsearch.port**
-**Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
-```
-
-## **agent.appChecks.elasticsearch.username**
-**Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
-```
-
-## **agent.appChecks.elasticsearch.password**
+## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **sysdig.alerter.jvmOptions**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enabled: true
+  apiKey: replace_with_your_monitor_access_key
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
   appChecks:
-    kafka:
-      arg: Kafka.kafka
+    settings:
+      limit: 1500
 ```
 
-## **agent.appChecks.kafka.url**
+## **agent.collectorEndpoint**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
 ```
 
-## **agent.appChecks.kafka.port**
+## **agent.collectorPort**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: Sysdig Colletor TCP Port.<br>
 **Options**: `1024-65535`<br>
-**Default**: <br>
+**Default**: `6443`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      port: 9200
+  collectorPort: 6443
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **agent.namespace**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
 **Options**: <br>
-**Default**: <br>
+**Default**: `agent`<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+agent:
+  namespace: sysdig-agent
 ```
 
-## **agent.appChecks.kafka.zk.port**
+## **agent.useSlim**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+  useSlim: true
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
+  version: 1.10.1
 ```
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+  useSSL: false
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **agent.verifySSL**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      enabled: true
+  verifySSL: false
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **agent.clusterName**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+  clusterName: false
 ```
 
-## **agent.appChecks.mysql.user**
+## **agent.tags**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+  tags: environment:production linux:ubuntu
 ```
 
-## **agent.appChecks.mysql.password**
+## **agent.capturesEnabled**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Description**: TBD.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+  capturesEnabled: false
 ```
 
-## **agent.resources.limits.cpu**
+## **agent.feature_mode**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
-
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      cpu: 2
+  feature_mode: troubleshooting
 ```
 
-## **agent.resources.limits.memory**
+## **agent.timezone**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
-
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      memory: 2
+  timezone: America/New_York.
 ```
 
-## **agent.resources.requests.cpu**
+## **agent.proxy.httpProxy**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
-
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      cpu: 2
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
 ```
 
-## **agent.resources.requests.memory**
+## **agent.proxy.httpsProxy**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
-
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      memory: 2
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **agent.proxy.noProxy**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
-
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+  proxy:
+    noProxy: your-awesome-no-proxy.com
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **agent.snaplenPortRange.start**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **agent.snaplenPortRange.end**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
-**Options**:<br>
-**Default**: ""<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+agent:
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
+## **agent.customKernelModules.enabled**
 **Required**: `false`<br>
-**Description**: Max duration after the last ping from an AC before it is considered
-disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
-**Options**:<br>
-**Default**: 10m<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        maxDurationBeforeDisconnection: 20m
+agent:
+  customKernelModules:
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
+## **agent.secure.enabled**
 **Required**: `false`<br>
-**Description**: TTL of the cache for the cluster configuration. It should be
-used by the AC as polling interval to retrieve the updated cluster configuration
-from the API. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    scanning:
-      admissionControllerAPI:
-        confTTLDuration: 10m
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
+## **agent.secure.commandLineCapturesEnabled**
 **Required**: `false`<br>
-**Description**: TTL of an AC ping. It should be used by the AC as polling
-interval to perform a HEAD on the ping endpoint to notify it's still alive and
-connected. It cannot be greater than 30m and it cannot be greater than
-maxDurationBeforeDisconnection<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    scanning:
-      admissionControllerAPI:
-        pingTTLDuration: 8m
+    commandLineCapturesEnabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
+## **agent.secure.memoryDumpEnabled**
 **Required**: `false`<br>
-**Description**: Max duration of the cluster configuration cache. The API returns
-this value as max-age in seconds and the FE uses it for caching the cluster
-configuration. FE also asks for a new cluster configuration using this value
-as time interval. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    scanning:
-      admissionControllerAPI:
-        clusterConfCacheMaxDuration: 9m
+    memoryDumpEnabled: true
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **agent.secure.settings.k8sAuditServerURL**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
-**Options**:<br>
-**Default**: "5"<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
 ```
 
-## **sysdig.scanningAlertMgrForceAutoScan**
+## **agent.secure.settings.k8sAuditServerPort**
 **Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
-**Options**:<br>
-**Default**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAlertMgrForceAutoScan: false
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **agent.prometheus.enabled**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
-**Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+agent:
+  prometheus:
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+## **agent.prometheus.settings.interval**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
-**Options**:<br>
-**Default**: "disable"<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+agent:
+  prometheus:
+    settings:
+      interval: 30
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+## **agent.prometheus.settings.logErrors**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+agent:
+  prometheus:
+    settings:
+      logErrors: true
 ```
 
-
-## **sysdig.metadataService.enabled**
+## **agent.prometheus.settings.maxMetrics**
 **Required**: `false`<br>
-**Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataService:
-    enabled: true
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
 ```
 
-## **sysdig.resources.metadataService.limits.cpu**
+## **agent.prometheus.settings.maxMetricsPerProcess**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        cpu: 2
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
 ```
 
-## **sysdig.resources.metadataService.limits.memory**
+## **agent.prometheus.settings.maxTagsPerMetric**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        memory: 10Mi
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
 ```
 
-## **sysdig.resources.metadataService.requests.cpu**
+## **agent.prometheus.settings.histograms**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
 
+## **agent.statsd.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        cpu: 2
+agent:
+  statsd:
+    enabled: true
 ```
 
-## **sysdig.resources.metadataService.requests.memory**
+## **agent.statsd.settings.limit**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        memory: 200Mi
+agent:
+  statsd:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.metadataServiceReplicaCount**
+## **agent.jmx.enabled**
 **Required**: `false`<br>
-**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
-
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceReplicaCount: 4
+agent:
+  jmx:
+    enabled: true
 ```
 
-## **sysdig.metadataServiceVersion**
+## **agent.jmx.settings.limit**
 **Required**: `false`<br>
-**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 1.0.1.1<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceVersion: 1.0.1.12
+agent:
+  jmx:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.helmRenderer.enabled**
+## **agent.ebpf.enabled**
 **Required**: `false`<br>
-**Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRenderer:
+agent:
+  ebpf:
     enabled: true
 ```
 
-## **sysdig.resources.helmRenderer.limits.cpu**
+## **agent.ebpf.settings.mountEtcVolume**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        cpu: 2
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
 ```
 
-## **sysdig.resources.helmRenderer.limits.memory**
+## **agent.appChecks.elasticsearch.authEnabled**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        memory: 10Mi
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
 ```
 
-## **sysdig.resources.helmRenderer.requests.cpu**
+## **agent.appChecks.elasticsearch.url**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        cpu: 2
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
 ```
 
-## **sysdig.resources.helmRenderer.requests.memory**
+## **agent.appChecks.elasticsearch.port**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        memory: 200Mi
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
 ```
 
-## **sysdig.helmRendererReplicaCount**
+## **agent.appChecks.elasticsearch.username**
 **Required**: `false`<br>
-**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
+```
 
+## **agent.appChecks.elasticsearch.password**
+**Required**: `false`<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRendererReplicaCount: 4
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **sysdig.helmRendererVersion**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 0.1.32<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRendererVersion: 0.1.32
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **sysdig.secure.activityAudit.enabled**
-**Required**: `false`<br>
-**Description**: Enable activity audit for Sysdig secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    activityAudit:
+agent:
+  appChecks:
+    kafka:
       enabled: true
 ```
 
-## **sysdig.secure.activityAudit.janitor.retentionDays**
-**Required**: `false`<br>
-**Description**: Retention period for Activity Audit data.<br>
-**Options**:<br>
-**Default**: 90<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    activityAudit:
-      janitor:
-        retentionDays: 90
+agent:
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **sysdig.secure.anchore.enabled**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: Enable anchore for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    anchore:
-      enabled: true
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **sysdig.secure.compliance.enabled**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: Enable compliance for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    compliance:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **sysdig.secure.netsec.enabled**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: Enable netsec for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    netsec:
-      enabled: true
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **sysdig.secure.overview.enabled**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: Enable overview for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    overview:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **sysdig.secure.padvisor.enabled**
-**Required**: `false`<br>
-**Description**: Enable policy advisor for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    padvisor:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **sysdig.secure.profiling.enabled**
-**Required**: `false`<br>
-**Description**: Enable profiling for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    profiling:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **sysdig.secure.scanning.reporting.enabled**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: Enable reporting for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Whether to enable mysql app check.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        enabled: true
+agent:
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **sysdig.secure.scanning.enabled**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Enable scanning for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **sysdig.secure.events.enabled**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: Enable events for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    events:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **sysdig.secure.eventsForwarder.enabled**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: Enable events forwarder for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    eventsForwarder:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.cpu**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        cpu: 1
+    limits:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.memory**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rapid-response-connector pods<br>
+**Description**:  The amount of memory assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        memory: 500Mi
+    limits:
+      memory: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.cpu**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        cpu: 250m
+    requests:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.memory**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        memory: 50Mi
+    requests:
+      memory: 2
 ```
 
-## **sysdig.rapidResponseConnectorReplicaCount**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: Number of Sysdig rapid-response-connector replicas.<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
 **Example**:
 
 ```yaml
-sysdig:
-  rapidResponseConnectorReplicaCount: 1
+agent:
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **sysdig.secure.rapidResponse.enabled**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: Whether to deploy rapid response or not.<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
 **Options**:<br>
-**Default**: false<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      enabled: false
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
 
-## **sysdig.secure.rapidResponse.validationCodeLength**
-**Required**: `false`<br>
-**Description**: Length of mfa validation code sent via e-mail.<br>
-**Options**:<br>
-**Default**: 6<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      validationCodeLength: 8
+agent:
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
 **Options**:<br>
-**Default**: 180<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      validationCodeSecondsDuration: 8
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Global duration of session in seconds.<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
 **Options**:<br>
-**Default**: 7200<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      sessionTotalSecondsTTL: 7200
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-
-## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Idle duration of session in seconds.<br>
+**Description**: Cronjob schedule<br>
 **Options**:<br>
-**Default**: 300<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    rapidResponse:
-      sessionIdleSecondsTTL: 300
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-
-## **sysdig.secure.scanning.feedsEnabled**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
+
 ```yaml
 sysdig:
   secure:
-    scanning:
-      feedsEnabled: true
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **sysdig.feedsAPIVersion**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: Sets feeds API version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
-```yaml
-sysdig:
-  feedsAPIVersion: 0.5.0
-```
 
-## **sysdig.feedsDBVersion**
-**Required**: `false`<br>
-**Description**: Sets feeds database version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
-**Example**:
 ```yaml
 sysdig:
-  feedsDBVersion: 0.5.0-2020-03-11
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```

From 8f7e65df45cfb8a00154bf9302b44d9027ea336b Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 14 Dec 2021 16:23:47 +0000
Subject: [PATCH 091/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 +
 installer/docs/configuration_parameters.md | 7272 +++++++++++++-------
 3 files changed, 4940 insertions(+), 2384 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 045d019d..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [sysdigcloud-kubernetes releases
-  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
+  [installer releases
+  page](https://github.com/draios/installer/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.6.3-1-uber
+  docker pull quay.io/sysdig/installer:3.5.1-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.6.3-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 8c5de38a..6617e8ba 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,3 +104,47 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
+
+## Airgapped installations
+
+### Method for automatically updating the feeds database in airgapped environments
+This is a procedure that can be used to automatically update the feeds database:
+
+1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
+2. move the file from the jumpbox server to the customer airgapped environment (optional)
+3. load the image file and push it to the customer's airgapped image registry
+4. restart the pod sysdigcloud-feeds-db
+5. restart the pod feeds-api
+
+Finally, steps 1 to 5 will be performed periodically once a day.
+
+This is an example script that contains all the steps:
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/vuln-feed-database:latest
+# Save image
+docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
+# Optionally move image
+mv vuln-feed-database.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
+ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
+# Restart database pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
+# Restart feeds-api pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
+```
+
+The script can be scheduled using a cron job that run every day
+```bash
+0 8 * * * feeds-database-update.sh >/dev/null 2>&1
+```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 2bdc1b80..57e417cd 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`
+**Required**: `false`<br>
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -666,6 +666,51 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
+## **pvStorageSize.large.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    nats: 10Gi
+```
+
+## **pvStorageSize.medium.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    nats: 10Gi
+```
+
+## **pvStorageSize.small.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    nats: 10Gi
+```
+
 ## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Activity Audit services.<br>
@@ -675,7 +720,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.6.3.10985
+  activityAuditVersion: 4.0.6.10981
 ```
 
 ## **sysdig.profilingVersion**
@@ -687,19 +732,19 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 3.6.3.10985
+  profilingVersion: 4.0.6.10981
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.6.1.2<br>
+**Default**: 0.8.1.30<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.8
+  anchoreVersion: 0.8.1.30
 ```
 
 ## **sysdig.accessKey**
@@ -715,6 +760,19 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
+## **sysdig.awsRegion**
+**Required**: `false`<br>
+**Description**: The AWS (or AWS compatible) region to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  awsRegion: my_aws_region
+```
+
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -772,7 +830,7 @@ sysdig:
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**:<br>
+**Options**: <br>
 **Default**: 2.1.21.13<br>
 **Example**:
 
@@ -781,6 +839,31 @@ sysdig:
   cassandraVersion: 2.1.21.16
 ```
 
+## **sysdig.cassandra.useCassandra3**
+**Required**: `false`<br>
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    useCassandra3: false
+```
+
+## **sysdig.Cassandra3Version**
+**Required**: `false`<br>
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
+**Options**: <br>
+**Default**: `3.11.7.0`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra3Version: 3.11.7.0
+```
+
 ## **sysdig.cassandra.external**
 **Required**: `false`<br>
 **Description**: If set does not create a local Cassandra cluster, tries connecting to an external Cassandra cluster.
@@ -813,7 +896,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`false`<br>
+**Default**:`true`<br>
 **Example**:
 
 ```yaml
@@ -825,9 +908,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. <br>
+**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -917,7 +1000,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `-Xms4g -Xmx4g`<br>
 **Example**:
 
 ```yaml
@@ -971,22 +1054,31 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
+   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
+PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
+in the same level as `values.yaml`.<br>
 
-This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
+certs/custom-java-certs/certificate3.p12
+certs/custom-java-certs/certificate3.p12.passwd
+
+
 values.yaml
 ```
 
@@ -1022,14 +1114,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch 6.<br>
+**Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
 **Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 6.8.6.6
+  elasticsearch6Version: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1141,12 +1233,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.3.10985<br>
+**Default**: 4.0.6.10981<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.6.3.10985
+  monitorVersion: 4.0.6.10981
 ```
 
 ## **sysdig.scanningVersion**
@@ -1156,12 +1248,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.3.10985<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.6.3.10985
+  scanningVersion: 4.0.6.10981
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1171,12 +1263,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.3.10985<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.6.3.10985
+  sysdigAPIVersion: 4.0.6.10981
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1186,12 +1278,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.3.10985<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.6.3.10985
+  sysdigCollectorVersion: 4.0.6.10981
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1201,12 +1293,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.3.10985<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.6.3.10985
+  sysdigWorkerVersion: 4.0.6.10981
 ```
 
 ## **sysdig.enableAlerter**
@@ -1224,6 +1316,75 @@ sysdig:
   enableAlerter: true
 ```
 
+## **sysdig.alertingSystem.enabled**
+**Required**: `false`<br>
+**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    enabled: true
+```
+
+## **sysdig.alertingSystem.alertManager.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertManager.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifier.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertNotifier.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      apiToken: A_VALID_TOKEN
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1298,8 +1459,7 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster
-instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1428,6 +1588,36 @@ sysdig:
       enabled: true
 ```
 
+## **sysdig.nats.secure.username**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS username<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS password<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1521,1185 +1711,1146 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.mysqlToPostgresMigrationVersion**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
 **Options**:<br>
-**Default**: [] <br>
-
+**Default**: 1.2.5-mysql-to-postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.postgresql.rootUser**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: Root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Default**: `postgres`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
+  postgresql:
+    rootUser: postgres
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.postgresql.rootDb**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: Root database of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `false`<br>
-
+**Default**: `anchore`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  postgresql:
+    rootDb: anchore
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.postgresql.rootPassword**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: Password for the root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**:<br>
-
+**Default**: Autogenerated 16 alphanumeric characters<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  postgresql:
+    rootPassword: my_root_password
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.postgresql.primary**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
-**Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  postgresql:
+    primary: true
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.postgresql.external**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**:<br>
-**Default**:<br>
-
+**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  postgresql:
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+    sysdig:
+      host: my-sysdig-db-external.com
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**: [] <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
-
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.postgresDatabases.anchore**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**:<br>
-**Default**:<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
-```
-## **sysdig.slack.client.id**
-**Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `awesomeclientid`<br>
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.profiling**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `awesomeclientsecret`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.postgresDatabases.scanning**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `incoming-webhook`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.postgresDatabases.reporting**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  postgresql:
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.postgresDatabases.padvisor**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.postgresDatabases.sysdig**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerEnabled: true
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.inactivitySettings.trackerTimeout**
+## **sysdig.postgresDatabases.serviceOwnerManagement**
 **Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    serviceOwnerManagement:
+      host: my-som-db-external.com
+      port: 5432
+      db: som_db
+      username: som_user
+      password: my_som_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
-
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    beacon:
+      host: my-beacon-db-external.com
+      port: 5432
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
+## **sysdig.postgresDatabases.quartz**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
+
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    quartz:
+      host: my-quartz-db-external.com
+      port: 5432
+      db: quartz_db
+      username: quartz_user
+      password: my_quartz_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.postgresDatabases.compliance**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
-**Options**:<br>
-**Default**: 4.0.12.7<br>
+**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  postgresql:
+    external: true
+  postgresDatabases:
+    compliance:
+      host: my-compliance-db-external.com
+      port: 5432
+      db: compliance_db
+      username: compliance_user
+      password: my_compliance_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.postgresDatabases.admissionController**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
-**Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
+**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12-1.0.1
+  postgresql:
+    external: true
+  postgresDatabases:
+    admissionController:
+      host: my-admission-controller-db-external.com
+      port: 5432
+      db: admission_controller_db
+      username: admission_controller_user
+      password: my_admission_controller_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.redisHa**
+## **sysdig.postgresDatabases.rapidResponse**
 **Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHa: false
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-rapid-response-db-external.com
+      port: 5432
+      db: rapid_response_db
+      username: rapid_response_user
+      password: my_rapid_response_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
-| large        | 4Gi      |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        cpu: 2
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        memory: 8Gi
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        cpu: 2
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        memory: 2Gi
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        cpu: 2
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
-
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.saml.certificate.name**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: The filename of the certificate that will be used for signing SAML requests. 
+The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
+the certificate name used when creating the certificate.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        memory: 8Gi
+  saml:
+    certificate:
+      name: saml-cert.p12
 ```
-
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.saml.certificate.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The password required to read the certificate that will be used for signing SAML requests. 
+If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        cpu: 2
+  saml:
+    certificate:
+      name: saml-cert.p12
+      password: changeit
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        memory: 2Gi
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 4      |
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        cpu: 2
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 8Gi    |
 
+## **sysdig.secure.anchore.customCerts**
+**Required**: `false`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        memory: 8Gi
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.secure.anchore.enableMetrics**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+**Description**:
+Allow Anchore to export prometheus metrics.
 
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        cpu: 2
+  secure:
+    anchore:
+      enableMetrics: true
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
-
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        memory: 2Gi
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        cpu: 2
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
 
+```yaml
+sysdig:
+  redisHa: false
+```
 
+## **sysdig.useRedis6**
+**Required**: `false`<br>
+**Description**: Determines if redis should be installed with version 6.x<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        memory: 1Gi
+  useRedis6: false
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.redis6Version**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: Docker image tag of Redis 6, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
-
+**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        cpu: 2
+  redis6Version: 6.0.10.1
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.redis6SentinelVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: Docker image tag of Redis Sentinel, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
+**Default**: 6.0.10.1<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+```yaml
+sysdig:
+  redis6SentinelVersion: 6.0.10.1
+```
 
+## **sysdig.redis6ExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
+**Options**:<br>
+**Default**: 1.15.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        memory: 2Gi
+  redis6ExporterVersion: 1.15.1.1
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 8Gi      |
+| medium       | 8Gi      |
+| large        | 8Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       requests:
-        memory: 200Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: The amount of cpu assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api pods<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api pods<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api pods<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api pods<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2707,51 +2858,51 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| medium       | 4Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -2759,88 +2910,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -2848,88 +2999,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -2937,88 +3088,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3026,58 +3177,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3085,21 +3236,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3107,7 +3258,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3115,36 +3266,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3152,200 +3303,197 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.ingressControllerHaProxy.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 250Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       limits:
-        memory: 10Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.ingressControllerHaProxy.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 125m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.ingressControllerRsyslog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 50Mi   |
+| medium       | 100Mi  |
+| large        | 100Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m     |
+| medium       | 50m     |
+| large        | 50m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.ingressControllerRsyslog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 20Mi     |
+| medium       | 20Mi     |
+| large        | 20Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       requests:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3353,21 +3501,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3375,7 +3523,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3383,36 +3531,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3420,189 +3568,229 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
+## **sysdig.resources.apiNginx.limits.cpu**
 **Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
+**Description**: The amount of cpu assigned to nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 0 3 * * *<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
+  resources:
+    apiNginx:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.apiNginx.limits.memory**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of memory assigned to nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 23h<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
+  resources:
+    apiNginx:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+## **sysdig.resources.apiNginx.requests.cpu**
 **Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
+**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 168h<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    apiNginx:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.apiNginx.requests.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory required to schedule nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 1s<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
+  resources:
+    apiNginx:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+## **sysdig.resources.apiEmailRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    apiEmailRenderer:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.apiEmailRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: mysql<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
+  resources:
+    apiEmailRenderer:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
+## **sysdig.resources.apiEmailRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default value for the date policy<br>
+**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: 90<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
+  resources:
+    apiEmailRenderer:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+## **sysdig.resources.apiEmailRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
+**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: 5<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
-**Options**:<br>
-**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
+  resources:
+    apiEmailRenderer:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
-| large        | 1      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3610,88 +3798,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3699,88 +3887,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3788,36 +3976,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       requests:
-        cpu: 300m
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3825,141 +4013,141 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    anchore-core:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
+## **sysdig.resources.anchore-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    anchore-api:
       limits:
-        memory: 4Gi
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.resources.anchore-catalog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
-      requests:
-        cpu: 500m
+    anchore-catalog:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.requests.memory**
+## **sysdig.resources.anchore-policy-engine.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    anchore-policy-engine:
       limits:
-        memory: 2Gi
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    anchore-core:
       limits:
-        cpu: 1
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+
+## **sysdig.resources.anchore-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -3967,265 +4155,268 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    anchore-api:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+
+## **sysdig.resources.anchore-catalog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
-      requests:
-        cpu: 1
-```
+    anchore-catalog:
+      limits:
+        memory: 10Mi
+```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+
+## **sysdig.resources.anchore-policy-engine.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
-      requests:
-        memory: 1Gi
+    anchore-policy-engine:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
-      limits:
+    anchore-core:
+      requests:
         cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.resources.anchore-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
+    anchore-api:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    anchore-policy-engine:
       requests:
-        memory: 1Gi
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
-      limits:
-        cpu: 2
+    anchore-core:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
+## **sysdig.resources.anchore-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
+    anchore-api:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    anchore-policy-engine:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4233,88 +4424,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       limits:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4322,176 +4513,178 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       limits:
-        memory: 200Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-api.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-api.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4499,243 +4692,203 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-worker.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-overview-api.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**: 0 3 * * *<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
 ```
 
-## **sysdig.resources.secure-overview-api.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Description**: Max execution duration for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        memory: 1Gi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.secure-overview-api.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
+**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
 ```
 
-## **sysdig.resources.secure-overview-api.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Description**: Artifical delay after each image deletion<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
-
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        memory: 512Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.secure-prometheus.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.resources.secure-prometheus.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Description**: Scanning DB engine<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
-
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        memory: 8Gi
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.secure-prometheus.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
 ```
 
-## **sysdig.resources.secure-prometheus.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Description**: Default value for the tags policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 5<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        memory: 2Gi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
 ```
 
-## **sysdig.resources.events-api.limits.cpu**
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
+| small        | 300m   |
+| medium       | 500m   |
 | large        | 1      |
 
 **Example**:
@@ -4743,322 +4896,327 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-api.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-gatherer.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.events-gatherer.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Description**: The amount of memory assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.events-gatherer.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.events-gatherer.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    admission-controller-api:
       requests:
-        memory: 250Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.events-dispatcher.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-dispatcher.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Description**: The amount of memory assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 256Mi  |
+| medium     | 256Mi  |
+| large      | 256Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       limits:
-        memory: 250Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-dispatcher.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  100m  |
+| medium     |  100m  |
+| large      |  100m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       requests:
-        cpu: 250m
+        cpu: 100m
 ```
 
-## **sysdig.resources.events-dispatcher.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    admission-controller-api-pg-migrate:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.cpu**
+## **sysdig.resources.reporting-init.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Description**: The amount of cpu assigned to reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.memory**
+## **sysdig.resources.reporting-init.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Description**: The amount of memory assigned to reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       limits:
-        memory: 500Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.cpu**
+## **sysdig.resources.reporting-init.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Description**: The amount of cpu required to schedule reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       requests:
-        cpu: 250m
+        cpu: 100m
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.memory**
+## **sysdig.resources.reporting-init.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Description**: The amount of memory required to schedule reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
@@ -5073,1874 +5231,4228 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.events-forwarder.limits.cpu**
+## **sysdig.resources.reporting-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Description**: The amount of cpu assigned to reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1500m    |
+| medium       | 1500m    |
+| large        | 1500m    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       limits:
-        cpu: 1
+        cpu: 1500m
 ```
 
-## **sysdig.resources.events-forwarder.limits.memory**
+## **sysdig.resources.reporting-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Description**: The amount of memory assigned to reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1536Mi   |
+| medium       | 1536Mi   |
+| large        | 1536Mi   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       limits:
-        memory: 500Mi
+        memory: 1536Mi
 ```
 
-## **sysdig.resources.events-forwarder.requests.cpu**
+## **sysdig.resources.reporting-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Description**: The amount of cpu required to schedule reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       requests:
-        cpu: 250m
+        cpu: 200m
 ```
 
-## **sysdig.resources.events-forwarder.requests.memory**
+## **sysdig.resources.reporting-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Description**: The amount of memory required to schedule reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       requests:
-        memory:  50Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-janitor.limits.cpu**
+## **sysdig.resources.reporting-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Description**: The amount of cpu assigned to reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2        |
+| medium       | 2        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-janitor.limits.memory**
+## **sysdig.resources.reporting-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
+**Description**: The amount of memory assigned to reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 16Gi     |
+| medium       | 16Gi     |
+| large        | 16Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       limits:
-        memory: 200Mi
+        memory: 16Gi
 ```
 
-## **sysdig.resources.events-janitor.requests.cpu**
+## **sysdig.resources.reporting-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Description**: The amount of cpu required to schedule reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       requests:
-        cpu: 250m
+        cpu: 200m
 ```
 
-## **sysdig.resources.events-janitor.requests.memory**
+## **sysdig.resources.reporting-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Description**: The amount of memory required to schedule reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 10Gi     |
+| medium       | 10Gi     |
+| large        | 10Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       requests:
-        memory: 50Mi
+        memory: 10Gi
 ```
 
-## **sysdig.restrictPasswordLogin**
+## **sysdig.secure.scanning.reporting.debug**
 **Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable logging at debug level<br>
+**Options**:<br>
+**Default**: false<br>
 **Example**:
 
 ```yaml
 sysdig:
-  restrictPasswordLogin: true
+  secure:
+    scanning:
+      reporting:
+        debug: false
 ```
 
-## **sysdig.rsyslogVersion**
+## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
+**Description**: Reporting GRPC endpoint<br>
 **Options**:<br>
-**Default**: 8.34.0.7<br>
+**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  rsyslogVersion: 8.34.0.7
+  secure:
+    scanning:
+      reporting:
+        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
 ```
 
-## **sysdig.smtpFromAddress**
+## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpFromAddress: from-address@my-company.com
+  secure:
+    scanning:
+      reporting:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.smtpPassword**
+## **sysdig.secure.scanning.reporting.storageDriver**
 **Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Storage kind for generated reports<br>
+**Options**: postgres, fs, s3<br>
+**Default**: postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
+  secure:
+    scanning:
+      reporting:
+        storageDriver: postgres
 ```
 
-## **sysdig.smtpProtocolSSL**
+## **sysdig.secure.scanning.reporting.storageCompression**
 **Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: Compression format for generated reports<br>
+**Options**: zip, gzip, none<br>
+**Default**: zip<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolSSL: true
+  secure:
+    scanning:
+      reporting:
+        storageCompression: zip
 ```
 
-## **sysdig.smtpProtocolTLS**
+## **sysdig.secure.scanning.reporting.storageFsDir**
 **Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The directory where reports will saved (required when using `fs` driver)<br>
+**Options**: <br>
+**Default**: .<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolTLS: true
+  secure:
+    scanning:
+      reporting:
+        storageFsDir: /reports
 ```
 
-## **sysdig.smtpServer**
+## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
 **Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
+**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
 **Options**: <br>
-**Default**:<br>
+**Default**: 1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServer: smtp.gmail.com
+  secure:
+    scanning:
+      reporting:
+        storagePostgresRetentionDays: 1
 ```
 
-## **sysdig.smtpServerPort**
+## **sysdig.secure.scanning.reporting.storageS3Bucket**
 **Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
+**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServerPort: 587<br>
+  secure:
+    scanning:
+      reporting:
+        storageS3Bucket: secure-scanning-reporting
 ```
 
-## **sysdig.smtpUser**
+## **sysdig.secure.scanning.reporting.storageS3Prefix**
 **Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpUser: bob+alice@gmail.com<br>
+  secure:
+    scanning:
+      reporting:
+        storageS3Prefix: reports
 ```
 
-## **sysdig.tolerations**
+## **sysdig.secure.scanning.reporting.storageS3Endpoint**
 **Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
+  secure:
+    scanning:
+      reporting:
+        storageS3Endpoint: s3.example.com
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Region**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 5
+  secure:
+    scanning:
+      reporting:
+        storageS3Region: us-east-1
 ```
 
-## **sysdig.anchoreWorkerReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreWorkerReplicaCount: 5
+  secure:
+    scanning:
+      reporting:
+        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
 ```
 
-## **sysdig.apiReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
 **Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  apiReplicaCount: 5
+  secure:
+    scanning:
+      reporting:
+        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.cassandraReplicaCount**
+## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
+**Description**: The sleep interval between two runs of the reporting worker<br>
+**Options**: <br>
+**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraReplicaCount: 20
+  secure:
+    scanning:
+      reporting:
+        workerSleepTime: 120s
 ```
 
-## **sysdig.collectorReplicaCount**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  collectorReplicaCount: 7
+  resources:
+    policy-advisor:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.activityAuditWorkerReplicaCount**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditWorkerReplicaCount: 20
+  resources:
+    policy-advisor:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.activityAuditApiReplicaCount**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditApiReplicaCount: 20
+  resources:
+    policy-advisor:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.policyAdvisorReplicaCount**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  policyAdvisorReplicaCount: 20
+  resources:
+    policy-advisor:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.netsecApiReplicaCount**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  netsecApiReplicaCount: 1
+  resources:
+    netsec-api:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.netsecIngestReplicaCount**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  netsecIngestReplicaCount: 1
+  resources:
+    netsec-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 2
+  resources:
+    netsec-api:
+      requests:
+        cpu: 300m
 ```
 
-## **sysdig.scanningApiReplicaCount**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  scanningApiReplicaCount: 3
+  resources:
+    netsec-api:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.elasticsearchReplicaCount**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchReplicaCount: 20
+  resources:
+    netsec-ingest:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.workerReplicaCount**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  workerReplicaCount: 7
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 4Gi
 ```
 
-## **sysdig.alerterReplicaCount**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  alerterReplicaCount: 7
+  resources:
+    netsec-ingest:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.eventsGathererReplicaCount**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsGathererReplicaCount: 2
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.eventsAPIReplicaCount**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsAPIReplicaCount: 1
+  resources:
+    netsec-janitor:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.eventsDispatcherReplicaCount**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsDispatcherReplicaCount: 1
+  resources:
+    netsec-janitor:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.eventsForwarderReplicaCount**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderReplicaCount: 2
+  resources:
+    netsec-janitor:
+      requests:
+        cpu: 1
 ```
 
-## **sysdig.eventsForwarderAPIReplicaCount**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderAPIReplicaCount: 1
+  resources:
+    netsec-janitor:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
+## **sysdig.resources.nats-streaming.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.admin.password**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.api.jvmOptions**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.certificate.generate**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    generate: true
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.certificate.crt**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    crt: certs/server.crt
+  resources:
+    activity-audit-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.certificate.key**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    key: certs/server.key
+  resources:
+    activity-audit-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.collector.dnsName**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
+  resources:
+    activity-audit-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.collector.jvmOptions**
+## **sysdig.resources.activity-audit-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.collector.certificate.generate**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      generate: true
+  resources:
+    activity-audit-worker:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.collector.certificate.crt**
+## **sysdig.resources.activity-audit-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.profiling-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.profiling-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.secure-overview-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-overview-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.secure-overview-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-overview-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
+```
+
+## **sysdig.resources.secure-prometheus.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-prometheus.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.secure-prometheus.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-prometheus.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.events-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-gatherer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.events-gatherer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.events-gatherer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-gatherer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-dispatcher.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-dispatcher.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        memory:  50Mi
+```
+
+## **sysdig.resources.events-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.events-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+**Required**: `false`<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+**Required**: `false`<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+**Required**: `false`<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+**Required**: `false`<br>
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br>
+```
+
+## **sysdig.smtpUser**
+**Required**: `false`<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br>
+```
+
+## **sysdig.tolerations**
+**Required**: `false`<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 5
+```
+
+## **sysdig.anchoreAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore API replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreAPIReplicaCount: 4
+```
+
+## **sysdig.anchoreCatalogReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCatalogReplicaCount: 4
+```
+
+## **sysdig.anchorePolicyEngineReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchorePolicyEngineReplicaCount: 4
+```
+
+## **sysdig.anchoreWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreWorkerReplicaCount: 5
+```
+
+## **sysdig.apiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  apiReplicaCount: 5
+```
+
+## **sysdig.cassandraReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandraReplicaCount: 20
+```
+
+## **sysdig.collectorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  collectorReplicaCount: 7
+```
+
+## **sysdig.activityAuditWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditWorkerReplicaCount: 20
+```
+
+## **sysdig.activityAuditApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditApiReplicaCount: 20
+```
+
+## **sysdig.policyAdvisorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  policyAdvisorReplicaCount: 20
+```
+
+## **sysdig.scanningAdmissionControllerAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of scanning Admission Controller API replicas, this is
+a noop for clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningAdmissionControllerAPIReplicaCount: 1
+```
+
+## **sysdig.netsecApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecApiReplicaCount: 1
+```
+
+## **sysdig.netsecIngestReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecIngestReplicaCount: 1
+```
+## **sysdig.netsecCommunicationShards**
+**Required**: `false`<br>
+**Description**: Number of Netsec communications index shards.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 9     |
+| large        | 15    |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecCommunicationShards: 5
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 2
+```
+
+## **sysdig.scanningApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Scanning API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningApiReplicaCount: 3
+```
+
+## **sysdig.elasticsearchReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchReplicaCount: 20
+```
+
+## **sysdig.workerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  workerReplicaCount: 7
+```
+
+## **sysdig.alerterReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
+## **sysdig.eventsGathererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsGathererReplicaCount: 2
+```
+
+## **sysdig.eventsAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsAPIReplicaCount: 1
+```
+
+## **sysdig.eventsDispatcherReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsDispatcherReplicaCount: 1
+```
+
+## **sysdig.eventsForwarderReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderReplicaCount: 2
+```
+
+## **sysdig.eventsForwarderAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderAPIReplicaCount: 1
+```
+
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
+```
+
+## **sysdig.admin.password**
+**Required**: `false`<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    password: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.api.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+```
+
+## **sysdig.certificate.generate**
+**Required**: `false`<br>
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    generate: true
+```
+
+## **sysdig.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    crt: certs/server.crt
+```
+
+## **sysdig.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    key: certs/server.key
+```
+
+## **sysdig.collector.dnsName**
+**Required**: `false`<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
+```
+
+## **sysdig.collector.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.collector.certificate.generate**
+**Required**: `false`<br>
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      generate: true
+```
+
+## **sysdig.collector.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
+```
+
+## **sysdig.collector.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
+```
+
+## **sysdig.worker.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  apiKey: replace_with_your_monitor_access_key
+```
+
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    settings:
+      limit: 1500
+```
+
+## **agent.collectorEndpoint**
+**Required**: `false`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
+```
+
+## **agent.collectorPort**
+**Required**: `false`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
+**Example**:
+
+```yaml
+agent:
+  collectorPort: 6443
+```
+
+## **agent.namespace**
+**Required**: `false`<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Options**: <br>
+**Default**: `agent`<br>
+**Example**:
+
+```yaml
+agent:
+  namespace: sysdig-agent
+```
+
+## **agent.useSlim**
+**Required**: `false`<br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  useSlim: true
+```
+
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
+**Example**:
+
+```yaml
+agent:
+  version: 1.10.1
+```
+
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  useSSL: false
+```
+
+## **agent.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  verifySSL: false
+```
+
+## **agent.clusterName**
+**Required**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
+**Example**:
+
+```yaml
+agent:
+  clusterName: false
+```
+
+## **agent.tags**
+**Required**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  tags: environment:production linux:ubuntu
+```
+
+## **agent.capturesEnabled**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  capturesEnabled: false
+```
+
+## **agent.feature_mode**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
+**Example**:
+
+```yaml
+agent:
+  feature_mode: troubleshooting
+```
+
+## **agent.timezone**
+**Required**: `false`<br>
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  timezone: America/New_York.
+```
+
+## **agent.proxy.httpProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
+```
+
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
+```
+
+## **agent.proxy.noProxy**
+**Required**: `false`<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
+```
+
+## **agent.snaplenPortRange.start**
+**Required**: `false`<br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.snaplenPortRange.end**
+**Required**: `false`<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.customKernelModules.enabled**
+**Required**: `false`<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  customKernelModules:
+    enabled: true
+```
+
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    enabled: true
+```
+
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    commandLineCapturesEnabled: true
+```
+
+## **agent.secure.memoryDumpEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    memoryDumpEnabled: true
+```
+
+## **agent.secure.settings.k8sAuditServerURL**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
+```
+
+## **agent.secure.settings.k8sAuditServerPort**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
+```
+
+## **agent.prometheus.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
+agent:
+  prometheus:
+    enabled: true
 ```
 
-## **sysdig.collector.certificate.key**
+## **agent.prometheus.settings.interval**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
+agent:
+  prometheus:
+    settings:
+      interval: 30
 ```
 
-## **sysdig.worker.jvmOptions**
+## **agent.prometheus.settings.logErrors**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  prometheus:
+    settings:
+      logErrors: true
 ```
 
-## **sysdig.alerter.jvmOptions**
+## **agent.prometheus.settings.maxMetrics**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
 ```
 
-## **agent.apiKey**
+## **agent.prometheus.settings.maxMetricsPerProcess**
 **Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  apiKey: replace_with_your_monitor_access_key
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
 ```
 
-## **agent.appChecks.settings.limit**
+## **agent.prometheus.settings.maxTagsPerMetric**
 **Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
+  prometheus:
     settings:
-      limit: 1500
+      maxTagsPerMetric: 20
 ```
 
-## **agent.collectorEndpoint**
+## **agent.prometheus.settings.histograms**
 **Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
+  prometheus:
+    settings:
+      histograms: 3000
 ```
 
-## **agent.collectorPort**
+## **agent.statsd.enabled**
 **Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  collectorPort: 6443
+  statsd:
+    enabled: true
 ```
 
-## **agent.namespace**
+## **agent.statsd.settings.limit**
 **Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
 **Options**: <br>
-**Default**: `agent`<br>
+**Default**: `100`<br>
 **Example**:
 
 ```yaml
 agent:
-  namespace: sysdig-agent
+  statsd:
+    settings:
+      limit: 1000
 ```
 
-## **agent.useSlim**
+## **agent.jmx.enabled**
 **Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  useSlim: true
+  jmx:
+    enabled: true
 ```
 
-## **agent.version**
+## **agent.jmx.settings.limit**
 **Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Description**: The total number of JMX metrics polled per host.<br>
 **Options**: <br>
-**Default**: `latest`<br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  version: 1.10.1
+  jmx:
+    settings:
+      limit: 1000
 ```
 
-## **agent.useSSL**
+## **agent.ebpf.enabled**
 **Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  useSSL: false
+  ebpf:
+    enabled: true
 ```
 
-## **agent.verifySSL**
+## **agent.ebpf.settings.mountEtcVolume**
 **Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  verifySSL: false
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
 ```
 
-## **agent.clusterName**
+## **agent.appChecks.elasticsearch.authEnabled**
 **Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  clusterName: false
+  appChecks:
+    elasticsearch:
+      authEnabled: true
 ```
 
-## **agent.tags**
+## **agent.appChecks.elasticsearch.url**
 **Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  tags: environment:production linux:ubuntu
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
 ```
 
-## **agent.capturesEnabled**
+## **agent.appChecks.elasticsearch.port**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  capturesEnabled: false
+  appChecks:
+    elasticsearch:
+      port: 9200
 ```
 
-## **agent.feature_mode**
+## **agent.appChecks.elasticsearch.username**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  feature_mode: troubleshooting
+  appChecks:
+    elasticsearch:
+      username: readonly
 ```
 
-## **agent.timezone**
+## **agent.appChecks.elasticsearch.password**
 **Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  timezone: America/New_York.
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **agent.proxy.httpProxy**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **agent.proxy.httpsProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enabled: true
+```
+
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **agent.proxy.noProxy**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **agent.snaplenPortRange.start**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **agent.snaplenPortRange.end**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
-**Default**: `0`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **agent.customKernelModules.enabled**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  customKernelModules:
-    enabled: true
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **agent.secure.enabled**
-**Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    enabled: true
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **agent.secure.commandLineCapturesEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    commandLineCapturesEnabled: true
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **agent.secure.memoryDumpEnabled**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Description**: Whether to enable mysql app check.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    memoryDumpEnabled: true
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **agent.secure.settings.k8sAuditServerURL**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **agent.secure.settings.k8sAuditServerPort**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **agent.prometheus.enabled**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    enabled: true
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **agent.prometheus.settings.interval**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
-**Example**:
+**Description**:  The amount of cpu assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
 
-## **agent.prometheus.settings.logErrors**
-**Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      logErrors: true
+  resources:
+    limits:
+      cpu: 2
 ```
 
-## **agent.prometheus.settings.maxMetrics**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
+**Description**:  The amount of memory assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
 
-## **agent.prometheus.settings.maxMetricsPerProcess**
-**Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
+  resources:
+    limits:
+      memory: 2
 ```
 
-## **agent.prometheus.settings.maxTagsPerMetric**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
-**Example**:
+**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
 
-## **agent.prometheus.settings.histograms**
-**Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      histograms: 3000
+  resources:
+    requests:
+      cpu: 2
 ```
 
-## **agent.statsd.enabled**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
+
 **Example**:
 
 ```yaml
 agent:
-  statsd:
-    enabled: true
+  resources:
+    requests:
+      memory: 2
 ```
 
-## **agent.statsd.settings.limit**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
-**Example**:
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
-## **agent.jmx.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  jmx:
-    enabled: true
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **agent.jmx.settings.limit**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
+
 **Example**:
 
 ```yaml
 agent:
-  jmx:
-    settings:
-      limit: 1000
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **agent.ebpf.enabled**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Options**:<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
-agent:
-  ebpf:
-    enabled: true
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **agent.ebpf.settings.mountEtcVolume**
+## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
 **Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Max duration after the last ping from an AC before it is considered
+disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
+**Options**:<br>
+**Default**: 10m<br>
 **Example**:
 
 ```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        maxDurationBeforeDisconnection: 20m
 ```
 
-## **agent.appChecks.elasticsearch.authEnabled**
+## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
 **Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: TTL of the cache for the cluster configuration. It should be
+used by the AC as polling interval to retrieve the updated cluster configuration
+from the API. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        confTTLDuration: 10m
 ```
 
-## **agent.appChecks.elasticsearch.url**
+## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
 **Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: TTL of an AC ping. It should be used by the AC as polling
+interval to perform a HEAD on the ping endpoint to notify it's still alive and
+connected. It cannot be greater than 30m and it cannot be greater than
+maxDurationBeforeDisconnection<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        pingTTLDuration: 8m
 ```
 
-## **agent.appChecks.elasticsearch.port**
+## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
 **Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Max duration of the cluster configuration cache. The API returns
+this value as max-age in seconds and the FE uses it for caching the cluster
+configuration. FE also asks for a new cluster configuration using this value
+as time interval. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        clusterConfCacheMaxDuration: 9m
 ```
 
-## **agent.appChecks.elasticsearch.username**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Options**:<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-## **agent.appChecks.elasticsearch.password**
+## **sysdig.scanningAlertMgrForceAutoScan**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Options**:<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+sysdig:
+  scanningAlertMgrForceAutoScan: false
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
+**Description**: Cronjob schedule<br>
+**Options**:<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+**Required**: `false`<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enabled: true
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+**Required**: `false`<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```
 
-## **agent.appChecks.kafka.url**
+
+## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: This creates a deployment for Metadata-Service
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+sysdig:
+  metadataService:
+    enabled: true
 ```
 
-## **agent.appChecks.kafka.port**
+## **sysdig.resources.metadataService.limits.cpu**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: The amount of cpu assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      port: 9200
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **sysdig.resources.metadataService.limits.memory**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
+**Description**: The amount of memory assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
-```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
-```
 
-## **agent.appChecks.kafka.zk.port**
-**Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+## **sysdig.resources.metadataService.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      enabled: true
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+sysdig:
+  metadataServiceReplicaCount: 4
 ```
 
-## **agent.appChecks.mysql.user**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+sysdig:
+  metadataServiceVersion: 1.0.1.12
 ```
 
-## **agent.appChecks.mysql.password**
+## **sysdig.secure.activityAudit.janitor.retentionDays**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Retention period for Activity Audit data.<br>
+**Options**:<br>
+**Default**: 90<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+sysdig:
+  secure:
+    activityAudit:
+      janitor:
+        retentionDays: 90
 ```
 
-## **agent.resources.limits.cpu**
+## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
+**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      cpu: 2
+    rapid-response-connector:
+      limits:
+        cpu: 1
 ```
 
-## **agent.resources.limits.memory**
+## **sysdig.resources.rapid-response-connector.limits.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
+**Description**: The amount of memory assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      memory: 2
+    rapid-response-connector:
+      limits:
+        memory: 500Mi
 ```
 
-## **agent.resources.requests.cpu**
+## **sysdig.resources.rapid-response-connector.requests.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      cpu: 2
+    rapid-response-connector:
+      requests:
+        cpu: 250m
 ```
 
-## **agent.resources.requests.memory**
+## **sysdig.resources.rapid-response-connector.requests.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
+**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      memory: 2
+    rapid-response-connector:
+      requests:
+        memory: 50Mi
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **sysdig.rapidResponseConnectorReplicaCount**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Description**: Number of Sysdig rapid-response-connector replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+sysdig:
+  rapidResponseConnectorReplicaCount: 1
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **sysdig.secure.rapidResponse.enabled**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Description**: Whether to deploy rapid response or not.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Default**: false<br>
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+sysdig:
+  secure:
+    rapidResponse:
+      enabled: false
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **sysdig.secure.rapidResponse.validationCodeLength**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Description**: Length of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: ""<br>
+**Default**: 6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+  secure:
+    rapidResponse:
+      validationCodeLength: 8
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: "5"<br>
+**Default**: 180<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+  secure:
+    rapidResponse:
+      validationCodeSecondsDuration: 8
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
+**Description**: Global duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Default**: 7200<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+    rapidResponse:
+      sessionTotalSecondsTTL: 7200
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+
+## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Description**: Idle duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "disable"<br>
+**Default**: 300<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+    rapidResponse:
+      sessionIdleSecondsTTL: 300
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+
+## **sysdig.secure.scanning.feedsEnabled**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
-**Example**:
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
+**Example**:
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+    scanning:
+      feedsEnabled: true
+```
+
+## **sysdig.feedsAPIVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds API version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsAPIVersion: 0.5.0
+```
+
+## **sysdig.feedsDBVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds database version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsDBVersion: 0.5.0-2020-03-11
 ```

From 6f0c73d71402793b233e95ac4c4456b4c4d5efe1 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 16 Dec 2021 17:20:28 +0000
Subject: [PATCH 092/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 -
 installer/docs/configuration_parameters.md | 7288 +++++++-------------
 3 files changed, 2392 insertions(+), 4948 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..21fff9e4 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [installer releases
-  page](https://github.com/draios/installer/releases).
+  [sysdigcloud-kubernetes releases
+  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.5.1-1-uber
+  docker pull quay.io/sysdig/installer:3.6.4-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.6.4-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 6617e8ba..8c5de38a 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,47 +104,3 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
-
-## Airgapped installations
-
-### Method for automatically updating the feeds database in airgapped environments
-This is a procedure that can be used to automatically update the feeds database:
-
-1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
-2. move the file from the jumpbox server to the customer airgapped environment (optional)
-3. load the image file and push it to the customer's airgapped image registry
-4. restart the pod sysdigcloud-feeds-db
-5. restart the pod feeds-api
-
-Finally, steps 1 to 5 will be performed periodically once a day.
-
-This is an example script that contains all the steps:
-```bash
-#!/bin/bash
-QUAY_USERNAME="<change_me>"
-QUAY_PASSWORD="<change_me>"
-
-# Download image
-docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/vuln-feed-database:latest
-# Save image
-docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
-# Optionally move image
-mv vuln-feed-database.tar /var/shared-folder
-# Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
-# Push image remotely
-ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
-ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
-# Restart database pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
-# Restart feeds-api pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
-```
-
-The script can be scheduled using a cron job that run every day
-```bash
-0 8 * * * feeds-database-update.sh >/dev/null 2>&1
-```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 57e417cd..3b35c54e 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`<br>
+**Required**: `false`
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -666,51 +666,6 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
-**Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
-**Options**:<br>
-**Default**: 10Gi<br>
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    nats: 10Gi
-```
-
-## **pvStorageSize.medium.nats**
-**Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
-**Options**:<br>
-**Default**: 10Gi<br>
-**Example**:
-
-```yaml
-pvStorageSize:
-  medium:
-    nats: 10Gi
-```
-
-## **pvStorageSize.small.nats**
-**Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
-**Options**:<br>
-**Default**: 10Gi<br>
-**Example**:
-
-```yaml
-pvStorageSize:
-  small:
-    nats: 10Gi
-```
-
 ## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Activity Audit services.<br>
@@ -720,7 +675,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 4.0.6.10981
+  activityAuditVersion: 3.6.4.11009
 ```
 
 ## **sysdig.profilingVersion**
@@ -732,19 +687,19 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 4.0.6.10981
+  profilingVersion: 3.6.4.11009
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.30<br>
+**Default**: 0.6.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.30
+  anchoreVersion: 0.8.1.8
 ```
 
 ## **sysdig.accessKey**
@@ -760,19 +715,6 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
-## **sysdig.awsRegion**
-**Required**: `false`<br>
-**Description**: The AWS (or AWS compatible) region to be used by Sysdig
-components to communicate with AWS (or an AWS compatible API).<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  awsRegion: my_aws_region
-```
-
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -830,7 +772,7 @@ sysdig:
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**: <br>
+**Options**:<br>
 **Default**: 2.1.21.13<br>
 **Example**:
 
@@ -839,31 +781,6 @@ sysdig:
   cassandraVersion: 2.1.21.16
 ```
 
-## **sysdig.cassandra.useCassandra3**
-**Required**: `false`<br>
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandra:
-    useCassandra3: false
-```
-
-## **sysdig.Cassandra3Version**
-**Required**: `false`<br>
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
-**Options**: <br>
-**Default**: `3.11.7.0`<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandra3Version: 3.11.7.0
-```
-
 ## **sysdig.cassandra.external**
 **Required**: `false`<br>
 **Description**: If set does not create a local Cassandra cluster, tries connecting to an external Cassandra cluster.
@@ -896,7 +813,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`true`<br>
+**Default**:`false`<br>
 **Example**:
 
 ```yaml
@@ -908,9 +825,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
+**Description**: Enables cassandra server and clients communicate over ssl. <br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -1000,7 +917,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**: `-Xms4g -Xmx4g`<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
@@ -1054,31 +971,22 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
-   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
-
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
-PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
 
-This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
-in the same level as `values.yaml`.<br>
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
-certs/custom-java-certs/certificate3.p12
-certs/custom-java-certs/certificate3.p12.passwd
-
-
 values.yaml
 ```
 
@@ -1114,14 +1022,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch.<br>
+**Description**: The docker image tag of Elasticsearch 6.<br>
 **Options**:<br>
 **Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.6
+  elasticsearchVersion: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1233,12 +1141,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.6.10981<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 4.0.6.10981
+  monitorVersion: 3.6.4.11009
 ```
 
 ## **sysdig.scanningVersion**
@@ -1248,12 +1156,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 4.0.6.10981
+  scanningVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1263,12 +1171,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 4.0.6.10981
+  sysdigAPIVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1278,12 +1186,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 4.0.6.10981
+  sysdigCollectorVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1293,12 +1201,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 4.0.6.10981
+  sysdigWorkerVersion: 3.6.4.11009
 ```
 
 ## **sysdig.enableAlerter**
@@ -1316,75 +1224,6 @@ sysdig:
   enableAlerter: true
 ```
 
-## **sysdig.alertingSystem.enabled**
-**Required**: `false`<br>
-**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    enabled: true
-```
-
-## **sysdig.alertingSystem.alertManager.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertManager.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      apiToken: A_VALID_TOKEN
-```
-
-## **sysdig.alertingSystem.alertNotifier.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertNotifier.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      apiToken: A_VALID_TOKEN
-```
-
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1459,7 +1298,8 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster
+instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1588,36 +1428,6 @@ sysdig:
       enabled: true
 ```
 
-## **sysdig.nats.secure.username**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS username<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS password<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1711,1146 +1521,1185 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: 1.2.5-mysql-to-postgres<br>
+**Default**: [] <br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.postgresql.rootUser**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: Root user of the in-cluster postgresql instance.<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**: `postgres`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootUser: postgres
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
 ```
 
-## **sysdig.postgresql.rootDb**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: Root database of the in-cluster postgresql instance.<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**: `anchore`<br>
+**Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootDb: anchore
+  proxy:
+    enable: true
 ```
 
-## **sysdig.postgresql.rootPassword**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: Password for the root user of the in-cluster postgresql instance.<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**: Autogenerated 16 alphanumeric characters<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootPassword: my_root_password
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.postgresql.primary**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
+**Options**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.postgresql.external**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**:<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-    sysdig:
-      host: my-sysdig-db-external.com
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**: [] <br>
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-## **sysdig.postgresDatabases.useNonAdminUsers**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-    profiling:
-      host: my-profiling-db-external.com
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.postgresDatabases.anchore**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**:<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-      port: 5432
-      db: anchore_db
-      username: anchore_user
-      password: my_anchore_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.profiling**
+  proxy:
+    enable: true
+    user: alice
+```
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `awesomeclientid`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    profiling:
-      host: my-profiling-db-external.com
-      port: 5432
-      db: anchore_db
-      username: profiling_user
-      password: my_profiling_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.postgresDatabases.policies**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `awesomeclientsecret`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    policies:
-      host: my-policies-db-external.com
-      port: 5432
-      db: policies_db
-      username: policies_user
-      password: my_policies_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.postgresDatabases.scanning**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `incoming-webhook`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    scanning:
-      host: my-scanning-db-external.com
-      port: 5432
-      db: scanning_db
-      username: scanning_user
-      password: my_scanning_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.postgresDatabases.reporting**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    reporting:
-      host: my-reporting-db-external.com
-      port: 5432
-      db: reporting_db
-      username: reporting_user
-      password: my_reporting_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-## **sysdig.postgresDatabases.padvisor**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-      port: 5432
-      db: padvisor_db
-      username: padvisor_user
-      password: my_padvisor_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
 
-## **sysdig.postgresDatabases.sysdig**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
+**Example**:
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    sysdig:
-      host: my-sysdig-db-external.com
-      port: 5432
-      db: sysdig_db
-      username: sysdig_user
-      password: my_sysdig_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.postgresDatabases.serviceOwnerManagement**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
+**Example**:
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    serviceOwnerManagement:
-      host: my-som-db-external.com
-      port: 5432
-      db: som_db
-      username: som_user
-      password: my_som_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.postgresDatabases.beacon**
+
+## **sysdig.secure.anchore.customCerts**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    beacon:
-      host: my-beacon-db-external.com
-      port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
 ```
 
-## **sysdig.postgresDatabases.quartz**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
-
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    quartz:
-      host: my-quartz-db-external.com
-      port: 5432
-      db: quartz_db
-      username: quartz_user
-      password: my_quartz_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.postgresDatabases.compliance**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: Docker image tag of Redis.<br>
+**Options**:<br>
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    compliance:
-      host: my-compliance-db-external.com
-      port: 5432
-      db: compliance_db
-      username: compliance_user
-      password: my_compliance_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.postgresDatabases.admissionController**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
+**Options**:<br>
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    admissionController:
-      host: my-admission-controller-db-external.com
-      port: 5432
-      db: admission_controller_db
-      username: admission_controller_user
-      password: my_admission_controller_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.postgresDatabases.rapidResponse**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-rapid-response-db-external.com
-      port: 5432
-      db: rapid_response_db
-      username: rapid_response_user
-      password: my_rapid_response_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  redisHa: false
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
+  resources:
+    cassandra:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
 **Options**:<br>
-**Default**: `false`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  resources:
+    cassandra:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  resources:
+    cassandra:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  resources:
+    cassandra:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  resources:
+    elasticsearch:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: The amount of memory assigned to elasticsearch pods<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  resources:
+    elasticsearch:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  resources:
+    elasticsearch:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  resources:
+    elasticsearch:
+      requests:
+        memory: 2Gi
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu assigned to mysql-router pods<br>
 **Options**:<br>
-**Default**: `awesomeclientid`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  resources:
+    mysql-router:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
 **Options**:<br>
-**Default**: `awesomeclientsecret`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  resources:
+    mysql-router:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `incoming-webhook`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  resources:
+    mysql-router:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  resources:
+    mysql-router:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  resources:
+    mysql:
+      limits:
+        cpu: 2
 ```
-## **sysdig.saml.certificate.name**
+
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: The filename of the certificate that will be used for signing SAML requests. 
-The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
-the certificate name used when creating the certificate.<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
+  resources:
+    mysql:
+      limits:
+        memory: 8Gi
 ```
-## **sysdig.saml.certificate.password**
+
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The password required to read the certificate that will be used for signing SAML requests. 
-If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
-      password: changeit
+  resources:
+    mysql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerEnabled: true
+  resources:
+    mysql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.inactivitySettings.trackerTimeout**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  resources:
+    postgresql:
+      limits:
+        cpu: 2
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+**Description**: The amount of memory assigned to postgresql pods<br>
+**Options**:<br>
+**Default**:
 
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
-**Example**:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 8Gi    |
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
+
+**Example**:
 
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  resources:
+    postgresql:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.secure.anchore.enableMetrics**
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**:
-Allow Anchore to export prometheus metrics.
+**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
-**Options**: `true|false`<br>
-**Default**: false<br>
 **Example**:
+
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      enableMetrics: true
+  resources:
+    postgresql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
-**Default**: 4.0.12.7<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  redisVersion: 4.0.12.7
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
-## **sysdig.redisHaVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
-**Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12-1.0.1
+  resources:
+    postgresql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.redisHa**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+**Description**: The amount of cpu assigned to redis pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  redisHa: false
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
-## **sysdig.useRedis6**
-**Required**: `false`<br>
-**Description**: Determines if redis should be installed with version 6.x<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  useRedis6: false
+  resources:
+    redis:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.redis6Version**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis 6, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
-**Default**: 6.0.10.1<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  redis6Version: 6.0.10.1
+  resources:
+    redis:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.redis6SentinelVersion**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis Sentinel, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
-**Default**: 6.0.10.1<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redis6SentinelVersion: 6.0.10.1
+  resources:
+    redis:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.redis6ExporterVersion**
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
-**Default**: 1.15.1.1<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redis6ExporterVersion: 1.15.1.1
+  resources:
+    redis:
+      requests:
+        memory: 2Gi
 ```
 
-
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    redis-sentinel:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8Gi      |
-| medium       | 8Gi      |
-| large        | 8Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    redis-sentinel:
       requests:
-        memory: 8Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    redis-sentinel:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
-| large        | 4Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    redis-sentinel:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    timescale-adapter:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    timescale-adapter:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: The amount of cpu assigned to api pods<br>
 **Options**:<br>
-**Default**:<br>
-
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
   resources:
-    mysql:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: The amount of memory assigned to api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    api:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The amount of cpu required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: The amount of memory required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2858,51 +2707,51 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    api:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -2910,88 +2759,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    worker:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    worker:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -2999,88 +2848,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis:
+    alerter:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    alerter:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3088,88 +2937,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    collector:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    collector:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    collector:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-core:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3177,58 +3026,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-core:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-core:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-core:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3236,21 +3085,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3258,7 +3107,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 16Gi   |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3266,36 +3115,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    anchore-worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
+| small        | 500m     |
 | medium       | 1        |
-| large        | 4        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    anchore-worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3303,197 +3152,200 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    anchore-worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-api:
       limits:
-        memory: 2Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-api:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 125m   |
-| medium       | 250m   |
-| large        | 250m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 50Mi   |
-| medium       | 100Mi  |
-| large        | 100Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    scanningalertmgr:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m     |
-| medium       | 50m     |
-| large        | 50m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    scanningalertmgr:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 20Mi     |
-| medium       | 20Mi     |
-| large        | 20Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    scanningalertmgr:
       requests:
-        memory: 500Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api containers in api pods<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3501,21 +3353,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api containers in api pods<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3523,7 +3375,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 16Gi   |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3531,36 +3383,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-retention-mgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api containers in api pods<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
+| small        | 500m     |
 | medium       | 1        |
-| large        | 4        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-retention-mgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api containers in api pods<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3568,229 +3420,189 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-retention-mgr:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.apiNginx.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nginx containers in api pods<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**: 0 3 * * *<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiNginx:
-      limits:
-        cpu: 1
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
 ```
 
-## **sysdig.resources.apiNginx.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nginx containers in api pods<br>
+**Description**: Max execution duration for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiNginx:
-      limits:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.apiNginx.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
+**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiNginx:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
 ```
 
-## **sysdig.resources.apiNginx.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nginx containers in api pods<br>
+**Description**: Artifical delay after each image deletion<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
-
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiNginx:
-      requests:
-        memory: 100Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiEmailRenderer:
-      limits:
-        cpu: 1
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
+**Description**: Scanning DB engine<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiEmailRenderer:
-      limits:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.apiEmailRenderer.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiEmailRenderer:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.apiEmailRenderer.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
-**Options**:<br>
-**Default**:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
+```
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the tags policy<br>
+**Options**:<br>
+**Default**: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiEmailRenderer:
-      requests:
-        memory: 100Mi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 300m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    scanning-ve-janitor:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3798,88 +3610,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    scanning-ve-janitor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    scanning-ve-janitor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    scanning-ve-janitor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    policy-advisor:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3887,88 +3699,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    policy-advisor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    policy-advisor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    policy-advisor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    netsec-api:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -3976,36 +3788,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    netsec-api:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    netsec-api:
       requests:
-        cpu: 2
+        cpu: 300m
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4013,141 +3825,141 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    netsec-api:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    netsec-ingest:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.anchore-api.limits.cpu**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-api pods<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
+    netsec-ingest:
       limits:
-        cpu: 1
+        memory: 4Gi
 ```
 
-## **sysdig.resources.anchore-catalog.limits.cpu**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        cpu: 1
+    netsec-ingest:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.resources.anchore-policy-engine.limits.cpu**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    netsec-ingest:
       limits:
-        cpu: 1
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    netsec-janitor:
       limits:
-        memory: 10Mi
+        cpu: 1
 ```
 
-
-## **sysdig.resources.anchore-api.limits.memory**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-api pods<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4155,268 +3967,265 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-api:
+    netsec-janitor:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-
-## **sysdig.resources.anchore-catalog.limits.memory**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        memory: 10Mi
+    netsec-janitor:
+      requests:
+        cpu: 1
 ```
 
-
-## **sysdig.resources.anchore-policy-engine.limits.memory**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
-      limits:
-        memory: 10Mi
+    netsec-janitor:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.nats-streaming.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
-      requests:
+    nats-streaming:
+      limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.requests.cpu**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-api pods<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        cpu: 2
+    nats-streaming:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.cpu**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    nats-streaming:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.cpu**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    nats-streaming:
       requests:
-        cpu: 2
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
-      requests:
-        memory: 200Mi
+    activity-audit-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.requests.memory**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-api pods<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        memory: 200Mi
+    activity-audit-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.memory**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    activity-audit-api:
       requests:
-        memory: 200Mi
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.memory**
+## **sysdig.resources.activity-audit-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    activity-audit-worker:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.activity-audit-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4424,88 +4233,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    activity-audit-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.activity-audit-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    activity-audit-worker:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.activity-audit-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    activity-audit-worker:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    activity-audit-janitor:
       limits:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.activity-audit-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
 
 
 **Example**:
@@ -4513,178 +4322,176 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    activity-audit-janitor:
       limits:
-        memory: 10Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    activity-audit-janitor:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.activity-audit-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    activity-audit-janitor:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.profiling-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    profiling-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.profiling-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    profiling-api:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.profiling-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    profiling-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.profiling-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    profiling-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.profiling-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    profiling-worker:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.profiling-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4692,203 +4499,243 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    profiling-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.profiling-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    profiling-worker:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.profiling-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    profiling-worker:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
+## **sysdig.resources.secure-overview-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
 **Options**:<br>
-**Default**: 0 3 * * *<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.secure-overview-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
 **Options**:<br>
-**Default**: 23h<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+## **sysdig.resources.secure-overview-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
 **Options**:<br>
-**Default**: 168h<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.secure-overview-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
 **Options**:<br>
-**Default**: 1s<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+## **sysdig.resources.secure-prometheus.limits.cpu**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.secure-prometheus.limits.memory**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
 **Options**:<br>
-**Default**: mysql<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
+## **sysdig.resources.secure-prometheus.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default value for the date policy<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
 **Options**:<br>
-**Default**: 90<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
-**Options**:<br>
-**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+## **sysdig.resources.secure-prometheus.requests.memory**
 **Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
 **Options**:<br>
-**Default**: 5<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+## **sysdig.resources.events-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
+| small        | 1      |
+| medium       | 1      |
 | large        | 1      |
 
 **Example**:
@@ -4896,327 +4743,322 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-api:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
+## **sysdig.resources.events-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-api:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.events-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.events-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
+## **sysdig.resources.events-gatherer.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api containers<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-gatherer:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
+## **sysdig.resources.events-gatherer.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api containers<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-gatherer:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
+## **sysdig.resources.events-gatherer.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-gatherer:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
+## **sysdig.resources.events-gatherer.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api containers<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api:
+    events-gatherer:
       requests:
-        memory: 50Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
+## **sysdig.resources.events-dispatcher.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-dispatcher:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
+## **sysdig.resources.events-dispatcher.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 256Mi  |
-| medium     | 256Mi  |
-| large      | 256Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-dispatcher:
       limits:
-        memory: 256Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
+## **sysdig.resources.events-dispatcher.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  100m  |
-| medium     |  100m  |
-| large      |  100m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-dispatcher:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
+## **sysdig.resources.events-dispatcher.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api-pg-migrate:
+    events-dispatcher:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.reporting-init.limits.cpu**
+## **sysdig.resources.events-forwarder-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-init pods<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-forwarder-api:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.reporting-init.limits.memory**
+## **sysdig.resources.events-forwarder-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-init pods<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-forwarder-api:
       limits:
-        memory: 256Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.reporting-init.requests.cpu**
+## **sysdig.resources.events-forwarder-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-init pods<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-forwarder-api:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.reporting-init.requests.memory**
+## **sysdig.resources.events-forwarder-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-init pods<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -5231,4228 +5073,1874 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-forwarder-api:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.reporting-api.limits.cpu**
+## **sysdig.resources.events-forwarder.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-api pods<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1500m    |
-| medium       | 1500m    |
-| large        | 1500m    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-api:
+    events-forwarder:
       limits:
-        cpu: 1500m
+        cpu: 1
 ```
 
-## **sysdig.resources.reporting-api.limits.memory**
+## **sysdig.resources.events-forwarder.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-api pods<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1536Mi   |
-| medium       | 1536Mi   |
-| large        | 1536Mi   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-api:
+    events-forwarder:
       limits:
-        memory: 1536Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.reporting-api.requests.cpu**
+## **sysdig.resources.events-forwarder.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-api pods<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-api:
+    events-forwarder:
       requests:
-        cpu: 200m
+        cpu: 250m
 ```
 
-## **sysdig.resources.reporting-api.requests.memory**
+## **sysdig.resources.events-forwarder.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-api pods<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-api:
+    events-forwarder:
       requests:
-        memory: 256Mi
+        memory:  50Mi
 ```
 
-## **sysdig.resources.reporting-worker.limits.cpu**
+## **sysdig.resources.events-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-worker pods<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2        |
-| medium       | 2        |
-| large        | 2        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-worker:
+    events-janitor:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.reporting-worker.limits.memory**
+## **sysdig.resources.events-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-worker pods<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 16Gi     |
-| medium       | 16Gi     |
-| large        | 16Gi     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-worker:
+    events-janitor:
       limits:
-        memory: 16Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.reporting-worker.requests.cpu**
+## **sysdig.resources.events-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-worker pods<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-worker:
+    events-janitor:
       requests:
-        cpu: 200m
+        cpu: 250m
 ```
 
-## **sysdig.resources.reporting-worker.requests.memory**
+## **sysdig.resources.events-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-worker pods<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 10Gi     |
-| medium       | 10Gi     |
-| large        | 10Gi     |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-worker:
+    events-janitor:
       requests:
-        memory: 10Gi
+        memory: 50Mi
 ```
 
-## **sysdig.secure.scanning.reporting.debug**
+## **sysdig.restrictPasswordLogin**
 **Required**: `false`<br>
-**Description**: Enable logging at debug level<br>
-**Options**:<br>
-**Default**: false<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        debug: false
+  restrictPasswordLogin: true
 ```
 
-## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
+## **sysdig.rsyslogVersion**
 **Required**: `false`<br>
-**Description**: Reporting GRPC endpoint<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
+**Default**: 8.34.0.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
+  rsyslogVersion: 8.34.0.7
 ```
 
-## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
+## **sysdig.smtpFromAddress**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  smtpFromAddress: from-address@my-company.com
 ```
 
-## **sysdig.secure.scanning.reporting.storageDriver**
+## **sysdig.smtpPassword**
 **Required**: `false`<br>
-**Description**: Storage kind for generated reports<br>
-**Options**: postgres, fs, s3<br>
-**Default**: postgres<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageDriver: postgres
+  smtpPassword: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.secure.scanning.reporting.storageCompression**
+## **sysdig.smtpProtocolSSL**
 **Required**: `false`<br>
-**Description**: Compression format for generated reports<br>
-**Options**: zip, gzip, none<br>
-**Default**: zip<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageCompression: zip
+  smtpProtocolSSL: true
 ```
 
-## **sysdig.secure.scanning.reporting.storageFsDir**
+## **sysdig.smtpProtocolTLS**
 **Required**: `false`<br>
-**Description**: The directory where reports will saved (required when using `fs` driver)<br>
-**Options**: <br>
-**Default**: .<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageFsDir: /reports
+  smtpProtocolTLS: true
 ```
 
-## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
+## **sysdig.smtpServer**
 **Required**: `false`<br>
-**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
+**Description**: SMTP server to use to send emails<br>
 **Options**: <br>
-**Default**: 1<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storagePostgresRetentionDays: 1
+  smtpServer: smtp.gmail.com
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Bucket**
+## **sysdig.smtpServerPort**
 **Required**: `false`<br>
-**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Bucket: secure-scanning-reporting
+  smtpServerPort: 587<br>
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Prefix**
+## **sysdig.smtpUser**
 **Required**: `false`<br>
-**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Prefix: reports
+  smtpUser: bob+alice@gmail.com<br>
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Endpoint**
+## **sysdig.tolerations**
 **Required**: `false`<br>
-**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Endpoint: s3.example.com
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Region**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Region: us-east-1
+  anchoreCoreReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
+## **sysdig.anchoreWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
+  anchoreWorkerReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
+## **sysdig.apiReplicaCount**
 **Required**: `false`<br>
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+  apiReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.workerSleepTime**
+## **sysdig.cassandraReplicaCount**
 **Required**: `false`<br>
-**Description**: The sleep interval between two runs of the reporting worker<br>
-**Options**: <br>
-**Default**: 120s<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        workerSleepTime: 120s
+  cassandraReplicaCount: 20
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.collectorReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        cpu: 2
+  collectorReplicaCount: 7
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.activityAuditWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        memory: 10Mi
+  activityAuditWorkerReplicaCount: 20
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.activityAuditApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: Number of Activity Audit API replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        cpu: 2
+  activityAuditApiReplicaCount: 20
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.policyAdvisorReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: Number of Policy Advisor replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        memory: 200Mi
+  policyAdvisorReplicaCount: 20
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.netsecApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: Number of Netsec API replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        cpu: 1
+  netsecApiReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.netsecIngestReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: Number of Netsec Ingest replicas.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        memory: 1Gi
+  netsecIngestReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: Number of Anchore Core replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        cpu: 300m
+  anchoreCoreReplicaCount: 2
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.scanningApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: Number of Scanning API replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        memory: 1Gi
+  scanningApiReplicaCount: 3
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        cpu: 1
+  elasticsearchReplicaCount: 20
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
+## **sysdig.workerReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 4Gi
+  workerReplicaCount: 7
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.alerterReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      requests:
-        cpu: 500m
+  alerterReplicaCount: 7
 ```
 
-## **sysdig.resources.netsec-ingest.requests.memory**
+## **sysdig.eventsGathererReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 2Gi
+  eventsGathererReplicaCount: 2
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.eventsAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        cpu: 1
+  eventsAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+## **sysdig.eventsDispatcherReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        memory: 1Gi
+  eventsDispatcherReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+## **sysdig.eventsForwarderReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        cpu: 1
-```
-
-## **sysdig.resources.netsec-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        memory: 1Gi
+  eventsForwarderReplicaCount: 2
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.eventsForwarderAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        cpu: 2
+  eventsForwarderAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.admin.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
+  admin:
+    password: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.api.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        memory: 1Gi
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        cpu: 2
+  certificate:
+    generate: true
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
+## **sysdig.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
+  certificate:
+    crt: certs/server.crt
 ```
 
-## **sysdig.resources.activity-audit-api.requests.cpu**
+## **sysdig.certificate.key**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        cpu: 250m
+  certificate:
+    key: certs/server.key
 ```
 
-## **sysdig.resources.activity-audit-api.requests.memory**
+## **sysdig.collector.dnsName**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        memory: 50Mi
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.cpu**
+## **sysdig.collector.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        cpu: 1
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.memory**
+## **sysdig.collector.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        memory: 500Mi
+  collector:
+    certificate:
+      generate: true
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.cpu**
+## **sysdig.collector.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.profiling-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.profiling-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.secure-overview-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-overview-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.secure-overview-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-overview-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        memory: 512Mi
-```
-
-## **sysdig.resources.secure-prometheus.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-prometheus.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        memory: 8Gi
-```
-
-## **sysdig.resources.secure-prometheus.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-prometheus.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        memory: 2Gi
-```
-
-## **sysdig.resources.events-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-gatherer.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.events-gatherer.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.events-gatherer.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-gatherer.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-dispatcher.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-dispatcher.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        memory:  50Mi
-```
-
-## **sysdig.resources.events-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.events-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.restrictPasswordLogin**
-**Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  restrictPasswordLogin: true
-```
-
-## **sysdig.rsyslogVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
-**Options**:<br>
-**Default**: 8.34.0.7<br>
-**Example**:
-
-```yaml
-sysdig:
-  rsyslogVersion: 8.34.0.7
-```
-
-## **sysdig.smtpFromAddress**
-**Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpFromAddress: from-address@my-company.com
-```
-
-## **sysdig.smtpPassword**
-**Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.smtpProtocolSSL**
-**Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolSSL: true
-```
-
-## **sysdig.smtpProtocolTLS**
-**Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolTLS: true
-```
-
-## **sysdig.smtpServer**
-**Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServer: smtp.gmail.com
-```
-
-## **sysdig.smtpServerPort**
-**Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServerPort: 587<br>
-```
-
-## **sysdig.smtpUser**
-**Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpUser: bob+alice@gmail.com<br>
-```
-
-## **sysdig.tolerations**
-**Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 5
-```
-
-## **sysdig.anchoreAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore API replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreAPIReplicaCount: 4
-```
-
-## **sysdig.anchoreCatalogReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCatalogReplicaCount: 4
-```
-
-## **sysdig.anchorePolicyEngineReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchorePolicyEngineReplicaCount: 4
-```
-
-## **sysdig.anchoreWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreWorkerReplicaCount: 5
-```
-
-## **sysdig.apiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  apiReplicaCount: 5
-```
-
-## **sysdig.cassandraReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  cassandraReplicaCount: 20
-```
-
-## **sysdig.collectorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  collectorReplicaCount: 7
-```
-
-## **sysdig.activityAuditWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditWorkerReplicaCount: 20
-```
-
-## **sysdig.activityAuditApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditApiReplicaCount: 20
-```
-
-## **sysdig.policyAdvisorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  policyAdvisorReplicaCount: 20
-```
-
-## **sysdig.scanningAdmissionControllerAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of scanning Admission Controller API replicas, this is
-a noop for clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningAdmissionControllerAPIReplicaCount: 1
-```
-
-## **sysdig.netsecApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecApiReplicaCount: 1
-```
-
-## **sysdig.netsecIngestReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecIngestReplicaCount: 1
-```
-## **sysdig.netsecCommunicationShards**
-**Required**: `false`<br>
-**Description**: Number of Netsec communications index shards.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 3     |
-| medium       | 9     |
-| large        | 15    |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecCommunicationShards: 5
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 2
-```
-
-## **sysdig.scanningApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningApiReplicaCount: 3
-```
-
-## **sysdig.elasticsearchReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchReplicaCount: 20
-```
-
-## **sysdig.workerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  workerReplicaCount: 7
-```
-
-## **sysdig.alerterReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
-## **sysdig.eventsGathererReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsGathererReplicaCount: 2
-```
-
-## **sysdig.eventsAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsAPIReplicaCount: 1
-```
-
-## **sysdig.eventsDispatcherReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsDispatcherReplicaCount: 1
-```
-
-## **sysdig.eventsForwarderReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderReplicaCount: 2
-```
-
-## **sysdig.eventsForwarderAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderAPIReplicaCount: 1
-```
-
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
-```
-
-## **sysdig.admin.password**
-**Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.api.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
-```
-
-## **sysdig.certificate.generate**
-**Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    generate: true
-```
-
-## **sysdig.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    crt: certs/server.crt
-```
-
-## **sysdig.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    key: certs/server.key
-```
-
-## **sysdig.collector.dnsName**
-**Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
-```
-
-## **sysdig.collector.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.collector.certificate.generate**
-**Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      generate: true
-```
-
-## **sysdig.collector.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
-```
-
-## **sysdig.collector.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
-```
-
-## **sysdig.worker.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **agent.apiKey**
-**Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  apiKey: replace_with_your_monitor_access_key
-```
-
-## **agent.appChecks.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    settings:
-      limit: 1500
-```
-
-## **agent.collectorEndpoint**
-**Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
-```
-
-## **agent.collectorPort**
-**Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
-**Example**:
-
-```yaml
-agent:
-  collectorPort: 6443
-```
-
-## **agent.namespace**
-**Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
-**Options**: <br>
-**Default**: `agent`<br>
-**Example**:
-
-```yaml
-agent:
-  namespace: sysdig-agent
-```
-
-## **agent.useSlim**
-**Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  useSlim: true
-```
-
-## **agent.version**
-**Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
-**Options**: <br>
-**Default**: `latest`<br>
-**Example**:
-
-```yaml
-agent:
-  version: 1.10.1
-```
-
-## **agent.useSSL**
-**Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  useSSL: false
-```
-
-## **agent.verifySSL**
-**Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  verifySSL: false
-```
-
-## **agent.clusterName**
-**Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
-**Example**:
-
-```yaml
-agent:
-  clusterName: false
-```
-
-## **agent.tags**
-**Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  tags: environment:production linux:ubuntu
-```
-
-## **agent.capturesEnabled**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  capturesEnabled: false
-```
-
-## **agent.feature_mode**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
-**Example**:
-
-```yaml
-agent:
-  feature_mode: troubleshooting
-```
-
-## **agent.timezone**
-**Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  timezone: America/New_York.
-```
-
-## **agent.proxy.httpProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
-```
-
-## **agent.proxy.httpsProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
-```
-
-## **agent.proxy.noProxy**
-**Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
-```
-
-## **agent.snaplenPortRange.start**
-**Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.snaplenPortRange.end**
-**Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.customKernelModules.enabled**
-**Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  customKernelModules:
-    enabled: true
-```
-
-## **agent.secure.enabled**
-**Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    enabled: true
-```
-
-## **agent.secure.commandLineCapturesEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    commandLineCapturesEnabled: true
-```
-
-## **agent.secure.memoryDumpEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    memoryDumpEnabled: true
-```
-
-## **agent.secure.settings.k8sAuditServerURL**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
-```
-
-## **agent.secure.settings.k8sAuditServerPort**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
-```
-
-## **agent.prometheus.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    enabled: true
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
 ```
 
-## **agent.prometheus.settings.interval**
+## **sysdig.collector.certificate.key**
 **Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
 ```
 
-## **agent.prometheus.settings.logErrors**
+## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.prometheus.settings.maxMetrics**
+## **sysdig.alerter.jvmOptions**
 **Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.prometheus.settings.maxMetricsPerProcess**
+## **agent.apiKey**
 **Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
+  apiKey: replace_with_your_monitor_access_key
 ```
 
-## **agent.prometheus.settings.maxTagsPerMetric**
+## **agent.appChecks.settings.limit**
 **Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
+  appChecks:
     settings:
-      maxTagsPerMetric: 20
+      limit: 1500
 ```
 
-## **agent.prometheus.settings.histograms**
+## **agent.collectorEndpoint**
 **Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      histograms: 3000
+  collectorEndpoint: my-awesome-collector-domain-name.com
 ```
 
-## **agent.statsd.enabled**
+## **agent.collectorPort**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
 **Example**:
 
 ```yaml
 agent:
-  statsd:
-    enabled: true
+  collectorPort: 6443
 ```
 
-## **agent.statsd.settings.limit**
+## **agent.namespace**
 **Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
 **Options**: <br>
-**Default**: `100`<br>
+**Default**: `agent`<br>
 **Example**:
 
 ```yaml
 agent:
-  statsd:
-    settings:
-      limit: 1000
+  namespace: sysdig-agent
 ```
 
-## **agent.jmx.enabled**
+## **agent.useSlim**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Description**: Whether to use the slim version of agent or not.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  jmx:
-    enabled: true
+  useSlim: true
 ```
 
-## **agent.jmx.settings.limit**
+## **agent.version**
 **Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
 **Options**: <br>
-**Default**: `3000`<br>
+**Default**: `latest`<br>
 **Example**:
 
 ```yaml
 agent:
-  jmx:
-    settings:
-      limit: 1000
+  version: 1.10.1
 ```
 
-## **agent.ebpf.enabled**
+## **agent.useSSL**
 **Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  ebpf:
-    enabled: true
+  useSSL: false
 ```
 
-## **agent.ebpf.settings.mountEtcVolume**
+## **agent.verifySSL**
 **Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
+  verifySSL: false
 ```
 
-## **agent.appChecks.elasticsearch.authEnabled**
+## **agent.clusterName**
 **Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
+  clusterName: false
 ```
 
-## **agent.appChecks.elasticsearch.url**
+## **agent.tags**
 **Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Description**: List of user-provided metadata at agent level.<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
+  tags: environment:production linux:ubuntu
 ```
 
-## **agent.appChecks.elasticsearch.port**
+## **agent.capturesEnabled**
 **Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
+  capturesEnabled: false
 ```
 
-## **agent.appChecks.elasticsearch.username**
+## **agent.feature_mode**
 **Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
+  feature_mode: troubleshooting
 ```
 
-## **agent.appChecks.elasticsearch.password**
+## **agent.timezone**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Description**: Set daemonset timezone.<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+  timezone: America/New_York.
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **agent.proxy.httpProxy**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
-```
-
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enabled: true
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
 ```
 
-## **agent.appChecks.kafka.url**
+## **agent.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
 ```
 
-## **agent.appChecks.kafka.port**
+## **agent.snaplenPortRange.start**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      port: 9200
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **agent.snaplenPortRange.end**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
 **Options**: <br>
-**Default**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+agent:
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **agent.appChecks.kafka.zk.port**
+## **agent.customKernelModules.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+  customKernelModules:
+    enabled: true
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
+  secure:
+    enabled: true
 ```
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+  secure:
+    commandLineCapturesEnabled: true
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **agent.secure.memoryDumpEnabled**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      enabled: true
+  secure:
+    memoryDumpEnabled: true
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **agent.secure.settings.k8sAuditServerURL**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
 ```
 
-## **agent.appChecks.mysql.user**
+## **agent.secure.settings.k8sAuditServerPort**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
 ```
 
-## **agent.appChecks.mysql.password**
+## **agent.prometheus.enabled**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+  prometheus:
+    enabled: true
 ```
 
-## **agent.resources.limits.cpu**
+## **agent.prometheus.settings.interval**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
-
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      cpu: 2
+  prometheus:
+    settings:
+      interval: 30
 ```
 
-## **agent.resources.limits.memory**
+## **agent.prometheus.settings.logErrors**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
+```yaml
+agent:
+  prometheus:
+    settings:
+      logErrors: true
+```
 
+## **agent.prometheus.settings.maxMetrics**
+**Required**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      memory: 2
+  prometheus:
+    settings:
+      maxMetrics: 1000
 ```
 
-## **agent.resources.requests.cpu**
+## **agent.prometheus.settings.maxMetricsPerProcess**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
+```
 
+## **agent.prometheus.settings.maxTagsPerMetric**
+**Required**: `false`<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      cpu: 2
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
 ```
 
-## **agent.resources.requests.memory**
+## **agent.prometheus.settings.histograms**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
 
+## **agent.statsd.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      memory: 2
+  statsd:
+    enabled: true
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **agent.statsd.settings.limit**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
-
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+  statsd:
+    settings:
+      limit: 1000
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **agent.jmx.enabled**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+  jmx:
+    enabled: true
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **agent.jmx.settings.limit**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
-**Options**:<br>
-**Default**: ""<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+agent:
+  jmx:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
+## **agent.ebpf.enabled**
 **Required**: `false`<br>
-**Description**: Max duration after the last ping from an AC before it is considered
-disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
-**Options**:<br>
-**Default**: 10m<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        maxDurationBeforeDisconnection: 20m
+agent:
+  ebpf:
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
+## **agent.ebpf.settings.mountEtcVolume**
 **Required**: `false`<br>
-**Description**: TTL of the cache for the cluster configuration. It should be
-used by the AC as polling interval to retrieve the updated cluster configuration
-from the API. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        confTTLDuration: 10m
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
+## **agent.appChecks.elasticsearch.authEnabled**
 **Required**: `false`<br>
-**Description**: TTL of an AC ping. It should be used by the AC as polling
-interval to perform a HEAD on the ping endpoint to notify it's still alive and
-connected. It cannot be greater than 30m and it cannot be greater than
-maxDurationBeforeDisconnection<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        pingTTLDuration: 8m
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
+## **agent.appChecks.elasticsearch.url**
 **Required**: `false`<br>
-**Description**: Max duration of the cluster configuration cache. The API returns
-this value as max-age in seconds and the FE uses it for caching the cluster
-configuration. FE also asks for a new cluster configuration using this value
-as time interval. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        clusterConfCacheMaxDuration: 9m
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **agent.appChecks.elasticsearch.port**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
-**Options**:<br>
-**Default**: "5"<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
 ```
 
-## **sysdig.scanningAlertMgrForceAutoScan**
+## **agent.appChecks.elasticsearch.username**
 **Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
-**Options**:<br>
-**Default**: `false`<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAlertMgrForceAutoScan: false
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **agent.appChecks.elasticsearch.password**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
-**Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
-**Options**:<br>
-**Default**: "disable"<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
-**Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+agent:
+  appChecks:
+    kafka:
+      enabled: true
 ```
 
-
-## **sysdig.metadataService.enabled**
-**Required**: `false`<br>
-**Description**: This creates a deployment for Metadata-Service
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataService:
-    enabled: true
+agent:
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **sysdig.resources.metadataService.limits.cpu**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+```yaml
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
+```
 
+## **agent.appChecks.kafka.port**
+**Required**: `false`<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        cpu: 2
+agent:
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **sysdig.resources.metadataService.limits.memory**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
 
+```yaml
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
+```
 
+## **agent.appChecks.kafka.zk.port**
+**Required**: `false`<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        memory: 10Mi
+agent:
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **sysdig.resources.metadataService.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
+```
 
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        cpu: 2
+agent:
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **sysdig.resources.metadataService.requests.memory**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
+**Description**: Whether to enable mysql app check.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        memory: 200Mi
+agent:
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **sysdig.metadataServiceReplicaCount**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
-
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceReplicaCount: 4
+agent:
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **sysdig.metadataServiceVersion**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 1.0.1.1<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceVersion: 1.0.1.12
+agent:
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **sysdig.secure.activityAudit.janitor.retentionDays**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: Retention period for Activity Audit data.<br>
-**Options**:<br>
-**Default**: 90<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    activityAudit:
-      janitor:
-        retentionDays: 90
+agent:
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.cpu**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        cpu: 1
+    limits:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.memory**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rapid-response-connector pods<br>
+**Description**:  The amount of memory assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        memory: 500Mi
+    limits:
+      memory: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.cpu**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        cpu: 250m
+    requests:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.memory**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        memory: 50Mi
+    requests:
+      memory: 2
 ```
 
-## **sysdig.rapidResponseConnectorReplicaCount**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: Number of Sysdig rapid-response-connector replicas.<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
 **Example**:
 
 ```yaml
-sysdig:
-  rapidResponseConnectorReplicaCount: 1
+agent:
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **sysdig.secure.rapidResponse.enabled**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: Whether to deploy rapid response or not.<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
 **Options**:<br>
-**Default**: false<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      enabled: false
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
 
-## **sysdig.secure.rapidResponse.validationCodeLength**
-**Required**: `false`<br>
-**Description**: Length of mfa validation code sent via e-mail.<br>
-**Options**:<br>
-**Default**: 6<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      validationCodeLength: 8
+agent:
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
 **Options**:<br>
-**Default**: 180<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      validationCodeSecondsDuration: 8
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Global duration of session in seconds.<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
 **Options**:<br>
-**Default**: 7200<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      sessionTotalSecondsTTL: 7200
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-
-## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Idle duration of session in seconds.<br>
+**Description**: Cronjob schedule<br>
 **Options**:<br>
-**Default**: 300<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    rapidResponse:
-      sessionIdleSecondsTTL: 300
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-
-## **sysdig.secure.scanning.feedsEnabled**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
+
 ```yaml
 sysdig:
   secure:
-    scanning:
-      feedsEnabled: true
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **sysdig.feedsAPIVersion**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: Sets feeds API version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
-```yaml
-sysdig:
-  feedsAPIVersion: 0.5.0
-```
 
-## **sysdig.feedsDBVersion**
-**Required**: `false`<br>
-**Description**: Sets feeds database version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
-**Example**:
 ```yaml
 sysdig:
-  feedsDBVersion: 0.5.0-2020-03-11
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```

From 9b573065e2753f57dd7c129ca1baef367466dbc5 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 16 Dec 2021 17:50:38 +0000
Subject: [PATCH 093/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 +
 installer/docs/configuration_parameters.md | 8178 ++++++++++++++------
 3 files changed, 5718 insertions(+), 2512 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 21fff9e4..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [sysdigcloud-kubernetes releases
-  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
+  [installer releases
+  page](https://github.com/draios/installer/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.6.4-1-uber
+  docker pull quay.io/sysdig/installer:3.5.1-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.6.4-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 8c5de38a..6617e8ba 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,3 +104,47 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
+
+## Airgapped installations
+
+### Method for automatically updating the feeds database in airgapped environments
+This is a procedure that can be used to automatically update the feeds database:
+
+1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
+2. move the file from the jumpbox server to the customer airgapped environment (optional)
+3. load the image file and push it to the customer's airgapped image registry
+4. restart the pod sysdigcloud-feeds-db
+5. restart the pod feeds-api
+
+Finally, steps 1 to 5 will be performed periodically once a day.
+
+This is an example script that contains all the steps:
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/vuln-feed-database:latest
+# Save image
+docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
+# Optionally move image
+mv vuln-feed-database.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
+ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
+# Restart database pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
+# Restart feeds-api pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
+```
+
+The script can be scheduled using a cron job that run every day
+```bash
+0 8 * * * feeds-database-update.sh >/dev/null 2>&1
+```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 3b35c54e..8d5fdddc 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -72,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
-and [full airgap instructions](../usage.md#full-airgap-installation) for more
+multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
+and [full airgap instructions](../README.md#full-airgap-install) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`
+**Required**: `false`<br>
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -124,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift`<br>
+**Options**: `iks|kubernetes|openshift|goldman`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -321,6 +321,33 @@ elasticsearch:
   useES6: true
 ```
 
+## **elasticsearch.enableMetrics**
+**Required**: `false`<br>
+**Description**:
+Allow Elasticsearch to export prometheus metrics.
+
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  enableMetrics: true
+```
+
+## **sysdig.elasticsearchExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
+`elasticsearch.enableMetrics` is `true`.<br>
+**Options**:<br>
+**Default**: v1.2.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchExporterVersion: v1.2.0
+```
+
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -666,40 +693,61 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **sysdig.activityAuditVersion**
+## **pvStorageSize.large.nats**
 **Required**: `false`<br>
-**Description**: Docker image tag of Activity Audit services.<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 10Gi<br>
 **Example**:
 
 ```yaml
-sysdig:
-  activityAuditVersion: 3.6.4.11009
+pvStorageSize:
+  large:
+    nats: 10Gi
 ```
 
-## **sysdig.profilingVersion**
+## **pvStorageSize.medium.nats**
 **Required**: `false`<br>
-**Description**: Docker image tag of Profiling services.<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 10Gi<br>
 **Example**:
 
 ```yaml
-sysdig:
-  profilingVersion: 3.6.4.11009
+pvStorageSize:
+  medium:
+    nats: 10Gi
+```
+
+## **pvStorageSize.small.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    nats: 10Gi
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.6.1.2<br>
+**Default**: 0.8.1.32<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.8
+  anchoreVersion: 0.8.1.32
 ```
 
 ## **sysdig.accessKey**
@@ -715,6 +763,19 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
+## **sysdig.awsRegion**
+**Required**: `false`<br>
+**Description**: The AWS (or AWS compatible) region to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  awsRegion: my_aws_region
+```
+
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -769,16 +830,67 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
+## **sysdig.s3.capturesFolder**
+**Required**: `false`<br>
+**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    capturesFolder: my_captures_folder
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**:<br>
-**Default**: 2.1.21.13<br>
+**Options**: <br>
+**Default**: 2.1.22.4<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.16
+  cassandraVersion: 2.1.22.4
+```
+
+## **sysdig.cassandraExporterVersion**
+**Required**: `false`<br>
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
+**Options**: <br>
+**Default**: latest<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraExporterVersion: latest
+```
+
+## **sysdig.cassandra.useCassandra3**
+**Required**: `false`<br>
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    useCassandra3: false
+```
+
+## **sysdig.Cassandra3Version**
+**Required**: `false`<br>
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
+**Options**: <br>
+**Default**: `3.11.11.1`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra3Version: 3.11.11.1
 ```
 
 ## **sysdig.cassandra.external**
@@ -813,7 +925,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`false`<br>
+**Default**:`true`<br>
 **Example**:
 
 ```yaml
@@ -825,9 +937,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. <br>
+**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -837,6 +949,19 @@ sysdig:
    ssl: true
 ```
 
+## **sysdig.cassandra.enableMetrics**
+**Required**: `false`<br>
+**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   enableMetrics: true
+```
+
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -917,7 +1042,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `-Xms4g -Xmx4g`<br>
 **Example**:
 
 ```yaml
@@ -971,22 +1096,31 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
+   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
+PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
+in the same level as `values.yaml`.<br>
 
-This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
+certs/custom-java-certs/certificate3.p12
+certs/custom-java-certs/certificate3.p12.passwd
+
+
 values.yaml
 ```
 
@@ -1022,14 +1156,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch 6.<br>
+**Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.6<br>
+**Default**: 6.8.6.12<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 6.8.6.6
+  elasticsearch6Version: 6.8.6.12
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1141,27 +1275,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.6.4.11009
+  monitorVersion: 5.0.4.11001
 ```
 
-## **sysdig.scanningVersion**
+## **sysdig.secureVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Scanning components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Secure, if this is not 
+configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.6.4.11009
+  secureVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1171,12 +1305,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.6.4.11009
+  sysdigAPIVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1186,12 +1320,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.6.4.11009
+  sysdigCollectorVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1201,12 +1335,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.6.4.11009
+  sysdigWorkerVersion: 5.0.4.11001
 ```
 
 ## **sysdig.enableAlerter**
@@ -1224,6 +1358,101 @@ sysdig:
   enableAlerter: true
 ```
 
+## **sysdig.alertingSystem.enabled**
+**Required**: `false`<br>
+**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    enabled: true
+```
+
+## **sysdig.alertingSystem.alertManager.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertManager.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifier.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertNotifier.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifierReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertNotifier<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifierReplicaCount: 3
+```
+
+## **sysdig.alertingSystem.alertManagerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertManager<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManagerReplicaCount: 3
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1298,8 +1527,7 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster
-instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1394,24 +1622,36 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.6.0.1<br>
+**Default**: 0.7.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.6.0.1
+  natsExporterVersion: 0.7.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.16.2.1<br>
+**Default**: 0.22.0.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingVersion: 0.22.0.2
+```
+
+## **sysdig.natsStreamingInitVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming init.<br>
+**Options**:<br>
+**Default**: 0.22.0.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.16.2.1
+  natsStreamingInitVersion: 0.22.0.2
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1428,6 +1668,36 @@ sysdig:
       enabled: true
 ```
 
+## **sysdig.nats.secure.username**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS username<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS password<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1511,7 +1781,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure`.<br>
+is `monitor secure` and when `postgres.HA.enabled` is false.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1521,1170 +1791,1145 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.mysqlToPostgresMigrationVersion**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
 **Options**:<br>
-**Default**: [] <br>
-
+**Default**: 1.2.5-mysql-to-postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.postgresql.rootUser**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: Root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Default**: `postgres`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
+  postgresql:
+    rootUser: postgres
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.postgresql.rootDb**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: Root database of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `false`<br>
-
+**Default**: `anchore`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  postgresql:
+    rootDb: anchore
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.postgresql.rootPassword**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: Password for the root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**:<br>
-
+**Default**: Autogenerated 16 alphanumeric characters<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  postgresql:
+    rootPassword: my_root_password
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.postgresql.primary**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
-**Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  postgresql:
+    primary: true
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.postgresql.external**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**:<br>
-**Default**:<br>
-
+**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  postgresql:
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+    sysdig:
+      host: my-sysdig-db-external.com
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**: [] <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.postgresql.pgParameters**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
+**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Options**:<br>
+**Default**: ``<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  postgresql:      
+    pgParameters:
+      max_connections: '1024'
+      shared_buffers: '110MB'
 ```
 
-## **sysdig.proxy.user**
+
+## **sysdig.postgresql.ha.enabled**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: true if you want to deploy postgreSQL in HA mode.
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  postgresql:
+    ha:
+      enabled: true
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.postgresql.ha.spiloVersion**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the postgreSQL node in HA mode.
 **Options**:<br>
-**Default**: `awesomeclientid`<br>
+**Default**: `2.0-p7`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  postgresql:
+    ha:
+      spiloVersion: 2.0-p7
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.postgresql.ha.operatorVersion**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
 **Options**:<br>
-**Default**: `awesomeclientsecret`<br>
+**Default**: `v1.6.3`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  postgresql:
+    ha:
+      operatorVersion: v1.6.3
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.postgresql.ha.exporterVersion**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
 **Options**:<br>
-**Default**: `incoming-webhook`<br>
+**Default**: `latest`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  postgresql:
+    ha:
+      exporterVersion: v0.3
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.postgresql.ha.clusterDomain**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
 **Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
+**Default**: `cluster.local`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  postgresql:
+    ha:
+      clusterDomain: cluster.local
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.postgresql.ha.replicas**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: number of replicas for postgreSQL nodes in HA mode.
 **Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
+**Default**: `3`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  postgresql:
+    ha:
+      replicas: 3
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+
+## **sysdig.postgresql.ha.enableExporter**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `true`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerEnabled: true
+  postgresql:
+    ha:
+      enableExporter: true
 ```
 
-## **sysdig.inactivitySettings.trackerTimeout**
+## **sysdig.postgresql.ha.migrate.retryCount**
 **Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
+**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Options**: `true|false`<br>
+**Default**: `3600`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  postgresql:
+    ha:
+      migrate:
+        retryCount: 3600
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
+**Options**:<br>
+**Default**: `10`<br>
 
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
 **Example**:
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
-
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  postgresql:
+    ha:
+      migrate:
+        retrySleepSeconds: 10
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.postgresql.ha.migrate.retainBackup**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
-**Options**:<br>
-**Default**: 4.0.12.7<br>
+**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  postgresql:
+    ha:
+      migrate:
+        retainBackup: true
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
+**Description**: Docker image tag of the migration job from postgres single node to HA mode.
 **Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
+**Default**: `postgres-to-postgres-ha-0.0.4`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12-1.0.1
+  postgresql:
+    ha:
+      migrate:
+        migrationJobImageVersion: v0.1
 ```
 
-## **sysdig.redisHa**
+## **sysdig.postgresql.ha.customTls.enabled**
 **Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
+**Description**: If set to true will pass to the target pg crd the option to add
+custom certificates and CA
 **Options**: `true|false`<br>
 **Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisHa: false
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
 ```
 
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.postgresql.ha.customTls.crtSecretName**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container certificate and key that will be used in postgres HA for ssl
+NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        cpu: 2
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.postgresql.ha.customTls.caSecretName**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container the CA certificate that will be used in postgres HA for ssl
+NOTE: the CA certificate file must be called `ca.crt`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        memory: 8Gi
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+       caSecretName: sysdigcloud-postgres-tls-ca
+
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.postgresDatabases.anchore**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
-
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        memory: 2Gi
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.postgresDatabases.profiling**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.policies**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.postgresDatabases.scanning**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        memory: 8Gi
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.postgresDatabases.reporting**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.postgresDatabases.padvisor**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
-| large        | 4Gi      |
-
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        memory: 2Gi
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.postgresDatabases.sysdig**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.serviceOwnerManagement**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        cpu: 2
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    serviceOwnerManagement:
+      host: my-som-db-external.com
+      port: 5432
+      db: som_db
+      username: som_user
+      password: my_som_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    beacon:
+      host: my-beacon-db-external.com
+      port: 5432
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.promBeacon**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        memory: 8Gi
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    promBeacon:
+      host: my-prom-beacon-db-external.com
+      port: 5432
+      db: prom_beacon_db
+      username: prom_beacon_user
+      password: my_prom_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    quartz:
+      host: my-quartz-db-external.com
+      port: 5432
+      db: quartz_db
+      username: quartz_user
+      password: my_quartz_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.compliance**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    compliance:
+      host: my-compliance-db-external.com
+      port: 5432
+      db: compliance_db
+      username: compliance_user
+      password: my_compliance_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.postgresDatabases.admissionController**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    admissionController:
+      host: my-admission-controller-db-external.com
+      port: 5432
+      db: admission_controller_db
+      username: admission_controller_user
+      password: my_admission_controller_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.rapidResponse**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        memory: 2Gi
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-rapid-response-db-external.com
+      port: 5432
+      db: rapid_response_db
+      username: rapid_response_user
+      password: my_rapid_response_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 4      |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 8Gi    |
-
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        cpu: 2
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        memory: 1Gi
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        cpu: 2
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        memory: 2Gi
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        cpu: 2
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
-
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.saml.certificate.name**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The filename of the certificate that will be used for signing SAML requests. 
+The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
+the certificate name used when creating the certificate.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        memory: 10Mi
+  saml:
+    certificate:
+      name: saml-cert.p12
 ```
-
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.saml.certificate.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The password required to read the certificate that will be used for signing SAML requests. 
+If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        cpu: 2
+  saml:
+    certificate:
+      name: saml-cert.p12
+      password: changeit
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        memory: 200Mi
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        cpu: 2
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
 
+## **sysdig.secure.anchore.customCerts**
+**Required**: `false`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        memory: 10Mi
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.secure.anchore.enableMetrics**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+**Description**:
+Allow Anchore to export prometheus metrics.
 
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        cpu: 2
+  secure:
+    anchore:
+      enableMetrics: true
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
-
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        memory: 200Mi
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
-
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      limits:
-        cpu: 2
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
 
+```yaml
+sysdig:
+  redisHa: false
+```
 
+## **sysdig.useRedis6**
+**Required**: `false`<br>
+**Description**: Determines if redis should be installed with version 6.x<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      limits:
-        memory: 10Mi
+  useRedis6: false
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.redis6Version**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: Docker image tag of Redis 6, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
-
+**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      requests:
-        cpu: 2
+  redis6Version: 6.0.10.1
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.redis6SentinelVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: Docker image tag of Redis Sentinel, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
+**Default**: 6.0.10.1<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+```yaml
+sysdig:
+  redis6SentinelVersion: 6.0.10.1
+```
 
+## **sysdig.redis6ExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
+**Options**:<br>
+**Default**: 1.15.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      requests:
-        memory: 200Mi
+  redis6ExporterVersion: 1.15.1.1
 ```
 
-## **sysdig.resources.api.limits.cpu**
+
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api pods<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
+| small        | 2      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api pods<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api pods<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
+| medium       | 2        |
 | large        | 4        |
 
 **Example**:
@@ -2692,81 +2937,80 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api pods<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 8Gi      |
+| medium       | 8Gi      |
+| large        | 8Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       requests:
-        memory: 200Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
+| small        | 8Gi    |
 | medium       | 8Gi    |
-| large        | 16Gi   |
-
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2781,21 +3025,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
+| small        | 4Gi      |
+| medium       | 4Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -2803,170 +3047,156 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2974,27 +3204,27 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
+| small        | 2      |
 | medium       | 4      |
 | large        | 4      |
 
@@ -3003,14 +3233,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3018,7 +3248,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -3026,14 +3256,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3041,73 +3271,73 @@ sysdig:
 | ------------ | -------- |
 | small        | 500m     |
 | medium       | 1        |
-| large        | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
+| small        | 500Mi    |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -3115,88 +3345,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3204,89 +3434,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3294,58 +3523,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3353,21 +3582,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3375,7 +3604,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3383,36 +3612,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3420,248 +3649,197 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
-**Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
-**Options**:<br>
-**Default**: 0 3 * * *<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
-```
-
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: 23h<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
-**Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
-**Options**:<br>
-**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    ingressControllerHaProxy:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.ingressControllerHaProxy.limits.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: 1s<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
-**Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
-**Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    ingressControllerHaProxy:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: mysql<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 100m     |
+| large        | 100m     |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
-**Required**: `false`<br>
-**Description**: Default value for the date policy<br>
-**Options**:<br>
-**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
+  resources:
+    ingressControllerHaProxy:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+## **sysdig.resources.ingressControllerHaProxy.requests.memory**
 **Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
+**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: 5<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
-**Options**:<br>
-**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
+  resources:
+    ingressControllerHaProxy:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
-| large        | 1      |
+| small        | 125m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
+## **sysdig.resources.ingressControllerRsyslog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| small        | 50Mi   |
+| medium       | 100Mi  |
+| large        | 100Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 50m     |
+| medium       | 50m     |
+| large        | 50m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.ingressControllerRsyslog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 20Mi     |
+| medium       | 20Mi     |
+| large        | 20Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       requests:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: The amount of cpu assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3669,21 +3847,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: The amount of memory assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3691,7 +3869,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3699,14 +3877,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: The amount of cpu required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3714,21 +3892,21 @@ sysdig:
 | ------------ | -------- |
 | small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: The amount of memory required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3736,51 +3914,51 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.resources.apiNginx.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: The amount of cpu assigned to nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.resources.apiNginx.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: The amount of memory assigned to nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -3788,178 +3966,177 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.resources.apiNginx.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 300m     |
+| small        | 500m     |
 | medium       | 500m     |
-| large        | 1        |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       requests:
-        cpu: 300m
+        cpu: 500m
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.resources.apiNginx.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: The amount of memory required to schedule nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       requests:
-        memory: 1Gi
+        memory: 100Mi
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.resources.apiEmailRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    apiEmailRenderer:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
+## **sysdig.resources.apiEmailRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    apiEmailRenderer:
       limits:
-        memory: 4Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.resources.apiEmailRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    apiEmailRenderer:
       requests:
         cpu: 500m
 ```
 
-## **sysdig.resources.netsec-ingest.requests.memory**
+## **sysdig.resources.apiEmailRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
-      limits:
-        memory: 2Gi
+    apiEmailRenderer:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3967,88 +4144,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       requests:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -4056,146 +4233,147 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       limits:
-        memory: 2Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-api.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4210,111 +4388,112 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-core:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.memory**
+## **sysdig.resources.anchore-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-api:
       limits:
-        memory: 500Mi
+        cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.cpu**
+## **sysdig.resources.anchore-catalog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
-      requests:
-        cpu: 250m
+    anchore-catalog:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.memory**
+## **sysdig.resources.anchore-policy-engine.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
-      requests:
-        memory: 50Mi
+    anchore-policy-engine:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    anchore-core:
       limits:
-        cpu: 250m
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.memory**
+
+## **sysdig.resources.anchore-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -4322,265 +4501,268 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    anchore-api:
       limits:
-        memory: 200Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
+
+## **sysdig.resources.anchore-catalog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
-      requests:
-        cpu: 250m
+    anchore-catalog:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.memory**
+
+## **sysdig.resources.anchore-policy-engine.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
-      requests:
-        memory: 50Mi
+    anchore-policy-engine:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-api.limits.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
-      limits:
+    anchore-core:
+      requests:
         cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.limits.memory**
+## **sysdig.resources.anchore-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
-      limits:
-        memory: 500Mi
+    anchore-api:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    anchore-policy-engine:
       requests:
-        memory: 50Mi
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.limits.cpu**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
-      limits:
-        cpu: 1
+    anchore-core:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.limits.memory**
+## **sysdig.resources.anchore-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
-      limits:
-        memory: 500Mi
+    anchore-api:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    anchore-policy-engine:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-overview-api.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.secure-overview-api.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4588,88 +4770,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.secure-overview-api.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.secure-overview-api.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       requests:
-        memory: 512Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-prometheus.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.secure-prometheus.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4677,417 +4859,382 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.secure-prometheus.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.secure-prometheus.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-api.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-api.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-gatherer.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.events-gatherer.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-gatherer.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-gatherer.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       requests:
-        memory: 250Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-dispatcher.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**: 0 3 * * *<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        cpu: 1
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
 ```
 
-## **sysdig.resources.events-dispatcher.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Description**: Max execution duration for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
-
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        memory: 250Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.events-dispatcher.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        cpu: 250m
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
 ```
 
-## **sysdig.resources.events-dispatcher.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Description**: Artifical delay after each image deletion<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        memory: 50Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        cpu: 1
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Description**: Scanning DB engine<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        cpu: 250m
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Description**: Default value for the tags policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 5<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        memory: 50Mi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
 ```
 
-## **sysdig.resources.events-forwarder.limits.cpu**
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
+| small        | 300m   |
+| medium       | 500m   |
 | large        | 1      |
 
 **Example**:
@@ -5095,1852 +5242,4867 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-forwarder.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-forwarder.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-forwarder.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       requests:
-        memory:  50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-janitor.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    scanningAdmissionControllerApi:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-janitor.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
+**Description**: The amount of memory assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    scanningAdmissionControllerApi:
       limits:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.events-janitor.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    scanningAdmissionControllerApi:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.events-janitor.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    admission-controller-api:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.restrictPasswordLogin**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
 **Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of cpu assigned to admission-controller-api PG
+migrate containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  restrictPasswordLogin: true
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.rsyslogVersion**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
+**Description**: The amount of memory assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
-**Default**: 8.34.0.7<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 256Mi  |
+| medium     | 256Mi  |
+| large      | 256Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  rsyslogVersion: 8.34.0.7
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        memory: 256Mi
 ```
 
-## **sysdig.smtpFromAddress**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
 **Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
+**Description**: The amount of cpu required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  100m  |
+| medium     |  100m  |
+| large      |  100m  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpFromAddress: from-address@my-company.com
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      requests:
+        cpu: 100m
 ```
 
-## **sysdig.smtpPassword**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
 **Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Description**: The amount of memory required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
+  resources:
+    admission-controller-api-pg-migrate:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.smtpProtocolSSL**
+## **sysdig.resources.reporting-init.limits.cpu**
 **Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The amount of cpu assigned to reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolSSL: true
+  resources:
+    reporting-init:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.smtpProtocolTLS**
+## **sysdig.resources.reporting-init.limits.memory**
 **Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The amount of memory assigned to reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolTLS: true
+  resources:
+    reporting-init:
+      limits:
+        memory: 256Mi
 ```
 
-## **sysdig.smtpServer**
+## **sysdig.resources.reporting-init.requests.cpu**
 **Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
+**Description**: The amount of cpu required to schedule reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServer: smtp.gmail.com
+  resources:
+    reporting-init:
+      requests:
+        cpu: 100m
 ```
 
-## **sysdig.smtpServerPort**
+## **sysdig.resources.reporting-init.requests.memory**
 **Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
+**Description**: The amount of memory required to schedule reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServerPort: 587<br>
+  resources:
+    reporting-init:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.smtpUser**
+## **sysdig.resources.reporting-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
+**Description**: The amount of cpu assigned to reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  smtpUser: bob+alice@gmail.com<br>
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1500m    |
+| medium       | 1500m    |
+| large        | 1500m    |
 
-## **sysdig.tolerations**
-**Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
+  resources:
+    reporting-api:
+      limits:
+        cpu: 1500m
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.resources.reporting-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of memory assigned to reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1536Mi   |
+| medium       | 1536Mi   |
+| large        | 1536Mi   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 5
+  resources:
+    reporting-api:
+      limits:
+        memory: 1536Mi
 ```
 
-## **sysdig.anchoreWorkerReplicaCount**
+## **sysdig.resources.reporting-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Description**: The amount of cpu required to schedule reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreWorkerReplicaCount: 5
+  resources:
+    reporting-api:
+      requests:
+        cpu: 200m
 ```
 
-## **sysdig.apiReplicaCount**
+## **sysdig.resources.reporting-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of memory required to schedule reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  apiReplicaCount: 5
+  resources:
+    reporting-api:
+      requests:
+        memory: 256Mi
 ```
 
-## **sysdig.cassandraReplicaCount**
+## **sysdig.resources.reporting-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of cpu assigned to reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2        |
+| medium       | 2        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraReplicaCount: 20
+  resources:
+    reporting-worker:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.collectorReplicaCount**
+## **sysdig.resources.reporting-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of memory assigned to reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 16Gi     |
+| medium       | 16Gi     |
+| large        | 16Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  collectorReplicaCount: 7
+  resources:
+    reporting-worker:
+      limits:
+        memory: 16Gi
 ```
 
-## **sysdig.activityAuditWorkerReplicaCount**
+## **sysdig.resources.reporting-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
+**Description**: The amount of cpu required to schedule reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditWorkerReplicaCount: 20
+  resources:
+    reporting-worker:
+      requests:
+        cpu: 200m
 ```
 
-## **sysdig.activityAuditApiReplicaCount**
+## **sysdig.resources.reporting-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
+**Description**: The amount of memory required to schedule reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 10Gi     |
+| medium       | 10Gi     |
+| large        | 10Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditApiReplicaCount: 20
+  resources:
+    reporting-worker:
+      requests:
+        memory: 10Gi
 ```
 
-## **sysdig.policyAdvisorReplicaCount**
+## **sysdig.secure.scanning.reporting.debug**
 **Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
+**Description**: Enable logging at debug level<br>
 **Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Default**: false<br>
 **Example**:
 
 ```yaml
 sysdig:
-  policyAdvisorReplicaCount: 20
+  secure:
+    scanning:
+      reporting:
+        debug: false
 ```
 
-## **sysdig.netsecApiReplicaCount**
+## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
+**Description**: Reporting GRPC endpoint<br>
 **Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  netsecApiReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
 ```
 
-## **sysdig.netsecIngestReplicaCount**
+## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  netsecIngestReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.secure.scanning.reporting.storageDriver**
 **Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: Storage kind for generated reports<br>
+**Options**: postgres, fs, s3<br>
+**Default**: postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 2
+  secure:
+    scanning:
+      reporting:
+        storageDriver: postgres
 ```
 
-## **sysdig.scanningApiReplicaCount**
+## **sysdig.secure.scanning.reporting.storageCompression**
 **Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: Compression format for generated reports<br>
+**Options**: zip, gzip, none<br>
+**Default**: zip<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningApiReplicaCount: 3
+  secure:
+    scanning:
+      reporting:
+        storageCompression: zip
 ```
 
-## **sysdig.elasticsearchReplicaCount**
+## **sysdig.secure.scanning.reporting.storageFsDir**
 **Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
+**Description**: The directory where reports will saved (required when using `fs` driver)<br>
+**Options**: <br>
+**Default**: .<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchReplicaCount: 20
+  secure:
+    scanning:
+      reporting:
+        storageFsDir: /reports
 ```
 
-## **sysdig.workerReplicaCount**
+## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
 **Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
+**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
+**Options**: <br>
+**Default**: 1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  workerReplicaCount: 7
+  secure:
+    scanning:
+      reporting:
+        storagePostgresRetentionDays: 1
 ```
 
-## **sysdig.alerterReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Bucket**
 **Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
+**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  alerterReplicaCount: 7
+  secure:
+    scanning:
+      reporting:
+        storageS3Bucket: secure-scanning-reporting
 ```
 
-## **sysdig.eventsGathererReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Prefix**
 **Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
+**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsGathererReplicaCount: 2
+  secure:
+    scanning:
+      reporting:
+        storageS3Prefix: reports
 ```
 
-## **sysdig.eventsAPIReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Endpoint**
 **Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsAPIReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        storageS3Endpoint: s3.example.com
 ```
 
-## **sysdig.eventsDispatcherReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Region**
 **Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsDispatcherReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        storageS3Region: us-east-1
 ```
 
-## **sysdig.eventsForwarderReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
 **Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
-
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderReplicaCount: 2
+  secure:
+    scanning:
+      reporting:
+        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
 ```
 
-## **sysdig.eventsForwarderAPIReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
 **Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderAPIReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
-**Options**:<br>
-**Default**:<br>
+## **sysdig.secure.scanning.reporting.workerSleepTime**
+**Required**: `false`<br>
+**Description**: The sleep interval between two runs of the reporting worker<br>
+**Options**: <br>
+**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
+  secure:
+    scanning:
+      reporting:
+        workerSleepTime: 120s
 ```
 
-## **sysdig.admin.password**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
+  resources:
+    policy-advisor:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.api.jvmOptions**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+  resources:
+    policy-advisor:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.certificate.generate**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    generate: true
+  resources:
+    policy-advisor:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.certificate.crt**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    crt: certs/server.crt
+  resources:
+    policy-advisor:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.certificate.key**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    key: certs/server.key
+  resources:
+    netsec-api:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.collector.dnsName**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
+  resources:
+    netsec-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.collector.jvmOptions**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+  resources:
+    netsec-api:
+      requests:
+        cpu: 300m
 ```
 
-## **sysdig.collector.certificate.generate**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
+**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
 sysdig:
-  collector:
-    certificate:
-      generate: true
+  resources:
+    netsec-api:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.collector.certificate.crt**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
+  resources:
+    netsec-ingest:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.collector.certificate.key**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 4Gi
 ```
 
-## **sysdig.worker.jvmOptions**
+## **sysdig.resources.netsec-ingest.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.netsec-ingest.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.netsec-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.netsec-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.netsec-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      requests:
+        cpu: 1
+```
+
+## **sysdig.resources.netsec-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.resources.nats-streaming.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.nats-streaming.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.nats-streaming.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.nats-streaming.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.resources.activity-audit-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.activity-audit-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.activity-audit-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.profiling-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.profiling-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.secure-overview-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-overview-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.secure-overview-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-overview-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
+```
+
+## **sysdig.resources.secure-prometheus.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-prometheus.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.secure-prometheus.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-prometheus.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.events-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-gatherer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.events-gatherer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.events-gatherer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-gatherer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-dispatcher.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-dispatcher.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        memory:  50Mi
+```
+
+## **sysdig.resources.events-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.events-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+**Required**: `false`<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+**Required**: `false`<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+**Required**: `false`<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+**Required**: `false`<br>
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br>
+```
+
+## **sysdig.smtpUser**
+**Required**: `false`<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br>
+```
+
+## **sysdig.tolerations**
+**Required**: `false`<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 5
+```
+
+## **sysdig.anchoreAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore API replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreAPIReplicaCount: 4
+```
+
+## **sysdig.anchoreCatalogReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCatalogReplicaCount: 4
+```
+
+## **sysdig.anchorePolicyEngineReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchorePolicyEngineReplicaCount: 4
+```
+
+## **sysdig.anchoreWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreWorkerReplicaCount: 5
+```
+
+## **sysdig.apiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  apiReplicaCount: 5
+```
+
+## **sysdig.cassandraReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandraReplicaCount: 20
+```
+
+## **sysdig.collectorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  collectorReplicaCount: 7
+```
+
+## **sysdig.activityAuditWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditWorkerReplicaCount: 20
+```
+
+## **sysdig.activityAuditApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditApiReplicaCount: 20
+```
+
+## **sysdig.policyAdvisorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  policyAdvisorReplicaCount: 20
+```
+
+## **sysdig.scanningAdmissionControllerAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of scanning Admission Controller API replicas, this is
+a noop for clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningAdmissionControllerAPIReplicaCount: 1
+```
+
+## **sysdig.netsecApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecApiReplicaCount: 1
+```
+
+## **sysdig.netsecIngestReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecIngestReplicaCount: 1
+```
+## **sysdig.netsecCommunicationShards**
+**Required**: `false`<br>
+**Description**: Number of Netsec communications index shards.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 9     |
+| large        | 15    |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecCommunicationShards: 5
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 2
+```
+
+## **sysdig.scanningApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Scanning API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningApiReplicaCount: 3
+```
+
+## **sysdig.elasticsearchReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchReplicaCount: 20
+```
+
+## **sysdig.workerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  workerReplicaCount: 7
+```
+
+## **sysdig.alerterReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
+## **sysdig.eventsGathererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsGathererReplicaCount: 2
+```
+
+## **sysdig.eventsAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsAPIReplicaCount: 1
+```
+
+## **sysdig.eventsDispatcherReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsDispatcherReplicaCount: 1
+```
+
+## **sysdig.eventsForwarderReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderReplicaCount: 2
+```
+
+## **sysdig.eventsForwarderAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderAPIReplicaCount: 1
+```
+
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
+```
+
+## **sysdig.admin.password**
+**Required**: `false`<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    password: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.api.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+```
+
+## **sysdig.certificate.generate**
+**Required**: `false`<br>
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    generate: true
+```
+
+## **sysdig.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    crt: certs/server.crt
+```
+
+## **sysdig.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    key: certs/server.key
+```
+
+## **sysdig.collector.dnsName**
+**Required**: `false`<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
+```
+
+## **sysdig.collector.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.collector.certificate.generate**
+**Required**: `false`<br>
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      generate: true
+```
+
+## **sysdig.collector.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
+```
+
+## **sysdig.collector.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
+```
+## **sysdig.worker.enabled**
+**Required**: `false`<br>
+**Description**: Enables Sysdig Worker component<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    enabled: true
+```
+
+## **sysdig.worker.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  apiKey: replace_with_your_monitor_access_key
+```
+
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    settings:
+      limit: 1500
+```
+
+## **agent.collectorEndpoint**
+**Required**: `false`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
+```
+
+## **agent.collectorPort**
+**Required**: `false`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
+**Example**:
+
+```yaml
+agent:
+  collectorPort: 6443
+```
+
+## **agent.namespace**
+**Required**: `false`<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Options**: <br>
+**Default**: `agent`<br>
+**Example**:
+
+```yaml
+agent:
+  namespace: sysdig-agent
+```
+
+## **agent.useSlim**
+**Required**: `false`<br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  useSlim: true
+```
+
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
+**Example**:
+
+```yaml
+agent:
+  version: 1.10.1
+```
+
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  useSSL: false
+```
+
+## **agent.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  verifySSL: false
+```
+
+## **agent.clusterName**
+**Required**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
+**Example**:
+
+```yaml
+agent:
+  clusterName: false
+```
+
+## **agent.tags**
+**Required**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  tags: environment:production linux:ubuntu
+```
+
+## **agent.capturesEnabled**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  capturesEnabled: false
+```
+
+## **agent.feature_mode**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
+**Example**:
+
+```yaml
+agent:
+  feature_mode: troubleshooting
+```
+
+## **agent.timezone**
+**Required**: `false`<br>
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  timezone: America/New_York.
+```
+
+## **agent.proxy.httpProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
+```
+
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
+```
+
+## **agent.proxy.noProxy**
+**Required**: `false`<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
+```
+
+## **agent.snaplenPortRange.start**
+**Required**: `false`<br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.snaplenPortRange.end**
+**Required**: `false`<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.customKernelModules.enabled**
+**Required**: `false`<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  customKernelModules:
+    enabled: true
+```
+
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    enabled: true
+```
+
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    commandLineCapturesEnabled: true
+```
+
+## **agent.secure.memoryDumpEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    memoryDumpEnabled: true
+```
+
+## **agent.secure.settings.k8sAuditServerURL**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
+```
+
+## **agent.secure.settings.k8sAuditServerPort**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
+```
+
+## **agent.prometheus.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    enabled: true
+```
+
+## **agent.prometheus.settings.interval**
+**Required**: `false`<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      interval: 30
+```
+
+## **agent.prometheus.settings.logErrors**
+**Required**: `false`<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      logErrors: true
+```
+
+## **agent.prometheus.settings.maxMetrics**
+**Required**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
+```
+
+## **agent.prometheus.settings.maxMetricsPerProcess**
+**Required**: `false`<br>
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
+```
+
+## **agent.prometheus.settings.maxTagsPerMetric**
+**Required**: `false`<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
+```
+
+## **agent.prometheus.settings.histograms**
+**Required**: `false`<br>
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
+
+## **agent.statsd.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    enabled: true
+```
+
+## **agent.statsd.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    settings:
+      limit: 1000
+```
+
+## **agent.jmx.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    enabled: true
+```
+
+## **agent.jmx.settings.limit**
+**Required**: `false`<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    settings:
+      limit: 1000
+```
+
+## **agent.ebpf.enabled**
+**Required**: `false`<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    enabled: true
+```
+
+## **agent.ebpf.settings.mountEtcVolume**
+**Required**: `false`<br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
+```
+
+## **agent.appChecks.elasticsearch.authEnabled**
+**Required**: `false`<br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
+```
+
+## **agent.appChecks.elasticsearch.url**
+**Required**: `false`<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
+```
+
+## **agent.appChecks.elasticsearch.port**
+**Required**: `false`<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
+```
+
+## **agent.appChecks.elasticsearch.username**
+**Required**: `false`<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
+```
+
+## **agent.appChecks.elasticsearch.password**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **sysdig.alerter.jvmOptions**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **agent.apiKey**
-**Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  apiKey: replace_with_your_monitor_access_key
+  appChecks:
+    kafka:
+      enabled: true
 ```
 
-## **agent.appChecks.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
   appChecks:
-    settings:
-      limit: 1500
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **agent.collectorEndpoint**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **agent.collectorPort**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: `1024-65535`<br>
-**Default**: `6443`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  collectorPort: 6443
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **agent.namespace**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
-**Default**: `agent`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  namespace: sysdig-agent
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **agent.useSlim**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  useSlim: true
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **agent.version**
-**Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
-**Options**: <br>
-**Default**: `latest`<br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  version: 1.10.1
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **agent.useSSL**
-**Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  useSSL: false
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **agent.verifySSL**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Description**: Whether to enable mysql app check.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  verifySSL: false
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **agent.clusterName**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  clusterName: false
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **agent.tags**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  tags: environment:production linux:ubuntu
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **agent.capturesEnabled**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: TBD.<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  capturesEnabled: false
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **agent.feature_mode**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
+
 **Example**:
 
 ```yaml
 agent:
-  feature_mode: troubleshooting
+  resources:
+    limits:
+      cpu: 2
 ```
 
-## **agent.timezone**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:  The amount of memory assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
+
 **Example**:
 
 ```yaml
 agent:
-  timezone: America/New_York.
+  resources:
+    limits:
+      memory: 2
 ```
 
-## **agent.proxy.httpProxy**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
+
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
+  resources:
+    requests:
+      cpu: 2
 ```
 
-## **agent.proxy.httpsProxy**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
+
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
+  resources:
+    requests:
+      memory: 2
 ```
 
-## **agent.proxy.noProxy**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
-## **agent.snaplenPortRange.start**
-**Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **agent.snaplenPortRange.end**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
+
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **agent.customKernelModules.enabled**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Options**:<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
-agent:
-  customKernelModules:
-    enabled: true
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **agent.secure.enabled**
+## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
 **Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Max duration after the last ping from an AC before it is considered
+disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
+**Options**:<br>
+**Default**: 10m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    enabled: true
+    scanning:
+      admissionControllerAPI:
+        maxDurationBeforeDisconnection: 20m
 ```
 
-## **agent.secure.commandLineCapturesEnabled**
+## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: TTL of the cache for the cluster configuration. It should be
+used by the AC as polling interval to retrieve the updated cluster configuration
+from the API. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    commandLineCapturesEnabled: true
+    scanning:
+      admissionControllerAPI:
+        confTTLDuration: 10m
 ```
 
-## **agent.secure.memoryDumpEnabled**
+## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: TTL of an AC ping. It should be used by the AC as polling
+interval to perform a HEAD on the ping endpoint to notify it's still alive and
+connected. It cannot be greater than 30m and it cannot be greater than
+maxDurationBeforeDisconnection<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    memoryDumpEnabled: true
+    scanning:
+      admissionControllerAPI:
+        pingTTLDuration: 8m
 ```
 
-## **agent.secure.settings.k8sAuditServerURL**
+## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
+**Description**: Max duration of the cluster configuration cache. The API returns
+this value as max-age in seconds and the FE uses it for caching the cluster
+configuration. FE also asks for a new cluster configuration using this value
+as time interval. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
+    scanning:
+      admissionControllerAPI:
+        clusterConfCacheMaxDuration: 9m
 ```
 
-## **agent.secure.settings.k8sAuditServerPort**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Options**:<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-## **agent.prometheus.enabled**
+## **sysdig.scanningAlertMgrForceAutoScan**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Options**:<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    enabled: true
+sysdig:
+  scanningAlertMgrForceAutoScan: false
 ```
 
-## **agent.prometheus.settings.interval**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
+**Description**: Cronjob schedule<br>
+**Options**:<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-## **agent.prometheus.settings.logErrors**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **agent.prometheus.settings.maxMetrics**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```
 
-## **agent.prometheus.settings.maxMetricsPerProcess**
+
+## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Whether to enable metadata-service or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
+sysdig:
+  metadataService:
+    enabled: true
 ```
 
-## **agent.prometheus.settings.maxTagsPerMetric**
+## **sysdig.resources.metadataService.limits.cpu**
 **Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
+**Description**: The amount of cpu assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
 ```
 
-## **agent.prometheus.settings.histograms**
+## **sysdig.resources.metadataService.limits.memory**
 **Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of memory assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      histograms: 3000
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **agent.statsd.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+## **sysdig.resources.metadataService.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
-agent:
-  statsd:
-    enabled: true
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **agent.statsd.settings.limit**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **agent.jmx.enabled**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
-agent:
-  jmx:
-    enabled: true
+sysdig:
+  metadataServiceReplicaCount: 4
 ```
 
-## **agent.jmx.settings.limit**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
-agent:
-  jmx:
-    settings:
-      limit: 1000
+sysdig:
+  metadataServiceVersion: 1.0.1.12
 ```
 
-## **agent.ebpf.enabled**
+## **sysdig.helmRenderer.enabled**
 **Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
+**Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  ebpf:
+sysdig:
+  helmRenderer:
     enabled: true
 ```
 
-## **agent.ebpf.settings.mountEtcVolume**
+## **sysdig.resources.helmRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
+**Description**: The amount of cpu assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
-## **agent.appChecks.elasticsearch.authEnabled**
-**Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        cpu: 2
 ```
 
-## **agent.appChecks.elasticsearch.url**
+## **sysdig.resources.helmRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The amount of memory assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        memory: 10Mi
 ```
 
-## **agent.appChecks.elasticsearch.port**
+## **sysdig.resources.helmRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: The amount of cpu required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        cpu: 2
 ```
 
-## **agent.appChecks.elasticsearch.username**
+## **sysdig.resources.helmRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The amount of memory required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        memory: 200Mi
 ```
 
-## **agent.appChecks.elasticsearch.password**
+## **sysdig.helmRendererReplicaCount**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+sysdig:
+  helmRendererReplicaCount: 4
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **sysdig.helmRendererVersion**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
+**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 0.1.32<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  helmRendererVersion: 0.1.32
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.activityAudit.enabled**
+**Required**: `false`<br>
+**Description**: Enable activity audit for Sysdig secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
+sysdig:
+  secure:
+    activityAudit:
       enabled: true
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **sysdig.secure.activityAudit.janitor.retentionDays**
+**Required**: `false`<br>
+**Description**: Retention period for Activity Audit data.<br>
+**Options**:<br>
+**Default**: 90<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
+sysdig:
+  secure:
+    activityAudit:
+      janitor:
+        retentionDays: 90
 ```
 
-## **agent.appChecks.kafka.url**
+## **sysdig.secure.anchore.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable anchore for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+sysdig:
+  secure:
+    anchore:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.port**
+## **sysdig.secure.compliance.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Enable compliance for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      port: 9200
+sysdig:
+  secure:
+    compliance:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **sysdig.secure.netsec.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable netsec for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+sysdig:
+  secure:
+    netsec:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.zk.port**
+## **sysdig.secure.overview.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Enable overview for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+sysdig:
+  secure:
+    overview:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.padvisor.enabled**
+**Required**: `false`<br>
+**Description**: Enable policy advisor for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
+sysdig:
+  secure:
+    padvisor:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.profiling.enabled**
+**Required**: `false`<br>
+**Description**: Enable profiling for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+sysdig:
+  secure:
+    profiling:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **sysdig.secure.scanning.reporting.enabled**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable reporting for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      enabled: true
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        enabled: true
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **sysdig.secure.scanning.enabled**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable scanning for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+sysdig:
+  secure:
+    scanning:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.user**
+## **sysdig.secure.events.enabled**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable events for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+sysdig:
+  secure:
+    events:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.password**
+## **sysdig.secure.eventsForwarder.enabled**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable events forwarder for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+sysdig:
+  secure:
+    eventsForwarder:
+      enabled: true
 ```
 
-## **agent.resources.limits.cpu**
+## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
+**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      cpu: 2
+    rapid-response-connector:
+      limits:
+        cpu: 1
 ```
 
-## **agent.resources.limits.memory**
+## **sysdig.resources.rapid-response-connector.limits.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
+**Description**: The amount of memory assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      memory: 2
+    rapid-response-connector:
+      limits:
+        memory: 500Mi
 ```
 
-## **agent.resources.requests.cpu**
+## **sysdig.resources.rapid-response-connector.requests.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      cpu: 2
+    rapid-response-connector:
+      requests:
+        cpu: 250m
 ```
 
-## **agent.resources.requests.memory**
+## **sysdig.resources.rapid-response-connector.requests.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
+**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      memory: 2
+    rapid-response-connector:
+      requests:
+        memory: 50Mi
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **sysdig.rapidResponseConnectorReplicaCount**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Description**: Number of Sysdig rapid-response-connector replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+sysdig:
+  rapidResponseConnectorReplicaCount: 1
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **sysdig.secure.rapidResponse.enabled**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Description**: Whether to deploy rapid response or not.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Default**: false<br>
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+sysdig:
+  secure:
+    rapidResponse:
+      enabled: false
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **sysdig.secure.rapidResponse.validationCodeLength**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Description**: Length of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: ""<br>
+**Default**: 6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+  secure:
+    rapidResponse:
+      validationCodeLength: 8
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: "5"<br>
+**Default**: 180<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+  secure:
+    rapidResponse:
+      validationCodeSecondsDuration: 8
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
+**Description**: Global duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Default**: 7200<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+    rapidResponse:
+      sessionTotalSecondsTTL: 7200
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+
+## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Description**: Idle duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "disable"<br>
+**Default**: 300<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+    rapidResponse:
+      sessionIdleSecondsTTL: 300
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+
+## **sysdig.secure.scanning.feedsEnabled**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
-**Example**:
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
+**Example**:
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+    scanning:
+      feedsEnabled: true
+```
+
+## **sysdig.feedsAPIVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds API version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsAPIVersion: 0.5.0
+```
+
+## **sysdig.feedsDBVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds database version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsDBVersion: 0.5.0-2020-03-11
 ```

From da0b0b4f96ed21c50cc4186d6b47d5b74290a385 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 16 Dec 2021 17:53:19 +0000
Subject: [PATCH 094/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 -
 installer/docs/configuration_parameters.md | 8102 ++++++--------------
 3 files changed, 2474 insertions(+), 5680 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..21fff9e4 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [installer releases
-  page](https://github.com/draios/installer/releases).
+  [sysdigcloud-kubernetes releases
+  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.5.1-1-uber
+  docker pull quay.io/sysdig/installer:3.6.4-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.6.4-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 6617e8ba..8c5de38a 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,47 +104,3 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
-
-## Airgapped installations
-
-### Method for automatically updating the feeds database in airgapped environments
-This is a procedure that can be used to automatically update the feeds database:
-
-1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
-2. move the file from the jumpbox server to the customer airgapped environment (optional)
-3. load the image file and push it to the customer's airgapped image registry
-4. restart the pod sysdigcloud-feeds-db
-5. restart the pod feeds-api
-
-Finally, steps 1 to 5 will be performed periodically once a day.
-
-This is an example script that contains all the steps:
-```bash
-#!/bin/bash
-QUAY_USERNAME="<change_me>"
-QUAY_PASSWORD="<change_me>"
-
-# Download image
-docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/vuln-feed-database:latest
-# Save image
-docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
-# Optionally move image
-mv vuln-feed-database.tar /var/shared-folder
-# Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
-# Push image remotely
-ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
-ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
-# Restart database pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
-# Restart feeds-api pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
-```
-
-The script can be scheduled using a cron job that run every day
-```bash
-0 8 * * * feeds-database-update.sh >/dev/null 2>&1
-```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 8d5fdddc..3b35c54e 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -72,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
-and [full airgap instructions](../README.md#full-airgap-install) for more
+multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
+and [full airgap instructions](../usage.md#full-airgap-installation) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`<br>
+**Required**: `false`
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -124,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift|goldman`<br>
+**Options**: `iks|kubernetes|openshift`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -321,33 +321,6 @@ elasticsearch:
   useES6: true
 ```
 
-## **elasticsearch.enableMetrics**
-**Required**: `false`<br>
-**Description**:
-Allow Elasticsearch to export prometheus metrics.
-
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-elasticsearch:
-  enableMetrics: true
-```
-
-## **sysdig.elasticsearchExporterVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
-`elasticsearch.enableMetrics` is `true`.<br>
-**Options**:<br>
-**Default**: v1.2.0<br>
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchExporterVersion: v1.2.0
-```
-
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -693,61 +666,40 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
-**Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
-**Options**:<br>
-**Default**: 10Gi<br>
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    nats: 10Gi
-```
-
-## **pvStorageSize.medium.nats**
+## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Description**: Docker image tag of Activity Audit services.<br>
 **Options**:<br>
-**Default**: 10Gi<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
-pvStorageSize:
-  medium:
-    nats: 10Gi
+sysdig:
+  activityAuditVersion: 3.6.4.11009
 ```
 
-## **pvStorageSize.small.nats**
+## **sysdig.profilingVersion**
 **Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Description**: Docker image tag of Profiling services.<br>
 **Options**:<br>
-**Default**: 10Gi<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
-pvStorageSize:
-  small:
-    nats: 10Gi
+sysdig:
+  profilingVersion: 3.6.4.11009
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.32<br>
+**Default**: 0.6.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.32
+  anchoreVersion: 0.8.1.8
 ```
 
 ## **sysdig.accessKey**
@@ -763,19 +715,6 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
-## **sysdig.awsRegion**
-**Required**: `false`<br>
-**Description**: The AWS (or AWS compatible) region to be used by Sysdig
-components to communicate with AWS (or an AWS compatible API).<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  awsRegion: my_aws_region
-```
-
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -830,67 +769,16 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
-## **sysdig.s3.capturesFolder**
-**Required**: `false`<br>
-**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    capturesFolder: my_captures_folder
-```
-
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**: <br>
-**Default**: 2.1.22.4<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraVersion: 2.1.22.4
-```
-
-## **sysdig.cassandraExporterVersion**
-**Required**: `false`<br>
-**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
-**Options**: <br>
-**Default**: latest<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraExporterVersion: latest
-```
-
-## **sysdig.cassandra.useCassandra3**
-**Required**: `false`<br>
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandra:
-    useCassandra3: false
-```
-
-## **sysdig.Cassandra3Version**
-**Required**: `false`<br>
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
-**Options**: <br>
-**Default**: `3.11.11.1`<br>
+**Options**:<br>
+**Default**: 2.1.21.13<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.11.1
+  cassandraVersion: 2.1.21.16
 ```
 
 ## **sysdig.cassandra.external**
@@ -925,7 +813,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`true`<br>
+**Default**:`false`<br>
 **Example**:
 
 ```yaml
@@ -937,9 +825,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
+**Description**: Enables cassandra server and clients communicate over ssl. <br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -949,19 +837,6 @@ sysdig:
    ssl: true
 ```
 
-## **sysdig.cassandra.enableMetrics**
-**Required**: `false`<br>
-**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
- cassandra:
-   enableMetrics: true
-```
-
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1042,7 +917,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**: `-Xms4g -Xmx4g`<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
@@ -1096,31 +971,22 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
-   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
-
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
-PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
 
-This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
-in the same level as `values.yaml`.<br>
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
-certs/custom-java-certs/certificate3.p12
-certs/custom-java-certs/certificate3.p12.passwd
-
-
 values.yaml
 ```
 
@@ -1156,14 +1022,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch.<br>
+**Description**: The docker image tag of Elasticsearch 6.<br>
 **Options**:<br>
-**Default**: 6.8.6.12<br>
+**Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.12
+  elasticsearchVersion: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1275,27 +1141,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.4.11001
+  monitorVersion: 3.6.4.11009
 ```
 
-## **sysdig.secureVersion**
+## **sysdig.scanningVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Secure, if this is not 
-configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Scanning components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.4.11001
+  scanningVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1305,12 +1171,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.4.11001
+  sysdigAPIVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1320,12 +1186,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.4.11001
+  sysdigCollectorVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1335,12 +1201,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.4.11001
+  sysdigWorkerVersion: 3.6.4.11009
 ```
 
 ## **sysdig.enableAlerter**
@@ -1358,101 +1224,6 @@ sysdig:
   enableAlerter: true
 ```
 
-## **sysdig.alertingSystem.enabled**
-**Required**: `false`<br>
-**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    enabled: true
-```
-
-## **sysdig.alertingSystem.alertManager.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertManager.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      apiToken: A_VALID_TOKEN
-```
-
-## **sysdig.alertingSystem.alertNotifier.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertNotifier.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      apiToken: A_VALID_TOKEN
-```
-
-## **sysdig.alertingSystem.alertNotifierReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertNotifier<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifierReplicaCount: 3
-```
-
-## **sysdig.alertingSystem.alertManagerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertManager<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManagerReplicaCount: 3
-```
-
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1527,7 +1298,8 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster
+instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1622,36 +1394,24 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.7.0.1<br>
+**Default**: 0.6.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.7.0.1
+  natsExporterVersion: 0.6.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.22.0.2<br>
-**Example**:
-
-```yaml
-sysdig:
-  natsStreamingVersion: 0.22.0.2
-```
-
-## **sysdig.natsStreamingInitVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of NATS streaming init.<br>
-**Options**:<br>
-**Default**: 0.22.0.2<br>
+**Default**: 0.16.2.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingInitVersion: 0.22.0.2
+  natsStreamingVersion: 0.16.2.1
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1668,36 +1428,6 @@ sysdig:
       enabled: true
 ```
 
-## **sysdig.nats.secure.username**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS username<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS password<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1781,7 +1511,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure` and when `postgres.HA.enabled` is false.<br>
+is `monitor secure`.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1791,730 +1521,597 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: 1.2.5-mysql-to-postgres<br>
+**Default**: [] <br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.postgresql.rootUser**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: Root user of the in-cluster postgresql instance.<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**: `postgres`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootUser: postgres
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
 ```
 
-## **sysdig.postgresql.rootDb**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: Root database of the in-cluster postgresql instance.<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**: `anchore`<br>
+**Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootDb: anchore
+  proxy:
+    enable: true
 ```
 
-## **sysdig.postgresql.rootPassword**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: Password for the root user of the in-cluster postgresql instance.<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**: Autogenerated 16 alphanumeric characters<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootPassword: my_root_password
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.postgresql.primary**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
+**Options**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-```
-
-## **sysdig.postgresql.external**
-**Required**: `false`<br>
-**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-    sysdig:
-      host: my-sysdig-db-external.com
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**: [] <br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.postgresql.pgParameters**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**: ``<br>
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:      
-    pgParameters:
-      max_connections: '1024'
-      shared_buffers: '110MB'
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-
-## **sysdig.postgresql.ha.enabled**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: true if you want to deploy postgreSQL in HA mode.
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      enabled: true
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.postgresql.ha.spiloVersion**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL node in HA mode.
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**: `2.0-p7`<br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      spiloVersion: 2.0-p7
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.postgresql.ha.operatorVersion**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `v1.6.3`<br>
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      operatorVersion: v1.6.3
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.postgresql.ha.exporterVersion**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `latest`<br>
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      exporterVersion: v0.3
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.postgresql.ha.clusterDomain**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `cluster.local`<br>
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      clusterDomain: cluster.local
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.postgresql.ha.replicas**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: number of replicas for postgreSQL nodes in HA mode.
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `3`<br>
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      replicas: 3
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-
-## **sysdig.postgresql.ha.enableExporter**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      enableExporter: true
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
 
-## **sysdig.postgresql.ha.migrate.retryCount**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
 **Options**: `true|false`<br>
-**Default**: `3600`<br>
+**Default**: `false`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retryCount: 3600
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
-**Options**:<br>
-**Default**: `10`<br>
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retrySleepSeconds: 10
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.postgresql.ha.migrate.retainBackup**
+
+## **sysdig.secure.anchore.customCerts**
 **Required**: `false`<br>
-**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retainBackup: true
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: Docker image tag of the migration job from postgres single node to HA mode.
+**Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**: `postgres-to-postgres-ha-0.0.4`<br>
-
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        migrationJobImageVersion: v0.1
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.postgresql.ha.customTls.enabled**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: If set to true will pass to the target pg crd the option to add
-custom certificates and CA
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
+**Options**:<br>
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.postgresql.ha.customTls.crtSecretName**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container certificate and key that will be used in postgres HA for ssl
-NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
-
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
+  redisHa: false
 ```
 
-## **sysdig.postgresql.ha.customTls.caSecretName**
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container the CA certificate that will be used in postgres HA for ssl
-NOTE: the CA certificate file must be called `ca.crt`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
-       caSecretName: sysdigcloud-postgres-tls-ca
-
+  resources:
+    cassandra:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.useNonAdminUsers**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+**Description**: The amount of memory assigned to cassandra pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-    profiling:
-      host: my-profiling-db-external.com
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
-## **sysdig.postgresDatabases.anchore**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-      port: 5432
-      db: anchore_db
-      username: anchore_user
-      password: my_anchore_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.postgresDatabases.profiling**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    profiling:
-      host: my-profiling-db-external.com
-      port: 5432
-      db: anchore_db
-      username: profiling_user
-      password: my_profiling_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.policies**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    policies:
-      host: my-policies-db-external.com
-      port: 5432
-      db: policies_db
-      username: policies_user
-      password: my_policies_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.postgresDatabases.scanning**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    scanning:
-      host: my-scanning-db-external.com
-      port: 5432
-      db: scanning_db
-      username: scanning_user
-      password: my_scanning_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
-## **sysdig.postgresDatabases.reporting**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    reporting:
-      host: my-reporting-db-external.com
-      port: 5432
-      db: reporting_db
-      username: reporting_user
-      password: my_reporting_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.padvisor**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-      port: 5432
-      db: padvisor_db
-      username: padvisor_user
-      password: my_padvisor_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
-## **sysdig.postgresDatabases.sysdig**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    sysdig:
-      host: my-sysdig-db-external.com
-      port: 5432
-      db: sysdig_db
-      username: sysdig_user
-      password: my_sysdig_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.postgresDatabases.serviceOwnerManagement**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    serviceOwnerManagement:
-      host: my-som-db-external.com
-      port: 5432
-      db: som_db
-      username: som_user
-      password: my_som_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
-## **sysdig.postgresDatabases.beacon**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    beacon:
-      host: my-beacon-db-external.com
-      port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.promBeacon**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
-**Example**:
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    promBeacon:
-      host: my-prom-beacon-db-external.com
-      port: 5432
-      db: prom_beacon_db
-      username: prom_beacon_user
-      password: my_prom_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
 
-## **sysdig.postgresDatabases.quartz**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    quartz:
-      host: my-quartz-db-external.com
-      port: 5432
-      db: quartz_db
-      username: quartz_user
-      password: my_quartz_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.postgresDatabases.compliance**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
-**Example**:
+**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    compliance:
-      host: my-compliance-db-external.com
-      port: 5432
-      db: compliance_db
-      username: compliance_user
-      password: my_compliance_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
-## **sysdig.postgresDatabases.admissionController**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    admissionController:
-      host: my-admission-controller-db-external.com
-      port: 5432
-      db: admission_controller_db
-      username: admission_controller_user
-      password: my_admission_controller_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    mysql-router:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.rapidResponse**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-rapid-response-db-external.com
-      port: 5432
-      db: rapid_response_db
-      username: rapid_response_user
-      password: my_rapid_response_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    mysql-router:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
+  resources:
+    mysql-router:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `false`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  resources:
+    mysql-router:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
 **Default**:<br>
 
@@ -2522,414 +2119,483 @@ is configured.<br>
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  resources:
+    mysql:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  resources:
+    mysql:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  resources:
+    mysql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  resources:
+    mysql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  resources:
+    postgresql:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 8Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  resources:
+    postgresql:
+      limits:
+        memory: 8Gi
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
-**Default**: `awesomeclientid`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  resources:
+    postgresql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
-**Default**: `awesomeclientsecret`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  resources:
+    postgresql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
-**Default**: `incoming-webhook`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  resources:
+    redis:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  resources:
+    redis:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  resources:
+    redis:
+      requests:
+        cpu: 2
 ```
-## **sysdig.saml.certificate.name**
+
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The filename of the certificate that will be used for signing SAML requests. 
-The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
-the certificate name used when creating the certificate.<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
+  resources:
+    redis:
+      requests:
+        memory: 2Gi
 ```
-## **sysdig.saml.certificate.password**
+
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The password required to read the certificate that will be used for signing SAML requests. 
-If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
-      password: changeit
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
 
-**Example**:
-```yaml
-sysdig:
-  inactivitySettings:
-    trackerEnabled: true
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
-## **sysdig.inactivitySettings.trackerTimeout**
-**Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
 
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
-**Example**:
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
+**Example**:
 
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.anchore.enableMetrics**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**:
-Allow Anchore to export prometheus metrics.
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
-**Options**: `true|false`<br>
-**Default**: false<br>
 **Example**:
+
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      enableMetrics: true
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 4.0.12.7<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
-**Example**:
-
-```yaml
-sysdig:
-  redisHaVersion: 4.0.12-1.0.1
-```
+**Default**:
 
-## **sysdig.redisHa**
-**Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
-```yaml
-sysdig:
-  redisHa: false
-```
 
-## **sysdig.useRedis6**
-**Required**: `false`<br>
-**Description**: Determines if redis should be installed with version 6.x<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  useRedis6: false
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.redis6Version**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis 6, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 6.0.10.1<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  redis6Version: 6.0.10.1
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
-## **sysdig.redis6SentinelVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Redis Sentinel, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
-**Options**:<br>
-**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redis6SentinelVersion: 6.0.10.1
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.redis6ExporterVersion**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 1.15.1.1<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redis6ExporterVersion: 1.15.1.1
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
 ```
 
-
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
+| medium       | 1        |
 | large        | 4        |
 
 **Example**:
@@ -2937,87 +2603,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8Gi      |
-| medium       | 8Gi      |
-| large        | 8Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       requests:
-        memory: 8Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Description**: The amount of cpu assigned to api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Description**: The amount of memory assigned to api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Description**: The amount of cpu required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
+| medium       | 1        |
 | large        | 4        |
 
 **Example**:
@@ -3025,21 +2692,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Description**: The amount of memory required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -3047,200 +2714,214 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3248,7 +2929,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3256,88 +2937,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500Mi    |
+| small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3345,88 +3026,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3434,88 +3115,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3523,58 +3204,59 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3582,21 +3264,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3604,7 +3286,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 16Gi   |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3612,36 +3294,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
+| small        | 500m     |
 | medium       | 1        |
-| large        | 4        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3649,227 +3331,278 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       limits:
-        memory: 2Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
+**Default**: 0 3 * * *<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 125m   |
-| medium       | 250m   |
-| large        | 250m   |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
+```
 
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+**Required**: `false`<br>
+**Description**: Max execution duration for the retention policy<br>
+**Options**:<br>
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 168h<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 50Mi   |
-| medium       | 100Mi  |
-| large        | 100Mi  |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
+```
 
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+**Required**: `false`<br>
+**Description**: Artifical delay after each image deletion<br>
+**Options**:<br>
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      limits:
-        memory: 1Gi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
+**Default**: sysdigcloud-scanning-api:6000<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m     |
-| medium       | 50m     |
-| large        | 50m     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+```
 
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+**Required**: `false`<br>
+**Description**: Scanning DB engine<br>
+**Options**:<br>
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 90<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 20Mi     |
-| medium       | 20Mi     |
-| large        | 20Mi     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the tags policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      requests:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
+```
+
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api containers in api pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 300m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api containers in api pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3877,88 +3610,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api containers in api pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api containers in api pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.apiNginx.limits.cpu**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nginx containers in api pods<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.apiNginx.limits.memory**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nginx containers in api pods<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3966,88 +3699,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.apiNginx.requests.cpu**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.apiNginx.requests.memory**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nginx containers in api pods<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       requests:
-        memory: 100Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.cpu**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.memory**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4055,88 +3788,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.apiEmailRenderer.requests.cpu**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 300m     |
 | medium       | 500m     |
-| large        | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       requests:
-        cpu: 500m
+        cpu: 300m
 ```
 
-## **sysdig.resources.apiEmailRenderer.requests.memory**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       requests:
-        memory: 100Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| medium       | 6Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -4144,88 +3877,89 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       limits:
-        memory: 10Mi
+        memory: 4Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
-      requests:
-        memory: 200Mi
+    netsec-ingest:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4233,88 +3967,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       requests:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.nats-streaming.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4322,36 +4056,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       limits:
-        memory: 10Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4359,87 +4093,109 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    activity-audit-api:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.limits.cpu**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-api pods<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
+    activity-audit-api:
       limits:
-        cpu: 1
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-catalog.limits.cpu**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        cpu: 1
+    activity-audit-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-policy-engine.limits.cpu**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4454,22 +4210,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-worker:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.activity-audit-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4477,292 +4233,265 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    activity-audit-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-
-## **sysdig.resources.anchore-api.limits.memory**
+## **sysdig.resources.activity-audit-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-api pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      limits:
-        memory: 10Mi
+    activity-audit-worker:
+      requests:
+        cpu: 250m
 ```
 
-
-## **sysdig.resources.anchore-catalog.limits.memory**
+## **sysdig.resources.activity-audit-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-catalog pods<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        memory: 10Mi
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
 ```
 
-
-## **sysdig.resources.anchore-policy-engine.limits.memory**
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-janitor:
       limits:
-        memory: 10Mi
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    anchore-core:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.anchore-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-api pods<br>
-**Options**:<br>
-**Default**:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        cpu: 2
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    activity-audit-janitor:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-janitor:
       requests:
-        cpu: 2
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.profiling-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
-      requests:
-        memory: 200Mi
+    profiling-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.requests.memory**
+## **sysdig.resources.profiling-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-api pods<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        memory: 200Mi
+    profiling-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.memory**
+## **sysdig.resources.profiling-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    profiling-api:
       requests:
-        memory: 200Mi
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.memory**
+## **sysdig.resources.profiling-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    profiling-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.profiling-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.profiling-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4770,88 +4499,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.profiling-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.profiling-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.secure-overview-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.secure-overview-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -4859,89 +4588,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.secure-overview-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.secure-overview-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       requests:
-        memory: 200Mi
+        memory: 512Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.secure-prometheus.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.secure-prometheus.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -4949,620 +4677,565 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.secure-prometheus.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.secure-prometheus.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.events-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.events-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.events-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.events-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
+## **sysdig.resources.events-gatherer.limits.cpu**
 **Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
 **Options**:<br>
-**Default**: 0 3 * * *<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.events-gatherer.limits.memory**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
 **Options**:<br>
-**Default**: 23h<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+## **sysdig.resources.events-gatherer.requests.cpu**
 **Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
 **Options**:<br>
-**Default**: 168h<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.events-gatherer.requests.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
 **Options**:<br>
-**Default**: 1s<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+## **sysdig.resources.events-dispatcher.limits.cpu**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.events-dispatcher.limits.memory**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
 **Options**:<br>
-**Default**: mysql<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
-```
-
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
-**Required**: `false`<br>
-**Description**: Default value for the date policy<br>
-**Options**:<br>
-**Default**: 90<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
-```
-
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
-**Options**:<br>
-**Default**: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
-```
-
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
-**Options**:<br>
-**Default**: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
-```
-
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanning-ve-janitor:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
-
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-dispatcher:
       limits:
-        memory: 10Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.events-dispatcher.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-dispatcher:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.events-dispatcher.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-dispatcher:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
+## **sysdig.resources.events-forwarder-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api containers<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder-api:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
+## **sysdig.resources.events-forwarder-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api containers<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder-api:
       limits:
         memory: 500Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
+## **sysdig.resources.events-forwarder-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
+## **sysdig.resources.events-forwarder-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api containers<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api:
+    events-forwarder-api:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
+## **sysdig.resources.events-forwarder.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-forwarder:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
+## **sysdig.resources.events-forwarder.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 256Mi  |
-| medium     | 256Mi  |
-| large      | 256Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-forwarder:
       limits:
-        memory: 256Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
+## **sysdig.resources.events-forwarder.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  100m  |
-| medium     |  100m  |
-| large      |  100m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-forwarder:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
+## **sysdig.resources.events-forwarder.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api-pg-migrate:
+    events-forwarder:
       requests:
-        memory: 50Mi
+        memory:  50Mi
 ```
 
-## **sysdig.resources.reporting-init.limits.cpu**
+## **sysdig.resources.events-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-init pods<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.reporting-init.limits.memory**
+## **sysdig.resources.events-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-init pods<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       limits:
-        memory: 256Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.reporting-init.requests.cpu**
+## **sysdig.resources.events-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-init pods<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.reporting-init.requests.memory**
+## **sysdig.resources.events-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-init pods<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -5577,4532 +5250,1697 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.reporting-api.limits.cpu**
+## **sysdig.restrictPasswordLogin**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1500m    |
-| medium       | 1500m    |
-| large        | 1500m    |
-
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      limits:
-        cpu: 1500m
+  restrictPasswordLogin: true
 ```
 
-## **sysdig.resources.reporting-api.limits.memory**
+## **sysdig.rsyslogVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-api pods<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1536Mi   |
-| medium       | 1536Mi   |
-| large        | 1536Mi   |
-
+**Default**: 8.34.0.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      limits:
-        memory: 1536Mi
+  rsyslogVersion: 8.34.0.7
 ```
 
-## **sysdig.resources.reporting-api.requests.cpu**
+## **sysdig.smtpFromAddress**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-api pods<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      requests:
-        cpu: 200m
+  smtpFromAddress: from-address@my-company.com
 ```
 
-## **sysdig.resources.reporting-api.requests.memory**
+## **sysdig.smtpPassword**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-api pods<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      requests:
-        memory: 256Mi
+  smtpPassword: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.reporting-worker.limits.cpu**
+## **sysdig.smtpProtocolSSL**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2        |
-| medium       | 2        |
-| large        | 2        |
-
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      limits:
-        cpu: 2
+  smtpProtocolSSL: true
 ```
 
-## **sysdig.resources.reporting-worker.limits.memory**
+## **sysdig.smtpProtocolTLS**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 16Gi     |
-| medium       | 16Gi     |
-| large        | 16Gi     |
-
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      limits:
-        memory: 16Gi
+  smtpProtocolTLS: true
 ```
 
-## **sysdig.resources.reporting-worker.requests.cpu**
+## **sysdig.smtpServer**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
-
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      requests:
-        cpu: 200m
+  smtpServer: smtp.gmail.com
 ```
 
-## **sysdig.resources.reporting-worker.requests.memory**
+## **sysdig.smtpServerPort**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 10Gi     |
-| medium       | 10Gi     |
-| large        | 10Gi     |
-
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      requests:
-        memory: 10Gi
+  smtpServerPort: 587<br>
 ```
 
-## **sysdig.secure.scanning.reporting.debug**
+## **sysdig.smtpUser**
 **Required**: `false`<br>
-**Description**: Enable logging at debug level<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
 **Options**:<br>
-**Default**: false<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        debug: false
+  smtpUser: bob+alice@gmail.com<br>
 ```
 
-## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
+## **sysdig.tolerations**
 **Required**: `false`<br>
-**Description**: Reporting GRPC endpoint<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
 ```
 
-## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  anchoreCoreReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageDriver**
+## **sysdig.anchoreWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: Storage kind for generated reports<br>
-**Options**: postgres, fs, s3<br>
-**Default**: postgres<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageDriver: postgres
+  anchoreWorkerReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageCompression**
+## **sysdig.apiReplicaCount**
 **Required**: `false`<br>
-**Description**: Compression format for generated reports<br>
-**Options**: zip, gzip, none<br>
-**Default**: zip<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageCompression: zip
+  apiReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageFsDir**
+## **sysdig.cassandraReplicaCount**
 **Required**: `false`<br>
-**Description**: The directory where reports will saved (required when using `fs` driver)<br>
-**Options**: <br>
-**Default**: .<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageFsDir: /reports
+  cassandraReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
+## **sysdig.collectorReplicaCount**
 **Required**: `false`<br>
-**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
-**Options**: <br>
-**Default**: 1<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storagePostgresRetentionDays: 1
+  collectorReplicaCount: 7
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Bucket**
+## **sysdig.activityAuditWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Bucket: secure-scanning-reporting
+  activityAuditWorkerReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Prefix**
+## **sysdig.activityAuditApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Prefix: reports
+  activityAuditApiReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Endpoint**
+## **sysdig.policyAdvisorReplicaCount**
 **Required**: `false`<br>
-**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Endpoint: s3.example.com
+  policyAdvisorReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Region**
+## **sysdig.netsecApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Region: us-east-1
+  netsecApiReplicaCount: 1
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
+## **sysdig.netsecIngestReplicaCount**
 **Required**: `false`<br>
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
+  netsecIngestReplicaCount: 1
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-```
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
-## **sysdig.secure.scanning.reporting.workerSleepTime**
-**Required**: `false`<br>
-**Description**: The sleep interval between two runs of the reporting worker<br>
-**Options**: <br>
-**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        workerSleepTime: 120s
+  anchoreCoreReplicaCount: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.scanningApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: Number of Scanning API replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        cpu: 2
+  scanningApiReplicaCount: 3
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        memory: 10Mi
+  elasticsearchReplicaCount: 20
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.workerReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        cpu: 2
+  workerReplicaCount: 7
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.alerterReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        memory: 200Mi
+  alerterReplicaCount: 7
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.eventsGathererReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        cpu: 1
+  eventsGathererReplicaCount: 2
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.eventsAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        memory: 1Gi
+  eventsAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.eventsDispatcherReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        cpu: 300m
+  eventsDispatcherReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.eventsForwarderReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        memory: 1Gi
+  eventsForwarderReplicaCount: 2
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.eventsForwarderAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        cpu: 1
+  eventsForwarderAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
-
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 4Gi
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.admin.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    netsec-ingest:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.netsec-ingest.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
-
-**Example**:
+**Default**:<br>
+**Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 2Gi
+  admin:
+    password: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.api.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        cpu: 1
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+## **sysdig.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        memory: 1Gi
+  certificate:
+    generate: true
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+## **sysdig.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        cpu: 1
+  certificate:
+    crt: certs/server.crt
 ```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+## **sysdig.certificate.key**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        memory: 1Gi
+  certificate:
+    key: certs/server.key
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.collector.dnsName**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        cpu: 2
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.collector.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.collector.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
+  collector:
+    certificate:
+      generate: true
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.collector.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        memory: 1Gi
+  collector:
+    certificate:
+      crt: certs/collector.crt
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.collector.certificate.key**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        cpu: 2
+  collector:
+    certificate:
+      key: certs/collector.key
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.activity-audit-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.activity-audit-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.activity-audit-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.profiling-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.profiling-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.secure-overview-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-overview-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.secure-overview-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-overview-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        memory: 512Mi
-```
-
-## **sysdig.resources.secure-prometheus.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-prometheus.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        memory: 8Gi
-```
-
-## **sysdig.resources.secure-prometheus.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-prometheus.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        memory: 2Gi
-```
-
-## **sysdig.resources.events-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-gatherer.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.events-gatherer.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.events-gatherer.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-gatherer.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-dispatcher.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-dispatcher.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        memory:  50Mi
-```
-
-## **sysdig.resources.events-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.events-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.restrictPasswordLogin**
-**Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  restrictPasswordLogin: true
-```
-
-## **sysdig.rsyslogVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
-**Options**:<br>
-**Default**: 8.34.0.7<br>
-**Example**:
-
-```yaml
-sysdig:
-  rsyslogVersion: 8.34.0.7
-```
-
-## **sysdig.smtpFromAddress**
-**Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpFromAddress: from-address@my-company.com
-```
-
-## **sysdig.smtpPassword**
-**Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.smtpProtocolSSL**
-**Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolSSL: true
-```
-
-## **sysdig.smtpProtocolTLS**
-**Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolTLS: true
-```
-
-## **sysdig.smtpServer**
-**Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServer: smtp.gmail.com
-```
-
-## **sysdig.smtpServerPort**
-**Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServerPort: 587<br>
-```
-
-## **sysdig.smtpUser**
-**Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpUser: bob+alice@gmail.com<br>
-```
-
-## **sysdig.tolerations**
-**Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 5
-```
-
-## **sysdig.anchoreAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore API replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreAPIReplicaCount: 4
-```
-
-## **sysdig.anchoreCatalogReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCatalogReplicaCount: 4
-```
-
-## **sysdig.anchorePolicyEngineReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchorePolicyEngineReplicaCount: 4
-```
-
-## **sysdig.anchoreWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreWorkerReplicaCount: 5
-```
-
-## **sysdig.apiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  apiReplicaCount: 5
-```
-
-## **sysdig.cassandraReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  cassandraReplicaCount: 20
-```
-
-## **sysdig.collectorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  collectorReplicaCount: 7
-```
-
-## **sysdig.activityAuditWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditWorkerReplicaCount: 20
-```
-
-## **sysdig.activityAuditApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditApiReplicaCount: 20
-```
-
-## **sysdig.policyAdvisorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  policyAdvisorReplicaCount: 20
-```
-
-## **sysdig.scanningAdmissionControllerAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of scanning Admission Controller API replicas, this is
-a noop for clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningAdmissionControllerAPIReplicaCount: 1
-```
-
-## **sysdig.netsecApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecApiReplicaCount: 1
-```
-
-## **sysdig.netsecIngestReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecIngestReplicaCount: 1
-```
-## **sysdig.netsecCommunicationShards**
-**Required**: `false`<br>
-**Description**: Number of Netsec communications index shards.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 3     |
-| medium       | 9     |
-| large        | 15    |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecCommunicationShards: 5
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 2
-```
-
-## **sysdig.scanningApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningApiReplicaCount: 3
-```
-
-## **sysdig.elasticsearchReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchReplicaCount: 20
-```
-
-## **sysdig.workerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  workerReplicaCount: 7
-```
-
-## **sysdig.alerterReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
-## **sysdig.eventsGathererReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsGathererReplicaCount: 2
-```
-
-## **sysdig.eventsAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsAPIReplicaCount: 1
-```
-
-## **sysdig.eventsDispatcherReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsDispatcherReplicaCount: 1
-```
-
-## **sysdig.eventsForwarderReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderReplicaCount: 2
-```
-
-## **sysdig.eventsForwarderAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderAPIReplicaCount: 1
-```
-
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
-```
-
-## **sysdig.admin.password**
-**Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.api.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
-```
-
-## **sysdig.certificate.generate**
-**Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    generate: true
-```
-
-## **sysdig.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    crt: certs/server.crt
-```
-
-## **sysdig.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    key: certs/server.key
-```
-
-## **sysdig.collector.dnsName**
-**Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
-```
-
-## **sysdig.collector.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.collector.certificate.generate**
-**Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      generate: true
-```
-
-## **sysdig.collector.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
-```
-
-## **sysdig.collector.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
-```
-## **sysdig.worker.enabled**
-**Required**: `false`<br>
-**Description**: Enables Sysdig Worker component<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    enabled: true
-```
-
-## **sysdig.worker.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **agent.apiKey**
-**Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  apiKey: replace_with_your_monitor_access_key
-```
-
-## **agent.appChecks.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    settings:
-      limit: 1500
-```
-
-## **agent.collectorEndpoint**
-**Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
-```
-
-## **agent.collectorPort**
-**Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
-**Example**:
-
-```yaml
-agent:
-  collectorPort: 6443
-```
-
-## **agent.namespace**
-**Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
-**Options**: <br>
-**Default**: `agent`<br>
-**Example**:
-
-```yaml
-agent:
-  namespace: sysdig-agent
-```
-
-## **agent.useSlim**
-**Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  useSlim: true
-```
-
-## **agent.version**
-**Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
-**Options**: <br>
-**Default**: `latest`<br>
-**Example**:
-
-```yaml
-agent:
-  version: 1.10.1
-```
-
-## **agent.useSSL**
-**Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  useSSL: false
-```
-
-## **agent.verifySSL**
-**Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  verifySSL: false
-```
-
-## **agent.clusterName**
-**Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
-**Example**:
-
-```yaml
-agent:
-  clusterName: false
-```
-
-## **agent.tags**
-**Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  tags: environment:production linux:ubuntu
-```
-
-## **agent.capturesEnabled**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  capturesEnabled: false
-```
-
-## **agent.feature_mode**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
-**Example**:
-
-```yaml
-agent:
-  feature_mode: troubleshooting
-```
-
-## **agent.timezone**
-**Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  timezone: America/New_York.
-```
-
-## **agent.proxy.httpProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
-```
-
-## **agent.proxy.httpsProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
-```
-
-## **agent.proxy.noProxy**
-**Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
-```
-
-## **agent.snaplenPortRange.start**
-**Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.snaplenPortRange.end**
-**Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.customKernelModules.enabled**
-**Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  customKernelModules:
-    enabled: true
-```
-
-## **agent.secure.enabled**
-**Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    enabled: true
-```
-
-## **agent.secure.commandLineCapturesEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    commandLineCapturesEnabled: true
-```
-
-## **agent.secure.memoryDumpEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    memoryDumpEnabled: true
-```
-
-## **agent.secure.settings.k8sAuditServerURL**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
-```
-
-## **agent.secure.settings.k8sAuditServerPort**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
-```
-
-## **agent.prometheus.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    enabled: true
-```
-
-## **agent.prometheus.settings.interval**
-**Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
-```
-
-## **agent.prometheus.settings.logErrors**
-**Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
-```
-
-## **agent.prometheus.settings.maxMetrics**
-**Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
-```
-
-## **agent.prometheus.settings.maxMetricsPerProcess**
-**Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
-```
-
-## **agent.prometheus.settings.maxTagsPerMetric**
-**Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
-```
-
-## **agent.prometheus.settings.histograms**
-**Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      histograms: 3000
-```
-
-## **agent.statsd.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    enabled: true
-```
-
-## **agent.statsd.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
-```
-
-## **agent.jmx.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    enabled: true
-```
-
-## **agent.jmx.settings.limit**
-**Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    settings:
-      limit: 1000
-```
-
-## **agent.ebpf.enabled**
-**Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    enabled: true
-```
-
-## **agent.ebpf.settings.mountEtcVolume**
-**Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
-```
-
-## **agent.appChecks.elasticsearch.authEnabled**
-**Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
-```
-
-## **agent.appChecks.elasticsearch.url**
-**Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
-```
-
-## **agent.appChecks.elasticsearch.port**
-**Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
-```
-
-## **agent.appChecks.elasticsearch.username**
-**Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
-```
-
-## **agent.appChecks.elasticsearch.password**
+## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **sysdig.alerter.jvmOptions**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enabled: true
+  apiKey: replace_with_your_monitor_access_key
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
   appChecks:
-    kafka:
-      arg: Kafka.kafka
+    settings:
+      limit: 1500
 ```
 
-## **agent.appChecks.kafka.url**
+## **agent.collectorEndpoint**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
 ```
 
-## **agent.appChecks.kafka.port**
+## **agent.collectorPort**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: Sysdig Colletor TCP Port.<br>
 **Options**: `1024-65535`<br>
-**Default**: <br>
+**Default**: `6443`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      port: 9200
+  collectorPort: 6443
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **agent.namespace**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
 **Options**: <br>
-**Default**: <br>
+**Default**: `agent`<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+agent:
+  namespace: sysdig-agent
 ```
 
-## **agent.appChecks.kafka.zk.port**
+## **agent.useSlim**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+  useSlim: true
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
+  version: 1.10.1
 ```
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+  useSSL: false
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **agent.verifySSL**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      enabled: true
+  verifySSL: false
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **agent.clusterName**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+  clusterName: false
 ```
 
-## **agent.appChecks.mysql.user**
+## **agent.tags**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+  tags: environment:production linux:ubuntu
 ```
 
-## **agent.appChecks.mysql.password**
+## **agent.capturesEnabled**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Description**: TBD.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+  capturesEnabled: false
 ```
 
-## **agent.resources.limits.cpu**
+## **agent.feature_mode**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
-
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      cpu: 2
+  feature_mode: troubleshooting
 ```
 
-## **agent.resources.limits.memory**
+## **agent.timezone**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
-
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      memory: 2
+  timezone: America/New_York.
 ```
 
-## **agent.resources.requests.cpu**
+## **agent.proxy.httpProxy**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
-
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      cpu: 2
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
 ```
 
-## **agent.resources.requests.memory**
+## **agent.proxy.httpsProxy**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
-
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      memory: 2
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **agent.proxy.noProxy**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
-
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+  proxy:
+    noProxy: your-awesome-no-proxy.com
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **agent.snaplenPortRange.start**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **agent.snaplenPortRange.end**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
-**Options**:<br>
-**Default**: ""<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+agent:
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
+## **agent.customKernelModules.enabled**
 **Required**: `false`<br>
-**Description**: Max duration after the last ping from an AC before it is considered
-disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
-**Options**:<br>
-**Default**: 10m<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        maxDurationBeforeDisconnection: 20m
+agent:
+  customKernelModules:
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
+## **agent.secure.enabled**
 **Required**: `false`<br>
-**Description**: TTL of the cache for the cluster configuration. It should be
-used by the AC as polling interval to retrieve the updated cluster configuration
-from the API. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    scanning:
-      admissionControllerAPI:
-        confTTLDuration: 10m
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
+## **agent.secure.commandLineCapturesEnabled**
 **Required**: `false`<br>
-**Description**: TTL of an AC ping. It should be used by the AC as polling
-interval to perform a HEAD on the ping endpoint to notify it's still alive and
-connected. It cannot be greater than 30m and it cannot be greater than
-maxDurationBeforeDisconnection<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    scanning:
-      admissionControllerAPI:
-        pingTTLDuration: 8m
+    commandLineCapturesEnabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
+## **agent.secure.memoryDumpEnabled**
 **Required**: `false`<br>
-**Description**: Max duration of the cluster configuration cache. The API returns
-this value as max-age in seconds and the FE uses it for caching the cluster
-configuration. FE also asks for a new cluster configuration using this value
-as time interval. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    scanning:
-      admissionControllerAPI:
-        clusterConfCacheMaxDuration: 9m
+    memoryDumpEnabled: true
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **agent.secure.settings.k8sAuditServerURL**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
-**Options**:<br>
-**Default**: "5"<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
 ```
 
-## **sysdig.scanningAlertMgrForceAutoScan**
+## **agent.secure.settings.k8sAuditServerPort**
 **Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
-**Options**:<br>
-**Default**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAlertMgrForceAutoScan: false
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **agent.prometheus.enabled**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
-**Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+agent:
+  prometheus:
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+## **agent.prometheus.settings.interval**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
-**Options**:<br>
-**Default**: "disable"<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+agent:
+  prometheus:
+    settings:
+      interval: 30
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+## **agent.prometheus.settings.logErrors**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+agent:
+  prometheus:
+    settings:
+      logErrors: true
 ```
 
-
-## **sysdig.metadataService.enabled**
+## **agent.prometheus.settings.maxMetrics**
 **Required**: `false`<br>
-**Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataService:
-    enabled: true
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
 ```
 
-## **sysdig.resources.metadataService.limits.cpu**
+## **agent.prometheus.settings.maxMetricsPerProcess**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        cpu: 2
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
 ```
 
-## **sysdig.resources.metadataService.limits.memory**
+## **agent.prometheus.settings.maxTagsPerMetric**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        memory: 10Mi
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
 ```
 
-## **sysdig.resources.metadataService.requests.cpu**
+## **agent.prometheus.settings.histograms**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
 
+## **agent.statsd.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        cpu: 2
+agent:
+  statsd:
+    enabled: true
 ```
 
-## **sysdig.resources.metadataService.requests.memory**
+## **agent.statsd.settings.limit**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        memory: 200Mi
+agent:
+  statsd:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.metadataServiceReplicaCount**
+## **agent.jmx.enabled**
 **Required**: `false`<br>
-**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
-
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceReplicaCount: 4
+agent:
+  jmx:
+    enabled: true
 ```
 
-## **sysdig.metadataServiceVersion**
+## **agent.jmx.settings.limit**
 **Required**: `false`<br>
-**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 1.0.1.1<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceVersion: 1.0.1.12
+agent:
+  jmx:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.helmRenderer.enabled**
+## **agent.ebpf.enabled**
 **Required**: `false`<br>
-**Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRenderer:
+agent:
+  ebpf:
     enabled: true
 ```
 
-## **sysdig.resources.helmRenderer.limits.cpu**
+## **agent.ebpf.settings.mountEtcVolume**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        cpu: 2
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
 ```
 
-## **sysdig.resources.helmRenderer.limits.memory**
+## **agent.appChecks.elasticsearch.authEnabled**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        memory: 10Mi
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
 ```
 
-## **sysdig.resources.helmRenderer.requests.cpu**
+## **agent.appChecks.elasticsearch.url**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        cpu: 2
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
 ```
 
-## **sysdig.resources.helmRenderer.requests.memory**
+## **agent.appChecks.elasticsearch.port**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        memory: 200Mi
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
 ```
 
-## **sysdig.helmRendererReplicaCount**
+## **agent.appChecks.elasticsearch.username**
 **Required**: `false`<br>
-**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
+```
 
+## **agent.appChecks.elasticsearch.password**
+**Required**: `false`<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRendererReplicaCount: 4
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **sysdig.helmRendererVersion**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 0.1.32<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRendererVersion: 0.1.32
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **sysdig.secure.activityAudit.enabled**
-**Required**: `false`<br>
-**Description**: Enable activity audit for Sysdig secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    activityAudit:
+agent:
+  appChecks:
+    kafka:
       enabled: true
 ```
 
-## **sysdig.secure.activityAudit.janitor.retentionDays**
-**Required**: `false`<br>
-**Description**: Retention period for Activity Audit data.<br>
-**Options**:<br>
-**Default**: 90<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    activityAudit:
-      janitor:
-        retentionDays: 90
+agent:
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **sysdig.secure.anchore.enabled**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: Enable anchore for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    anchore:
-      enabled: true
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **sysdig.secure.compliance.enabled**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: Enable compliance for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    compliance:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **sysdig.secure.netsec.enabled**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: Enable netsec for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    netsec:
-      enabled: true
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **sysdig.secure.overview.enabled**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: Enable overview for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    overview:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **sysdig.secure.padvisor.enabled**
-**Required**: `false`<br>
-**Description**: Enable policy advisor for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    padvisor:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **sysdig.secure.profiling.enabled**
-**Required**: `false`<br>
-**Description**: Enable profiling for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    profiling:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **sysdig.secure.scanning.reporting.enabled**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: Enable reporting for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Whether to enable mysql app check.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        enabled: true
+agent:
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **sysdig.secure.scanning.enabled**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Enable scanning for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **sysdig.secure.events.enabled**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: Enable events for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    events:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **sysdig.secure.eventsForwarder.enabled**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: Enable events forwarder for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    eventsForwarder:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.cpu**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        cpu: 1
+    limits:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.memory**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rapid-response-connector pods<br>
+**Description**:  The amount of memory assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        memory: 500Mi
+    limits:
+      memory: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.cpu**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        cpu: 250m
+    requests:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.memory**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        memory: 50Mi
+    requests:
+      memory: 2
 ```
 
-## **sysdig.rapidResponseConnectorReplicaCount**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: Number of Sysdig rapid-response-connector replicas.<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
 **Example**:
 
 ```yaml
-sysdig:
-  rapidResponseConnectorReplicaCount: 1
+agent:
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **sysdig.secure.rapidResponse.enabled**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: Whether to deploy rapid response or not.<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
 **Options**:<br>
-**Default**: false<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      enabled: false
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
 
-## **sysdig.secure.rapidResponse.validationCodeLength**
-**Required**: `false`<br>
-**Description**: Length of mfa validation code sent via e-mail.<br>
-**Options**:<br>
-**Default**: 6<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      validationCodeLength: 8
+agent:
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
 **Options**:<br>
-**Default**: 180<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      validationCodeSecondsDuration: 8
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Global duration of session in seconds.<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
 **Options**:<br>
-**Default**: 7200<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      sessionTotalSecondsTTL: 7200
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-
-## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Idle duration of session in seconds.<br>
+**Description**: Cronjob schedule<br>
 **Options**:<br>
-**Default**: 300<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    rapidResponse:
-      sessionIdleSecondsTTL: 300
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-
-## **sysdig.secure.scanning.feedsEnabled**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
+
 ```yaml
 sysdig:
   secure:
-    scanning:
-      feedsEnabled: true
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **sysdig.feedsAPIVersion**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: Sets feeds API version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
-```yaml
-sysdig:
-  feedsAPIVersion: 0.5.0
-```
 
-## **sysdig.feedsDBVersion**
-**Required**: `false`<br>
-**Description**: Sets feeds database version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
-**Example**:
 ```yaml
 sysdig:
-  feedsDBVersion: 0.5.0-2020-03-11
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```

From d72311a209d762306048162f41838b86a63a74ff Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 16 Dec 2021 18:04:57 +0000
Subject: [PATCH 095/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 +
 installer/docs/configuration_parameters.md | 7272 +++++++++++++-------
 3 files changed, 4940 insertions(+), 2384 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 21fff9e4..4f45e10f 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [sysdigcloud-kubernetes releases
-  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
+  [installer releases
+  page](https://github.com/draios/installer/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.6.4-1-uber
+  docker pull quay.io/sysdig/installer:4.0.7-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.6.4-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:4.0.7-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 8c5de38a..6617e8ba 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,3 +104,47 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
+
+## Airgapped installations
+
+### Method for automatically updating the feeds database in airgapped environments
+This is a procedure that can be used to automatically update the feeds database:
+
+1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
+2. move the file from the jumpbox server to the customer airgapped environment (optional)
+3. load the image file and push it to the customer's airgapped image registry
+4. restart the pod sysdigcloud-feeds-db
+5. restart the pod feeds-api
+
+Finally, steps 1 to 5 will be performed periodically once a day.
+
+This is an example script that contains all the steps:
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/vuln-feed-database:latest
+# Save image
+docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
+# Optionally move image
+mv vuln-feed-database.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
+ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
+# Restart database pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
+# Restart feeds-api pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
+```
+
+The script can be scheduled using a cron job that run every day
+```bash
+0 8 * * * feeds-database-update.sh >/dev/null 2>&1
+```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 3b35c54e..fee5b3b4 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`
+**Required**: `false`<br>
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -666,6 +666,51 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
+## **pvStorageSize.large.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    nats: 10Gi
+```
+
+## **pvStorageSize.medium.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    nats: 10Gi
+```
+
+## **pvStorageSize.small.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    nats: 10Gi
+```
+
 ## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Activity Audit services.<br>
@@ -675,7 +720,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 3.6.4.11009
+  activityAuditVersion: 4.0.7.11006
 ```
 
 ## **sysdig.profilingVersion**
@@ -687,19 +732,19 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 3.6.4.11009
+  profilingVersion: 4.0.7.11006
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.6.1.2<br>
+**Default**: 0.8.1.30<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.8
+  anchoreVersion: 0.8.1.30
 ```
 
 ## **sysdig.accessKey**
@@ -715,6 +760,19 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
+## **sysdig.awsRegion**
+**Required**: `false`<br>
+**Description**: The AWS (or AWS compatible) region to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  awsRegion: my_aws_region
+```
+
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -772,7 +830,7 @@ sysdig:
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**:<br>
+**Options**: <br>
 **Default**: 2.1.21.13<br>
 **Example**:
 
@@ -781,6 +839,31 @@ sysdig:
   cassandraVersion: 2.1.21.16
 ```
 
+## **sysdig.cassandra.useCassandra3**
+**Required**: `false`<br>
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    useCassandra3: false
+```
+
+## **sysdig.Cassandra3Version**
+**Required**: `false`<br>
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
+**Options**: <br>
+**Default**: `3.11.7.0`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra3Version: 3.11.7.0
+```
+
 ## **sysdig.cassandra.external**
 **Required**: `false`<br>
 **Description**: If set does not create a local Cassandra cluster, tries connecting to an external Cassandra cluster.
@@ -813,7 +896,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`false`<br>
+**Default**:`true`<br>
 **Example**:
 
 ```yaml
@@ -825,9 +908,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. <br>
+**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -917,7 +1000,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `-Xms4g -Xmx4g`<br>
 **Example**:
 
 ```yaml
@@ -971,22 +1054,31 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
+   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
+PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
+in the same level as `values.yaml`.<br>
 
-This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
+certs/custom-java-certs/certificate3.p12
+certs/custom-java-certs/certificate3.p12.passwd
+
+
 values.yaml
 ```
 
@@ -1022,14 +1114,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch 6.<br>
+**Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
 **Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 6.8.6.6
+  elasticsearch6Version: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1141,12 +1233,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 4.0.7.11006<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.6.4.11009
+  monitorVersion: 4.0.7.11006
 ```
 
 ## **sysdig.scanningVersion**
@@ -1156,12 +1248,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.6.4.11009
+  scanningVersion: 4.0.7.11006
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1171,12 +1263,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.6.4.11009
+  sysdigAPIVersion: 4.0.7.11006
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1186,12 +1278,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.6.4.11009
+  sysdigCollectorVersion: 4.0.7.11006
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1201,12 +1293,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.6.4.11009
+  sysdigWorkerVersion: 4.0.7.11006
 ```
 
 ## **sysdig.enableAlerter**
@@ -1224,6 +1316,75 @@ sysdig:
   enableAlerter: true
 ```
 
+## **sysdig.alertingSystem.enabled**
+**Required**: `false`<br>
+**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    enabled: true
+```
+
+## **sysdig.alertingSystem.alertManager.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertManager.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifier.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertNotifier.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      apiToken: A_VALID_TOKEN
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1298,8 +1459,7 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster
-instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1428,6 +1588,36 @@ sysdig:
       enabled: true
 ```
 
+## **sysdig.nats.secure.username**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS username<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS password<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1521,1185 +1711,1146 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.mysqlToPostgresMigrationVersion**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
 **Options**:<br>
-**Default**: [] <br>
-
+**Default**: 1.2.5-mysql-to-postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.postgresql.rootUser**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: Root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Default**: `postgres`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
+  postgresql:
+    rootUser: postgres
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.postgresql.rootDb**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: Root database of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `false`<br>
-
+**Default**: `anchore`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  postgresql:
+    rootDb: anchore
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.postgresql.rootPassword**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: Password for the root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**:<br>
-
+**Default**: Autogenerated 16 alphanumeric characters<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  postgresql:
+    rootPassword: my_root_password
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.postgresql.primary**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
-**Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  postgresql:
+    primary: true
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.postgresql.external**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**:<br>
-**Default**:<br>
-
+**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  postgresql:
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+    sysdig:
+      host: my-sysdig-db-external.com
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**: [] <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
-
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.postgresDatabases.anchore**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**:<br>
-**Default**:<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
-```
-## **sysdig.slack.client.id**
-**Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `awesomeclientid`<br>
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.profiling**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `awesomeclientsecret`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.postgresDatabases.scanning**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `incoming-webhook`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.postgresDatabases.reporting**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  postgresql:
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.postgresDatabases.padvisor**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
-**Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.postgresDatabases.sysdig**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerEnabled: true
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.inactivitySettings.trackerTimeout**
+## **sysdig.postgresDatabases.serviceOwnerManagement**
 **Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    serviceOwnerManagement:
+      host: my-som-db-external.com
+      port: 5432
+      db: som_db
+      username: som_user
+      password: my_som_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
-
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    beacon:
+      host: my-beacon-db-external.com
+      port: 5432
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
+## **sysdig.postgresDatabases.quartz**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
+
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    quartz:
+      host: my-quartz-db-external.com
+      port: 5432
+      db: quartz_db
+      username: quartz_user
+      password: my_quartz_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.postgresDatabases.compliance**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
-**Options**:<br>
-**Default**: 4.0.12.7<br>
+**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  postgresql:
+    external: true
+  postgresDatabases:
+    compliance:
+      host: my-compliance-db-external.com
+      port: 5432
+      db: compliance_db
+      username: compliance_user
+      password: my_compliance_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.postgresDatabases.admissionController**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
-**Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
+**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12-1.0.1
+  postgresql:
+    external: true
+  postgresDatabases:
+    admissionController:
+      host: my-admission-controller-db-external.com
+      port: 5432
+      db: admission_controller_db
+      username: admission_controller_user
+      password: my_admission_controller_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.redisHa**
+## **sysdig.postgresDatabases.rapidResponse**
 **Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHa: false
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-rapid-response-db-external.com
+      port: 5432
+      db: rapid_response_db
+      username: rapid_response_user
+      password: my_rapid_response_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
-| large        | 4Gi      |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        cpu: 2
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        memory: 8Gi
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        cpu: 2
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        memory: 2Gi
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        cpu: 2
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
-
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.saml.certificate.name**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: The filename of the certificate that will be used for signing SAML requests. 
+The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
+the certificate name used when creating the certificate.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        memory: 8Gi
+  saml:
+    certificate:
+      name: saml-cert.p12
 ```
-
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.saml.certificate.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The password required to read the certificate that will be used for signing SAML requests. 
+If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        cpu: 2
+  saml:
+    certificate:
+      name: saml-cert.p12
+      password: changeit
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        memory: 2Gi
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 4      |
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        cpu: 2
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 8Gi    |
 
+## **sysdig.secure.anchore.customCerts**
+**Required**: `false`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        memory: 8Gi
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.secure.anchore.enableMetrics**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+**Description**:
+Allow Anchore to export prometheus metrics.
 
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        cpu: 2
+  secure:
+    anchore:
+      enableMetrics: true
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
-
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        memory: 2Gi
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        cpu: 2
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
 
+```yaml
+sysdig:
+  redisHa: false
+```
 
+## **sysdig.useRedis6**
+**Required**: `false`<br>
+**Description**: Determines if redis should be installed with version 6.x<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        memory: 1Gi
+  useRedis6: false
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.redis6Version**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: Docker image tag of Redis 6, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
-
+**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        cpu: 2
+  redis6Version: 6.0.10.1
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.redis6SentinelVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: Docker image tag of Redis Sentinel, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
+**Default**: 6.0.10.1<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+```yaml
+sysdig:
+  redis6SentinelVersion: 6.0.10.1
+```
 
+## **sysdig.redis6ExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
+**Options**:<br>
+**Default**: 1.15.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        memory: 2Gi
+  redis6ExporterVersion: 1.15.1.1
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 8Gi      |
+| medium       | 8Gi      |
+| large        | 8Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       requests:
-        memory: 200Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    elasticsearch:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: The amount of cpu assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    mysql-router:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api pods<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api pods<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api pods<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api pods<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2707,51 +2858,51 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| medium       | 4Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -2759,88 +2910,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    postgresql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -2848,88 +2999,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    redis:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -2937,88 +3088,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3026,58 +3177,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3085,21 +3236,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3107,7 +3258,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3115,36 +3266,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3152,200 +3303,197 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    timescale-adapter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.ingressControllerHaProxy.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 250Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       limits:
-        memory: 10Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.ingressControllerHaProxy.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    ingressControllerHaProxy:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 125m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.ingressControllerRsyslog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 50Mi   |
+| medium       | 100Mi  |
+| large        | 100Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m     |
+| medium       | 50m     |
+| large        | 50m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.ingressControllerRsyslog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 20Mi     |
+| medium       | 20Mi     |
+| large        | 20Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerRsyslog:
       requests:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3353,21 +3501,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3375,7 +3523,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3383,36 +3531,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3420,189 +3568,229 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
+## **sysdig.resources.apiNginx.limits.cpu**
 **Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
+**Description**: The amount of cpu assigned to nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 0 3 * * *<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
+  resources:
+    apiNginx:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.apiNginx.limits.memory**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of memory assigned to nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 23h<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
+  resources:
+    apiNginx:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+## **sysdig.resources.apiNginx.requests.cpu**
 **Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
+**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 168h<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    apiNginx:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.apiNginx.requests.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory required to schedule nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 1s<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
+  resources:
+    apiNginx:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+## **sysdig.resources.apiEmailRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    apiEmailRenderer:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.apiEmailRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: mysql<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
+  resources:
+    apiEmailRenderer:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
+## **sysdig.resources.apiEmailRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default value for the date policy<br>
+**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: 90<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
+  resources:
+    apiEmailRenderer:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+## **sysdig.resources.apiEmailRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
+**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
-**Default**: 5<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
-**Options**:<br>
-**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
+  resources:
+    apiEmailRenderer:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
-| large        | 1      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3610,88 +3798,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3699,88 +3887,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    alerter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3788,36 +3976,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       requests:
-        cpu: 300m
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3825,141 +4013,141 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    collector:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    anchore-core:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
+## **sysdig.resources.anchore-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    anchore-api:
       limits:
-        memory: 4Gi
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.resources.anchore-catalog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
-      requests:
-        cpu: 500m
+    anchore-catalog:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.requests.memory**
+## **sysdig.resources.anchore-policy-engine.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    anchore-policy-engine:
       limits:
-        memory: 2Gi
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    anchore-core:
       limits:
-        cpu: 1
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+
+## **sysdig.resources.anchore-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -3967,265 +4155,268 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    anchore-api:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+
+## **sysdig.resources.anchore-catalog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
-      requests:
-        cpu: 1
-```
+    anchore-catalog:
+      limits:
+        memory: 10Mi
+```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+
+## **sysdig.resources.anchore-policy-engine.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
-      requests:
-        memory: 1Gi
+    anchore-policy-engine:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
-      limits:
+    anchore-core:
+      requests:
         cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.resources.anchore-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
+    anchore-api:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    anchore-policy-engine:
       requests:
-        memory: 1Gi
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
-      limits:
-        cpu: 2
+    anchore-core:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
+## **sysdig.resources.anchore-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
+    anchore-api:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    anchore-policy-engine:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4233,88 +4424,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-worker:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       limits:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4322,176 +4513,178 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       limits:
-        memory: 200Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    scanning-api:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-api.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-api.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanningalertmgr:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4499,243 +4692,203 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-worker.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanning-retention-mgr:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-overview-api.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**: 0 3 * * *<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
 ```
 
-## **sysdig.resources.secure-overview-api.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Description**: Max execution duration for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        memory: 1Gi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.secure-overview-api.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
+**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
 ```
 
-## **sysdig.resources.secure-overview-api.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Description**: Artifical delay after each image deletion<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
-
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        memory: 512Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.secure-prometheus.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.resources.secure-prometheus.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Description**: Scanning DB engine<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
-
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        memory: 8Gi
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.secure-prometheus.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
 ```
 
-## **sysdig.resources.secure-prometheus.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Description**: Default value for the tags policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 5<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        memory: 2Gi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
 ```
 
-## **sysdig.resources.events-api.limits.cpu**
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
+| small        | 300m   |
+| medium       | 500m   |
 | large        | 1      |
 
 **Example**:
@@ -4743,322 +4896,327 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-api.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-gatherer.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.events-gatherer.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Description**: The amount of memory assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.events-gatherer.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.events-gatherer.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    admission-controller-api:
       requests:
-        memory: 250Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.events-dispatcher.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-dispatcher.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Description**: The amount of memory assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 256Mi  |
+| medium     | 256Mi  |
+| large      | 256Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       limits:
-        memory: 250Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-dispatcher.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  100m  |
+| medium     |  100m  |
+| large      |  100m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       requests:
-        cpu: 250m
+        cpu: 100m
 ```
 
-## **sysdig.resources.events-dispatcher.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    admission-controller-api-pg-migrate:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.cpu**
+## **sysdig.resources.reporting-init.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Description**: The amount of cpu assigned to reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.memory**
+## **sysdig.resources.reporting-init.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Description**: The amount of memory assigned to reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       limits:
-        memory: 500Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.cpu**
+## **sysdig.resources.reporting-init.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Description**: The amount of cpu required to schedule reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       requests:
-        cpu: 250m
+        cpu: 100m
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.memory**
+## **sysdig.resources.reporting-init.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Description**: The amount of memory required to schedule reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
@@ -5073,1874 +5231,4228 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.events-forwarder.limits.cpu**
+## **sysdig.resources.reporting-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Description**: The amount of cpu assigned to reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1500m    |
+| medium       | 1500m    |
+| large        | 1500m    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       limits:
-        cpu: 1
+        cpu: 1500m
 ```
 
-## **sysdig.resources.events-forwarder.limits.memory**
+## **sysdig.resources.reporting-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Description**: The amount of memory assigned to reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1536Mi   |
+| medium       | 1536Mi   |
+| large        | 1536Mi   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       limits:
-        memory: 500Mi
+        memory: 1536Mi
 ```
 
-## **sysdig.resources.events-forwarder.requests.cpu**
+## **sysdig.resources.reporting-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Description**: The amount of cpu required to schedule reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       requests:
-        cpu: 250m
+        cpu: 200m
 ```
 
-## **sysdig.resources.events-forwarder.requests.memory**
+## **sysdig.resources.reporting-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Description**: The amount of memory required to schedule reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       requests:
-        memory:  50Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-janitor.limits.cpu**
+## **sysdig.resources.reporting-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Description**: The amount of cpu assigned to reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2        |
+| medium       | 2        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-janitor.limits.memory**
+## **sysdig.resources.reporting-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
+**Description**: The amount of memory assigned to reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 16Gi     |
+| medium       | 16Gi     |
+| large        | 16Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       limits:
-        memory: 200Mi
+        memory: 16Gi
 ```
 
-## **sysdig.resources.events-janitor.requests.cpu**
+## **sysdig.resources.reporting-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Description**: The amount of cpu required to schedule reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       requests:
-        cpu: 250m
+        cpu: 200m
 ```
 
-## **sysdig.resources.events-janitor.requests.memory**
+## **sysdig.resources.reporting-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Description**: The amount of memory required to schedule reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 10Gi     |
+| medium       | 10Gi     |
+| large        | 10Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       requests:
-        memory: 50Mi
+        memory: 10Gi
 ```
 
-## **sysdig.restrictPasswordLogin**
+## **sysdig.secure.scanning.reporting.debug**
 **Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable logging at debug level<br>
+**Options**:<br>
+**Default**: false<br>
 **Example**:
 
 ```yaml
 sysdig:
-  restrictPasswordLogin: true
+  secure:
+    scanning:
+      reporting:
+        debug: false
 ```
 
-## **sysdig.rsyslogVersion**
+## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
+**Description**: Reporting GRPC endpoint<br>
 **Options**:<br>
-**Default**: 8.34.0.7<br>
+**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  rsyslogVersion: 8.34.0.7
+  secure:
+    scanning:
+      reporting:
+        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
 ```
 
-## **sysdig.smtpFromAddress**
+## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpFromAddress: from-address@my-company.com
+  secure:
+    scanning:
+      reporting:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.smtpPassword**
+## **sysdig.secure.scanning.reporting.storageDriver**
 **Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Storage kind for generated reports<br>
+**Options**: postgres, fs, s3<br>
+**Default**: postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
+  secure:
+    scanning:
+      reporting:
+        storageDriver: postgres
 ```
 
-## **sysdig.smtpProtocolSSL**
+## **sysdig.secure.scanning.reporting.storageCompression**
 **Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: Compression format for generated reports<br>
+**Options**: zip, gzip, none<br>
+**Default**: zip<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolSSL: true
+  secure:
+    scanning:
+      reporting:
+        storageCompression: zip
 ```
 
-## **sysdig.smtpProtocolTLS**
+## **sysdig.secure.scanning.reporting.storageFsDir**
 **Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The directory where reports will saved (required when using `fs` driver)<br>
+**Options**: <br>
+**Default**: .<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolTLS: true
+  secure:
+    scanning:
+      reporting:
+        storageFsDir: /reports
 ```
 
-## **sysdig.smtpServer**
+## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
 **Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
+**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
 **Options**: <br>
-**Default**:<br>
+**Default**: 1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServer: smtp.gmail.com
+  secure:
+    scanning:
+      reporting:
+        storagePostgresRetentionDays: 1
 ```
 
-## **sysdig.smtpServerPort**
+## **sysdig.secure.scanning.reporting.storageS3Bucket**
 **Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
+**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServerPort: 587<br>
+  secure:
+    scanning:
+      reporting:
+        storageS3Bucket: secure-scanning-reporting
 ```
 
-## **sysdig.smtpUser**
+## **sysdig.secure.scanning.reporting.storageS3Prefix**
 **Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpUser: bob+alice@gmail.com<br>
+  secure:
+    scanning:
+      reporting:
+        storageS3Prefix: reports
 ```
 
-## **sysdig.tolerations**
+## **sysdig.secure.scanning.reporting.storageS3Endpoint**
 **Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
+  secure:
+    scanning:
+      reporting:
+        storageS3Endpoint: s3.example.com
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Region**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 5
+  secure:
+    scanning:
+      reporting:
+        storageS3Region: us-east-1
 ```
 
-## **sysdig.anchoreWorkerReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreWorkerReplicaCount: 5
+  secure:
+    scanning:
+      reporting:
+        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
 ```
 
-## **sysdig.apiReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
 **Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  apiReplicaCount: 5
+  secure:
+    scanning:
+      reporting:
+        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.cassandraReplicaCount**
+## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
+**Description**: The sleep interval between two runs of the reporting worker<br>
+**Options**: <br>
+**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraReplicaCount: 20
+  secure:
+    scanning:
+      reporting:
+        workerSleepTime: 120s
 ```
 
-## **sysdig.collectorReplicaCount**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  collectorReplicaCount: 7
+  resources:
+    policy-advisor:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.activityAuditWorkerReplicaCount**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditWorkerReplicaCount: 20
+  resources:
+    policy-advisor:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.activityAuditApiReplicaCount**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditApiReplicaCount: 20
+  resources:
+    policy-advisor:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.policyAdvisorReplicaCount**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  policyAdvisorReplicaCount: 20
+  resources:
+    policy-advisor:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.netsecApiReplicaCount**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  netsecApiReplicaCount: 1
+  resources:
+    netsec-api:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.netsecIngestReplicaCount**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  netsecIngestReplicaCount: 1
+  resources:
+    netsec-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 2
+  resources:
+    netsec-api:
+      requests:
+        cpu: 300m
 ```
 
-## **sysdig.scanningApiReplicaCount**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  scanningApiReplicaCount: 3
+  resources:
+    netsec-api:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.elasticsearchReplicaCount**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchReplicaCount: 20
+  resources:
+    netsec-ingest:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.workerReplicaCount**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  workerReplicaCount: 7
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 4Gi
 ```
 
-## **sysdig.alerterReplicaCount**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  alerterReplicaCount: 7
+  resources:
+    netsec-ingest:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.eventsGathererReplicaCount**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsGathererReplicaCount: 2
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.eventsAPIReplicaCount**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsAPIReplicaCount: 1
+  resources:
+    netsec-janitor:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.eventsDispatcherReplicaCount**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsDispatcherReplicaCount: 1
+  resources:
+    netsec-janitor:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.eventsForwarderReplicaCount**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderReplicaCount: 2
+  resources:
+    netsec-janitor:
+      requests:
+        cpu: 1
 ```
 
-## **sysdig.eventsForwarderAPIReplicaCount**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderAPIReplicaCount: 1
+  resources:
+    netsec-janitor:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
+## **sysdig.resources.nats-streaming.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.admin.password**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.api.jvmOptions**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.certificate.generate**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    generate: true
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.certificate.crt**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    crt: certs/server.crt
+  resources:
+    activity-audit-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.certificate.key**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    key: certs/server.key
+  resources:
+    activity-audit-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.collector.dnsName**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
+  resources:
+    activity-audit-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.collector.jvmOptions**
+## **sysdig.resources.activity-audit-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.collector.certificate.generate**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      generate: true
+  resources:
+    activity-audit-worker:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.collector.certificate.crt**
+## **sysdig.resources.activity-audit-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.profiling-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.profiling-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.secure-overview-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-overview-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.secure-overview-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-overview-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
+```
+
+## **sysdig.resources.secure-prometheus.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-prometheus.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.secure-prometheus.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-prometheus.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.events-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-gatherer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.events-gatherer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.events-gatherer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-gatherer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-dispatcher.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-dispatcher.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        memory:  50Mi
+```
+
+## **sysdig.resources.events-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.events-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+**Required**: `false`<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+**Required**: `false`<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+**Required**: `false`<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+**Required**: `false`<br>
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br>
+```
+
+## **sysdig.smtpUser**
+**Required**: `false`<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br>
+```
+
+## **sysdig.tolerations**
+**Required**: `false`<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 5
+```
+
+## **sysdig.anchoreAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore API replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreAPIReplicaCount: 4
+```
+
+## **sysdig.anchoreCatalogReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCatalogReplicaCount: 4
+```
+
+## **sysdig.anchorePolicyEngineReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchorePolicyEngineReplicaCount: 4
+```
+
+## **sysdig.anchoreWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreWorkerReplicaCount: 5
+```
+
+## **sysdig.apiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  apiReplicaCount: 5
+```
+
+## **sysdig.cassandraReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandraReplicaCount: 20
+```
+
+## **sysdig.collectorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  collectorReplicaCount: 7
+```
+
+## **sysdig.activityAuditWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditWorkerReplicaCount: 20
+```
+
+## **sysdig.activityAuditApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditApiReplicaCount: 20
+```
+
+## **sysdig.policyAdvisorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  policyAdvisorReplicaCount: 20
+```
+
+## **sysdig.scanningAdmissionControllerAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of scanning Admission Controller API replicas, this is
+a noop for clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningAdmissionControllerAPIReplicaCount: 1
+```
+
+## **sysdig.netsecApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecApiReplicaCount: 1
+```
+
+## **sysdig.netsecIngestReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecIngestReplicaCount: 1
+```
+## **sysdig.netsecCommunicationShards**
+**Required**: `false`<br>
+**Description**: Number of Netsec communications index shards.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 9     |
+| large        | 15    |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecCommunicationShards: 5
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 2
+```
+
+## **sysdig.scanningApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Scanning API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningApiReplicaCount: 3
+```
+
+## **sysdig.elasticsearchReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchReplicaCount: 20
+```
+
+## **sysdig.workerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  workerReplicaCount: 7
+```
+
+## **sysdig.alerterReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
+## **sysdig.eventsGathererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsGathererReplicaCount: 2
+```
+
+## **sysdig.eventsAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsAPIReplicaCount: 1
+```
+
+## **sysdig.eventsDispatcherReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsDispatcherReplicaCount: 1
+```
+
+## **sysdig.eventsForwarderReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderReplicaCount: 2
+```
+
+## **sysdig.eventsForwarderAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderAPIReplicaCount: 1
+```
+
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
+```
+
+## **sysdig.admin.password**
+**Required**: `false`<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    password: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.api.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+```
+
+## **sysdig.certificate.generate**
+**Required**: `false`<br>
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    generate: true
+```
+
+## **sysdig.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    crt: certs/server.crt
+```
+
+## **sysdig.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    key: certs/server.key
+```
+
+## **sysdig.collector.dnsName**
+**Required**: `false`<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
+```
+
+## **sysdig.collector.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.collector.certificate.generate**
+**Required**: `false`<br>
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      generate: true
+```
+
+## **sysdig.collector.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
+```
+
+## **sysdig.collector.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
+```
+
+## **sysdig.worker.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  apiKey: replace_with_your_monitor_access_key
+```
+
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    settings:
+      limit: 1500
+```
+
+## **agent.collectorEndpoint**
+**Required**: `false`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
+```
+
+## **agent.collectorPort**
+**Required**: `false`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
+**Example**:
+
+```yaml
+agent:
+  collectorPort: 6443
+```
+
+## **agent.namespace**
+**Required**: `false`<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Options**: <br>
+**Default**: `agent`<br>
+**Example**:
+
+```yaml
+agent:
+  namespace: sysdig-agent
+```
+
+## **agent.useSlim**
+**Required**: `false`<br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  useSlim: true
+```
+
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
+**Example**:
+
+```yaml
+agent:
+  version: 1.10.1
+```
+
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  useSSL: false
+```
+
+## **agent.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  verifySSL: false
+```
+
+## **agent.clusterName**
+**Required**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
+**Example**:
+
+```yaml
+agent:
+  clusterName: false
+```
+
+## **agent.tags**
+**Required**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  tags: environment:production linux:ubuntu
+```
+
+## **agent.capturesEnabled**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  capturesEnabled: false
+```
+
+## **agent.feature_mode**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
+**Example**:
+
+```yaml
+agent:
+  feature_mode: troubleshooting
+```
+
+## **agent.timezone**
+**Required**: `false`<br>
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  timezone: America/New_York.
+```
+
+## **agent.proxy.httpProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
+```
+
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
+```
+
+## **agent.proxy.noProxy**
+**Required**: `false`<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
+```
+
+## **agent.snaplenPortRange.start**
+**Required**: `false`<br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.snaplenPortRange.end**
+**Required**: `false`<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.customKernelModules.enabled**
+**Required**: `false`<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  customKernelModules:
+    enabled: true
+```
+
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    enabled: true
+```
+
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    commandLineCapturesEnabled: true
+```
+
+## **agent.secure.memoryDumpEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    memoryDumpEnabled: true
+```
+
+## **agent.secure.settings.k8sAuditServerURL**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
+```
+
+## **agent.secure.settings.k8sAuditServerPort**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
+```
+
+## **agent.prometheus.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
+agent:
+  prometheus:
+    enabled: true
 ```
 
-## **sysdig.collector.certificate.key**
+## **agent.prometheus.settings.interval**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
+agent:
+  prometheus:
+    settings:
+      interval: 30
 ```
 
-## **sysdig.worker.jvmOptions**
+## **agent.prometheus.settings.logErrors**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  prometheus:
+    settings:
+      logErrors: true
 ```
 
-## **sysdig.alerter.jvmOptions**
+## **agent.prometheus.settings.maxMetrics**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
 ```
 
-## **agent.apiKey**
+## **agent.prometheus.settings.maxMetricsPerProcess**
 **Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  apiKey: replace_with_your_monitor_access_key
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
 ```
 
-## **agent.appChecks.settings.limit**
+## **agent.prometheus.settings.maxTagsPerMetric**
 **Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
+  prometheus:
     settings:
-      limit: 1500
+      maxTagsPerMetric: 20
 ```
 
-## **agent.collectorEndpoint**
+## **agent.prometheus.settings.histograms**
 **Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
+  prometheus:
+    settings:
+      histograms: 3000
 ```
 
-## **agent.collectorPort**
+## **agent.statsd.enabled**
 **Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  collectorPort: 6443
+  statsd:
+    enabled: true
 ```
 
-## **agent.namespace**
+## **agent.statsd.settings.limit**
 **Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
 **Options**: <br>
-**Default**: `agent`<br>
+**Default**: `100`<br>
 **Example**:
 
 ```yaml
 agent:
-  namespace: sysdig-agent
+  statsd:
+    settings:
+      limit: 1000
 ```
 
-## **agent.useSlim**
+## **agent.jmx.enabled**
 **Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  useSlim: true
+  jmx:
+    enabled: true
 ```
 
-## **agent.version**
+## **agent.jmx.settings.limit**
 **Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Description**: The total number of JMX metrics polled per host.<br>
 **Options**: <br>
-**Default**: `latest`<br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  version: 1.10.1
+  jmx:
+    settings:
+      limit: 1000
 ```
 
-## **agent.useSSL**
+## **agent.ebpf.enabled**
 **Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  useSSL: false
+  ebpf:
+    enabled: true
 ```
 
-## **agent.verifySSL**
+## **agent.ebpf.settings.mountEtcVolume**
 **Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  verifySSL: false
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
 ```
 
-## **agent.clusterName**
+## **agent.appChecks.elasticsearch.authEnabled**
 **Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  clusterName: false
+  appChecks:
+    elasticsearch:
+      authEnabled: true
 ```
 
-## **agent.tags**
+## **agent.appChecks.elasticsearch.url**
 **Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  tags: environment:production linux:ubuntu
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
 ```
 
-## **agent.capturesEnabled**
+## **agent.appChecks.elasticsearch.port**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  capturesEnabled: false
+  appChecks:
+    elasticsearch:
+      port: 9200
 ```
 
-## **agent.feature_mode**
+## **agent.appChecks.elasticsearch.username**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  feature_mode: troubleshooting
+  appChecks:
+    elasticsearch:
+      username: readonly
 ```
 
-## **agent.timezone**
+## **agent.appChecks.elasticsearch.password**
 **Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  timezone: America/New_York.
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **agent.proxy.httpProxy**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **agent.proxy.httpsProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enabled: true
+```
+
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **agent.proxy.noProxy**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **agent.snaplenPortRange.start**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **agent.snaplenPortRange.end**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
-**Default**: `0`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **agent.customKernelModules.enabled**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  customKernelModules:
-    enabled: true
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **agent.secure.enabled**
-**Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    enabled: true
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **agent.secure.commandLineCapturesEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    commandLineCapturesEnabled: true
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **agent.secure.memoryDumpEnabled**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Description**: Whether to enable mysql app check.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    memoryDumpEnabled: true
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **agent.secure.settings.k8sAuditServerURL**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **agent.secure.settings.k8sAuditServerPort**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **agent.prometheus.enabled**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    enabled: true
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **agent.prometheus.settings.interval**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
-**Example**:
+**Description**:  The amount of cpu assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
 
-## **agent.prometheus.settings.logErrors**
-**Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      logErrors: true
+  resources:
+    limits:
+      cpu: 2
 ```
 
-## **agent.prometheus.settings.maxMetrics**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
+**Description**:  The amount of memory assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
 
-## **agent.prometheus.settings.maxMetricsPerProcess**
-**Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
+  resources:
+    limits:
+      memory: 2
 ```
 
-## **agent.prometheus.settings.maxTagsPerMetric**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
-**Example**:
+**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
 
-## **agent.prometheus.settings.histograms**
-**Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      histograms: 3000
+  resources:
+    requests:
+      cpu: 2
 ```
 
-## **agent.statsd.enabled**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
+
 **Example**:
 
 ```yaml
 agent:
-  statsd:
-    enabled: true
+  resources:
+    requests:
+      memory: 2
 ```
 
-## **agent.statsd.settings.limit**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
-**Example**:
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
-## **agent.jmx.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  jmx:
-    enabled: true
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **agent.jmx.settings.limit**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
+
 **Example**:
 
 ```yaml
 agent:
-  jmx:
-    settings:
-      limit: 1000
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **agent.ebpf.enabled**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Options**:<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
-agent:
-  ebpf:
-    enabled: true
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **agent.ebpf.settings.mountEtcVolume**
+## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
 **Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Max duration after the last ping from an AC before it is considered
+disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
+**Options**:<br>
+**Default**: 10m<br>
 **Example**:
 
 ```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        maxDurationBeforeDisconnection: 20m
 ```
 
-## **agent.appChecks.elasticsearch.authEnabled**
+## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
 **Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: TTL of the cache for the cluster configuration. It should be
+used by the AC as polling interval to retrieve the updated cluster configuration
+from the API. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        confTTLDuration: 10m
 ```
 
-## **agent.appChecks.elasticsearch.url**
+## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
 **Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: TTL of an AC ping. It should be used by the AC as polling
+interval to perform a HEAD on the ping endpoint to notify it's still alive and
+connected. It cannot be greater than 30m and it cannot be greater than
+maxDurationBeforeDisconnection<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        pingTTLDuration: 8m
 ```
 
-## **agent.appChecks.elasticsearch.port**
+## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
 **Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Max duration of the cluster configuration cache. The API returns
+this value as max-age in seconds and the FE uses it for caching the cluster
+configuration. FE also asks for a new cluster configuration using this value
+as time interval. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        clusterConfCacheMaxDuration: 9m
 ```
 
-## **agent.appChecks.elasticsearch.username**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Options**:<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-## **agent.appChecks.elasticsearch.password**
+## **sysdig.scanningAlertMgrForceAutoScan**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Options**:<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+sysdig:
+  scanningAlertMgrForceAutoScan: false
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
+**Description**: Cronjob schedule<br>
+**Options**:<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+**Required**: `false`<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enabled: true
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+**Required**: `false`<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```
 
-## **agent.appChecks.kafka.url**
+
+## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: This creates a deployment for Metadata-Service
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+sysdig:
+  metadataService:
+    enabled: true
 ```
 
-## **agent.appChecks.kafka.port**
+## **sysdig.resources.metadataService.limits.cpu**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: The amount of cpu assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      port: 9200
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **sysdig.resources.metadataService.limits.memory**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
+**Description**: The amount of memory assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
-```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
-```
 
-## **agent.appChecks.kafka.zk.port**
-**Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+## **sysdig.resources.metadataService.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      enabled: true
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+sysdig:
+  metadataServiceReplicaCount: 4
 ```
 
-## **agent.appChecks.mysql.user**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+sysdig:
+  metadataServiceVersion: 1.0.1.12
 ```
 
-## **agent.appChecks.mysql.password**
+## **sysdig.secure.activityAudit.janitor.retentionDays**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Retention period for Activity Audit data.<br>
+**Options**:<br>
+**Default**: 90<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+sysdig:
+  secure:
+    activityAudit:
+      janitor:
+        retentionDays: 90
 ```
 
-## **agent.resources.limits.cpu**
+## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
+**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      cpu: 2
+    rapid-response-connector:
+      limits:
+        cpu: 1
 ```
 
-## **agent.resources.limits.memory**
+## **sysdig.resources.rapid-response-connector.limits.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
+**Description**: The amount of memory assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      memory: 2
+    rapid-response-connector:
+      limits:
+        memory: 500Mi
 ```
 
-## **agent.resources.requests.cpu**
+## **sysdig.resources.rapid-response-connector.requests.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      cpu: 2
+    rapid-response-connector:
+      requests:
+        cpu: 250m
 ```
 
-## **agent.resources.requests.memory**
+## **sysdig.resources.rapid-response-connector.requests.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
+**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      memory: 2
+    rapid-response-connector:
+      requests:
+        memory: 50Mi
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **sysdig.rapidResponseConnectorReplicaCount**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Description**: Number of Sysdig rapid-response-connector replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+sysdig:
+  rapidResponseConnectorReplicaCount: 1
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **sysdig.secure.rapidResponse.enabled**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Description**: Whether to deploy rapid response or not.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Default**: false<br>
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+sysdig:
+  secure:
+    rapidResponse:
+      enabled: false
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **sysdig.secure.rapidResponse.validationCodeLength**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Description**: Length of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: ""<br>
+**Default**: 6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+  secure:
+    rapidResponse:
+      validationCodeLength: 8
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: "5"<br>
+**Default**: 180<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+  secure:
+    rapidResponse:
+      validationCodeSecondsDuration: 8
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
+**Description**: Global duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Default**: 7200<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+    rapidResponse:
+      sessionTotalSecondsTTL: 7200
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+
+## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Description**: Idle duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "disable"<br>
+**Default**: 300<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+    rapidResponse:
+      sessionIdleSecondsTTL: 300
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+
+## **sysdig.secure.scanning.feedsEnabled**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
-**Example**:
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
+**Example**:
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+    scanning:
+      feedsEnabled: true
+```
+
+## **sysdig.feedsAPIVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds API version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsAPIVersion: 0.5.0
+```
+
+## **sysdig.feedsDBVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds database version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsDBVersion: 0.5.0-2020-03-11
 ```

From 78de7180ce231aae8b5f6638d2e789cc6cfe0bc7 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 16 Dec 2021 18:20:49 +0000
Subject: [PATCH 096/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 -
 installer/docs/configuration_parameters.md | 7288 +++++++-------------
 3 files changed, 2392 insertions(+), 4948 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 4f45e10f..21fff9e4 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [installer releases
-  page](https://github.com/draios/installer/releases).
+  [sysdigcloud-kubernetes releases
+  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:4.0.7-1-uber
+  docker pull quay.io/sysdig/installer:3.6.4-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:4.0.7-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.6.4-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 6617e8ba..8c5de38a 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,47 +104,3 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
-
-## Airgapped installations
-
-### Method for automatically updating the feeds database in airgapped environments
-This is a procedure that can be used to automatically update the feeds database:
-
-1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
-2. move the file from the jumpbox server to the customer airgapped environment (optional)
-3. load the image file and push it to the customer's airgapped image registry
-4. restart the pod sysdigcloud-feeds-db
-5. restart the pod feeds-api
-
-Finally, steps 1 to 5 will be performed periodically once a day.
-
-This is an example script that contains all the steps:
-```bash
-#!/bin/bash
-QUAY_USERNAME="<change_me>"
-QUAY_PASSWORD="<change_me>"
-
-# Download image
-docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/vuln-feed-database:latest
-# Save image
-docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
-# Optionally move image
-mv vuln-feed-database.tar /var/shared-folder
-# Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
-# Push image remotely
-ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
-ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
-# Restart database pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
-# Restart feeds-api pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
-```
-
-The script can be scheduled using a cron job that run every day
-```bash
-0 8 * * * feeds-database-update.sh >/dev/null 2>&1
-```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index fee5b3b4..3b35c54e 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`<br>
+**Required**: `false`
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -666,51 +666,6 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
-**Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
-**Options**:<br>
-**Default**: 10Gi<br>
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    nats: 10Gi
-```
-
-## **pvStorageSize.medium.nats**
-**Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
-**Options**:<br>
-**Default**: 10Gi<br>
-**Example**:
-
-```yaml
-pvStorageSize:
-  medium:
-    nats: 10Gi
-```
-
-## **pvStorageSize.small.nats**
-**Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
-**Options**:<br>
-**Default**: 10Gi<br>
-**Example**:
-
-```yaml
-pvStorageSize:
-  small:
-    nats: 10Gi
-```
-
 ## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Activity Audit services.<br>
@@ -720,7 +675,7 @@ pvStorageSize:
 
 ```yaml
 sysdig:
-  activityAuditVersion: 4.0.7.11006
+  activityAuditVersion: 3.6.4.11009
 ```
 
 ## **sysdig.profilingVersion**
@@ -732,19 +687,19 @@ sysdig:
 
 ```yaml
 sysdig:
-  profilingVersion: 4.0.7.11006
+  profilingVersion: 3.6.4.11009
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.30<br>
+**Default**: 0.6.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.30
+  anchoreVersion: 0.8.1.8
 ```
 
 ## **sysdig.accessKey**
@@ -760,19 +715,6 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
-## **sysdig.awsRegion**
-**Required**: `false`<br>
-**Description**: The AWS (or AWS compatible) region to be used by Sysdig
-components to communicate with AWS (or an AWS compatible API).<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  awsRegion: my_aws_region
-```
-
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -830,7 +772,7 @@ sysdig:
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**: <br>
+**Options**:<br>
 **Default**: 2.1.21.13<br>
 **Example**:
 
@@ -839,31 +781,6 @@ sysdig:
   cassandraVersion: 2.1.21.16
 ```
 
-## **sysdig.cassandra.useCassandra3**
-**Required**: `false`<br>
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandra:
-    useCassandra3: false
-```
-
-## **sysdig.Cassandra3Version**
-**Required**: `false`<br>
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
-**Options**: <br>
-**Default**: `3.11.7.0`<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandra3Version: 3.11.7.0
-```
-
 ## **sysdig.cassandra.external**
 **Required**: `false`<br>
 **Description**: If set does not create a local Cassandra cluster, tries connecting to an external Cassandra cluster.
@@ -896,7 +813,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`true`<br>
+**Default**:`false`<br>
 **Example**:
 
 ```yaml
@@ -908,9 +825,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
+**Description**: Enables cassandra server and clients communicate over ssl. <br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -1000,7 +917,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**: `-Xms4g -Xmx4g`<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
@@ -1054,31 +971,22 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
-   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
-
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
-PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
 
-This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
-in the same level as `values.yaml`.<br>
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
-certs/custom-java-certs/certificate3.p12
-certs/custom-java-certs/certificate3.p12.passwd
-
-
 values.yaml
 ```
 
@@ -1114,14 +1022,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch.<br>
+**Description**: The docker image tag of Elasticsearch 6.<br>
 **Options**:<br>
 **Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.6
+  elasticsearchVersion: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1233,12 +1141,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.7.11006<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 4.0.7.11006
+  monitorVersion: 3.6.4.11009
 ```
 
 ## **sysdig.scanningVersion**
@@ -1248,12 +1156,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 4.0.7.11006
+  scanningVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1263,12 +1171,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 4.0.7.11006
+  sysdigAPIVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1278,12 +1186,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 4.0.7.11006
+  sysdigCollectorVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1293,12 +1201,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 4.0.7.11006
+  sysdigWorkerVersion: 3.6.4.11009
 ```
 
 ## **sysdig.enableAlerter**
@@ -1316,75 +1224,6 @@ sysdig:
   enableAlerter: true
 ```
 
-## **sysdig.alertingSystem.enabled**
-**Required**: `false`<br>
-**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    enabled: true
-```
-
-## **sysdig.alertingSystem.alertManager.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertManager.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      apiToken: A_VALID_TOKEN
-```
-
-## **sysdig.alertingSystem.alertNotifier.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertNotifier.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      apiToken: A_VALID_TOKEN
-```
-
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1459,7 +1298,8 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster
+instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1588,36 +1428,6 @@ sysdig:
       enabled: true
 ```
 
-## **sysdig.nats.secure.username**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS username<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS password<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1711,1146 +1521,1185 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: 1.2.5-mysql-to-postgres<br>
+**Default**: [] <br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.postgresql.rootUser**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: Root user of the in-cluster postgresql instance.<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**: `postgres`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootUser: postgres
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
 ```
 
-## **sysdig.postgresql.rootDb**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: Root database of the in-cluster postgresql instance.<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**: `anchore`<br>
+**Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootDb: anchore
+  proxy:
+    enable: true
 ```
 
-## **sysdig.postgresql.rootPassword**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: Password for the root user of the in-cluster postgresql instance.<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**: Autogenerated 16 alphanumeric characters<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootPassword: my_root_password
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.postgresql.primary**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
+**Options**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.postgresql.external**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**:<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-    sysdig:
-      host: my-sysdig-db-external.com
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**: [] <br>
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-## **sysdig.postgresDatabases.useNonAdminUsers**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-    profiling:
-      host: my-profiling-db-external.com
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.postgresDatabases.anchore**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**:<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-      port: 5432
-      db: anchore_db
-      username: anchore_user
-      password: my_anchore_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.profiling**
+  proxy:
+    enable: true
+    user: alice
+```
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `awesomeclientid`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    profiling:
-      host: my-profiling-db-external.com
-      port: 5432
-      db: anchore_db
-      username: profiling_user
-      password: my_profiling_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.postgresDatabases.policies**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `awesomeclientsecret`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    policies:
-      host: my-policies-db-external.com
-      port: 5432
-      db: policies_db
-      username: policies_user
-      password: my_policies_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.postgresDatabases.scanning**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `incoming-webhook`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    scanning:
-      host: my-scanning-db-external.com
-      port: 5432
-      db: scanning_db
-      username: scanning_user
-      password: my_scanning_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.postgresDatabases.reporting**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    reporting:
-      host: my-reporting-db-external.com
-      port: 5432
-      db: reporting_db
-      username: reporting_user
-      password: my_reporting_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-## **sysdig.postgresDatabases.padvisor**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-      port: 5432
-      db: padvisor_db
-      username: padvisor_user
-      password: my_padvisor_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
 
-## **sysdig.postgresDatabases.sysdig**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
+**Example**:
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    sysdig:
-      host: my-sysdig-db-external.com
-      port: 5432
-      db: sysdig_db
-      username: sysdig_user
-      password: my_sysdig_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.postgresDatabases.serviceOwnerManagement**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
+**Example**:
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    serviceOwnerManagement:
-      host: my-som-db-external.com
-      port: 5432
-      db: som_db
-      username: som_user
-      password: my_som_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.postgresDatabases.beacon**
+
+## **sysdig.secure.anchore.customCerts**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    beacon:
-      host: my-beacon-db-external.com
-      port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
 ```
 
-## **sysdig.postgresDatabases.quartz**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
-
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    quartz:
-      host: my-quartz-db-external.com
-      port: 5432
-      db: quartz_db
-      username: quartz_user
-      password: my_quartz_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.postgresDatabases.compliance**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: Docker image tag of Redis.<br>
+**Options**:<br>
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    compliance:
-      host: my-compliance-db-external.com
-      port: 5432
-      db: compliance_db
-      username: compliance_user
-      password: my_compliance_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.postgresDatabases.admissionController**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
+**Options**:<br>
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    admissionController:
-      host: my-admission-controller-db-external.com
-      port: 5432
-      db: admission_controller_db
-      username: admission_controller_user
-      password: my_admission_controller_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.postgresDatabases.rapidResponse**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-rapid-response-db-external.com
-      port: 5432
-      db: rapid_response_db
-      username: rapid_response_user
-      password: my_rapid_response_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  redisHa: false
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
+  resources:
+    cassandra:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
 **Options**:<br>
-**Default**: `false`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  resources:
+    cassandra:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  resources:
+    cassandra:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  resources:
+    cassandra:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  resources:
+    elasticsearch:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: The amount of memory assigned to elasticsearch pods<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  resources:
+    elasticsearch:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  resources:
+    elasticsearch:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  resources:
+    elasticsearch:
+      requests:
+        memory: 2Gi
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu assigned to mysql-router pods<br>
 **Options**:<br>
-**Default**: `awesomeclientid`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  resources:
+    mysql-router:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
 **Options**:<br>
-**Default**: `awesomeclientsecret`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  resources:
+    mysql-router:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `incoming-webhook`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  resources:
+    mysql-router:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  resources:
+    mysql-router:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  resources:
+    mysql:
+      limits:
+        cpu: 2
 ```
-## **sysdig.saml.certificate.name**
+
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: The filename of the certificate that will be used for signing SAML requests. 
-The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
-the certificate name used when creating the certificate.<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
+  resources:
+    mysql:
+      limits:
+        memory: 8Gi
 ```
-## **sysdig.saml.certificate.password**
+
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The password required to read the certificate that will be used for signing SAML requests. 
-If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
-      password: changeit
+  resources:
+    mysql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerEnabled: true
+  resources:
+    mysql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.inactivitySettings.trackerTimeout**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  resources:
+    postgresql:
+      limits:
+        cpu: 2
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+**Description**: The amount of memory assigned to postgresql pods<br>
+**Options**:<br>
+**Default**:
 
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
-**Example**:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 8Gi    |
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
+
+**Example**:
 
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  resources:
+    postgresql:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.secure.anchore.enableMetrics**
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**:
-Allow Anchore to export prometheus metrics.
+**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
-**Options**: `true|false`<br>
-**Default**: false<br>
 **Example**:
+
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      enableMetrics: true
+  resources:
+    postgresql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
-**Default**: 4.0.12.7<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  redisVersion: 4.0.12.7
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
-## **sysdig.redisHaVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
-**Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12-1.0.1
+  resources:
+    postgresql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.redisHa**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+**Description**: The amount of cpu assigned to redis pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  redisHa: false
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
-## **sysdig.useRedis6**
-**Required**: `false`<br>
-**Description**: Determines if redis should be installed with version 6.x<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  useRedis6: false
+  resources:
+    redis:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.redis6Version**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis 6, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
-**Default**: 6.0.10.1<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  redis6Version: 6.0.10.1
+  resources:
+    redis:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.redis6SentinelVersion**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis Sentinel, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
-**Default**: 6.0.10.1<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redis6SentinelVersion: 6.0.10.1
+  resources:
+    redis:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.redis6ExporterVersion**
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
-**Default**: 1.15.1.1<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redis6ExporterVersion: 1.15.1.1
+  resources:
+    redis:
+      requests:
+        memory: 2Gi
 ```
 
-
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    redis-sentinel:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8Gi      |
-| medium       | 8Gi      |
-| large        | 8Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    redis-sentinel:
       requests:
-        memory: 8Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    redis-sentinel:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
-| large        | 4Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    redis-sentinel:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    timescale-adapter:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    timescale-adapter:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: The amount of cpu assigned to api pods<br>
 **Options**:<br>
-**Default**:<br>
-
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
   resources:
-    mysql:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: The amount of memory assigned to api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    api:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The amount of cpu required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: The amount of memory required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2858,51 +2707,51 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    api:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -2910,88 +2759,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    worker:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    worker:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -2999,88 +2848,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis:
+    alerter:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    alerter:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3088,88 +2937,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    collector:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    collector:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    collector:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-core:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3177,58 +3026,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-core:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-core:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-core:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3236,21 +3085,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3258,7 +3107,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 16Gi   |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3266,36 +3115,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    anchore-worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
+| small        | 500m     |
 | medium       | 1        |
-| large        | 4        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    anchore-worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3303,197 +3152,200 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    anchore-worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-api:
       limits:
-        memory: 2Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-api:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 125m   |
-| medium       | 250m   |
-| large        | 250m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 50Mi   |
-| medium       | 100Mi  |
-| large        | 100Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    scanningalertmgr:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m     |
-| medium       | 50m     |
-| large        | 50m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    scanningalertmgr:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 20Mi     |
-| medium       | 20Mi     |
-| large        | 20Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    scanningalertmgr:
       requests:
-        memory: 500Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api containers in api pods<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3501,21 +3353,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api containers in api pods<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3523,7 +3375,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 16Gi   |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3531,36 +3383,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-retention-mgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api containers in api pods<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
+| small        | 500m     |
 | medium       | 1        |
-| large        | 4        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-retention-mgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api containers in api pods<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3568,229 +3420,189 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-retention-mgr:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.apiNginx.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nginx containers in api pods<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**: 0 3 * * *<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiNginx:
-      limits:
-        cpu: 1
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
 ```
 
-## **sysdig.resources.apiNginx.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nginx containers in api pods<br>
+**Description**: Max execution duration for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiNginx:
-      limits:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.apiNginx.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
+**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiNginx:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
 ```
 
-## **sysdig.resources.apiNginx.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nginx containers in api pods<br>
+**Description**: Artifical delay after each image deletion<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
-
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiNginx:
-      requests:
-        memory: 100Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiEmailRenderer:
-      limits:
-        cpu: 1
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
+**Description**: Scanning DB engine<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiEmailRenderer:
-      limits:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.apiEmailRenderer.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiEmailRenderer:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.apiEmailRenderer.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
-**Options**:<br>
-**Default**:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
+```
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the tags policy<br>
+**Options**:<br>
+**Default**: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    apiEmailRenderer:
-      requests:
-        memory: 100Mi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 300m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    scanning-ve-janitor:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3798,88 +3610,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    scanning-ve-janitor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    scanning-ve-janitor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    scanning-ve-janitor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    policy-advisor:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3887,88 +3699,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    policy-advisor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    policy-advisor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    policy-advisor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    netsec-api:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -3976,36 +3788,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    netsec-api:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    netsec-api:
       requests:
-        cpu: 2
+        cpu: 300m
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4013,141 +3825,141 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    netsec-api:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    netsec-ingest:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.anchore-api.limits.cpu**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-api pods<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
+    netsec-ingest:
       limits:
-        cpu: 1
+        memory: 4Gi
 ```
 
-## **sysdig.resources.anchore-catalog.limits.cpu**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        cpu: 1
+    netsec-ingest:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.resources.anchore-policy-engine.limits.cpu**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    netsec-ingest:
       limits:
-        cpu: 1
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    netsec-janitor:
       limits:
-        memory: 10Mi
+        cpu: 1
 ```
 
-
-## **sysdig.resources.anchore-api.limits.memory**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-api pods<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4155,268 +3967,265 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-api:
+    netsec-janitor:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-
-## **sysdig.resources.anchore-catalog.limits.memory**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        memory: 10Mi
+    netsec-janitor:
+      requests:
+        cpu: 1
 ```
 
-
-## **sysdig.resources.anchore-policy-engine.limits.memory**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
-      limits:
-        memory: 10Mi
+    netsec-janitor:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.nats-streaming.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
-      requests:
+    nats-streaming:
+      limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.requests.cpu**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-api pods<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        cpu: 2
+    nats-streaming:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.cpu**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    nats-streaming:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.cpu**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    nats-streaming:
       requests:
-        cpu: 2
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
-      requests:
-        memory: 200Mi
+    activity-audit-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.requests.memory**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-api pods<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        memory: 200Mi
+    activity-audit-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.memory**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    activity-audit-api:
       requests:
-        memory: 200Mi
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.memory**
+## **sysdig.resources.activity-audit-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    activity-audit-worker:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.activity-audit-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4424,88 +4233,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    activity-audit-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.activity-audit-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    activity-audit-worker:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.activity-audit-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    activity-audit-worker:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    activity-audit-janitor:
       limits:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.activity-audit-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
 
 
 **Example**:
@@ -4513,178 +4322,176 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    activity-audit-janitor:
       limits:
-        memory: 10Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    activity-audit-janitor:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.activity-audit-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    activity-audit-janitor:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.profiling-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    profiling-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.profiling-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    profiling-api:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.profiling-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    profiling-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.profiling-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    profiling-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.profiling-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    profiling-worker:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.profiling-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4692,203 +4499,243 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    profiling-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.profiling-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    profiling-worker:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.profiling-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    profiling-worker:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
+## **sysdig.resources.secure-overview-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
 **Options**:<br>
-**Default**: 0 3 * * *<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.secure-overview-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
 **Options**:<br>
-**Default**: 23h<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+## **sysdig.resources.secure-overview-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
 **Options**:<br>
-**Default**: 168h<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.secure-overview-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
 **Options**:<br>
-**Default**: 1s<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+## **sysdig.resources.secure-prometheus.limits.cpu**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.secure-prometheus.limits.memory**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
 **Options**:<br>
-**Default**: mysql<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
+## **sysdig.resources.secure-prometheus.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default value for the date policy<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
 **Options**:<br>
-**Default**: 90<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
-**Options**:<br>
-**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+## **sysdig.resources.secure-prometheus.requests.memory**
 **Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
 **Options**:<br>
-**Default**: 5<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+## **sysdig.resources.events-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
+| small        | 1      |
+| medium       | 1      |
 | large        | 1      |
 
 **Example**:
@@ -4896,327 +4743,322 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-api:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
+## **sysdig.resources.events-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-api:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.events-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.events-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
+## **sysdig.resources.events-gatherer.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api containers<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-gatherer:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
+## **sysdig.resources.events-gatherer.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api containers<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-gatherer:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
+## **sysdig.resources.events-gatherer.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-gatherer:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
+## **sysdig.resources.events-gatherer.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api containers<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api:
+    events-gatherer:
       requests:
-        memory: 50Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
+## **sysdig.resources.events-dispatcher.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-dispatcher:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
+## **sysdig.resources.events-dispatcher.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 256Mi  |
-| medium     | 256Mi  |
-| large      | 256Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-dispatcher:
       limits:
-        memory: 256Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
+## **sysdig.resources.events-dispatcher.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  100m  |
-| medium     |  100m  |
-| large      |  100m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-dispatcher:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
+## **sysdig.resources.events-dispatcher.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api-pg-migrate:
+    events-dispatcher:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.reporting-init.limits.cpu**
+## **sysdig.resources.events-forwarder-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-init pods<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-forwarder-api:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.reporting-init.limits.memory**
+## **sysdig.resources.events-forwarder-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-init pods<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-forwarder-api:
       limits:
-        memory: 256Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.reporting-init.requests.cpu**
+## **sysdig.resources.events-forwarder-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-init pods<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-forwarder-api:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.reporting-init.requests.memory**
+## **sysdig.resources.events-forwarder-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-init pods<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -5231,4228 +5073,1874 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-forwarder-api:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.reporting-api.limits.cpu**
+## **sysdig.resources.events-forwarder.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-api pods<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1500m    |
-| medium       | 1500m    |
-| large        | 1500m    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-api:
+    events-forwarder:
       limits:
-        cpu: 1500m
+        cpu: 1
 ```
 
-## **sysdig.resources.reporting-api.limits.memory**
+## **sysdig.resources.events-forwarder.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-api pods<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1536Mi   |
-| medium       | 1536Mi   |
-| large        | 1536Mi   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-api:
+    events-forwarder:
       limits:
-        memory: 1536Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.reporting-api.requests.cpu**
+## **sysdig.resources.events-forwarder.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-api pods<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-api:
+    events-forwarder:
       requests:
-        cpu: 200m
+        cpu: 250m
 ```
 
-## **sysdig.resources.reporting-api.requests.memory**
+## **sysdig.resources.events-forwarder.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-api pods<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-api:
+    events-forwarder:
       requests:
-        memory: 256Mi
+        memory:  50Mi
 ```
 
-## **sysdig.resources.reporting-worker.limits.cpu**
+## **sysdig.resources.events-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-worker pods<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2        |
-| medium       | 2        |
-| large        | 2        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-worker:
+    events-janitor:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.reporting-worker.limits.memory**
+## **sysdig.resources.events-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-worker pods<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 16Gi     |
-| medium       | 16Gi     |
-| large        | 16Gi     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-worker:
+    events-janitor:
       limits:
-        memory: 16Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.reporting-worker.requests.cpu**
+## **sysdig.resources.events-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-worker pods<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-worker:
+    events-janitor:
       requests:
-        cpu: 200m
+        cpu: 250m
 ```
 
-## **sysdig.resources.reporting-worker.requests.memory**
+## **sysdig.resources.events-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-worker pods<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 10Gi     |
-| medium       | 10Gi     |
-| large        | 10Gi     |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-worker:
+    events-janitor:
       requests:
-        memory: 10Gi
+        memory: 50Mi
 ```
 
-## **sysdig.secure.scanning.reporting.debug**
+## **sysdig.restrictPasswordLogin**
 **Required**: `false`<br>
-**Description**: Enable logging at debug level<br>
-**Options**:<br>
-**Default**: false<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        debug: false
+  restrictPasswordLogin: true
 ```
 
-## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
+## **sysdig.rsyslogVersion**
 **Required**: `false`<br>
-**Description**: Reporting GRPC endpoint<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
+**Default**: 8.34.0.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
+  rsyslogVersion: 8.34.0.7
 ```
 
-## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
+## **sysdig.smtpFromAddress**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  smtpFromAddress: from-address@my-company.com
 ```
 
-## **sysdig.secure.scanning.reporting.storageDriver**
+## **sysdig.smtpPassword**
 **Required**: `false`<br>
-**Description**: Storage kind for generated reports<br>
-**Options**: postgres, fs, s3<br>
-**Default**: postgres<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageDriver: postgres
+  smtpPassword: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.secure.scanning.reporting.storageCompression**
+## **sysdig.smtpProtocolSSL**
 **Required**: `false`<br>
-**Description**: Compression format for generated reports<br>
-**Options**: zip, gzip, none<br>
-**Default**: zip<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageCompression: zip
+  smtpProtocolSSL: true
 ```
 
-## **sysdig.secure.scanning.reporting.storageFsDir**
+## **sysdig.smtpProtocolTLS**
 **Required**: `false`<br>
-**Description**: The directory where reports will saved (required when using `fs` driver)<br>
-**Options**: <br>
-**Default**: .<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageFsDir: /reports
+  smtpProtocolTLS: true
 ```
 
-## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
+## **sysdig.smtpServer**
 **Required**: `false`<br>
-**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
+**Description**: SMTP server to use to send emails<br>
 **Options**: <br>
-**Default**: 1<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storagePostgresRetentionDays: 1
+  smtpServer: smtp.gmail.com
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Bucket**
+## **sysdig.smtpServerPort**
 **Required**: `false`<br>
-**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Bucket: secure-scanning-reporting
+  smtpServerPort: 587<br>
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Prefix**
+## **sysdig.smtpUser**
 **Required**: `false`<br>
-**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Prefix: reports
+  smtpUser: bob+alice@gmail.com<br>
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Endpoint**
+## **sysdig.tolerations**
 **Required**: `false`<br>
-**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Endpoint: s3.example.com
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Region**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Region: us-east-1
+  anchoreCoreReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
+## **sysdig.anchoreWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
+  anchoreWorkerReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
+## **sysdig.apiReplicaCount**
 **Required**: `false`<br>
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+  apiReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.workerSleepTime**
+## **sysdig.cassandraReplicaCount**
 **Required**: `false`<br>
-**Description**: The sleep interval between two runs of the reporting worker<br>
-**Options**: <br>
-**Default**: 120s<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        workerSleepTime: 120s
+  cassandraReplicaCount: 20
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.collectorReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        cpu: 2
+  collectorReplicaCount: 7
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.activityAuditWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        memory: 10Mi
+  activityAuditWorkerReplicaCount: 20
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.activityAuditApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: Number of Activity Audit API replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        cpu: 2
+  activityAuditApiReplicaCount: 20
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.policyAdvisorReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: Number of Policy Advisor replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        memory: 200Mi
+  policyAdvisorReplicaCount: 20
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.netsecApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: Number of Netsec API replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        cpu: 1
+  netsecApiReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.netsecIngestReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: Number of Netsec Ingest replicas.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        memory: 1Gi
+  netsecIngestReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: Number of Anchore Core replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        cpu: 300m
+  anchoreCoreReplicaCount: 2
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.scanningApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: Number of Scanning API replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        memory: 1Gi
+  scanningApiReplicaCount: 3
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        cpu: 1
+  elasticsearchReplicaCount: 20
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
+## **sysdig.workerReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 4Gi
+  workerReplicaCount: 7
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.alerterReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      requests:
-        cpu: 500m
+  alerterReplicaCount: 7
 ```
 
-## **sysdig.resources.netsec-ingest.requests.memory**
+## **sysdig.eventsGathererReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 2Gi
+  eventsGathererReplicaCount: 2
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.eventsAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        cpu: 1
+  eventsAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+## **sysdig.eventsDispatcherReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        memory: 1Gi
+  eventsDispatcherReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+## **sysdig.eventsForwarderReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        cpu: 1
-```
-
-## **sysdig.resources.netsec-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        memory: 1Gi
+  eventsForwarderReplicaCount: 2
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.eventsForwarderAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        cpu: 2
+  eventsForwarderAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.admin.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
+  admin:
+    password: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.api.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        memory: 1Gi
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        cpu: 2
+  certificate:
+    generate: true
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
+## **sysdig.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
+  certificate:
+    crt: certs/server.crt
 ```
 
-## **sysdig.resources.activity-audit-api.requests.cpu**
+## **sysdig.certificate.key**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        cpu: 250m
+  certificate:
+    key: certs/server.key
 ```
 
-## **sysdig.resources.activity-audit-api.requests.memory**
+## **sysdig.collector.dnsName**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        memory: 50Mi
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.cpu**
+## **sysdig.collector.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        cpu: 1
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.memory**
+## **sysdig.collector.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        memory: 500Mi
+  collector:
+    certificate:
+      generate: true
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.cpu**
+## **sysdig.collector.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.profiling-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.profiling-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.secure-overview-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-overview-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.secure-overview-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-overview-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        memory: 512Mi
-```
-
-## **sysdig.resources.secure-prometheus.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-prometheus.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        memory: 8Gi
-```
-
-## **sysdig.resources.secure-prometheus.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-prometheus.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        memory: 2Gi
-```
-
-## **sysdig.resources.events-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-gatherer.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.events-gatherer.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.events-gatherer.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-gatherer.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-dispatcher.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-dispatcher.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        memory:  50Mi
-```
-
-## **sysdig.resources.events-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.events-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.restrictPasswordLogin**
-**Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  restrictPasswordLogin: true
-```
-
-## **sysdig.rsyslogVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
-**Options**:<br>
-**Default**: 8.34.0.7<br>
-**Example**:
-
-```yaml
-sysdig:
-  rsyslogVersion: 8.34.0.7
-```
-
-## **sysdig.smtpFromAddress**
-**Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpFromAddress: from-address@my-company.com
-```
-
-## **sysdig.smtpPassword**
-**Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.smtpProtocolSSL**
-**Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolSSL: true
-```
-
-## **sysdig.smtpProtocolTLS**
-**Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolTLS: true
-```
-
-## **sysdig.smtpServer**
-**Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServer: smtp.gmail.com
-```
-
-## **sysdig.smtpServerPort**
-**Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServerPort: 587<br>
-```
-
-## **sysdig.smtpUser**
-**Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpUser: bob+alice@gmail.com<br>
-```
-
-## **sysdig.tolerations**
-**Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 5
-```
-
-## **sysdig.anchoreAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore API replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreAPIReplicaCount: 4
-```
-
-## **sysdig.anchoreCatalogReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCatalogReplicaCount: 4
-```
-
-## **sysdig.anchorePolicyEngineReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchorePolicyEngineReplicaCount: 4
-```
-
-## **sysdig.anchoreWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreWorkerReplicaCount: 5
-```
-
-## **sysdig.apiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  apiReplicaCount: 5
-```
-
-## **sysdig.cassandraReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  cassandraReplicaCount: 20
-```
-
-## **sysdig.collectorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  collectorReplicaCount: 7
-```
-
-## **sysdig.activityAuditWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditWorkerReplicaCount: 20
-```
-
-## **sysdig.activityAuditApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditApiReplicaCount: 20
-```
-
-## **sysdig.policyAdvisorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  policyAdvisorReplicaCount: 20
-```
-
-## **sysdig.scanningAdmissionControllerAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of scanning Admission Controller API replicas, this is
-a noop for clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningAdmissionControllerAPIReplicaCount: 1
-```
-
-## **sysdig.netsecApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecApiReplicaCount: 1
-```
-
-## **sysdig.netsecIngestReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecIngestReplicaCount: 1
-```
-## **sysdig.netsecCommunicationShards**
-**Required**: `false`<br>
-**Description**: Number of Netsec communications index shards.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 3     |
-| medium       | 9     |
-| large        | 15    |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecCommunicationShards: 5
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 2
-```
-
-## **sysdig.scanningApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningApiReplicaCount: 3
-```
-
-## **sysdig.elasticsearchReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchReplicaCount: 20
-```
-
-## **sysdig.workerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  workerReplicaCount: 7
-```
-
-## **sysdig.alerterReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
-## **sysdig.eventsGathererReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsGathererReplicaCount: 2
-```
-
-## **sysdig.eventsAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsAPIReplicaCount: 1
-```
-
-## **sysdig.eventsDispatcherReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsDispatcherReplicaCount: 1
-```
-
-## **sysdig.eventsForwarderReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderReplicaCount: 2
-```
-
-## **sysdig.eventsForwarderAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderAPIReplicaCount: 1
-```
-
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
-```
-
-## **sysdig.admin.password**
-**Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.api.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
-```
-
-## **sysdig.certificate.generate**
-**Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    generate: true
-```
-
-## **sysdig.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    crt: certs/server.crt
-```
-
-## **sysdig.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    key: certs/server.key
-```
-
-## **sysdig.collector.dnsName**
-**Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
-```
-
-## **sysdig.collector.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.collector.certificate.generate**
-**Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      generate: true
-```
-
-## **sysdig.collector.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
-```
-
-## **sysdig.collector.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
-```
-
-## **sysdig.worker.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **agent.apiKey**
-**Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  apiKey: replace_with_your_monitor_access_key
-```
-
-## **agent.appChecks.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    settings:
-      limit: 1500
-```
-
-## **agent.collectorEndpoint**
-**Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
-```
-
-## **agent.collectorPort**
-**Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
-**Example**:
-
-```yaml
-agent:
-  collectorPort: 6443
-```
-
-## **agent.namespace**
-**Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
-**Options**: <br>
-**Default**: `agent`<br>
-**Example**:
-
-```yaml
-agent:
-  namespace: sysdig-agent
-```
-
-## **agent.useSlim**
-**Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  useSlim: true
-```
-
-## **agent.version**
-**Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
-**Options**: <br>
-**Default**: `latest`<br>
-**Example**:
-
-```yaml
-agent:
-  version: 1.10.1
-```
-
-## **agent.useSSL**
-**Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  useSSL: false
-```
-
-## **agent.verifySSL**
-**Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  verifySSL: false
-```
-
-## **agent.clusterName**
-**Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
-**Example**:
-
-```yaml
-agent:
-  clusterName: false
-```
-
-## **agent.tags**
-**Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  tags: environment:production linux:ubuntu
-```
-
-## **agent.capturesEnabled**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  capturesEnabled: false
-```
-
-## **agent.feature_mode**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
-**Example**:
-
-```yaml
-agent:
-  feature_mode: troubleshooting
-```
-
-## **agent.timezone**
-**Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  timezone: America/New_York.
-```
-
-## **agent.proxy.httpProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
-```
-
-## **agent.proxy.httpsProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
-```
-
-## **agent.proxy.noProxy**
-**Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
-```
-
-## **agent.snaplenPortRange.start**
-**Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.snaplenPortRange.end**
-**Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.customKernelModules.enabled**
-**Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  customKernelModules:
-    enabled: true
-```
-
-## **agent.secure.enabled**
-**Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    enabled: true
-```
-
-## **agent.secure.commandLineCapturesEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    commandLineCapturesEnabled: true
-```
-
-## **agent.secure.memoryDumpEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    memoryDumpEnabled: true
-```
-
-## **agent.secure.settings.k8sAuditServerURL**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
-```
-
-## **agent.secure.settings.k8sAuditServerPort**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
-```
-
-## **agent.prometheus.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    enabled: true
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
 ```
 
-## **agent.prometheus.settings.interval**
+## **sysdig.collector.certificate.key**
 **Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
 ```
 
-## **agent.prometheus.settings.logErrors**
+## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.prometheus.settings.maxMetrics**
+## **sysdig.alerter.jvmOptions**
 **Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.prometheus.settings.maxMetricsPerProcess**
+## **agent.apiKey**
 **Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
+  apiKey: replace_with_your_monitor_access_key
 ```
 
-## **agent.prometheus.settings.maxTagsPerMetric**
+## **agent.appChecks.settings.limit**
 **Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
+  appChecks:
     settings:
-      maxTagsPerMetric: 20
+      limit: 1500
 ```
 
-## **agent.prometheus.settings.histograms**
+## **agent.collectorEndpoint**
 **Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      histograms: 3000
+  collectorEndpoint: my-awesome-collector-domain-name.com
 ```
 
-## **agent.statsd.enabled**
+## **agent.collectorPort**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
 **Example**:
 
 ```yaml
 agent:
-  statsd:
-    enabled: true
+  collectorPort: 6443
 ```
 
-## **agent.statsd.settings.limit**
+## **agent.namespace**
 **Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
 **Options**: <br>
-**Default**: `100`<br>
+**Default**: `agent`<br>
 **Example**:
 
 ```yaml
 agent:
-  statsd:
-    settings:
-      limit: 1000
+  namespace: sysdig-agent
 ```
 
-## **agent.jmx.enabled**
+## **agent.useSlim**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Description**: Whether to use the slim version of agent or not.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  jmx:
-    enabled: true
+  useSlim: true
 ```
 
-## **agent.jmx.settings.limit**
+## **agent.version**
 **Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
 **Options**: <br>
-**Default**: `3000`<br>
+**Default**: `latest`<br>
 **Example**:
 
 ```yaml
 agent:
-  jmx:
-    settings:
-      limit: 1000
+  version: 1.10.1
 ```
 
-## **agent.ebpf.enabled**
+## **agent.useSSL**
 **Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  ebpf:
-    enabled: true
+  useSSL: false
 ```
 
-## **agent.ebpf.settings.mountEtcVolume**
+## **agent.verifySSL**
 **Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
+  verifySSL: false
 ```
 
-## **agent.appChecks.elasticsearch.authEnabled**
+## **agent.clusterName**
 **Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
+  clusterName: false
 ```
 
-## **agent.appChecks.elasticsearch.url**
+## **agent.tags**
 **Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Description**: List of user-provided metadata at agent level.<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
+  tags: environment:production linux:ubuntu
 ```
 
-## **agent.appChecks.elasticsearch.port**
+## **agent.capturesEnabled**
 **Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
+  capturesEnabled: false
 ```
 
-## **agent.appChecks.elasticsearch.username**
+## **agent.feature_mode**
 **Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
+  feature_mode: troubleshooting
 ```
 
-## **agent.appChecks.elasticsearch.password**
+## **agent.timezone**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Description**: Set daemonset timezone.<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+  timezone: America/New_York.
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **agent.proxy.httpProxy**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
-```
-
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enabled: true
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
 ```
 
-## **agent.appChecks.kafka.url**
+## **agent.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
 ```
 
-## **agent.appChecks.kafka.port**
+## **agent.snaplenPortRange.start**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      port: 9200
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **agent.snaplenPortRange.end**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
 **Options**: <br>
-**Default**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+agent:
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **agent.appChecks.kafka.zk.port**
+## **agent.customKernelModules.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+  customKernelModules:
+    enabled: true
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
+  secure:
+    enabled: true
 ```
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+  secure:
+    commandLineCapturesEnabled: true
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **agent.secure.memoryDumpEnabled**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      enabled: true
+  secure:
+    memoryDumpEnabled: true
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **agent.secure.settings.k8sAuditServerURL**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
 ```
 
-## **agent.appChecks.mysql.user**
+## **agent.secure.settings.k8sAuditServerPort**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
 ```
 
-## **agent.appChecks.mysql.password**
+## **agent.prometheus.enabled**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+  prometheus:
+    enabled: true
 ```
 
-## **agent.resources.limits.cpu**
+## **agent.prometheus.settings.interval**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
-
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      cpu: 2
+  prometheus:
+    settings:
+      interval: 30
 ```
 
-## **agent.resources.limits.memory**
+## **agent.prometheus.settings.logErrors**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
+```yaml
+agent:
+  prometheus:
+    settings:
+      logErrors: true
+```
 
+## **agent.prometheus.settings.maxMetrics**
+**Required**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      memory: 2
+  prometheus:
+    settings:
+      maxMetrics: 1000
 ```
 
-## **agent.resources.requests.cpu**
+## **agent.prometheus.settings.maxMetricsPerProcess**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
+```
 
+## **agent.prometheus.settings.maxTagsPerMetric**
+**Required**: `false`<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      cpu: 2
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
 ```
 
-## **agent.resources.requests.memory**
+## **agent.prometheus.settings.histograms**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
 
+## **agent.statsd.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      memory: 2
+  statsd:
+    enabled: true
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **agent.statsd.settings.limit**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
-
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+  statsd:
+    settings:
+      limit: 1000
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **agent.jmx.enabled**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+  jmx:
+    enabled: true
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **agent.jmx.settings.limit**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
-**Options**:<br>
-**Default**: ""<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+agent:
+  jmx:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
+## **agent.ebpf.enabled**
 **Required**: `false`<br>
-**Description**: Max duration after the last ping from an AC before it is considered
-disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
-**Options**:<br>
-**Default**: 10m<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        maxDurationBeforeDisconnection: 20m
+agent:
+  ebpf:
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
+## **agent.ebpf.settings.mountEtcVolume**
 **Required**: `false`<br>
-**Description**: TTL of the cache for the cluster configuration. It should be
-used by the AC as polling interval to retrieve the updated cluster configuration
-from the API. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        confTTLDuration: 10m
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
+## **agent.appChecks.elasticsearch.authEnabled**
 **Required**: `false`<br>
-**Description**: TTL of an AC ping. It should be used by the AC as polling
-interval to perform a HEAD on the ping endpoint to notify it's still alive and
-connected. It cannot be greater than 30m and it cannot be greater than
-maxDurationBeforeDisconnection<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        pingTTLDuration: 8m
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
+## **agent.appChecks.elasticsearch.url**
 **Required**: `false`<br>
-**Description**: Max duration of the cluster configuration cache. The API returns
-this value as max-age in seconds and the FE uses it for caching the cluster
-configuration. FE also asks for a new cluster configuration using this value
-as time interval. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        clusterConfCacheMaxDuration: 9m
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **agent.appChecks.elasticsearch.port**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
-**Options**:<br>
-**Default**: "5"<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
 ```
 
-## **sysdig.scanningAlertMgrForceAutoScan**
+## **agent.appChecks.elasticsearch.username**
 **Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
-**Options**:<br>
-**Default**: `false`<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAlertMgrForceAutoScan: false
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **agent.appChecks.elasticsearch.password**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
-**Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
-**Options**:<br>
-**Default**: "disable"<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
-**Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+agent:
+  appChecks:
+    kafka:
+      enabled: true
 ```
 
-
-## **sysdig.metadataService.enabled**
-**Required**: `false`<br>
-**Description**: This creates a deployment for Metadata-Service
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataService:
-    enabled: true
+agent:
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **sysdig.resources.metadataService.limits.cpu**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+```yaml
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
+```
 
+## **agent.appChecks.kafka.port**
+**Required**: `false`<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        cpu: 2
+agent:
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **sysdig.resources.metadataService.limits.memory**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
 
+```yaml
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
+```
 
+## **agent.appChecks.kafka.zk.port**
+**Required**: `false`<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        memory: 10Mi
+agent:
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **sysdig.resources.metadataService.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
+```
 
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        cpu: 2
+agent:
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **sysdig.resources.metadataService.requests.memory**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
+**Description**: Whether to enable mysql app check.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        memory: 200Mi
+agent:
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **sysdig.metadataServiceReplicaCount**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
-
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceReplicaCount: 4
+agent:
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **sysdig.metadataServiceVersion**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 1.0.1.1<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceVersion: 1.0.1.12
+agent:
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **sysdig.secure.activityAudit.janitor.retentionDays**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: Retention period for Activity Audit data.<br>
-**Options**:<br>
-**Default**: 90<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    activityAudit:
-      janitor:
-        retentionDays: 90
+agent:
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.cpu**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        cpu: 1
+    limits:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.memory**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rapid-response-connector pods<br>
+**Description**:  The amount of memory assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        memory: 500Mi
+    limits:
+      memory: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.cpu**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        cpu: 250m
+    requests:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.memory**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        memory: 50Mi
+    requests:
+      memory: 2
 ```
 
-## **sysdig.rapidResponseConnectorReplicaCount**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: Number of Sysdig rapid-response-connector replicas.<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
 **Example**:
 
 ```yaml
-sysdig:
-  rapidResponseConnectorReplicaCount: 1
+agent:
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **sysdig.secure.rapidResponse.enabled**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: Whether to deploy rapid response or not.<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
 **Options**:<br>
-**Default**: false<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      enabled: false
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
 
-## **sysdig.secure.rapidResponse.validationCodeLength**
-**Required**: `false`<br>
-**Description**: Length of mfa validation code sent via e-mail.<br>
-**Options**:<br>
-**Default**: 6<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      validationCodeLength: 8
+agent:
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
 **Options**:<br>
-**Default**: 180<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      validationCodeSecondsDuration: 8
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Global duration of session in seconds.<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
 **Options**:<br>
-**Default**: 7200<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      sessionTotalSecondsTTL: 7200
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-
-## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Idle duration of session in seconds.<br>
+**Description**: Cronjob schedule<br>
 **Options**:<br>
-**Default**: 300<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    rapidResponse:
-      sessionIdleSecondsTTL: 300
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-
-## **sysdig.secure.scanning.feedsEnabled**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
+
 ```yaml
 sysdig:
   secure:
-    scanning:
-      feedsEnabled: true
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **sysdig.feedsAPIVersion**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: Sets feeds API version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
-```yaml
-sysdig:
-  feedsAPIVersion: 0.5.0
-```
 
-## **sysdig.feedsDBVersion**
-**Required**: `false`<br>
-**Description**: Sets feeds database version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
-**Example**:
 ```yaml
 sysdig:
-  feedsDBVersion: 0.5.0-2020-03-11
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```

From 98a03e5ad2deab3e1e8e16b77b3555bd5b483acd Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 23 Dec 2021 18:08:39 +0000
Subject: [PATCH 097/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 +
 installer/docs/configuration_parameters.md | 8178 ++++++++++++++------
 3 files changed, 5718 insertions(+), 2512 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 21fff9e4..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [sysdigcloud-kubernetes releases
-  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
+  [installer releases
+  page](https://github.com/draios/installer/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.6.4-1-uber
+  docker pull quay.io/sysdig/installer:3.5.1-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.6.4-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 8c5de38a..6617e8ba 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,3 +104,47 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
+
+## Airgapped installations
+
+### Method for automatically updating the feeds database in airgapped environments
+This is a procedure that can be used to automatically update the feeds database:
+
+1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
+2. move the file from the jumpbox server to the customer airgapped environment (optional)
+3. load the image file and push it to the customer's airgapped image registry
+4. restart the pod sysdigcloud-feeds-db
+5. restart the pod feeds-api
+
+Finally, steps 1 to 5 will be performed periodically once a day.
+
+This is an example script that contains all the steps:
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/vuln-feed-database:latest
+# Save image
+docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
+# Optionally move image
+mv vuln-feed-database.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
+ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
+# Restart database pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
+# Restart feeds-api pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
+```
+
+The script can be scheduled using a cron job that run every day
+```bash
+0 8 * * * feeds-database-update.sh >/dev/null 2>&1
+```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 3b35c54e..8d5fdddc 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -72,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
-and [full airgap instructions](../usage.md#full-airgap-installation) for more
+multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
+and [full airgap instructions](../README.md#full-airgap-install) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`
+**Required**: `false`<br>
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -124,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift`<br>
+**Options**: `iks|kubernetes|openshift|goldman`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -321,6 +321,33 @@ elasticsearch:
   useES6: true
 ```
 
+## **elasticsearch.enableMetrics**
+**Required**: `false`<br>
+**Description**:
+Allow Elasticsearch to export prometheus metrics.
+
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  enableMetrics: true
+```
+
+## **sysdig.elasticsearchExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
+`elasticsearch.enableMetrics` is `true`.<br>
+**Options**:<br>
+**Default**: v1.2.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchExporterVersion: v1.2.0
+```
+
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -666,40 +693,61 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **sysdig.activityAuditVersion**
+## **pvStorageSize.large.nats**
 **Required**: `false`<br>
-**Description**: Docker image tag of Activity Audit services.<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 10Gi<br>
 **Example**:
 
 ```yaml
-sysdig:
-  activityAuditVersion: 3.6.4.11009
+pvStorageSize:
+  large:
+    nats: 10Gi
 ```
 
-## **sysdig.profilingVersion**
+## **pvStorageSize.medium.nats**
 **Required**: `false`<br>
-**Description**: Docker image tag of Profiling services.<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 10Gi<br>
 **Example**:
 
 ```yaml
-sysdig:
-  profilingVersion: 3.6.4.11009
+pvStorageSize:
+  medium:
+    nats: 10Gi
+```
+
+## **pvStorageSize.small.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    nats: 10Gi
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.6.1.2<br>
+**Default**: 0.8.1.32<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.8
+  anchoreVersion: 0.8.1.32
 ```
 
 ## **sysdig.accessKey**
@@ -715,6 +763,19 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
+## **sysdig.awsRegion**
+**Required**: `false`<br>
+**Description**: The AWS (or AWS compatible) region to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  awsRegion: my_aws_region
+```
+
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -769,16 +830,67 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
+## **sysdig.s3.capturesFolder**
+**Required**: `false`<br>
+**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    capturesFolder: my_captures_folder
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**:<br>
-**Default**: 2.1.21.13<br>
+**Options**: <br>
+**Default**: 2.1.22.4<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.16
+  cassandraVersion: 2.1.22.4
+```
+
+## **sysdig.cassandraExporterVersion**
+**Required**: `false`<br>
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
+**Options**: <br>
+**Default**: latest<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraExporterVersion: latest
+```
+
+## **sysdig.cassandra.useCassandra3**
+**Required**: `false`<br>
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    useCassandra3: false
+```
+
+## **sysdig.Cassandra3Version**
+**Required**: `false`<br>
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
+**Options**: <br>
+**Default**: `3.11.11.1`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra3Version: 3.11.11.1
 ```
 
 ## **sysdig.cassandra.external**
@@ -813,7 +925,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`false`<br>
+**Default**:`true`<br>
 **Example**:
 
 ```yaml
@@ -825,9 +937,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. <br>
+**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -837,6 +949,19 @@ sysdig:
    ssl: true
 ```
 
+## **sysdig.cassandra.enableMetrics**
+**Required**: `false`<br>
+**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   enableMetrics: true
+```
+
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -917,7 +1042,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `-Xms4g -Xmx4g`<br>
 **Example**:
 
 ```yaml
@@ -971,22 +1096,31 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
+   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
+PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
+in the same level as `values.yaml`.<br>
 
-This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
+certs/custom-java-certs/certificate3.p12
+certs/custom-java-certs/certificate3.p12.passwd
+
+
 values.yaml
 ```
 
@@ -1022,14 +1156,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch 6.<br>
+**Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.6<br>
+**Default**: 6.8.6.12<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 6.8.6.6
+  elasticsearch6Version: 6.8.6.12
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1141,27 +1275,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.6.4.11009
+  monitorVersion: 5.0.4.11001
 ```
 
-## **sysdig.scanningVersion**
+## **sysdig.secureVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Scanning components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Secure, if this is not 
+configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.6.4.11009
+  secureVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1171,12 +1305,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.6.4.11009
+  sysdigAPIVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1186,12 +1320,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.6.4.11009
+  sysdigCollectorVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1201,12 +1335,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.6.4.11009
+  sysdigWorkerVersion: 5.0.4.11001
 ```
 
 ## **sysdig.enableAlerter**
@@ -1224,6 +1358,101 @@ sysdig:
   enableAlerter: true
 ```
 
+## **sysdig.alertingSystem.enabled**
+**Required**: `false`<br>
+**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    enabled: true
+```
+
+## **sysdig.alertingSystem.alertManager.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertManager.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifier.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertNotifier.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifierReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertNotifier<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifierReplicaCount: 3
+```
+
+## **sysdig.alertingSystem.alertManagerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertManager<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManagerReplicaCount: 3
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1298,8 +1527,7 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster
-instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1394,24 +1622,36 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.6.0.1<br>
+**Default**: 0.7.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.6.0.1
+  natsExporterVersion: 0.7.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.16.2.1<br>
+**Default**: 0.22.0.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingVersion: 0.22.0.2
+```
+
+## **sysdig.natsStreamingInitVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming init.<br>
+**Options**:<br>
+**Default**: 0.22.0.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.16.2.1
+  natsStreamingInitVersion: 0.22.0.2
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1428,6 +1668,36 @@ sysdig:
       enabled: true
 ```
 
+## **sysdig.nats.secure.username**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS username<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS password<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1511,7 +1781,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure`.<br>
+is `monitor secure` and when `postgres.HA.enabled` is false.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1521,1170 +1791,1145 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.mysqlToPostgresMigrationVersion**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
 **Options**:<br>
-**Default**: [] <br>
-
+**Default**: 1.2.5-mysql-to-postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.postgresql.rootUser**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: Root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Default**: `postgres`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
+  postgresql:
+    rootUser: postgres
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.postgresql.rootDb**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: Root database of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `false`<br>
-
+**Default**: `anchore`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  postgresql:
+    rootDb: anchore
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.postgresql.rootPassword**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: Password for the root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**:<br>
-
+**Default**: Autogenerated 16 alphanumeric characters<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  postgresql:
+    rootPassword: my_root_password
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.postgresql.primary**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
-**Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  postgresql:
+    primary: true
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.postgresql.external**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**:<br>
-**Default**:<br>
-
+**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  postgresql:
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+    sysdig:
+      host: my-sysdig-db-external.com
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**: [] <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.postgresql.pgParameters**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
+**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Options**:<br>
+**Default**: ``<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  postgresql:      
+    pgParameters:
+      max_connections: '1024'
+      shared_buffers: '110MB'
 ```
 
-## **sysdig.proxy.user**
+
+## **sysdig.postgresql.ha.enabled**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: true if you want to deploy postgreSQL in HA mode.
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  postgresql:
+    ha:
+      enabled: true
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.postgresql.ha.spiloVersion**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the postgreSQL node in HA mode.
 **Options**:<br>
-**Default**: `awesomeclientid`<br>
+**Default**: `2.0-p7`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  postgresql:
+    ha:
+      spiloVersion: 2.0-p7
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.postgresql.ha.operatorVersion**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
 **Options**:<br>
-**Default**: `awesomeclientsecret`<br>
+**Default**: `v1.6.3`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  postgresql:
+    ha:
+      operatorVersion: v1.6.3
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.postgresql.ha.exporterVersion**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
 **Options**:<br>
-**Default**: `incoming-webhook`<br>
+**Default**: `latest`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  postgresql:
+    ha:
+      exporterVersion: v0.3
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.postgresql.ha.clusterDomain**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
 **Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
+**Default**: `cluster.local`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  postgresql:
+    ha:
+      clusterDomain: cluster.local
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.postgresql.ha.replicas**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: number of replicas for postgreSQL nodes in HA mode.
 **Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
+**Default**: `3`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  postgresql:
+    ha:
+      replicas: 3
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+
+## **sysdig.postgresql.ha.enableExporter**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `true`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerEnabled: true
+  postgresql:
+    ha:
+      enableExporter: true
 ```
 
-## **sysdig.inactivitySettings.trackerTimeout**
+## **sysdig.postgresql.ha.migrate.retryCount**
 **Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
+**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Options**: `true|false`<br>
+**Default**: `3600`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  postgresql:
+    ha:
+      migrate:
+        retryCount: 3600
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
+**Options**:<br>
+**Default**: `10`<br>
 
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
 **Example**:
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
-
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  postgresql:
+    ha:
+      migrate:
+        retrySleepSeconds: 10
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.postgresql.ha.migrate.retainBackup**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
-**Options**:<br>
-**Default**: 4.0.12.7<br>
+**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  postgresql:
+    ha:
+      migrate:
+        retainBackup: true
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
+**Description**: Docker image tag of the migration job from postgres single node to HA mode.
 **Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
+**Default**: `postgres-to-postgres-ha-0.0.4`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12-1.0.1
+  postgresql:
+    ha:
+      migrate:
+        migrationJobImageVersion: v0.1
 ```
 
-## **sysdig.redisHa**
+## **sysdig.postgresql.ha.customTls.enabled**
 **Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
+**Description**: If set to true will pass to the target pg crd the option to add
+custom certificates and CA
 **Options**: `true|false`<br>
 **Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisHa: false
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
 ```
 
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.postgresql.ha.customTls.crtSecretName**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container certificate and key that will be used in postgres HA for ssl
+NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        cpu: 2
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.postgresql.ha.customTls.caSecretName**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container the CA certificate that will be used in postgres HA for ssl
+NOTE: the CA certificate file must be called `ca.crt`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        memory: 8Gi
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+       caSecretName: sysdigcloud-postgres-tls-ca
+
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.postgresDatabases.anchore**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
-
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        memory: 2Gi
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.postgresDatabases.profiling**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.policies**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.postgresDatabases.scanning**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        memory: 8Gi
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.postgresDatabases.reporting**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.postgresDatabases.padvisor**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
-| large        | 4Gi      |
-
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        memory: 2Gi
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.postgresDatabases.sysdig**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.serviceOwnerManagement**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        cpu: 2
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    serviceOwnerManagement:
+      host: my-som-db-external.com
+      port: 5432
+      db: som_db
+      username: som_user
+      password: my_som_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    beacon:
+      host: my-beacon-db-external.com
+      port: 5432
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.promBeacon**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        memory: 8Gi
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    promBeacon:
+      host: my-prom-beacon-db-external.com
+      port: 5432
+      db: prom_beacon_db
+      username: prom_beacon_user
+      password: my_prom_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    quartz:
+      host: my-quartz-db-external.com
+      port: 5432
+      db: quartz_db
+      username: quartz_user
+      password: my_quartz_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.compliance**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    compliance:
+      host: my-compliance-db-external.com
+      port: 5432
+      db: compliance_db
+      username: compliance_user
+      password: my_compliance_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.postgresDatabases.admissionController**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    admissionController:
+      host: my-admission-controller-db-external.com
+      port: 5432
+      db: admission_controller_db
+      username: admission_controller_user
+      password: my_admission_controller_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.rapidResponse**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        memory: 2Gi
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-rapid-response-db-external.com
+      port: 5432
+      db: rapid_response_db
+      username: rapid_response_user
+      password: my_rapid_response_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 4      |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 8Gi    |
-
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        cpu: 2
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        memory: 1Gi
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        cpu: 2
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        memory: 2Gi
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        cpu: 2
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
-
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.saml.certificate.name**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The filename of the certificate that will be used for signing SAML requests. 
+The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
+the certificate name used when creating the certificate.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        memory: 10Mi
+  saml:
+    certificate:
+      name: saml-cert.p12
 ```
-
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.saml.certificate.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The password required to read the certificate that will be used for signing SAML requests. 
+If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        cpu: 2
+  saml:
+    certificate:
+      name: saml-cert.p12
+      password: changeit
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        memory: 200Mi
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        cpu: 2
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
 
+## **sysdig.secure.anchore.customCerts**
+**Required**: `false`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        memory: 10Mi
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.secure.anchore.enableMetrics**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+**Description**:
+Allow Anchore to export prometheus metrics.
 
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        cpu: 2
+  secure:
+    anchore:
+      enableMetrics: true
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
-
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        memory: 200Mi
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
-
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      limits:
-        cpu: 2
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
 
+```yaml
+sysdig:
+  redisHa: false
+```
 
+## **sysdig.useRedis6**
+**Required**: `false`<br>
+**Description**: Determines if redis should be installed with version 6.x<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      limits:
-        memory: 10Mi
+  useRedis6: false
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.redis6Version**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: Docker image tag of Redis 6, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
-
+**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      requests:
-        cpu: 2
+  redis6Version: 6.0.10.1
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.redis6SentinelVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: Docker image tag of Redis Sentinel, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
+**Default**: 6.0.10.1<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+```yaml
+sysdig:
+  redis6SentinelVersion: 6.0.10.1
+```
 
+## **sysdig.redis6ExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
+**Options**:<br>
+**Default**: 1.15.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      requests:
-        memory: 200Mi
+  redis6ExporterVersion: 1.15.1.1
 ```
 
-## **sysdig.resources.api.limits.cpu**
+
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api pods<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
+| small        | 2      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api pods<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api pods<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
+| medium       | 2        |
 | large        | 4        |
 
 **Example**:
@@ -2692,81 +2937,80 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api pods<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 8Gi      |
+| medium       | 8Gi      |
+| large        | 8Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       requests:
-        memory: 200Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
+| small        | 8Gi    |
 | medium       | 8Gi    |
-| large        | 16Gi   |
-
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2781,21 +3025,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
+| small        | 4Gi      |
+| medium       | 4Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -2803,170 +3047,156 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2974,27 +3204,27 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
+| small        | 2      |
 | medium       | 4      |
 | large        | 4      |
 
@@ -3003,14 +3233,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3018,7 +3248,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -3026,14 +3256,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3041,73 +3271,73 @@ sysdig:
 | ------------ | -------- |
 | small        | 500m     |
 | medium       | 1        |
-| large        | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
+| small        | 500Mi    |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -3115,88 +3345,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3204,89 +3434,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3294,58 +3523,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3353,21 +3582,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3375,7 +3604,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3383,36 +3612,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3420,248 +3649,197 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
-**Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
-**Options**:<br>
-**Default**: 0 3 * * *<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
-```
-
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: 23h<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
-**Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
-**Options**:<br>
-**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    ingressControllerHaProxy:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.ingressControllerHaProxy.limits.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: 1s<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
-**Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
-**Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    ingressControllerHaProxy:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: mysql<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 100m     |
+| large        | 100m     |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
-**Required**: `false`<br>
-**Description**: Default value for the date policy<br>
-**Options**:<br>
-**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
+  resources:
+    ingressControllerHaProxy:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+## **sysdig.resources.ingressControllerHaProxy.requests.memory**
 **Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
+**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: 5<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
-**Options**:<br>
-**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
+  resources:
+    ingressControllerHaProxy:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
-| large        | 1      |
+| small        | 125m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
+## **sysdig.resources.ingressControllerRsyslog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| small        | 50Mi   |
+| medium       | 100Mi  |
+| large        | 100Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 50m     |
+| medium       | 50m     |
+| large        | 50m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.ingressControllerRsyslog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 20Mi     |
+| medium       | 20Mi     |
+| large        | 20Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       requests:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: The amount of cpu assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3669,21 +3847,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: The amount of memory assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3691,7 +3869,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3699,14 +3877,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: The amount of cpu required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3714,21 +3892,21 @@ sysdig:
 | ------------ | -------- |
 | small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: The amount of memory required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3736,51 +3914,51 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.resources.apiNginx.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: The amount of cpu assigned to nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.resources.apiNginx.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: The amount of memory assigned to nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -3788,178 +3966,177 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.resources.apiNginx.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 300m     |
+| small        | 500m     |
 | medium       | 500m     |
-| large        | 1        |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       requests:
-        cpu: 300m
+        cpu: 500m
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.resources.apiNginx.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: The amount of memory required to schedule nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       requests:
-        memory: 1Gi
+        memory: 100Mi
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.resources.apiEmailRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    apiEmailRenderer:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
+## **sysdig.resources.apiEmailRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    apiEmailRenderer:
       limits:
-        memory: 4Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.resources.apiEmailRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    apiEmailRenderer:
       requests:
         cpu: 500m
 ```
 
-## **sysdig.resources.netsec-ingest.requests.memory**
+## **sysdig.resources.apiEmailRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
-      limits:
-        memory: 2Gi
+    apiEmailRenderer:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3967,88 +4144,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       requests:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -4056,146 +4233,147 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       limits:
-        memory: 2Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-api.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4210,111 +4388,112 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-core:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.memory**
+## **sysdig.resources.anchore-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-api:
       limits:
-        memory: 500Mi
+        cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.cpu**
+## **sysdig.resources.anchore-catalog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
-      requests:
-        cpu: 250m
+    anchore-catalog:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.memory**
+## **sysdig.resources.anchore-policy-engine.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
-      requests:
-        memory: 50Mi
+    anchore-policy-engine:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    anchore-core:
       limits:
-        cpu: 250m
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.memory**
+
+## **sysdig.resources.anchore-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -4322,265 +4501,268 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    anchore-api:
       limits:
-        memory: 200Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
+
+## **sysdig.resources.anchore-catalog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
-      requests:
-        cpu: 250m
+    anchore-catalog:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.memory**
+
+## **sysdig.resources.anchore-policy-engine.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
-      requests:
-        memory: 50Mi
+    anchore-policy-engine:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-api.limits.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
-      limits:
+    anchore-core:
+      requests:
         cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.limits.memory**
+## **sysdig.resources.anchore-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
-      limits:
-        memory: 500Mi
+    anchore-api:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    anchore-policy-engine:
       requests:
-        memory: 50Mi
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.limits.cpu**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
-      limits:
-        cpu: 1
+    anchore-core:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.limits.memory**
+## **sysdig.resources.anchore-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
-      limits:
-        memory: 500Mi
+    anchore-api:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    anchore-policy-engine:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-overview-api.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.secure-overview-api.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4588,88 +4770,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.secure-overview-api.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.secure-overview-api.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       requests:
-        memory: 512Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-prometheus.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.secure-prometheus.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4677,417 +4859,382 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.secure-prometheus.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.secure-prometheus.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-api.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-api.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-gatherer.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.events-gatherer.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-gatherer.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-gatherer.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       requests:
-        memory: 250Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-dispatcher.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**: 0 3 * * *<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        cpu: 1
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
 ```
 
-## **sysdig.resources.events-dispatcher.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Description**: Max execution duration for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
-
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        memory: 250Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.events-dispatcher.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        cpu: 250m
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
 ```
 
-## **sysdig.resources.events-dispatcher.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Description**: Artifical delay after each image deletion<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        memory: 50Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        cpu: 1
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Description**: Scanning DB engine<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        cpu: 250m
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Description**: Default value for the tags policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 5<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        memory: 50Mi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
 ```
 
-## **sysdig.resources.events-forwarder.limits.cpu**
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
+| small        | 300m   |
+| medium       | 500m   |
 | large        | 1      |
 
 **Example**:
@@ -5095,1852 +5242,4867 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-forwarder.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-forwarder.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-forwarder.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       requests:
-        memory:  50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-janitor.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    scanningAdmissionControllerApi:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-janitor.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
+**Description**: The amount of memory assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    scanningAdmissionControllerApi:
       limits:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.events-janitor.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    scanningAdmissionControllerApi:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.events-janitor.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    admission-controller-api:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.restrictPasswordLogin**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
 **Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of cpu assigned to admission-controller-api PG
+migrate containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  restrictPasswordLogin: true
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.rsyslogVersion**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
+**Description**: The amount of memory assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
-**Default**: 8.34.0.7<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 256Mi  |
+| medium     | 256Mi  |
+| large      | 256Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  rsyslogVersion: 8.34.0.7
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        memory: 256Mi
 ```
 
-## **sysdig.smtpFromAddress**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
 **Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
+**Description**: The amount of cpu required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  100m  |
+| medium     |  100m  |
+| large      |  100m  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpFromAddress: from-address@my-company.com
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      requests:
+        cpu: 100m
 ```
 
-## **sysdig.smtpPassword**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
 **Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Description**: The amount of memory required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
+  resources:
+    admission-controller-api-pg-migrate:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.smtpProtocolSSL**
+## **sysdig.resources.reporting-init.limits.cpu**
 **Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The amount of cpu assigned to reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolSSL: true
+  resources:
+    reporting-init:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.smtpProtocolTLS**
+## **sysdig.resources.reporting-init.limits.memory**
 **Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The amount of memory assigned to reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolTLS: true
+  resources:
+    reporting-init:
+      limits:
+        memory: 256Mi
 ```
 
-## **sysdig.smtpServer**
+## **sysdig.resources.reporting-init.requests.cpu**
 **Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
+**Description**: The amount of cpu required to schedule reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServer: smtp.gmail.com
+  resources:
+    reporting-init:
+      requests:
+        cpu: 100m
 ```
 
-## **sysdig.smtpServerPort**
+## **sysdig.resources.reporting-init.requests.memory**
 **Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
+**Description**: The amount of memory required to schedule reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServerPort: 587<br>
+  resources:
+    reporting-init:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.smtpUser**
+## **sysdig.resources.reporting-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
+**Description**: The amount of cpu assigned to reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  smtpUser: bob+alice@gmail.com<br>
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1500m    |
+| medium       | 1500m    |
+| large        | 1500m    |
 
-## **sysdig.tolerations**
-**Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
+  resources:
+    reporting-api:
+      limits:
+        cpu: 1500m
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.resources.reporting-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of memory assigned to reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1536Mi   |
+| medium       | 1536Mi   |
+| large        | 1536Mi   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 5
+  resources:
+    reporting-api:
+      limits:
+        memory: 1536Mi
 ```
 
-## **sysdig.anchoreWorkerReplicaCount**
+## **sysdig.resources.reporting-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Description**: The amount of cpu required to schedule reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreWorkerReplicaCount: 5
+  resources:
+    reporting-api:
+      requests:
+        cpu: 200m
 ```
 
-## **sysdig.apiReplicaCount**
+## **sysdig.resources.reporting-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of memory required to schedule reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  apiReplicaCount: 5
+  resources:
+    reporting-api:
+      requests:
+        memory: 256Mi
 ```
 
-## **sysdig.cassandraReplicaCount**
+## **sysdig.resources.reporting-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of cpu assigned to reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2        |
+| medium       | 2        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraReplicaCount: 20
+  resources:
+    reporting-worker:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.collectorReplicaCount**
+## **sysdig.resources.reporting-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of memory assigned to reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 16Gi     |
+| medium       | 16Gi     |
+| large        | 16Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  collectorReplicaCount: 7
+  resources:
+    reporting-worker:
+      limits:
+        memory: 16Gi
 ```
 
-## **sysdig.activityAuditWorkerReplicaCount**
+## **sysdig.resources.reporting-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
+**Description**: The amount of cpu required to schedule reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditWorkerReplicaCount: 20
+  resources:
+    reporting-worker:
+      requests:
+        cpu: 200m
 ```
 
-## **sysdig.activityAuditApiReplicaCount**
+## **sysdig.resources.reporting-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
+**Description**: The amount of memory required to schedule reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 10Gi     |
+| medium       | 10Gi     |
+| large        | 10Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditApiReplicaCount: 20
+  resources:
+    reporting-worker:
+      requests:
+        memory: 10Gi
 ```
 
-## **sysdig.policyAdvisorReplicaCount**
+## **sysdig.secure.scanning.reporting.debug**
 **Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
+**Description**: Enable logging at debug level<br>
 **Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Default**: false<br>
 **Example**:
 
 ```yaml
 sysdig:
-  policyAdvisorReplicaCount: 20
+  secure:
+    scanning:
+      reporting:
+        debug: false
 ```
 
-## **sysdig.netsecApiReplicaCount**
+## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
+**Description**: Reporting GRPC endpoint<br>
 **Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  netsecApiReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
 ```
 
-## **sysdig.netsecIngestReplicaCount**
+## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  netsecIngestReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.secure.scanning.reporting.storageDriver**
 **Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: Storage kind for generated reports<br>
+**Options**: postgres, fs, s3<br>
+**Default**: postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 2
+  secure:
+    scanning:
+      reporting:
+        storageDriver: postgres
 ```
 
-## **sysdig.scanningApiReplicaCount**
+## **sysdig.secure.scanning.reporting.storageCompression**
 **Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: Compression format for generated reports<br>
+**Options**: zip, gzip, none<br>
+**Default**: zip<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningApiReplicaCount: 3
+  secure:
+    scanning:
+      reporting:
+        storageCompression: zip
 ```
 
-## **sysdig.elasticsearchReplicaCount**
+## **sysdig.secure.scanning.reporting.storageFsDir**
 **Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
+**Description**: The directory where reports will saved (required when using `fs` driver)<br>
+**Options**: <br>
+**Default**: .<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchReplicaCount: 20
+  secure:
+    scanning:
+      reporting:
+        storageFsDir: /reports
 ```
 
-## **sysdig.workerReplicaCount**
+## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
 **Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
+**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
+**Options**: <br>
+**Default**: 1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  workerReplicaCount: 7
+  secure:
+    scanning:
+      reporting:
+        storagePostgresRetentionDays: 1
 ```
 
-## **sysdig.alerterReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Bucket**
 **Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
+**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  alerterReplicaCount: 7
+  secure:
+    scanning:
+      reporting:
+        storageS3Bucket: secure-scanning-reporting
 ```
 
-## **sysdig.eventsGathererReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Prefix**
 **Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
+**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsGathererReplicaCount: 2
+  secure:
+    scanning:
+      reporting:
+        storageS3Prefix: reports
 ```
 
-## **sysdig.eventsAPIReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Endpoint**
 **Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsAPIReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        storageS3Endpoint: s3.example.com
 ```
 
-## **sysdig.eventsDispatcherReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Region**
 **Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsDispatcherReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        storageS3Region: us-east-1
 ```
 
-## **sysdig.eventsForwarderReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
 **Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
-
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderReplicaCount: 2
+  secure:
+    scanning:
+      reporting:
+        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
 ```
 
-## **sysdig.eventsForwarderAPIReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
 **Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderAPIReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
-**Options**:<br>
-**Default**:<br>
+## **sysdig.secure.scanning.reporting.workerSleepTime**
+**Required**: `false`<br>
+**Description**: The sleep interval between two runs of the reporting worker<br>
+**Options**: <br>
+**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
+  secure:
+    scanning:
+      reporting:
+        workerSleepTime: 120s
 ```
 
-## **sysdig.admin.password**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
+  resources:
+    policy-advisor:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.api.jvmOptions**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+  resources:
+    policy-advisor:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.certificate.generate**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    generate: true
+  resources:
+    policy-advisor:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.certificate.crt**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    crt: certs/server.crt
+  resources:
+    policy-advisor:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.certificate.key**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    key: certs/server.key
+  resources:
+    netsec-api:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.collector.dnsName**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
+  resources:
+    netsec-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.collector.jvmOptions**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+  resources:
+    netsec-api:
+      requests:
+        cpu: 300m
 ```
 
-## **sysdig.collector.certificate.generate**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
+**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
 sysdig:
-  collector:
-    certificate:
-      generate: true
+  resources:
+    netsec-api:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.collector.certificate.crt**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
+  resources:
+    netsec-ingest:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.collector.certificate.key**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 4Gi
 ```
 
-## **sysdig.worker.jvmOptions**
+## **sysdig.resources.netsec-ingest.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.netsec-ingest.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.netsec-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.netsec-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.netsec-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      requests:
+        cpu: 1
+```
+
+## **sysdig.resources.netsec-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.resources.nats-streaming.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.nats-streaming.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.nats-streaming.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.nats-streaming.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.resources.activity-audit-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.activity-audit-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.activity-audit-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.profiling-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.profiling-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.secure-overview-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-overview-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.secure-overview-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-overview-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
+```
+
+## **sysdig.resources.secure-prometheus.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-prometheus.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.secure-prometheus.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-prometheus.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.events-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-gatherer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.events-gatherer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.events-gatherer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-gatherer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-dispatcher.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-dispatcher.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        memory:  50Mi
+```
+
+## **sysdig.resources.events-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.events-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+**Required**: `false`<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+**Required**: `false`<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+**Required**: `false`<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+**Required**: `false`<br>
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br>
+```
+
+## **sysdig.smtpUser**
+**Required**: `false`<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br>
+```
+
+## **sysdig.tolerations**
+**Required**: `false`<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 5
+```
+
+## **sysdig.anchoreAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore API replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreAPIReplicaCount: 4
+```
+
+## **sysdig.anchoreCatalogReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCatalogReplicaCount: 4
+```
+
+## **sysdig.anchorePolicyEngineReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchorePolicyEngineReplicaCount: 4
+```
+
+## **sysdig.anchoreWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreWorkerReplicaCount: 5
+```
+
+## **sysdig.apiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  apiReplicaCount: 5
+```
+
+## **sysdig.cassandraReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandraReplicaCount: 20
+```
+
+## **sysdig.collectorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  collectorReplicaCount: 7
+```
+
+## **sysdig.activityAuditWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditWorkerReplicaCount: 20
+```
+
+## **sysdig.activityAuditApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditApiReplicaCount: 20
+```
+
+## **sysdig.policyAdvisorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  policyAdvisorReplicaCount: 20
+```
+
+## **sysdig.scanningAdmissionControllerAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of scanning Admission Controller API replicas, this is
+a noop for clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningAdmissionControllerAPIReplicaCount: 1
+```
+
+## **sysdig.netsecApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecApiReplicaCount: 1
+```
+
+## **sysdig.netsecIngestReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecIngestReplicaCount: 1
+```
+## **sysdig.netsecCommunicationShards**
+**Required**: `false`<br>
+**Description**: Number of Netsec communications index shards.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 9     |
+| large        | 15    |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecCommunicationShards: 5
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 2
+```
+
+## **sysdig.scanningApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Scanning API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningApiReplicaCount: 3
+```
+
+## **sysdig.elasticsearchReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchReplicaCount: 20
+```
+
+## **sysdig.workerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  workerReplicaCount: 7
+```
+
+## **sysdig.alerterReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
+## **sysdig.eventsGathererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsGathererReplicaCount: 2
+```
+
+## **sysdig.eventsAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsAPIReplicaCount: 1
+```
+
+## **sysdig.eventsDispatcherReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsDispatcherReplicaCount: 1
+```
+
+## **sysdig.eventsForwarderReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderReplicaCount: 2
+```
+
+## **sysdig.eventsForwarderAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderAPIReplicaCount: 1
+```
+
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
+```
+
+## **sysdig.admin.password**
+**Required**: `false`<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    password: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.api.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+```
+
+## **sysdig.certificate.generate**
+**Required**: `false`<br>
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    generate: true
+```
+
+## **sysdig.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    crt: certs/server.crt
+```
+
+## **sysdig.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    key: certs/server.key
+```
+
+## **sysdig.collector.dnsName**
+**Required**: `false`<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
+```
+
+## **sysdig.collector.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.collector.certificate.generate**
+**Required**: `false`<br>
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      generate: true
+```
+
+## **sysdig.collector.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
+```
+
+## **sysdig.collector.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
+```
+## **sysdig.worker.enabled**
+**Required**: `false`<br>
+**Description**: Enables Sysdig Worker component<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    enabled: true
+```
+
+## **sysdig.worker.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  apiKey: replace_with_your_monitor_access_key
+```
+
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    settings:
+      limit: 1500
+```
+
+## **agent.collectorEndpoint**
+**Required**: `false`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
+```
+
+## **agent.collectorPort**
+**Required**: `false`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
+**Example**:
+
+```yaml
+agent:
+  collectorPort: 6443
+```
+
+## **agent.namespace**
+**Required**: `false`<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Options**: <br>
+**Default**: `agent`<br>
+**Example**:
+
+```yaml
+agent:
+  namespace: sysdig-agent
+```
+
+## **agent.useSlim**
+**Required**: `false`<br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  useSlim: true
+```
+
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
+**Example**:
+
+```yaml
+agent:
+  version: 1.10.1
+```
+
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  useSSL: false
+```
+
+## **agent.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  verifySSL: false
+```
+
+## **agent.clusterName**
+**Required**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
+**Example**:
+
+```yaml
+agent:
+  clusterName: false
+```
+
+## **agent.tags**
+**Required**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  tags: environment:production linux:ubuntu
+```
+
+## **agent.capturesEnabled**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  capturesEnabled: false
+```
+
+## **agent.feature_mode**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
+**Example**:
+
+```yaml
+agent:
+  feature_mode: troubleshooting
+```
+
+## **agent.timezone**
+**Required**: `false`<br>
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  timezone: America/New_York.
+```
+
+## **agent.proxy.httpProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
+```
+
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
+```
+
+## **agent.proxy.noProxy**
+**Required**: `false`<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
+```
+
+## **agent.snaplenPortRange.start**
+**Required**: `false`<br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.snaplenPortRange.end**
+**Required**: `false`<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.customKernelModules.enabled**
+**Required**: `false`<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  customKernelModules:
+    enabled: true
+```
+
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    enabled: true
+```
+
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    commandLineCapturesEnabled: true
+```
+
+## **agent.secure.memoryDumpEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    memoryDumpEnabled: true
+```
+
+## **agent.secure.settings.k8sAuditServerURL**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
+```
+
+## **agent.secure.settings.k8sAuditServerPort**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
+```
+
+## **agent.prometheus.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    enabled: true
+```
+
+## **agent.prometheus.settings.interval**
+**Required**: `false`<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      interval: 30
+```
+
+## **agent.prometheus.settings.logErrors**
+**Required**: `false`<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      logErrors: true
+```
+
+## **agent.prometheus.settings.maxMetrics**
+**Required**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
+```
+
+## **agent.prometheus.settings.maxMetricsPerProcess**
+**Required**: `false`<br>
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
+```
+
+## **agent.prometheus.settings.maxTagsPerMetric**
+**Required**: `false`<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
+```
+
+## **agent.prometheus.settings.histograms**
+**Required**: `false`<br>
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
+
+## **agent.statsd.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    enabled: true
+```
+
+## **agent.statsd.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    settings:
+      limit: 1000
+```
+
+## **agent.jmx.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    enabled: true
+```
+
+## **agent.jmx.settings.limit**
+**Required**: `false`<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    settings:
+      limit: 1000
+```
+
+## **agent.ebpf.enabled**
+**Required**: `false`<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    enabled: true
+```
+
+## **agent.ebpf.settings.mountEtcVolume**
+**Required**: `false`<br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
+```
+
+## **agent.appChecks.elasticsearch.authEnabled**
+**Required**: `false`<br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
+```
+
+## **agent.appChecks.elasticsearch.url**
+**Required**: `false`<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
+```
+
+## **agent.appChecks.elasticsearch.port**
+**Required**: `false`<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
+```
+
+## **agent.appChecks.elasticsearch.username**
+**Required**: `false`<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
+```
+
+## **agent.appChecks.elasticsearch.password**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **sysdig.alerter.jvmOptions**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **agent.apiKey**
-**Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  apiKey: replace_with_your_monitor_access_key
+  appChecks:
+    kafka:
+      enabled: true
 ```
 
-## **agent.appChecks.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
   appChecks:
-    settings:
-      limit: 1500
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **agent.collectorEndpoint**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **agent.collectorPort**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: `1024-65535`<br>
-**Default**: `6443`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  collectorPort: 6443
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **agent.namespace**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
-**Default**: `agent`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  namespace: sysdig-agent
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **agent.useSlim**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  useSlim: true
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **agent.version**
-**Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
-**Options**: <br>
-**Default**: `latest`<br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  version: 1.10.1
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **agent.useSSL**
-**Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  useSSL: false
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **agent.verifySSL**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Description**: Whether to enable mysql app check.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  verifySSL: false
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **agent.clusterName**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  clusterName: false
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **agent.tags**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  tags: environment:production linux:ubuntu
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **agent.capturesEnabled**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: TBD.<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  capturesEnabled: false
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **agent.feature_mode**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
+
 **Example**:
 
 ```yaml
 agent:
-  feature_mode: troubleshooting
+  resources:
+    limits:
+      cpu: 2
 ```
 
-## **agent.timezone**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:  The amount of memory assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
+
 **Example**:
 
 ```yaml
 agent:
-  timezone: America/New_York.
+  resources:
+    limits:
+      memory: 2
 ```
 
-## **agent.proxy.httpProxy**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
+
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
+  resources:
+    requests:
+      cpu: 2
 ```
 
-## **agent.proxy.httpsProxy**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
+
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
+  resources:
+    requests:
+      memory: 2
 ```
 
-## **agent.proxy.noProxy**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
-## **agent.snaplenPortRange.start**
-**Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **agent.snaplenPortRange.end**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
+
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **agent.customKernelModules.enabled**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Options**:<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
-agent:
-  customKernelModules:
-    enabled: true
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **agent.secure.enabled**
+## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
 **Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Max duration after the last ping from an AC before it is considered
+disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
+**Options**:<br>
+**Default**: 10m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    enabled: true
+    scanning:
+      admissionControllerAPI:
+        maxDurationBeforeDisconnection: 20m
 ```
 
-## **agent.secure.commandLineCapturesEnabled**
+## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: TTL of the cache for the cluster configuration. It should be
+used by the AC as polling interval to retrieve the updated cluster configuration
+from the API. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    commandLineCapturesEnabled: true
+    scanning:
+      admissionControllerAPI:
+        confTTLDuration: 10m
 ```
 
-## **agent.secure.memoryDumpEnabled**
+## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: TTL of an AC ping. It should be used by the AC as polling
+interval to perform a HEAD on the ping endpoint to notify it's still alive and
+connected. It cannot be greater than 30m and it cannot be greater than
+maxDurationBeforeDisconnection<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    memoryDumpEnabled: true
+    scanning:
+      admissionControllerAPI:
+        pingTTLDuration: 8m
 ```
 
-## **agent.secure.settings.k8sAuditServerURL**
+## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
+**Description**: Max duration of the cluster configuration cache. The API returns
+this value as max-age in seconds and the FE uses it for caching the cluster
+configuration. FE also asks for a new cluster configuration using this value
+as time interval. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
+    scanning:
+      admissionControllerAPI:
+        clusterConfCacheMaxDuration: 9m
 ```
 
-## **agent.secure.settings.k8sAuditServerPort**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Options**:<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-## **agent.prometheus.enabled**
+## **sysdig.scanningAlertMgrForceAutoScan**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Options**:<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    enabled: true
+sysdig:
+  scanningAlertMgrForceAutoScan: false
 ```
 
-## **agent.prometheus.settings.interval**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
+**Description**: Cronjob schedule<br>
+**Options**:<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-## **agent.prometheus.settings.logErrors**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **agent.prometheus.settings.maxMetrics**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```
 
-## **agent.prometheus.settings.maxMetricsPerProcess**
+
+## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Whether to enable metadata-service or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
+sysdig:
+  metadataService:
+    enabled: true
 ```
 
-## **agent.prometheus.settings.maxTagsPerMetric**
+## **sysdig.resources.metadataService.limits.cpu**
 **Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
+**Description**: The amount of cpu assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
 ```
 
-## **agent.prometheus.settings.histograms**
+## **sysdig.resources.metadataService.limits.memory**
 **Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of memory assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      histograms: 3000
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **agent.statsd.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+## **sysdig.resources.metadataService.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
-agent:
-  statsd:
-    enabled: true
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **agent.statsd.settings.limit**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **agent.jmx.enabled**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
-agent:
-  jmx:
-    enabled: true
+sysdig:
+  metadataServiceReplicaCount: 4
 ```
 
-## **agent.jmx.settings.limit**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
-agent:
-  jmx:
-    settings:
-      limit: 1000
+sysdig:
+  metadataServiceVersion: 1.0.1.12
 ```
 
-## **agent.ebpf.enabled**
+## **sysdig.helmRenderer.enabled**
 **Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
+**Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  ebpf:
+sysdig:
+  helmRenderer:
     enabled: true
 ```
 
-## **agent.ebpf.settings.mountEtcVolume**
+## **sysdig.resources.helmRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
+**Description**: The amount of cpu assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
-## **agent.appChecks.elasticsearch.authEnabled**
-**Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        cpu: 2
 ```
 
-## **agent.appChecks.elasticsearch.url**
+## **sysdig.resources.helmRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The amount of memory assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        memory: 10Mi
 ```
 
-## **agent.appChecks.elasticsearch.port**
+## **sysdig.resources.helmRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: The amount of cpu required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        cpu: 2
 ```
 
-## **agent.appChecks.elasticsearch.username**
+## **sysdig.resources.helmRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The amount of memory required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        memory: 200Mi
 ```
 
-## **agent.appChecks.elasticsearch.password**
+## **sysdig.helmRendererReplicaCount**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+sysdig:
+  helmRendererReplicaCount: 4
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **sysdig.helmRendererVersion**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
+**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 0.1.32<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  helmRendererVersion: 0.1.32
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.activityAudit.enabled**
+**Required**: `false`<br>
+**Description**: Enable activity audit for Sysdig secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
+sysdig:
+  secure:
+    activityAudit:
       enabled: true
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **sysdig.secure.activityAudit.janitor.retentionDays**
+**Required**: `false`<br>
+**Description**: Retention period for Activity Audit data.<br>
+**Options**:<br>
+**Default**: 90<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
+sysdig:
+  secure:
+    activityAudit:
+      janitor:
+        retentionDays: 90
 ```
 
-## **agent.appChecks.kafka.url**
+## **sysdig.secure.anchore.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable anchore for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+sysdig:
+  secure:
+    anchore:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.port**
+## **sysdig.secure.compliance.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Enable compliance for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      port: 9200
+sysdig:
+  secure:
+    compliance:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **sysdig.secure.netsec.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable netsec for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+sysdig:
+  secure:
+    netsec:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.zk.port**
+## **sysdig.secure.overview.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Enable overview for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+sysdig:
+  secure:
+    overview:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.padvisor.enabled**
+**Required**: `false`<br>
+**Description**: Enable policy advisor for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
+sysdig:
+  secure:
+    padvisor:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.profiling.enabled**
+**Required**: `false`<br>
+**Description**: Enable profiling for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+sysdig:
+  secure:
+    profiling:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **sysdig.secure.scanning.reporting.enabled**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable reporting for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      enabled: true
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        enabled: true
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **sysdig.secure.scanning.enabled**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable scanning for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+sysdig:
+  secure:
+    scanning:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.user**
+## **sysdig.secure.events.enabled**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable events for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+sysdig:
+  secure:
+    events:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.password**
+## **sysdig.secure.eventsForwarder.enabled**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable events forwarder for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+sysdig:
+  secure:
+    eventsForwarder:
+      enabled: true
 ```
 
-## **agent.resources.limits.cpu**
+## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
+**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      cpu: 2
+    rapid-response-connector:
+      limits:
+        cpu: 1
 ```
 
-## **agent.resources.limits.memory**
+## **sysdig.resources.rapid-response-connector.limits.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
+**Description**: The amount of memory assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      memory: 2
+    rapid-response-connector:
+      limits:
+        memory: 500Mi
 ```
 
-## **agent.resources.requests.cpu**
+## **sysdig.resources.rapid-response-connector.requests.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      cpu: 2
+    rapid-response-connector:
+      requests:
+        cpu: 250m
 ```
 
-## **agent.resources.requests.memory**
+## **sysdig.resources.rapid-response-connector.requests.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
+**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      memory: 2
+    rapid-response-connector:
+      requests:
+        memory: 50Mi
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **sysdig.rapidResponseConnectorReplicaCount**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Description**: Number of Sysdig rapid-response-connector replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+sysdig:
+  rapidResponseConnectorReplicaCount: 1
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **sysdig.secure.rapidResponse.enabled**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Description**: Whether to deploy rapid response or not.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Default**: false<br>
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+sysdig:
+  secure:
+    rapidResponse:
+      enabled: false
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **sysdig.secure.rapidResponse.validationCodeLength**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Description**: Length of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: ""<br>
+**Default**: 6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+  secure:
+    rapidResponse:
+      validationCodeLength: 8
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: "5"<br>
+**Default**: 180<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+  secure:
+    rapidResponse:
+      validationCodeSecondsDuration: 8
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
+**Description**: Global duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Default**: 7200<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+    rapidResponse:
+      sessionTotalSecondsTTL: 7200
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+
+## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Description**: Idle duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "disable"<br>
+**Default**: 300<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+    rapidResponse:
+      sessionIdleSecondsTTL: 300
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+
+## **sysdig.secure.scanning.feedsEnabled**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
-**Example**:
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
+**Example**:
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+    scanning:
+      feedsEnabled: true
+```
+
+## **sysdig.feedsAPIVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds API version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsAPIVersion: 0.5.0
+```
+
+## **sysdig.feedsDBVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds database version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsDBVersion: 0.5.0-2020-03-11
 ```

From 1c4e1f96c6594622fb6ab524d67e0722b0491364 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 20 Jan 2022 09:03:34 +0000
Subject: [PATCH 098/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 -
 installer/docs/configuration_parameters.md | 8102 ++++++--------------
 3 files changed, 2474 insertions(+), 5680 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..4e7d083d 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [installer releases
-  page](https://github.com/draios/installer/releases).
+  [sysdigcloud-kubernetes releases
+  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.5.1-1-uber
+  docker pull quay.io/sysdig/installer:3.6.4-2-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.6.4-2-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 6617e8ba..8c5de38a 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,47 +104,3 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
-
-## Airgapped installations
-
-### Method for automatically updating the feeds database in airgapped environments
-This is a procedure that can be used to automatically update the feeds database:
-
-1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
-2. move the file from the jumpbox server to the customer airgapped environment (optional)
-3. load the image file and push it to the customer's airgapped image registry
-4. restart the pod sysdigcloud-feeds-db
-5. restart the pod feeds-api
-
-Finally, steps 1 to 5 will be performed periodically once a day.
-
-This is an example script that contains all the steps:
-```bash
-#!/bin/bash
-QUAY_USERNAME="<change_me>"
-QUAY_PASSWORD="<change_me>"
-
-# Download image
-docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/vuln-feed-database:latest
-# Save image
-docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
-# Optionally move image
-mv vuln-feed-database.tar /var/shared-folder
-# Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
-# Push image remotely
-ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
-ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
-# Restart database pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
-# Restart feeds-api pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
-```
-
-The script can be scheduled using a cron job that run every day
-```bash
-0 8 * * * feeds-database-update.sh >/dev/null 2>&1
-```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 8d5fdddc..3b35c54e 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -72,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
-and [full airgap instructions](../README.md#full-airgap-install) for more
+multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
+and [full airgap instructions](../usage.md#full-airgap-installation) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`<br>
+**Required**: `false`
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -124,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift|goldman`<br>
+**Options**: `iks|kubernetes|openshift`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -321,33 +321,6 @@ elasticsearch:
   useES6: true
 ```
 
-## **elasticsearch.enableMetrics**
-**Required**: `false`<br>
-**Description**:
-Allow Elasticsearch to export prometheus metrics.
-
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-elasticsearch:
-  enableMetrics: true
-```
-
-## **sysdig.elasticsearchExporterVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
-`elasticsearch.enableMetrics` is `true`.<br>
-**Options**:<br>
-**Default**: v1.2.0<br>
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchExporterVersion: v1.2.0
-```
-
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -693,61 +666,40 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
-**Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
-**Options**:<br>
-**Default**: 10Gi<br>
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    nats: 10Gi
-```
-
-## **pvStorageSize.medium.nats**
+## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Description**: Docker image tag of Activity Audit services.<br>
 **Options**:<br>
-**Default**: 10Gi<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
-pvStorageSize:
-  medium:
-    nats: 10Gi
+sysdig:
+  activityAuditVersion: 3.6.4.11009
 ```
 
-## **pvStorageSize.small.nats**
+## **sysdig.profilingVersion**
 **Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Description**: Docker image tag of Profiling services.<br>
 **Options**:<br>
-**Default**: 10Gi<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
-pvStorageSize:
-  small:
-    nats: 10Gi
+sysdig:
+  profilingVersion: 3.6.4.11009
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.32<br>
+**Default**: 0.6.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.32
+  anchoreVersion: 0.8.1.8
 ```
 
 ## **sysdig.accessKey**
@@ -763,19 +715,6 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
-## **sysdig.awsRegion**
-**Required**: `false`<br>
-**Description**: The AWS (or AWS compatible) region to be used by Sysdig
-components to communicate with AWS (or an AWS compatible API).<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  awsRegion: my_aws_region
-```
-
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -830,67 +769,16 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
-## **sysdig.s3.capturesFolder**
-**Required**: `false`<br>
-**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    capturesFolder: my_captures_folder
-```
-
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**: <br>
-**Default**: 2.1.22.4<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraVersion: 2.1.22.4
-```
-
-## **sysdig.cassandraExporterVersion**
-**Required**: `false`<br>
-**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
-**Options**: <br>
-**Default**: latest<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraExporterVersion: latest
-```
-
-## **sysdig.cassandra.useCassandra3**
-**Required**: `false`<br>
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandra:
-    useCassandra3: false
-```
-
-## **sysdig.Cassandra3Version**
-**Required**: `false`<br>
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
-**Options**: <br>
-**Default**: `3.11.11.1`<br>
+**Options**:<br>
+**Default**: 2.1.21.13<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.11.1
+  cassandraVersion: 2.1.21.16
 ```
 
 ## **sysdig.cassandra.external**
@@ -925,7 +813,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`true`<br>
+**Default**:`false`<br>
 **Example**:
 
 ```yaml
@@ -937,9 +825,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
+**Description**: Enables cassandra server and clients communicate over ssl. <br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -949,19 +837,6 @@ sysdig:
    ssl: true
 ```
 
-## **sysdig.cassandra.enableMetrics**
-**Required**: `false`<br>
-**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
- cassandra:
-   enableMetrics: true
-```
-
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1042,7 +917,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**: `-Xms4g -Xmx4g`<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
@@ -1096,31 +971,22 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
-   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
-
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
-PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
 
-This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
-in the same level as `values.yaml`.<br>
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
-certs/custom-java-certs/certificate3.p12
-certs/custom-java-certs/certificate3.p12.passwd
-
-
 values.yaml
 ```
 
@@ -1156,14 +1022,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch.<br>
+**Description**: The docker image tag of Elasticsearch 6.<br>
 **Options**:<br>
-**Default**: 6.8.6.12<br>
+**Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.12
+  elasticsearchVersion: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1275,27 +1141,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.4.11001
+  monitorVersion: 3.6.4.11009
 ```
 
-## **sysdig.secureVersion**
+## **sysdig.scanningVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Secure, if this is not 
-configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Scanning components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.4.11001
+  scanningVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1305,12 +1171,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.4.11001
+  sysdigAPIVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1320,12 +1186,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.4.11001
+  sysdigCollectorVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1335,12 +1201,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.4.11001
+  sysdigWorkerVersion: 3.6.4.11009
 ```
 
 ## **sysdig.enableAlerter**
@@ -1358,101 +1224,6 @@ sysdig:
   enableAlerter: true
 ```
 
-## **sysdig.alertingSystem.enabled**
-**Required**: `false`<br>
-**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    enabled: true
-```
-
-## **sysdig.alertingSystem.alertManager.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertManager.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      apiToken: A_VALID_TOKEN
-```
-
-## **sysdig.alertingSystem.alertNotifier.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertNotifier.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      apiToken: A_VALID_TOKEN
-```
-
-## **sysdig.alertingSystem.alertNotifierReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertNotifier<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifierReplicaCount: 3
-```
-
-## **sysdig.alertingSystem.alertManagerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertManager<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManagerReplicaCount: 3
-```
-
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1527,7 +1298,8 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster
+instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1622,36 +1394,24 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.7.0.1<br>
+**Default**: 0.6.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.7.0.1
+  natsExporterVersion: 0.6.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.22.0.2<br>
-**Example**:
-
-```yaml
-sysdig:
-  natsStreamingVersion: 0.22.0.2
-```
-
-## **sysdig.natsStreamingInitVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of NATS streaming init.<br>
-**Options**:<br>
-**Default**: 0.22.0.2<br>
+**Default**: 0.16.2.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingInitVersion: 0.22.0.2
+  natsStreamingVersion: 0.16.2.1
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1668,36 +1428,6 @@ sysdig:
       enabled: true
 ```
 
-## **sysdig.nats.secure.username**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS username<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS password<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1781,7 +1511,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure` and when `postgres.HA.enabled` is false.<br>
+is `monitor secure`.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1791,730 +1521,597 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: 1.2.5-mysql-to-postgres<br>
+**Default**: [] <br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.postgresql.rootUser**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: Root user of the in-cluster postgresql instance.<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**: `postgres`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootUser: postgres
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
 ```
 
-## **sysdig.postgresql.rootDb**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: Root database of the in-cluster postgresql instance.<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**: `anchore`<br>
+**Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootDb: anchore
+  proxy:
+    enable: true
 ```
 
-## **sysdig.postgresql.rootPassword**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: Password for the root user of the in-cluster postgresql instance.<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**: Autogenerated 16 alphanumeric characters<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootPassword: my_root_password
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.postgresql.primary**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
+**Options**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-```
-
-## **sysdig.postgresql.external**
-**Required**: `false`<br>
-**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-    sysdig:
-      host: my-sysdig-db-external.com
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**: [] <br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.postgresql.pgParameters**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**: ``<br>
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:      
-    pgParameters:
-      max_connections: '1024'
-      shared_buffers: '110MB'
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-
-## **sysdig.postgresql.ha.enabled**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: true if you want to deploy postgreSQL in HA mode.
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      enabled: true
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.postgresql.ha.spiloVersion**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL node in HA mode.
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**: `2.0-p7`<br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      spiloVersion: 2.0-p7
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.postgresql.ha.operatorVersion**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `v1.6.3`<br>
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      operatorVersion: v1.6.3
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.postgresql.ha.exporterVersion**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `latest`<br>
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      exporterVersion: v0.3
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.postgresql.ha.clusterDomain**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `cluster.local`<br>
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      clusterDomain: cluster.local
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.postgresql.ha.replicas**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: number of replicas for postgreSQL nodes in HA mode.
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `3`<br>
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      replicas: 3
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-
-## **sysdig.postgresql.ha.enableExporter**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      enableExporter: true
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
 
-## **sysdig.postgresql.ha.migrate.retryCount**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
 **Options**: `true|false`<br>
-**Default**: `3600`<br>
+**Default**: `false`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retryCount: 3600
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
-**Options**:<br>
-**Default**: `10`<br>
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retrySleepSeconds: 10
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.postgresql.ha.migrate.retainBackup**
+
+## **sysdig.secure.anchore.customCerts**
 **Required**: `false`<br>
-**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retainBackup: true
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: Docker image tag of the migration job from postgres single node to HA mode.
+**Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**: `postgres-to-postgres-ha-0.0.4`<br>
-
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        migrationJobImageVersion: v0.1
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.postgresql.ha.customTls.enabled**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: If set to true will pass to the target pg crd the option to add
-custom certificates and CA
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
+**Options**:<br>
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.postgresql.ha.customTls.crtSecretName**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container certificate and key that will be used in postgres HA for ssl
-NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
-
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
+  redisHa: false
 ```
 
-## **sysdig.postgresql.ha.customTls.caSecretName**
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container the CA certificate that will be used in postgres HA for ssl
-NOTE: the CA certificate file must be called `ca.crt`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
-       caSecretName: sysdigcloud-postgres-tls-ca
-
+  resources:
+    cassandra:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.useNonAdminUsers**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+**Description**: The amount of memory assigned to cassandra pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-    profiling:
-      host: my-profiling-db-external.com
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
-## **sysdig.postgresDatabases.anchore**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-      port: 5432
-      db: anchore_db
-      username: anchore_user
-      password: my_anchore_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.postgresDatabases.profiling**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    profiling:
-      host: my-profiling-db-external.com
-      port: 5432
-      db: anchore_db
-      username: profiling_user
-      password: my_profiling_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.policies**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    policies:
-      host: my-policies-db-external.com
-      port: 5432
-      db: policies_db
-      username: policies_user
-      password: my_policies_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.postgresDatabases.scanning**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    scanning:
-      host: my-scanning-db-external.com
-      port: 5432
-      db: scanning_db
-      username: scanning_user
-      password: my_scanning_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
-## **sysdig.postgresDatabases.reporting**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    reporting:
-      host: my-reporting-db-external.com
-      port: 5432
-      db: reporting_db
-      username: reporting_user
-      password: my_reporting_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.padvisor**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-      port: 5432
-      db: padvisor_db
-      username: padvisor_user
-      password: my_padvisor_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
-## **sysdig.postgresDatabases.sysdig**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    sysdig:
-      host: my-sysdig-db-external.com
-      port: 5432
-      db: sysdig_db
-      username: sysdig_user
-      password: my_sysdig_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.postgresDatabases.serviceOwnerManagement**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    serviceOwnerManagement:
-      host: my-som-db-external.com
-      port: 5432
-      db: som_db
-      username: som_user
-      password: my_som_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
-## **sysdig.postgresDatabases.beacon**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    beacon:
-      host: my-beacon-db-external.com
-      port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.promBeacon**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
-**Example**:
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    promBeacon:
-      host: my-prom-beacon-db-external.com
-      port: 5432
-      db: prom_beacon_db
-      username: prom_beacon_user
-      password: my_prom_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
 
-## **sysdig.postgresDatabases.quartz**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    quartz:
-      host: my-quartz-db-external.com
-      port: 5432
-      db: quartz_db
-      username: quartz_user
-      password: my_quartz_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.postgresDatabases.compliance**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
-**Example**:
+**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    compliance:
-      host: my-compliance-db-external.com
-      port: 5432
-      db: compliance_db
-      username: compliance_user
-      password: my_compliance_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
-## **sysdig.postgresDatabases.admissionController**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    admissionController:
-      host: my-admission-controller-db-external.com
-      port: 5432
-      db: admission_controller_db
-      username: admission_controller_user
-      password: my_admission_controller_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    mysql-router:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.rapidResponse**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-rapid-response-db-external.com
-      port: 5432
-      db: rapid_response_db
-      username: rapid_response_user
-      password: my_rapid_response_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    mysql-router:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
+  resources:
+    mysql-router:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `false`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  resources:
+    mysql-router:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
 **Default**:<br>
 
@@ -2522,414 +2119,483 @@ is configured.<br>
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  resources:
+    mysql:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  resources:
+    mysql:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  resources:
+    mysql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  resources:
+    mysql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  resources:
+    postgresql:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 8Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  resources:
+    postgresql:
+      limits:
+        memory: 8Gi
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
-**Default**: `awesomeclientid`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  resources:
+    postgresql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
-**Default**: `awesomeclientsecret`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  resources:
+    postgresql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
-**Default**: `incoming-webhook`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  resources:
+    redis:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  resources:
+    redis:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  resources:
+    redis:
+      requests:
+        cpu: 2
 ```
-## **sysdig.saml.certificate.name**
+
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The filename of the certificate that will be used for signing SAML requests. 
-The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
-the certificate name used when creating the certificate.<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
+  resources:
+    redis:
+      requests:
+        memory: 2Gi
 ```
-## **sysdig.saml.certificate.password**
+
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The password required to read the certificate that will be used for signing SAML requests. 
-If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
-      password: changeit
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
 
-**Example**:
-```yaml
-sysdig:
-  inactivitySettings:
-    trackerEnabled: true
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
-## **sysdig.inactivitySettings.trackerTimeout**
-**Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
 
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
-**Example**:
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
+**Example**:
 
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.anchore.enableMetrics**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**:
-Allow Anchore to export prometheus metrics.
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
-**Options**: `true|false`<br>
-**Default**: false<br>
 **Example**:
+
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      enableMetrics: true
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 4.0.12.7<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
-**Example**:
-
-```yaml
-sysdig:
-  redisHaVersion: 4.0.12-1.0.1
-```
+**Default**:
 
-## **sysdig.redisHa**
-**Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
-```yaml
-sysdig:
-  redisHa: false
-```
 
-## **sysdig.useRedis6**
-**Required**: `false`<br>
-**Description**: Determines if redis should be installed with version 6.x<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  useRedis6: false
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.redis6Version**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis 6, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 6.0.10.1<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  redis6Version: 6.0.10.1
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
-## **sysdig.redis6SentinelVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Redis Sentinel, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
-**Options**:<br>
-**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redis6SentinelVersion: 6.0.10.1
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.redis6ExporterVersion**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 1.15.1.1<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redis6ExporterVersion: 1.15.1.1
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
 ```
 
-
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
+| medium       | 1        |
 | large        | 4        |
 
 **Example**:
@@ -2937,87 +2603,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8Gi      |
-| medium       | 8Gi      |
-| large        | 8Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       requests:
-        memory: 8Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Description**: The amount of cpu assigned to api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Description**: The amount of memory assigned to api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Description**: The amount of cpu required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
+| medium       | 1        |
 | large        | 4        |
 
 **Example**:
@@ -3025,21 +2692,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Description**: The amount of memory required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -3047,200 +2714,214 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3248,7 +2929,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3256,88 +2937,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500Mi    |
+| small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3345,88 +3026,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3434,88 +3115,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3523,58 +3204,59 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3582,21 +3264,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3604,7 +3286,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 16Gi   |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3612,36 +3294,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
+| small        | 500m     |
 | medium       | 1        |
-| large        | 4        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3649,227 +3331,278 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       limits:
-        memory: 2Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
+**Default**: 0 3 * * *<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 125m   |
-| medium       | 250m   |
-| large        | 250m   |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
+```
 
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+**Required**: `false`<br>
+**Description**: Max execution duration for the retention policy<br>
+**Options**:<br>
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 168h<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 50Mi   |
-| medium       | 100Mi  |
-| large        | 100Mi  |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
+```
 
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+**Required**: `false`<br>
+**Description**: Artifical delay after each image deletion<br>
+**Options**:<br>
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      limits:
-        memory: 1Gi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
+**Default**: sysdigcloud-scanning-api:6000<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m     |
-| medium       | 50m     |
-| large        | 50m     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+```
 
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+**Required**: `false`<br>
+**Description**: Scanning DB engine<br>
+**Options**:<br>
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 90<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 20Mi     |
-| medium       | 20Mi     |
-| large        | 20Mi     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the tags policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      requests:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
+```
+
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api containers in api pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 300m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api containers in api pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3877,88 +3610,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api containers in api pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api containers in api pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.apiNginx.limits.cpu**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nginx containers in api pods<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.apiNginx.limits.memory**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nginx containers in api pods<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3966,88 +3699,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.apiNginx.requests.cpu**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.apiNginx.requests.memory**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nginx containers in api pods<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       requests:
-        memory: 100Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.cpu**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.memory**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4055,88 +3788,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.apiEmailRenderer.requests.cpu**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 300m     |
 | medium       | 500m     |
-| large        | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       requests:
-        cpu: 500m
+        cpu: 300m
 ```
 
-## **sysdig.resources.apiEmailRenderer.requests.memory**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       requests:
-        memory: 100Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| medium       | 6Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -4144,88 +3877,89 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       limits:
-        memory: 10Mi
+        memory: 4Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
-      requests:
-        memory: 200Mi
+    netsec-ingest:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4233,88 +3967,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       requests:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.nats-streaming.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4322,36 +4056,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       limits:
-        memory: 10Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4359,87 +4093,109 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    activity-audit-api:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.limits.cpu**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-api pods<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
+    activity-audit-api:
       limits:
-        cpu: 1
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-catalog.limits.cpu**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        cpu: 1
+    activity-audit-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-policy-engine.limits.cpu**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4454,22 +4210,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-worker:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.activity-audit-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4477,292 +4233,265 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    activity-audit-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-
-## **sysdig.resources.anchore-api.limits.memory**
+## **sysdig.resources.activity-audit-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-api pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      limits:
-        memory: 10Mi
+    activity-audit-worker:
+      requests:
+        cpu: 250m
 ```
 
-
-## **sysdig.resources.anchore-catalog.limits.memory**
+## **sysdig.resources.activity-audit-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-catalog pods<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        memory: 10Mi
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
 ```
 
-
-## **sysdig.resources.anchore-policy-engine.limits.memory**
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-janitor:
       limits:
-        memory: 10Mi
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    anchore-core:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.anchore-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-api pods<br>
-**Options**:<br>
-**Default**:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        cpu: 2
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    activity-audit-janitor:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-janitor:
       requests:
-        cpu: 2
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.profiling-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
-      requests:
-        memory: 200Mi
+    profiling-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.requests.memory**
+## **sysdig.resources.profiling-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-api pods<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        memory: 200Mi
+    profiling-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.memory**
+## **sysdig.resources.profiling-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    profiling-api:
       requests:
-        memory: 200Mi
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.memory**
+## **sysdig.resources.profiling-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    profiling-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.profiling-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.profiling-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4770,88 +4499,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.profiling-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.profiling-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.secure-overview-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.secure-overview-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -4859,89 +4588,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.secure-overview-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.secure-overview-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       requests:
-        memory: 200Mi
+        memory: 512Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.secure-prometheus.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.secure-prometheus.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -4949,620 +4677,565 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.secure-prometheus.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.secure-prometheus.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.events-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.events-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.events-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.events-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
+## **sysdig.resources.events-gatherer.limits.cpu**
 **Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
 **Options**:<br>
-**Default**: 0 3 * * *<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.events-gatherer.limits.memory**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
 **Options**:<br>
-**Default**: 23h<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+## **sysdig.resources.events-gatherer.requests.cpu**
 **Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
 **Options**:<br>
-**Default**: 168h<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.events-gatherer.requests.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
 **Options**:<br>
-**Default**: 1s<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+## **sysdig.resources.events-dispatcher.limits.cpu**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.events-dispatcher.limits.memory**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
 **Options**:<br>
-**Default**: mysql<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
-```
-
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
-**Required**: `false`<br>
-**Description**: Default value for the date policy<br>
-**Options**:<br>
-**Default**: 90<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
-```
-
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
-**Options**:<br>
-**Default**: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
-```
-
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
-**Options**:<br>
-**Default**: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
-```
-
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanning-ve-janitor:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
-
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-dispatcher:
       limits:
-        memory: 10Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.events-dispatcher.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-dispatcher:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.events-dispatcher.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-dispatcher:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
+## **sysdig.resources.events-forwarder-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api containers<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder-api:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
+## **sysdig.resources.events-forwarder-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api containers<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder-api:
       limits:
         memory: 500Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
+## **sysdig.resources.events-forwarder-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
+## **sysdig.resources.events-forwarder-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api containers<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api:
+    events-forwarder-api:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
+## **sysdig.resources.events-forwarder.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-forwarder:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
+## **sysdig.resources.events-forwarder.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 256Mi  |
-| medium     | 256Mi  |
-| large      | 256Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-forwarder:
       limits:
-        memory: 256Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
+## **sysdig.resources.events-forwarder.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  100m  |
-| medium     |  100m  |
-| large      |  100m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-forwarder:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
+## **sysdig.resources.events-forwarder.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api-pg-migrate:
+    events-forwarder:
       requests:
-        memory: 50Mi
+        memory:  50Mi
 ```
 
-## **sysdig.resources.reporting-init.limits.cpu**
+## **sysdig.resources.events-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-init pods<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.reporting-init.limits.memory**
+## **sysdig.resources.events-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-init pods<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       limits:
-        memory: 256Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.reporting-init.requests.cpu**
+## **sysdig.resources.events-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-init pods<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.reporting-init.requests.memory**
+## **sysdig.resources.events-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-init pods<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
@@ -5577,4532 +5250,1697 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    reporting-init:
+    events-janitor:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.reporting-api.limits.cpu**
+## **sysdig.restrictPasswordLogin**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1500m    |
-| medium       | 1500m    |
-| large        | 1500m    |
-
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      limits:
-        cpu: 1500m
+  restrictPasswordLogin: true
 ```
 
-## **sysdig.resources.reporting-api.limits.memory**
+## **sysdig.rsyslogVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-api pods<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1536Mi   |
-| medium       | 1536Mi   |
-| large        | 1536Mi   |
-
+**Default**: 8.34.0.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      limits:
-        memory: 1536Mi
+  rsyslogVersion: 8.34.0.7
 ```
 
-## **sysdig.resources.reporting-api.requests.cpu**
+## **sysdig.smtpFromAddress**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-api pods<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      requests:
-        cpu: 200m
+  smtpFromAddress: from-address@my-company.com
 ```
 
-## **sysdig.resources.reporting-api.requests.memory**
+## **sysdig.smtpPassword**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-api pods<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      requests:
-        memory: 256Mi
+  smtpPassword: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.reporting-worker.limits.cpu**
+## **sysdig.smtpProtocolSSL**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2        |
-| medium       | 2        |
-| large        | 2        |
-
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      limits:
-        cpu: 2
+  smtpProtocolSSL: true
 ```
 
-## **sysdig.resources.reporting-worker.limits.memory**
+## **sysdig.smtpProtocolTLS**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 16Gi     |
-| medium       | 16Gi     |
-| large        | 16Gi     |
-
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      limits:
-        memory: 16Gi
+  smtpProtocolTLS: true
 ```
 
-## **sysdig.resources.reporting-worker.requests.cpu**
+## **sysdig.smtpServer**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
-
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      requests:
-        cpu: 200m
+  smtpServer: smtp.gmail.com
 ```
 
-## **sysdig.resources.reporting-worker.requests.memory**
+## **sysdig.smtpServerPort**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 10Gi     |
-| medium       | 10Gi     |
-| large        | 10Gi     |
-
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      requests:
-        memory: 10Gi
+  smtpServerPort: 587<br>
 ```
 
-## **sysdig.secure.scanning.reporting.debug**
+## **sysdig.smtpUser**
 **Required**: `false`<br>
-**Description**: Enable logging at debug level<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
 **Options**:<br>
-**Default**: false<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        debug: false
+  smtpUser: bob+alice@gmail.com<br>
 ```
 
-## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
+## **sysdig.tolerations**
 **Required**: `false`<br>
-**Description**: Reporting GRPC endpoint<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
 ```
 
-## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  anchoreCoreReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageDriver**
+## **sysdig.anchoreWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: Storage kind for generated reports<br>
-**Options**: postgres, fs, s3<br>
-**Default**: postgres<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageDriver: postgres
+  anchoreWorkerReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageCompression**
+## **sysdig.apiReplicaCount**
 **Required**: `false`<br>
-**Description**: Compression format for generated reports<br>
-**Options**: zip, gzip, none<br>
-**Default**: zip<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageCompression: zip
+  apiReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.storageFsDir**
+## **sysdig.cassandraReplicaCount**
 **Required**: `false`<br>
-**Description**: The directory where reports will saved (required when using `fs` driver)<br>
-**Options**: <br>
-**Default**: .<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageFsDir: /reports
+  cassandraReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
+## **sysdig.collectorReplicaCount**
 **Required**: `false`<br>
-**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
-**Options**: <br>
-**Default**: 1<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storagePostgresRetentionDays: 1
+  collectorReplicaCount: 7
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Bucket**
+## **sysdig.activityAuditWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Bucket: secure-scanning-reporting
+  activityAuditWorkerReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Prefix**
+## **sysdig.activityAuditApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Prefix: reports
+  activityAuditApiReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Endpoint**
+## **sysdig.policyAdvisorReplicaCount**
 **Required**: `false`<br>
-**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Endpoint: s3.example.com
+  policyAdvisorReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Region**
+## **sysdig.netsecApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Region: us-east-1
+  netsecApiReplicaCount: 1
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
+## **sysdig.netsecIngestReplicaCount**
 **Required**: `false`<br>
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
+  netsecIngestReplicaCount: 1
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-```
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
-## **sysdig.secure.scanning.reporting.workerSleepTime**
-**Required**: `false`<br>
-**Description**: The sleep interval between two runs of the reporting worker<br>
-**Options**: <br>
-**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        workerSleepTime: 120s
+  anchoreCoreReplicaCount: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.scanningApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: Number of Scanning API replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        cpu: 2
+  scanningApiReplicaCount: 3
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        memory: 10Mi
+  elasticsearchReplicaCount: 20
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.workerReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        cpu: 2
+  workerReplicaCount: 7
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.alerterReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        memory: 200Mi
+  alerterReplicaCount: 7
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.eventsGathererReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        cpu: 1
+  eventsGathererReplicaCount: 2
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.eventsAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        memory: 1Gi
+  eventsAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.eventsDispatcherReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        cpu: 300m
+  eventsDispatcherReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.eventsForwarderReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        memory: 1Gi
+  eventsForwarderReplicaCount: 2
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.eventsForwarderAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        cpu: 1
+  eventsForwarderAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
-
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 4Gi
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.admin.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    netsec-ingest:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.netsec-ingest.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
-
-**Example**:
+**Default**:<br>
+**Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 2Gi
+  admin:
+    password: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.api.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        cpu: 1
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+## **sysdig.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        memory: 1Gi
+  certificate:
+    generate: true
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+## **sysdig.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        cpu: 1
+  certificate:
+    crt: certs/server.crt
 ```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+## **sysdig.certificate.key**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        memory: 1Gi
+  certificate:
+    key: certs/server.key
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.collector.dnsName**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        cpu: 2
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.collector.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.collector.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
+  collector:
+    certificate:
+      generate: true
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.collector.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        memory: 1Gi
+  collector:
+    certificate:
+      crt: certs/collector.crt
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.collector.certificate.key**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        cpu: 2
+  collector:
+    certificate:
+      key: certs/collector.key
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.activity-audit-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.activity-audit-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.activity-audit-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.profiling-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.profiling-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.secure-overview-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-overview-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.secure-overview-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-overview-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        memory: 512Mi
-```
-
-## **sysdig.resources.secure-prometheus.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-prometheus.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        memory: 8Gi
-```
-
-## **sysdig.resources.secure-prometheus.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-prometheus.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        memory: 2Gi
-```
-
-## **sysdig.resources.events-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-gatherer.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.events-gatherer.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.events-gatherer.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-gatherer.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-dispatcher.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-dispatcher.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        memory:  50Mi
-```
-
-## **sysdig.resources.events-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.events-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.restrictPasswordLogin**
-**Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  restrictPasswordLogin: true
-```
-
-## **sysdig.rsyslogVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
-**Options**:<br>
-**Default**: 8.34.0.7<br>
-**Example**:
-
-```yaml
-sysdig:
-  rsyslogVersion: 8.34.0.7
-```
-
-## **sysdig.smtpFromAddress**
-**Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpFromAddress: from-address@my-company.com
-```
-
-## **sysdig.smtpPassword**
-**Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.smtpProtocolSSL**
-**Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolSSL: true
-```
-
-## **sysdig.smtpProtocolTLS**
-**Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolTLS: true
-```
-
-## **sysdig.smtpServer**
-**Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServer: smtp.gmail.com
-```
-
-## **sysdig.smtpServerPort**
-**Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServerPort: 587<br>
-```
-
-## **sysdig.smtpUser**
-**Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpUser: bob+alice@gmail.com<br>
-```
-
-## **sysdig.tolerations**
-**Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 5
-```
-
-## **sysdig.anchoreAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore API replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreAPIReplicaCount: 4
-```
-
-## **sysdig.anchoreCatalogReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCatalogReplicaCount: 4
-```
-
-## **sysdig.anchorePolicyEngineReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchorePolicyEngineReplicaCount: 4
-```
-
-## **sysdig.anchoreWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreWorkerReplicaCount: 5
-```
-
-## **sysdig.apiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  apiReplicaCount: 5
-```
-
-## **sysdig.cassandraReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  cassandraReplicaCount: 20
-```
-
-## **sysdig.collectorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  collectorReplicaCount: 7
-```
-
-## **sysdig.activityAuditWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditWorkerReplicaCount: 20
-```
-
-## **sysdig.activityAuditApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditApiReplicaCount: 20
-```
-
-## **sysdig.policyAdvisorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  policyAdvisorReplicaCount: 20
-```
-
-## **sysdig.scanningAdmissionControllerAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of scanning Admission Controller API replicas, this is
-a noop for clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningAdmissionControllerAPIReplicaCount: 1
-```
-
-## **sysdig.netsecApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecApiReplicaCount: 1
-```
-
-## **sysdig.netsecIngestReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecIngestReplicaCount: 1
-```
-## **sysdig.netsecCommunicationShards**
-**Required**: `false`<br>
-**Description**: Number of Netsec communications index shards.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 3     |
-| medium       | 9     |
-| large        | 15    |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecCommunicationShards: 5
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 2
-```
-
-## **sysdig.scanningApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningApiReplicaCount: 3
-```
-
-## **sysdig.elasticsearchReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchReplicaCount: 20
-```
-
-## **sysdig.workerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  workerReplicaCount: 7
-```
-
-## **sysdig.alerterReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
-## **sysdig.eventsGathererReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsGathererReplicaCount: 2
-```
-
-## **sysdig.eventsAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsAPIReplicaCount: 1
-```
-
-## **sysdig.eventsDispatcherReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsDispatcherReplicaCount: 1
-```
-
-## **sysdig.eventsForwarderReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderReplicaCount: 2
-```
-
-## **sysdig.eventsForwarderAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderAPIReplicaCount: 1
-```
-
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
-```
-
-## **sysdig.admin.password**
-**Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.api.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
-```
-
-## **sysdig.certificate.generate**
-**Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    generate: true
-```
-
-## **sysdig.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    crt: certs/server.crt
-```
-
-## **sysdig.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    key: certs/server.key
-```
-
-## **sysdig.collector.dnsName**
-**Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
-```
-
-## **sysdig.collector.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.collector.certificate.generate**
-**Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      generate: true
-```
-
-## **sysdig.collector.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
-```
-
-## **sysdig.collector.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
-```
-## **sysdig.worker.enabled**
-**Required**: `false`<br>
-**Description**: Enables Sysdig Worker component<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    enabled: true
-```
-
-## **sysdig.worker.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **agent.apiKey**
-**Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  apiKey: replace_with_your_monitor_access_key
-```
-
-## **agent.appChecks.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    settings:
-      limit: 1500
-```
-
-## **agent.collectorEndpoint**
-**Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
-```
-
-## **agent.collectorPort**
-**Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
-**Example**:
-
-```yaml
-agent:
-  collectorPort: 6443
-```
-
-## **agent.namespace**
-**Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
-**Options**: <br>
-**Default**: `agent`<br>
-**Example**:
-
-```yaml
-agent:
-  namespace: sysdig-agent
-```
-
-## **agent.useSlim**
-**Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  useSlim: true
-```
-
-## **agent.version**
-**Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
-**Options**: <br>
-**Default**: `latest`<br>
-**Example**:
-
-```yaml
-agent:
-  version: 1.10.1
-```
-
-## **agent.useSSL**
-**Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  useSSL: false
-```
-
-## **agent.verifySSL**
-**Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  verifySSL: false
-```
-
-## **agent.clusterName**
-**Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
-**Example**:
-
-```yaml
-agent:
-  clusterName: false
-```
-
-## **agent.tags**
-**Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  tags: environment:production linux:ubuntu
-```
-
-## **agent.capturesEnabled**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  capturesEnabled: false
-```
-
-## **agent.feature_mode**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
-**Example**:
-
-```yaml
-agent:
-  feature_mode: troubleshooting
-```
-
-## **agent.timezone**
-**Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  timezone: America/New_York.
-```
-
-## **agent.proxy.httpProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
-```
-
-## **agent.proxy.httpsProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
-```
-
-## **agent.proxy.noProxy**
-**Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
-```
-
-## **agent.snaplenPortRange.start**
-**Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.snaplenPortRange.end**
-**Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.customKernelModules.enabled**
-**Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  customKernelModules:
-    enabled: true
-```
-
-## **agent.secure.enabled**
-**Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    enabled: true
-```
-
-## **agent.secure.commandLineCapturesEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    commandLineCapturesEnabled: true
-```
-
-## **agent.secure.memoryDumpEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    memoryDumpEnabled: true
-```
-
-## **agent.secure.settings.k8sAuditServerURL**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
-```
-
-## **agent.secure.settings.k8sAuditServerPort**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
-```
-
-## **agent.prometheus.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    enabled: true
-```
-
-## **agent.prometheus.settings.interval**
-**Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
-```
-
-## **agent.prometheus.settings.logErrors**
-**Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
-```
-
-## **agent.prometheus.settings.maxMetrics**
-**Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
-```
-
-## **agent.prometheus.settings.maxMetricsPerProcess**
-**Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
-```
-
-## **agent.prometheus.settings.maxTagsPerMetric**
-**Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
-```
-
-## **agent.prometheus.settings.histograms**
-**Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      histograms: 3000
-```
-
-## **agent.statsd.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    enabled: true
-```
-
-## **agent.statsd.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
-```
-
-## **agent.jmx.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    enabled: true
-```
-
-## **agent.jmx.settings.limit**
-**Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    settings:
-      limit: 1000
-```
-
-## **agent.ebpf.enabled**
-**Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    enabled: true
-```
-
-## **agent.ebpf.settings.mountEtcVolume**
-**Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
-```
-
-## **agent.appChecks.elasticsearch.authEnabled**
-**Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
-```
-
-## **agent.appChecks.elasticsearch.url**
-**Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
-```
-
-## **agent.appChecks.elasticsearch.port**
-**Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
-```
-
-## **agent.appChecks.elasticsearch.username**
-**Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
-```
-
-## **agent.appChecks.elasticsearch.password**
+## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **sysdig.alerter.jvmOptions**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enabled: true
+  apiKey: replace_with_your_monitor_access_key
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
   appChecks:
-    kafka:
-      arg: Kafka.kafka
+    settings:
+      limit: 1500
 ```
 
-## **agent.appChecks.kafka.url**
+## **agent.collectorEndpoint**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
 ```
 
-## **agent.appChecks.kafka.port**
+## **agent.collectorPort**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: Sysdig Colletor TCP Port.<br>
 **Options**: `1024-65535`<br>
-**Default**: <br>
+**Default**: `6443`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      port: 9200
+  collectorPort: 6443
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **agent.namespace**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
 **Options**: <br>
-**Default**: <br>
+**Default**: `agent`<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+agent:
+  namespace: sysdig-agent
 ```
 
-## **agent.appChecks.kafka.zk.port**
+## **agent.useSlim**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+  useSlim: true
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
+  version: 1.10.1
 ```
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+  useSSL: false
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **agent.verifySSL**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      enabled: true
+  verifySSL: false
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **agent.clusterName**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+  clusterName: false
 ```
 
-## **agent.appChecks.mysql.user**
+## **agent.tags**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+  tags: environment:production linux:ubuntu
 ```
 
-## **agent.appChecks.mysql.password**
+## **agent.capturesEnabled**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Description**: TBD.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+  capturesEnabled: false
 ```
 
-## **agent.resources.limits.cpu**
+## **agent.feature_mode**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
-
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      cpu: 2
+  feature_mode: troubleshooting
 ```
 
-## **agent.resources.limits.memory**
+## **agent.timezone**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
-
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      memory: 2
+  timezone: America/New_York.
 ```
 
-## **agent.resources.requests.cpu**
+## **agent.proxy.httpProxy**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
-
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      cpu: 2
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
 ```
 
-## **agent.resources.requests.memory**
+## **agent.proxy.httpsProxy**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
-
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      memory: 2
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **agent.proxy.noProxy**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
-
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+  proxy:
+    noProxy: your-awesome-no-proxy.com
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **agent.snaplenPortRange.start**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **agent.snaplenPortRange.end**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
-**Options**:<br>
-**Default**: ""<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+agent:
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
+## **agent.customKernelModules.enabled**
 **Required**: `false`<br>
-**Description**: Max duration after the last ping from an AC before it is considered
-disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
-**Options**:<br>
-**Default**: 10m<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        maxDurationBeforeDisconnection: 20m
+agent:
+  customKernelModules:
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
+## **agent.secure.enabled**
 **Required**: `false`<br>
-**Description**: TTL of the cache for the cluster configuration. It should be
-used by the AC as polling interval to retrieve the updated cluster configuration
-from the API. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    scanning:
-      admissionControllerAPI:
-        confTTLDuration: 10m
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
+## **agent.secure.commandLineCapturesEnabled**
 **Required**: `false`<br>
-**Description**: TTL of an AC ping. It should be used by the AC as polling
-interval to perform a HEAD on the ping endpoint to notify it's still alive and
-connected. It cannot be greater than 30m and it cannot be greater than
-maxDurationBeforeDisconnection<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    scanning:
-      admissionControllerAPI:
-        pingTTLDuration: 8m
+    commandLineCapturesEnabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
+## **agent.secure.memoryDumpEnabled**
 **Required**: `false`<br>
-**Description**: Max duration of the cluster configuration cache. The API returns
-this value as max-age in seconds and the FE uses it for caching the cluster
-configuration. FE also asks for a new cluster configuration using this value
-as time interval. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    scanning:
-      admissionControllerAPI:
-        clusterConfCacheMaxDuration: 9m
+    memoryDumpEnabled: true
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **agent.secure.settings.k8sAuditServerURL**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
-**Options**:<br>
-**Default**: "5"<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
 ```
 
-## **sysdig.scanningAlertMgrForceAutoScan**
+## **agent.secure.settings.k8sAuditServerPort**
 **Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
-**Options**:<br>
-**Default**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAlertMgrForceAutoScan: false
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **agent.prometheus.enabled**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
-**Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+agent:
+  prometheus:
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+## **agent.prometheus.settings.interval**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
-**Options**:<br>
-**Default**: "disable"<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+agent:
+  prometheus:
+    settings:
+      interval: 30
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+## **agent.prometheus.settings.logErrors**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+agent:
+  prometheus:
+    settings:
+      logErrors: true
 ```
 
-
-## **sysdig.metadataService.enabled**
+## **agent.prometheus.settings.maxMetrics**
 **Required**: `false`<br>
-**Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataService:
-    enabled: true
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
 ```
 
-## **sysdig.resources.metadataService.limits.cpu**
+## **agent.prometheus.settings.maxMetricsPerProcess**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        cpu: 2
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
 ```
 
-## **sysdig.resources.metadataService.limits.memory**
+## **agent.prometheus.settings.maxTagsPerMetric**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        memory: 10Mi
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
 ```
 
-## **sysdig.resources.metadataService.requests.cpu**
+## **agent.prometheus.settings.histograms**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
 
+## **agent.statsd.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        cpu: 2
+agent:
+  statsd:
+    enabled: true
 ```
 
-## **sysdig.resources.metadataService.requests.memory**
+## **agent.statsd.settings.limit**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        memory: 200Mi
+agent:
+  statsd:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.metadataServiceReplicaCount**
+## **agent.jmx.enabled**
 **Required**: `false`<br>
-**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
-
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceReplicaCount: 4
+agent:
+  jmx:
+    enabled: true
 ```
 
-## **sysdig.metadataServiceVersion**
+## **agent.jmx.settings.limit**
 **Required**: `false`<br>
-**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 1.0.1.1<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceVersion: 1.0.1.12
+agent:
+  jmx:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.helmRenderer.enabled**
+## **agent.ebpf.enabled**
 **Required**: `false`<br>
-**Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRenderer:
+agent:
+  ebpf:
     enabled: true
 ```
 
-## **sysdig.resources.helmRenderer.limits.cpu**
+## **agent.ebpf.settings.mountEtcVolume**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        cpu: 2
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
 ```
 
-## **sysdig.resources.helmRenderer.limits.memory**
+## **agent.appChecks.elasticsearch.authEnabled**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        memory: 10Mi
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
 ```
 
-## **sysdig.resources.helmRenderer.requests.cpu**
+## **agent.appChecks.elasticsearch.url**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        cpu: 2
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
 ```
 
-## **sysdig.resources.helmRenderer.requests.memory**
+## **agent.appChecks.elasticsearch.port**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        memory: 200Mi
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
 ```
 
-## **sysdig.helmRendererReplicaCount**
+## **agent.appChecks.elasticsearch.username**
 **Required**: `false`<br>
-**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
+```
 
+## **agent.appChecks.elasticsearch.password**
+**Required**: `false`<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRendererReplicaCount: 4
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **sysdig.helmRendererVersion**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 0.1.32<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRendererVersion: 0.1.32
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **sysdig.secure.activityAudit.enabled**
-**Required**: `false`<br>
-**Description**: Enable activity audit for Sysdig secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    activityAudit:
+agent:
+  appChecks:
+    kafka:
       enabled: true
 ```
 
-## **sysdig.secure.activityAudit.janitor.retentionDays**
-**Required**: `false`<br>
-**Description**: Retention period for Activity Audit data.<br>
-**Options**:<br>
-**Default**: 90<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    activityAudit:
-      janitor:
-        retentionDays: 90
+agent:
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **sysdig.secure.anchore.enabled**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: Enable anchore for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    anchore:
-      enabled: true
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **sysdig.secure.compliance.enabled**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: Enable compliance for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    compliance:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **sysdig.secure.netsec.enabled**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: Enable netsec for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    netsec:
-      enabled: true
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **sysdig.secure.overview.enabled**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: Enable overview for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    overview:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **sysdig.secure.padvisor.enabled**
-**Required**: `false`<br>
-**Description**: Enable policy advisor for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    padvisor:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **sysdig.secure.profiling.enabled**
-**Required**: `false`<br>
-**Description**: Enable profiling for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    profiling:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **sysdig.secure.scanning.reporting.enabled**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: Enable reporting for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Whether to enable mysql app check.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        enabled: true
+agent:
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **sysdig.secure.scanning.enabled**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Enable scanning for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **sysdig.secure.events.enabled**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: Enable events for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    events:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **sysdig.secure.eventsForwarder.enabled**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: Enable events forwarder for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    eventsForwarder:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.cpu**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        cpu: 1
+    limits:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.memory**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rapid-response-connector pods<br>
+**Description**:  The amount of memory assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        memory: 500Mi
+    limits:
+      memory: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.cpu**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        cpu: 250m
+    requests:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.memory**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        memory: 50Mi
+    requests:
+      memory: 2
 ```
 
-## **sysdig.rapidResponseConnectorReplicaCount**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: Number of Sysdig rapid-response-connector replicas.<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
 **Example**:
 
 ```yaml
-sysdig:
-  rapidResponseConnectorReplicaCount: 1
+agent:
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **sysdig.secure.rapidResponse.enabled**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: Whether to deploy rapid response or not.<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
 **Options**:<br>
-**Default**: false<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      enabled: false
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
 
-## **sysdig.secure.rapidResponse.validationCodeLength**
-**Required**: `false`<br>
-**Description**: Length of mfa validation code sent via e-mail.<br>
-**Options**:<br>
-**Default**: 6<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      validationCodeLength: 8
+agent:
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
 **Options**:<br>
-**Default**: 180<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      validationCodeSecondsDuration: 8
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Global duration of session in seconds.<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
 **Options**:<br>
-**Default**: 7200<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      sessionTotalSecondsTTL: 7200
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-
-## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Idle duration of session in seconds.<br>
+**Description**: Cronjob schedule<br>
 **Options**:<br>
-**Default**: 300<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    rapidResponse:
-      sessionIdleSecondsTTL: 300
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-
-## **sysdig.secure.scanning.feedsEnabled**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
+
 ```yaml
 sysdig:
   secure:
-    scanning:
-      feedsEnabled: true
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **sysdig.feedsAPIVersion**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: Sets feeds API version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
-```yaml
-sysdig:
-  feedsAPIVersion: 0.5.0
-```
 
-## **sysdig.feedsDBVersion**
-**Required**: `false`<br>
-**Description**: Sets feeds database version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
-**Example**:
 ```yaml
 sysdig:
-  feedsDBVersion: 0.5.0-2020-03-11
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```

From d0a73c7055de17a011c3f3f55e06e31717d9874b Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 21 Jan 2022 23:19:03 +0000
Subject: [PATCH 099/156] updating installer docs

---
 installer/README.md                        |    8 +-
 installer/docs/advanced.md                 |   44 +
 installer/docs/configuration_parameters.md | 7619 ++++++++++++++------
 3 files changed, 5306 insertions(+), 2365 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 4e7d083d..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -97,8 +97,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [sysdigcloud-kubernetes releases
-  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
+  [installer releases
+  page](https://github.com/draios/installer/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.6.4-2-uber
+  docker pull quay.io/sysdig/installer:3.5.1-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.6.4-2-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 8c5de38a..6617e8ba 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,3 +104,47 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
+
+## Airgapped installations
+
+### Method for automatically updating the feeds database in airgapped environments
+This is a procedure that can be used to automatically update the feeds database:
+
+1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
+2. move the file from the jumpbox server to the customer airgapped environment (optional)
+3. load the image file and push it to the customer's airgapped image registry
+4. restart the pod sysdigcloud-feeds-db
+5. restart the pod feeds-api
+
+Finally, steps 1 to 5 will be performed periodically once a day.
+
+This is an example script that contains all the steps:
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/vuln-feed-database:latest
+# Save image
+docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
+# Optionally move image
+mv vuln-feed-database.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
+ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
+# Restart database pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
+# Restart feeds-api pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
+```
+
+The script can be scheduled using a cron job that run every day
+```bash
+0 8 * * * feeds-database-update.sh >/dev/null 2>&1
+```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 3b35c54e..0be21fe6 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -97,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`
+**Required**: `false`<br>
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -124,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift`<br>
+**Options**: `iks|kubernetes|openshift|goldman`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -666,28 +666,49 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **sysdig.activityAuditVersion**
+## **pvStorageSize.large.nats**
 **Required**: `false`<br>
-**Description**: Docker image tag of Activity Audit services.<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 10Gi<br>
 **Example**:
 
 ```yaml
-sysdig:
-  activityAuditVersion: 3.6.4.11009
+pvStorageSize:
+  large:
+    nats: 10Gi
 ```
 
-## **sysdig.profilingVersion**
+## **pvStorageSize.medium.nats**
 **Required**: `false`<br>
-**Description**: Docker image tag of Profiling services.<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 10Gi<br>
 **Example**:
 
 ```yaml
-sysdig:
-  profilingVersion: 3.6.4.11009
+pvStorageSize:
+  medium:
+    nats: 10Gi
+```
+
+## **pvStorageSize.small.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    nats: 10Gi
 ```
 
 ## **sysdig.anchoreVersion**
@@ -699,7 +720,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.8
+  anchoreVersion: 0.8.1.21
 ```
 
 ## **sysdig.accessKey**
@@ -715,6 +736,19 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
+## **sysdig.awsRegion**
+**Required**: `false`<br>
+**Description**: The AWS (or AWS compatible) region to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  awsRegion: my_aws_region
+```
+
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -772,7 +806,7 @@ sysdig:
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**:<br>
+**Options**: <br>
 **Default**: 2.1.21.13<br>
 **Example**:
 
@@ -781,6 +815,31 @@ sysdig:
   cassandraVersion: 2.1.21.16
 ```
 
+## **sysdig.cassandra.useCassandra3**
+**Required**: `false`<br>
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    useCassandra3: false
+```
+
+## **sysdig.Cassandra3Version**
+**Required**: `false`<br>
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
+**Options**: <br>
+**Default**: `3.11.7.0`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra3Version: 3.11.7.0
+```
+
 ## **sysdig.cassandra.external**
 **Required**: `false`<br>
 **Description**: If set does not create a local Cassandra cluster, tries connecting to an external Cassandra cluster.
@@ -813,7 +872,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`false`<br>
+**Default**:`true`<br>
 **Example**:
 
 ```yaml
@@ -825,9 +884,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. <br>
+**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -917,7 +976,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `-Xms4g -Xmx4g`<br>
 **Example**:
 
 ```yaml
@@ -971,22 +1030,31 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
+   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
+PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
+in the same level as `values.yaml`.<br>
 
-This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
+certs/custom-java-certs/certificate3.p12
+certs/custom-java-certs/certificate3.p12.passwd
+
+
 values.yaml
 ```
 
@@ -1022,14 +1090,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch 6.<br>
+**Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
 **Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 6.8.6.6
+  elasticsearch6Version: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1141,27 +1209,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.6.4.11009
+  monitorVersion: 3.5.1.7018
 ```
 
-## **sysdig.scanningVersion**
+## **sysdig.secureVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Scanning components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Secure, if this is not 
+configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.6.4.11009
+  secureVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1171,12 +1239,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.6.4.11009
+  sysdigAPIVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1186,12 +1254,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.6.4.11009
+  sysdigCollectorVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1201,12 +1269,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.6.4.11009
+  sysdigWorkerVersion: 3.5.1.7018
 ```
 
 ## **sysdig.enableAlerter**
@@ -1224,6 +1292,75 @@ sysdig:
   enableAlerter: true
 ```
 
+## **sysdig.alertingSystem.enabled**
+**Required**: `false`<br>
+**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    enabled: true
+```
+
+## **sysdig.alertingSystem.alertManager.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertManager.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifier.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertNotifier.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      apiToken: A_VALID_TOKEN
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1298,8 +1435,7 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster
-instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1428,6 +1564,36 @@ sysdig:
       enabled: true
 ```
 
+## **sysdig.nats.secure.username**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS username<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS password<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1511,7 +1677,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure`.<br>
+is `monitor secure` and when `postgres.HA.enabled` is false.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1521,597 +1687,730 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.mysqlToPostgresMigrationVersion**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
 **Options**:<br>
-**Default**: [] <br>
-
+**Default**: 1.2.5-mysql-to-postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.postgresql.rootUser**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: Root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Default**: `postgres`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
+  postgresql:
+    rootUser: postgres
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.postgresql.rootDb**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: Root database of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `false`<br>
-
+**Default**: `anchore`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  postgresql:
+    rootDb: anchore
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.postgresql.rootPassword**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: Password for the root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**:<br>
-
+**Default**: Autogenerated 16 alphanumeric characters<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  postgresql:
+    rootPassword: my_root_password
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.postgresql.primary**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
-**Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+```
 
+## **sysdig.postgresql.external**
+**Required**: `false`<br>
+**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  postgresql:
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+    sysdig:
+      host: my-sysdig-db-external.com
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: [] <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.postgresql.pgParameters**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
 **Options**:<br>
-**Default**: `80`<br>
+**Default**: ``<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  postgresql:      
+    pgParameters:
+      max_connections: '1024'
+      shared_buffers: '110MB'
 ```
 
-## **sysdig.proxy.protocol**
+
+## **sysdig.postgresql.ha.enabled**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
+**Description**: true if you want to deploy postgreSQL in HA mode.
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  postgresql:
+    ha:
+      enabled: true
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.postgresql.ha.spiloVersion**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: Docker image tag of the postgreSQL node in HA mode.
 **Options**:<br>
-**Default**:<br>
+**Default**: `2.0-p7`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  postgresql:
+    ha:
+      spiloVersion: 2.0-p7
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.postgresql.ha.operatorVersion**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
 **Options**:<br>
-**Default**: `awesomeclientid`<br>
+**Default**: `v1.6.3`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  postgresql:
+    ha:
+      operatorVersion: v1.6.3
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.postgresql.ha.exporterVersion**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
 **Options**:<br>
-**Default**: `awesomeclientsecret`<br>
+**Default**: `latest`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  postgresql:
+    ha:
+      exporterVersion: v0.3
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.postgresql.ha.clusterDomain**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
 **Options**:<br>
-**Default**: `incoming-webhook`<br>
+**Default**: `cluster.local`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  postgresql:
+    ha:
+      clusterDomain: cluster.local
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.postgresql.ha.replicas**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: number of replicas for postgreSQL nodes in HA mode.
 **Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
+**Default**: `3`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  postgresql:
+    ha:
+      replicas: 3
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+
+## **sysdig.postgresql.ha.enableExporter**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
 **Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
+**Default**: `true`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  postgresql:
+    ha:
+      enableExporter: true
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.postgresql.ha.migrate.retryCount**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `3600`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerEnabled: true
+  postgresql:
+    ha:
+      migrate:
+        retryCount: 3600
 ```
 
-## **sysdig.inactivitySettings.trackerTimeout**
+## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
 **Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
+**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
+**Options**:<br>
+**Default**: `10`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  postgresql:
+    ha:
+      migrate:
+        retrySleepSeconds: 10
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.postgresql.ha.migrate.retainBackup**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
-
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
 **Options**: `true|false`<br>
-**Default**: false<br>
-**Example**:
+**Default**: `true`<br>
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
+**Example**:
 
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  postgresql:
+    ha:
+      migrate:
+        retainBackup: true
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
+**Description**: Docker image tag of the migration job from postgres single node to HA mode.
 **Options**:<br>
-**Default**: 4.0.12.7<br>
+**Default**: `postgres-to-postgres-ha-0.0.4`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  postgresql:
+    ha:
+      migrate:
+        migrationJobImageVersion: v0.1
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.postgresql.ha.customTls.enabled**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
-**Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
+**Description**: If set to true will pass to the target pg crd the option to add
+custom certificates and CA
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12-1.0.1
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
 ```
 
-## **sysdig.redisHa**
+## **sysdig.postgresql.ha.customTls.crtSecretName**
 **Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container certificate and key that will be used in postgres HA for ssl
+NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisHa: false
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
 ```
 
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.postgresql.ha.customTls.caSecretName**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container the CA certificate that will be used in postgres HA for ssl
+NOTE: the CA certificate file must be called `ca.crt`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        cpu: 2
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+       caSecretName: sysdigcloud-postgres-tls-ca
+
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        memory: 8Gi
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.postgresDatabases.anchore**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.postgresDatabases.profiling**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
-
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        memory: 2Gi
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.scanning**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        cpu: 2
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.postgresDatabases.reporting**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.padvisor**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        memory: 8Gi
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.postgresDatabases.sysdig**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.serviceOwnerManagement**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        cpu: 2
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    serviceOwnerManagement:
+      host: my-som-db-external.com
+      port: 5432
+      db: som_db
+      username: som_user
+      password: my_som_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
-| large        | 4Gi      |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    beacon:
+      host: my-beacon-db-external.com
+      port: 5432
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.promBeacon**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        memory: 2Gi
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    promBeacon:
+      host: my-prom-beacon-db-external.com
+      port: 5432
+      db: prom_beacon_db
+      username: prom_beacon_user
+      password: my_prom_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    quartz:
+      host: my-quartz-db-external.com
+      port: 5432
+      db: quartz_db
+      username: quartz_user
+      password: my_quartz_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.compliance**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    compliance:
+      host: my-compliance-db-external.com
+      port: 5432
+      db: compliance_db
+      username: compliance_user
+      password: my_compliance_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.postgresDatabases.admissionController**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    admissionController:
+      host: my-admission-controller-db-external.com
+      port: 5432
+      db: admission_controller_db
+      username: admission_controller_user
+      password: my_admission_controller_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.rapidResponse**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        memory: 8Gi
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-rapid-response-db-external.com
+      port: 5432
+      db: rapid_response_db
+      username: rapid_response_user
+      password: my_rapid_response_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
 **Default**:<br>
 
@@ -2119,483 +2418,502 @@ sysdig:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 4      |
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 8Gi    |
-
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        cpu: 2
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        memory: 2Gi
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        cpu: 2
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
+```
 
+## **sysdig.slack.client.oauth.endpoint**
+**Required**: `false`<br>
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Options**:<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        memory: 1Gi
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
-
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.saml.certificate.name**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: The filename of the certificate that will be used for signing SAML requests. 
+The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
+the certificate name used when creating the certificate.<br>
 **Options**:<br>
-**Default**:
+**Default**:  <br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+**Example**:
+
+```yaml
+sysdig:
+  saml:
+    certificate:
+      name: saml-cert.p12
+```
+## **sysdig.saml.certificate.password**
+**Required**: `false`<br>
+**Description**: The password required to read the certificate that will be used for signing SAML requests. 
+If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
+**Options**:<br>
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        cpu: 2
+  saml:
+    certificate:
+      name: saml-cert.p12
+      password: changeit
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
-**Options**:<br>
-**Default**:
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+**Example**:
+```yaml
+sysdig:
+  inactivitySettings:
+    trackerEnabled: true
+```
+
+## **sysdig.inactivitySettings.trackerTimeout**
+**Required**: `false`<br>
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
+
+**Example**:
+```yaml
+sysdig:
+  inactivitySettings:
+    trackerTimeout: 900
+```
+
+
+## **sysdig.secure.anchore.customCerts**
+**Required**: `false`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        memory: 2Gi
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.secure.anchore.enableMetrics**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
+**Description**:
+Allow Anchore to export prometheus metrics.
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+**Options**: `true|false`<br>
+**Default**: false<br>
+**Example**:
+```yaml
+sysdig:
+  secure:
+    anchore:
+      enableMetrics: true
+```
 
+## **sysdig.redisVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Redis.<br>
+**Options**:<br>
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        cpu: 2
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+**Default**: 4.0.12-1.0.1<br>
+**Example**:
 
+```yaml
+sysdig:
+  redisHaVersion: 4.0.12-1.0.1
+```
 
+## **sysdig.redisHa**
+**Required**: `false`<br>
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        memory: 10Mi
+  redisHa: false
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.useRedis6**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
+**Description**: Determines if redis should be installed with version 6.x<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+```yaml
+sysdig:
+  useRedis6: false
+```
 
+## **sysdig.redis6Version**
+**Required**: `false`<br>
+**Description**: Docker image tag of Redis 6, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
+**Options**:<br>
+**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        cpu: 2
+  redis6Version: 6.0.10.1
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.redis6SentinelVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: Docker image tag of Redis Sentinel, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
+**Default**: 6.0.10.1<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+```yaml
+sysdig:
+  redis6SentinelVersion: 6.0.10.1
+```
 
+## **sysdig.redis6ExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
+**Options**:<br>
+**Default**: 1.15.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        memory: 200Mi
+  redis6ExporterVersion: 1.15.1.1
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 8Gi      |
+| medium       | 8Gi      |
+| large        | 8Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    cassandra:
       requests:
-        memory: 200Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
+| small        | 2      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    elasticsearch:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: The amount of memory assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    elasticsearch:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
+| medium       | 2        |
 | large        | 4        |
 
 **Example**:
@@ -2603,21 +2921,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    elasticsearch:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
+| small        | 4Gi      |
+| medium       | 4Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -2625,222 +2943,208 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    elasticsearch:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api pods<br>
+**Description**: The amount of cpu assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql-router:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api pods<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql-router:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api pods<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql-router:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api pods<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    mysql-router:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    mysql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    mysql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    mysql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    mysql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    postgresql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| medium       | 4Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -2848,88 +3152,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    postgresql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    postgresql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    postgresql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -2937,88 +3241,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    redis:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3026,88 +3330,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3115,58 +3419,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3174,21 +3478,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3196,7 +3500,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3204,36 +3508,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    timescale-adapter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3241,345 +3545,382 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    timescale-adapter:
       requests:
         memory: 200Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerHaProxy:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.ingressControllerHaProxy.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 250Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerHaProxy:
       limits:
-        memory: 10Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerHaProxy:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.ingressControllerHaProxy.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    ingressControllerHaProxy:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 125m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    ingressControllerRsyslog:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.ingressControllerRsyslog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 50Mi   |
+| medium       | 100Mi  |
+| large        | 100Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    ingressControllerRsyslog:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m     |
+| medium       | 50m     |
+| large        | 50m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    ingressControllerRsyslog:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.ingressControllerRsyslog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 20Mi     |
+| medium       | 20Mi     |
+| large        | 20Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    ingressControllerRsyslog:
       requests:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
+**Description**: The amount of cpu assigned to api containers in api pods<br>
 **Options**:<br>
-**Default**: 0 3 * * *<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
+  resources:
+    api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of memory assigned to api containers in api pods<br>
 **Options**:<br>
-**Default**: 23h<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
+  resources:
+    api:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
+**Description**: The amount of cpu required to schedule api containers in api pods<br>
 **Options**:<br>
-**Default**: 168h<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
-**Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
-**Options**:<br>
-**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
+  resources:
+    api:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: The amount of memory required to schedule api containers in api pods<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    api:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.apiNginx.limits.cpu**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of cpu assigned to nginx containers in api pods<br>
 **Options**:<br>
-**Default**: mysql<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
+  resources:
+    apiNginx:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
+## **sysdig.resources.apiNginx.limits.memory**
 **Required**: `false`<br>
-**Description**: Default value for the date policy<br>
+**Description**: The amount of memory assigned to nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 90<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
+  resources:
+    apiNginx:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+## **sysdig.resources.apiNginx.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
+**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 5<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
+  resources:
+    apiNginx:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+## **sysdig.resources.apiNginx.requests.memory**
 **Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
+**Description**: The amount of memory required to schedule nginx containers in api pods<br>
 **Options**:<br>
-**Default**: 5<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
+  resources:
+    apiNginx:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+## **sysdig.resources.apiEmailRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
+| small        | 1      |
+| medium       | 1      |
 | large        | 1      |
 
 **Example**:
@@ -3587,22 +3928,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    apiEmailRenderer:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
+## **sysdig.resources.apiEmailRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -3610,88 +3951,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    apiEmailRenderer:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.apiEmailRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    apiEmailRenderer:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.apiEmailRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    apiEmailRenderer:
       requests:
-        memory: 200Mi
+        memory: 100Mi
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3699,88 +4040,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    alerter:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3788,88 +4129,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    alerter:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    alerter:
       requests:
-        cpu: 300m
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    alerter:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    collector:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3877,170 +4218,194 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    collector:
       limits:
-        memory: 4Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    collector:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-ingest.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.anchore-core.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    anchore-core:
       limits:
-        memory: 2Gi
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.resources.anchore-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: The amount of cpu assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    anchore-api:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+## **sysdig.resources.anchore-catalog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Description**: The amount of cpu assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    anchore-catalog:
       limits:
-        memory: 1Gi
+        cpu: 1
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+## **sysdig.resources.anchore-policy-engine.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
-      requests:
+    anchore-policy-engine:
+      limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
-      requests:
-        memory: 1Gi
+    anchore-core:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+
+## **sysdig.resources.anchore-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: The amount of memory assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    anchore-api:
       limits:
-        cpu: 2
+        memory: 10Mi
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+
+## **sysdig.resources.anchore-catalog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: The amount of memory assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4048,7 +4413,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 2Gi    |
 | medium       | 2Gi    |
-| large        | 2Gi    |
+| large        | 3Gi    |
 
 
 **Example**:
@@ -4056,265 +4421,244 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    anchore-catalog:
       limits:
-        memory: 2Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+
+## **sysdig.resources.anchore-policy-engine.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
+    anchore-policy-engine:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    anchore-core:
       requests:
-        memory: 1Gi
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.resources.anchore-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
-      limits:
+    anchore-api:
+      requests:
         cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
+## **sysdig.resources.anchore-catalog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
+    anchore-catalog:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.requests.cpu**
+## **sysdig.resources.anchore-policy-engine.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    anchore-policy-engine:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.requests.memory**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    anchore-core:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.cpu**
+## **sysdig.resources.anchore-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
-      limits:
-        cpu: 1
+    anchore-api:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.memory**
+## **sysdig.resources.anchore-catalog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.activity-audit-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-policy-engine:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    anchore-worker:
       limits:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4322,176 +4666,178 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    anchore-worker:
       limits:
-        memory: 200Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    anchore-worker:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    anchore-worker:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-api.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanning-api:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-api.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanning-api:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    scanning-api:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanningalertmgr:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4499,88 +4845,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanningalertmgr:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-worker.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanningalertmgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    scanningalertmgr:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-overview-api.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.secure-overview-api.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4588,154 +4934,203 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    scanning-retention-mgr:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.secure-overview-api.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    scanning-retention-mgr:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.secure-overview-api.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    scanning-retention-mgr:
       requests:
-        memory: 512Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-prometheus.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
+**Default**: 0 3 * * *<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
+```
 
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+**Required**: `false`<br>
+**Description**: Max execution duration for the retention policy<br>
+**Options**:<br>
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.secure-prometheus.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 168h<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
+```
+
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+**Required**: `false`<br>
+**Description**: Artifical delay after each image deletion<br>
+**Options**:<br>
+**Default**: 1s<br>
+**Example**:
 
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
+```
 
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+**Required**: `false`<br>
+**Description**: Scanning GRPC endpoint<br>
+**Options**:<br>
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        memory: 8Gi
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.resources.secure-prometheus.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Description**: Scanning DB engine<br>
 **Options**:<br>
-**Default**:
+**Default**: mysql<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
+**Required**: `false`<br>
+**Description**: Default value for the date policy<br>
+**Options**:<br>
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
 ```
 
-## **sysdig.resources.secure-prometheus.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Description**: Default value for the tags policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 5<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        memory: 2Gi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
 ```
 
-## **sysdig.resources.events-api.limits.cpu**
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
+| small        | 300m   |
+| medium       | 500m   |
 | large        | 1      |
 
 **Example**:
@@ -4743,322 +5138,327 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-api.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanning-ve-janitor:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-gatherer.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.events-gatherer.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Description**: The amount of memory assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.events-gatherer.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanningAdmissionControllerApi:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.events-gatherer.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    admission-controller-api:
       requests:
-        memory: 250Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.events-dispatcher.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-dispatcher.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Description**: The amount of memory assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 256Mi  |
+| medium     | 256Mi  |
+| large      | 256Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       limits:
-        memory: 250Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-dispatcher.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  100m  |
+| medium     |  100m  |
+| large      |  100m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    scanningAdmissionControllerApiPgMigrate:
       requests:
-        cpu: 250m
+        cpu: 100m
 ```
 
-## **sysdig.resources.events-dispatcher.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-dispatcher:
+    admission-controller-api-pg-migrate:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.cpu**
+## **sysdig.resources.reporting-init.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Description**: The amount of cpu assigned to reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.memory**
+## **sysdig.resources.reporting-init.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Description**: The amount of memory assigned to reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       limits:
-        memory: 500Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.cpu**
+## **sysdig.resources.reporting-init.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Description**: The amount of cpu required to schedule reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       requests:
-        cpu: 250m
+        cpu: 100m
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.memory**
+## **sysdig.resources.reporting-init.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Description**: The amount of memory required to schedule reporting-init pods<br>
 **Options**:<br>
 **Default**:
 
@@ -5073,1874 +5473,4371 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-forwarder-api:
+    reporting-init:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.events-forwarder.limits.cpu**
+## **sysdig.resources.reporting-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Description**: The amount of cpu assigned to reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1500m    |
+| medium       | 1500m    |
+| large        | 1500m    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       limits:
-        cpu: 1
+        cpu: 1500m
 ```
 
-## **sysdig.resources.events-forwarder.limits.memory**
+## **sysdig.resources.reporting-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Description**: The amount of memory assigned to reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1536Mi   |
+| medium       | 1536Mi   |
+| large        | 1536Mi   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       limits:
-        memory: 500Mi
+        memory: 1536Mi
 ```
 
-## **sysdig.resources.events-forwarder.requests.cpu**
+## **sysdig.resources.reporting-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Description**: The amount of cpu required to schedule reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       requests:
-        cpu: 250m
+        cpu: 200m
 ```
 
-## **sysdig.resources.events-forwarder.requests.memory**
+## **sysdig.resources.reporting-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Description**: The amount of memory required to schedule reporting-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    reporting-api:
       requests:
-        memory:  50Mi
+        memory: 256Mi
 ```
 
-## **sysdig.resources.events-janitor.limits.cpu**
+## **sysdig.resources.reporting-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Description**: The amount of cpu assigned to reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2        |
+| medium       | 2        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-janitor.limits.memory**
+## **sysdig.resources.reporting-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
+**Description**: The amount of memory assigned to reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 16Gi     |
+| medium       | 16Gi     |
+| large        | 16Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       limits:
-        memory: 200Mi
+        memory: 16Gi
 ```
 
-## **sysdig.resources.events-janitor.requests.cpu**
+## **sysdig.resources.reporting-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Description**: The amount of cpu required to schedule reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       requests:
-        cpu: 250m
+        cpu: 200m
 ```
 
-## **sysdig.resources.events-janitor.requests.memory**
+## **sysdig.resources.reporting-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Description**: The amount of memory required to schedule reporting-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 10Gi     |
+| medium       | 10Gi     |
+| large        | 10Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    reporting-worker:
       requests:
-        memory: 50Mi
+        memory: 10Gi
 ```
 
-## **sysdig.restrictPasswordLogin**
+## **sysdig.secure.scanning.reporting.debug**
 **Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable logging at debug level<br>
+**Options**:<br>
+**Default**: false<br>
 **Example**:
 
 ```yaml
 sysdig:
-  restrictPasswordLogin: true
+  secure:
+    scanning:
+      reporting:
+        debug: false
 ```
 
-## **sysdig.rsyslogVersion**
+## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
+**Description**: Reporting GRPC endpoint<br>
 **Options**:<br>
-**Default**: 8.34.0.7<br>
+**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  rsyslogVersion: 8.34.0.7
+  secure:
+    scanning:
+      reporting:
+        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
 ```
 
-## **sysdig.smtpFromAddress**
+## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpFromAddress: from-address@my-company.com
+  secure:
+    scanning:
+      reporting:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.smtpPassword**
+## **sysdig.secure.scanning.reporting.storageDriver**
 **Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Storage kind for generated reports<br>
+**Options**: postgres, fs, s3<br>
+**Default**: postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
+  secure:
+    scanning:
+      reporting:
+        storageDriver: postgres
 ```
 
-## **sysdig.smtpProtocolSSL**
+## **sysdig.secure.scanning.reporting.storageCompression**
 **Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: Compression format for generated reports<br>
+**Options**: zip, gzip, none<br>
+**Default**: zip<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolSSL: true
+  secure:
+    scanning:
+      reporting:
+        storageCompression: zip
 ```
 
-## **sysdig.smtpProtocolTLS**
+## **sysdig.secure.scanning.reporting.storageFsDir**
 **Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The directory where reports will saved (required when using `fs` driver)<br>
+**Options**: <br>
+**Default**: .<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolTLS: true
+  secure:
+    scanning:
+      reporting:
+        storageFsDir: /reports
 ```
 
-## **sysdig.smtpServer**
+## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
 **Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
+**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
 **Options**: <br>
-**Default**:<br>
+**Default**: 1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServer: smtp.gmail.com
+  secure:
+    scanning:
+      reporting:
+        storagePostgresRetentionDays: 1
 ```
 
-## **sysdig.smtpServerPort**
+## **sysdig.secure.scanning.reporting.storageS3Bucket**
 **Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
+**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServerPort: 587<br>
+  secure:
+    scanning:
+      reporting:
+        storageS3Bucket: secure-scanning-reporting
 ```
 
-## **sysdig.smtpUser**
+## **sysdig.secure.scanning.reporting.storageS3Prefix**
 **Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpUser: bob+alice@gmail.com<br>
+  secure:
+    scanning:
+      reporting:
+        storageS3Prefix: reports
 ```
 
-## **sysdig.tolerations**
+## **sysdig.secure.scanning.reporting.storageS3Endpoint**
 **Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
+  secure:
+    scanning:
+      reporting:
+        storageS3Endpoint: s3.example.com
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Region**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 5
+  secure:
+    scanning:
+      reporting:
+        storageS3Region: us-east-1
 ```
 
-## **sysdig.anchoreWorkerReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreWorkerReplicaCount: 5
+  secure:
+    scanning:
+      reporting:
+        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
 ```
 
-## **sysdig.apiReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
 **Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  apiReplicaCount: 5
+  secure:
+    scanning:
+      reporting:
+        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.cassandraReplicaCount**
+## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
+**Description**: The sleep interval between two runs of the reporting worker<br>
+**Options**: <br>
+**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraReplicaCount: 20
+  secure:
+    scanning:
+      reporting:
+        workerSleepTime: 120s
 ```
 
-## **sysdig.collectorReplicaCount**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  collectorReplicaCount: 7
+  resources:
+    policy-advisor:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.activityAuditWorkerReplicaCount**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditWorkerReplicaCount: 20
+  resources:
+    policy-advisor:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.activityAuditApiReplicaCount**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditApiReplicaCount: 20
+  resources:
+    policy-advisor:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.policyAdvisorReplicaCount**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  policyAdvisorReplicaCount: 20
+  resources:
+    policy-advisor:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.netsecApiReplicaCount**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  netsecApiReplicaCount: 1
+  resources:
+    netsec-api:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.netsecIngestReplicaCount**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  netsecIngestReplicaCount: 1
+  resources:
+    netsec-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 2
+  resources:
+    netsec-api:
+      requests:
+        cpu: 300m
 ```
 
-## **sysdig.scanningApiReplicaCount**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  scanningApiReplicaCount: 3
+  resources:
+    netsec-api:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.elasticsearchReplicaCount**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchReplicaCount: 20
+  resources:
+    netsec-ingest:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.workerReplicaCount**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  workerReplicaCount: 7
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 4Gi
 ```
 
-## **sysdig.alerterReplicaCount**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  alerterReplicaCount: 7
+  resources:
+    netsec-ingest:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.eventsGathererReplicaCount**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsGathererReplicaCount: 2
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.eventsAPIReplicaCount**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsAPIReplicaCount: 1
+  resources:
+    netsec-janitor:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.eventsDispatcherReplicaCount**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsDispatcherReplicaCount: 1
+  resources:
+    netsec-janitor:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.eventsForwarderReplicaCount**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderReplicaCount: 2
+  resources:
+    netsec-janitor:
+      requests:
+        cpu: 1
 ```
 
-## **sysdig.eventsForwarderAPIReplicaCount**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderAPIReplicaCount: 1
+  resources:
+    netsec-janitor:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
+## **sysdig.resources.nats-streaming.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.admin.password**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.api.jvmOptions**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.certificate.generate**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    generate: true
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.certificate.crt**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    crt: certs/server.crt
+  resources:
+    activity-audit-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.certificate.key**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    key: certs/server.key
+  resources:
+    activity-audit-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.collector.dnsName**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
+  resources:
+    activity-audit-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.collector.jvmOptions**
+## **sysdig.resources.activity-audit-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.collector.certificate.generate**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      generate: true
+  resources:
+    activity-audit-worker:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.collector.certificate.crt**
+## **sysdig.resources.activity-audit-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
+  resources:
+    activity-audit-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.profiling-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.profiling-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.secure-overview-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-overview-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.secure-overview-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-overview-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
+```
+
+## **sysdig.resources.secure-prometheus.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-prometheus.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.secure-prometheus.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-prometheus.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.events-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-gatherer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.events-gatherer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.events-gatherer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-gatherer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-dispatcher.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-dispatcher.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        memory:  50Mi
+```
+
+## **sysdig.resources.events-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.events-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+**Required**: `false`<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+**Required**: `false`<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+**Required**: `false`<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+**Required**: `false`<br>
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br>
+```
+
+## **sysdig.smtpUser**
+**Required**: `false`<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br>
+```
+
+## **sysdig.tolerations**
+**Required**: `false`<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 5
+```
+
+## **sysdig.anchoreAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore API replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreAPIReplicaCount: 4
+```
+
+## **sysdig.anchoreCatalogReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCatalogReplicaCount: 4
+```
+
+## **sysdig.anchorePolicyEngineReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchorePolicyEngineReplicaCount: 4
+```
+
+## **sysdig.anchoreWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreWorkerReplicaCount: 5
+```
+
+## **sysdig.apiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  apiReplicaCount: 5
+```
+
+## **sysdig.cassandraReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandraReplicaCount: 20
+```
+
+## **sysdig.collectorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  collectorReplicaCount: 7
+```
+
+## **sysdig.activityAuditWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditWorkerReplicaCount: 20
+```
+
+## **sysdig.activityAuditApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditApiReplicaCount: 20
+```
+
+## **sysdig.policyAdvisorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  policyAdvisorReplicaCount: 20
+```
+
+## **sysdig.scanningAdmissionControllerAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of scanning Admission Controller API replicas, this is
+a noop for clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningAdmissionControllerAPIReplicaCount: 1
+```
+
+## **sysdig.netsecApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecApiReplicaCount: 1
+```
+
+## **sysdig.netsecIngestReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecIngestReplicaCount: 1
+```
+## **sysdig.netsecCommunicationShards**
+**Required**: `false`<br>
+**Description**: Number of Netsec communications index shards.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 9     |
+| large        | 15    |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecCommunicationShards: 5
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 2
+```
+
+## **sysdig.scanningApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Scanning API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningApiReplicaCount: 3
+```
+
+## **sysdig.elasticsearchReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchReplicaCount: 20
+```
+
+## **sysdig.workerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  workerReplicaCount: 7
+```
+
+## **sysdig.alerterReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
+## **sysdig.eventsGathererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsGathererReplicaCount: 2
+```
+
+## **sysdig.eventsAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsAPIReplicaCount: 1
+```
+
+## **sysdig.eventsDispatcherReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsDispatcherReplicaCount: 1
+```
+
+## **sysdig.eventsForwarderReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderReplicaCount: 2
+```
+
+## **sysdig.eventsForwarderAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderAPIReplicaCount: 1
+```
+
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
+```
+
+## **sysdig.admin.password**
+**Required**: `false`<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    password: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.api.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+```
+
+## **sysdig.certificate.generate**
+**Required**: `false`<br>
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    generate: true
+```
+
+## **sysdig.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    crt: certs/server.crt
+```
+
+## **sysdig.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    key: certs/server.key
+```
+
+## **sysdig.collector.dnsName**
+**Required**: `false`<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
+```
+
+## **sysdig.collector.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.collector.certificate.generate**
+**Required**: `false`<br>
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      generate: true
+```
+
+## **sysdig.collector.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
+```
+
+## **sysdig.collector.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
+```
+
+## **sysdig.worker.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  apiKey: replace_with_your_monitor_access_key
+```
+
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    settings:
+      limit: 1500
+```
+
+## **agent.collectorEndpoint**
+**Required**: `false`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
+```
+
+## **agent.collectorPort**
+**Required**: `false`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
+**Example**:
+
+```yaml
+agent:
+  collectorPort: 6443
+```
+
+## **agent.namespace**
+**Required**: `false`<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Options**: <br>
+**Default**: `agent`<br>
+**Example**:
+
+```yaml
+agent:
+  namespace: sysdig-agent
+```
+
+## **agent.useSlim**
+**Required**: `false`<br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  useSlim: true
+```
+
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
+**Example**:
+
+```yaml
+agent:
+  version: 1.10.1
+```
+
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  useSSL: false
+```
+
+## **agent.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  verifySSL: false
+```
+
+## **agent.clusterName**
+**Required**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
+**Example**:
+
+```yaml
+agent:
+  clusterName: false
+```
+
+## **agent.tags**
+**Required**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  tags: environment:production linux:ubuntu
+```
+
+## **agent.capturesEnabled**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  capturesEnabled: false
+```
+
+## **agent.feature_mode**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
+**Example**:
+
+```yaml
+agent:
+  feature_mode: troubleshooting
+```
+
+## **agent.timezone**
+**Required**: `false`<br>
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  timezone: America/New_York.
+```
+
+## **agent.proxy.httpProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
+```
+
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
+```
+
+## **agent.proxy.noProxy**
+**Required**: `false`<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
+```
+
+## **agent.snaplenPortRange.start**
+**Required**: `false`<br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.snaplenPortRange.end**
+**Required**: `false`<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.customKernelModules.enabled**
+**Required**: `false`<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  customKernelModules:
+    enabled: true
+```
+
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    enabled: true
+```
+
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    commandLineCapturesEnabled: true
+```
+
+## **agent.secure.memoryDumpEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    memoryDumpEnabled: true
+```
+
+## **agent.secure.settings.k8sAuditServerURL**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
+```
+
+## **agent.secure.settings.k8sAuditServerPort**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
+```
+
+## **agent.prometheus.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    enabled: true
+```
+
+## **agent.prometheus.settings.interval**
+**Required**: `false`<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      interval: 30
+```
+
+## **agent.prometheus.settings.logErrors**
+**Required**: `false`<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      logErrors: true
+```
+
+## **agent.prometheus.settings.maxMetrics**
+**Required**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
+```
+
+## **agent.prometheus.settings.maxMetricsPerProcess**
+**Required**: `false`<br>
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
+```
+
+## **agent.prometheus.settings.maxTagsPerMetric**
+**Required**: `false`<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
+```
+
+## **agent.prometheus.settings.histograms**
+**Required**: `false`<br>
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
 ```
 
-## **sysdig.collector.certificate.key**
+## **agent.statsd.enabled**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
+agent:
+  statsd:
+    enabled: true
 ```
 
-## **sysdig.worker.jvmOptions**
+## **agent.statsd.settings.limit**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  statsd:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.alerter.jvmOptions**
+## **agent.jmx.enabled**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  jmx:
+    enabled: true
 ```
 
-## **agent.apiKey**
+## **agent.jmx.settings.limit**
 **Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
 agent:
-  apiKey: replace_with_your_monitor_access_key
+  jmx:
+    settings:
+      limit: 1000
 ```
 
-## **agent.appChecks.settings.limit**
+## **agent.ebpf.enabled**
 **Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    settings:
-      limit: 1500
+  ebpf:
+    enabled: true
 ```
 
-## **agent.collectorEndpoint**
+## **agent.ebpf.settings.mountEtcVolume**
 **Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
 ```
 
-## **agent.collectorPort**
+## **agent.appChecks.elasticsearch.authEnabled**
 **Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  collectorPort: 6443
+  appChecks:
+    elasticsearch:
+      authEnabled: true
 ```
 
-## **agent.namespace**
+## **agent.appChecks.elasticsearch.url**
 **Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: <br>
-**Default**: `agent`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  namespace: sysdig-agent
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
 ```
 
-## **agent.useSlim**
+## **agent.appChecks.elasticsearch.port**
 **Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  useSlim: true
+  appChecks:
+    elasticsearch:
+      port: 9200
 ```
 
-## **agent.version**
+## **agent.appChecks.elasticsearch.username**
 **Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: <br>
-**Default**: `latest`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  version: 1.10.1
+  appChecks:
+    elasticsearch:
+      username: readonly
 ```
 
-## **agent.useSSL**
+## **agent.appChecks.elasticsearch.password**
 **Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  useSSL: false
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **agent.verifySSL**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  verifySSL: false
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **agent.clusterName**
-**Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  clusterName: false
+  appChecks:
+    kafka:
+      enabled: true
 ```
 
-## **agent.tags**
-**Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  tags: environment:production linux:ubuntu
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **agent.capturesEnabled**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  capturesEnabled: false
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **agent.feature_mode**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  feature_mode: troubleshooting
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **agent.timezone**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
 **Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  timezone: America/New_York.
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **agent.proxy.httpProxy**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
 **Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **agent.proxy.httpsProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **agent.proxy.noProxy**
-**Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **agent.snaplenPortRange.start**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
+**Description**: Whether to enable mysql app check.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **agent.snaplenPortRange.end**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **agent.customKernelModules.enabled**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  customKernelModules:
-    enabled: true
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **agent.secure.enabled**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    enabled: true
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **agent.secure.commandLineCapturesEnabled**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
+
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    commandLineCapturesEnabled: true
+  resources:
+    limits:
+      cpu: 2
 ```
 
-## **agent.secure.memoryDumpEnabled**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**:  The amount of memory assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
+
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    memoryDumpEnabled: true
+  resources:
+    limits:
+      memory: 2
 ```
 
-## **agent.secure.settings.k8sAuditServerURL**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
+
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
+  resources:
+    requests:
+      cpu: 2
 ```
 
-## **agent.secure.settings.k8sAuditServerPort**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
+
 **Example**:
 
 ```yaml
 agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
+  resources:
+    requests:
+      memory: 2
 ```
 
-## **agent.prometheus.enabled**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
+
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    enabled: true
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **agent.prometheus.settings.interval**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
+
 **Example**:
 
 ```yaml
 agent:
-  prometheus:
-    settings:
-      interval: 30
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **agent.prometheus.settings.logErrors**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Options**:<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **agent.prometheus.settings.maxMetrics**
+## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
 **Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Max duration after the last ping from an AC before it is considered
+disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
+**Options**:<br>
+**Default**: 10m<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        maxDurationBeforeDisconnection: 20m
 ```
 
-## **agent.prometheus.settings.maxMetricsPerProcess**
+## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
 **Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: TTL of the cache for the cluster configuration. It should be
+used by the AC as polling interval to retrieve the updated cluster configuration
+from the API. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        confTTLDuration: 10m
 ```
 
-## **agent.prometheus.settings.maxTagsPerMetric**
+## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
 **Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
+**Description**: TTL of an AC ping. It should be used by the AC as polling
+interval to perform a HEAD on the ping endpoint to notify it's still alive and
+connected. It cannot be greater than 30m and it cannot be greater than
+maxDurationBeforeDisconnection<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        pingTTLDuration: 8m
 ```
 
-## **agent.prometheus.settings.histograms**
+## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
 **Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Max duration of the cluster configuration cache. The API returns
+this value as max-age in seconds and the FE uses it for caching the cluster
+configuration. FE also asks for a new cluster configuration using this value
+as time interval. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      histograms: 3000
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        clusterConfCacheMaxDuration: 9m
 ```
 
-## **agent.statsd.enabled**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Options**:<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
-agent:
-  statsd:
-    enabled: true
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-## **agent.statsd.settings.limit**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
+**Description**: Cronjob schedule<br>
+**Options**:<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-## **agent.jmx.enabled**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
 
 ```yaml
-agent:
-  jmx:
-    enabled: true
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **agent.jmx.settings.limit**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
 
 ```yaml
-agent:
-  jmx:
-    settings:
-      limit: 1000
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```
 
-## **agent.ebpf.enabled**
+
+## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
+**Description**: This creates a deployment for Metadata-Service
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  ebpf:
+sysdig:
+  metadataService:
     enabled: true
 ```
 
-## **agent.ebpf.settings.mountEtcVolume**
+## **sysdig.resources.metadataService.limits.cpu**
 **Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
+**Description**: The amount of cpu assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
-## **agent.appChecks.elasticsearch.authEnabled**
-**Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
 ```
 
-## **agent.appChecks.elasticsearch.url**
+## **sysdig.resources.metadataService.limits.memory**
 **Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The amount of memory assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **agent.appChecks.elasticsearch.port**
+## **sysdig.resources.metadataService.requests.cpu**
 **Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **agent.appChecks.elasticsearch.username**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **agent.appChecks.elasticsearch.password**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+sysdig:
+  metadataServiceReplicaCount: 4
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  metadataServiceVersion: 1.0.1.12
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.activityAudit.enabled**
+**Required**: `false`<br>
+**Description**: Enable activity audit for Sysdig secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
+sysdig:
+  secure:
+    activityAudit:
       enabled: true
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **sysdig.secure.activityAudit.janitor.retentionDays**
+**Required**: `false`<br>
+**Description**: Retention period for Activity Audit data.<br>
+**Options**:<br>
+**Default**: 90<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
+sysdig:
+  secure:
+    activityAudit:
+      janitor:
+        retentionDays: 90
 ```
 
-## **agent.appChecks.kafka.url**
+## **sysdig.secure.anchore.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable anchore for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+sysdig:
+  secure:
+    anchore:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.port**
+## **sysdig.secure.compliance.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Enable compliance for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      port: 9200
+sysdig:
+  secure:
+    compliance:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **sysdig.secure.netsec.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable netsec for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+sysdig:
+  secure:
+    netsec:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.zk.port**
+## **sysdig.secure.overview.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Enable overview for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+sysdig:
+  secure:
+    overview:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.padvisor.enabled**
+**Required**: `false`<br>
+**Description**: Enable policy advisor for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
+sysdig:
+  secure:
+    padvisor:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.profiling.enabled**
+**Required**: `false`<br>
+**Description**: Enable profiling for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+sysdig:
+  secure:
+    profiling:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **sysdig.secure.scanning.reporting.enabled**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable reporting for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      enabled: true
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        enabled: true
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **sysdig.secure.scanning.enabled**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable scanning for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+sysdig:
+  secure:
+    scanning:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.user**
+## **sysdig.secure.events.enabled**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable events for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+sysdig:
+  secure:
+    events:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.password**
+## **sysdig.secure.eventsForwarder.enabled**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable events forwarder for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+sysdig:
+  secure:
+    eventsForwarder:
+      enabled: true
 ```
 
-## **agent.resources.limits.cpu**
+## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
+**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      cpu: 2
+    rapid-response-connector:
+      limits:
+        cpu: 1
 ```
 
-## **agent.resources.limits.memory**
+## **sysdig.resources.rapid-response-connector.limits.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
+**Description**: The amount of memory assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      memory: 2
+    rapid-response-connector:
+      limits:
+        memory: 500Mi
 ```
 
-## **agent.resources.requests.cpu**
+## **sysdig.resources.rapid-response-connector.requests.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      cpu: 2
+    rapid-response-connector:
+      requests:
+        cpu: 250m
 ```
 
-## **agent.resources.requests.memory**
+## **sysdig.resources.rapid-response-connector.requests.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
+**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      memory: 2
+    rapid-response-connector:
+      requests:
+        memory: 50Mi
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **sysdig.rapidResponseConnectorReplicaCount**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Description**: Number of Sysdig rapid-response-connector replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+sysdig:
+  rapidResponseConnectorReplicaCount: 1
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **sysdig.secure.rapidResponse.enabled**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Description**: Whether to deploy rapid response or not.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Default**: false<br>
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+sysdig:
+  secure:
+    rapidResponse:
+      enabled: false
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **sysdig.secure.rapidResponse.validationCodeLength**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Description**: Length of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: ""<br>
+**Default**: 6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+  secure:
+    rapidResponse:
+      validationCodeLength: 8
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: "5"<br>
+**Default**: 180<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+  secure:
+    rapidResponse:
+      validationCodeSecondsDuration: 8
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
+**Description**: Global duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Default**: 7200<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+    rapidResponse:
+      sessionTotalSecondsTTL: 7200
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+
+## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Description**: Idle duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "disable"<br>
+**Default**: 300<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+    rapidResponse:
+      sessionIdleSecondsTTL: 300
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+
+## **sysdig.secure.scanning.feedsEnabled**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
-**Example**:
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
+**Example**:
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+    scanning:
+      feedsEnabled: true
+```
+
+## **sysdig.feedsAPIVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds API version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsAPIVersion: 0.5.0
+```
+
+## **sysdig.feedsDBVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds database version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsDBVersion: 0.5.0-2020-03-11
 ```

From 9483fabbb381feb5c1f15659cf9f0b3b18f5fd00 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 7 Feb 2022 14:17:51 +0000
Subject: [PATCH 100/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 319 +++++++++++++++++++--
 1 file changed, 292 insertions(+), 27 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 0be21fe6..8d5fdddc 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -72,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
-and [full airgap instructions](../usage.md#full-airgap-installation) for more
+multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
+and [full airgap instructions](../README.md#full-airgap-install) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -321,6 +321,33 @@ elasticsearch:
   useES6: true
 ```
 
+## **elasticsearch.enableMetrics**
+**Required**: `false`<br>
+**Description**:
+Allow Elasticsearch to export prometheus metrics.
+
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  enableMetrics: true
+```
+
+## **sysdig.elasticsearchExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
+`elasticsearch.enableMetrics` is `true`.<br>
+**Options**:<br>
+**Default**: v1.2.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchExporterVersion: v1.2.0
+```
+
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -715,12 +742,12 @@ pvStorageSize:
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.6.1.2<br>
+**Default**: 0.8.1.32<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.21
+  anchoreVersion: 0.8.1.32
 ```
 
 ## **sysdig.accessKey**
@@ -803,23 +830,49 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
+## **sysdig.s3.capturesFolder**
+**Required**: `false`<br>
+**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    capturesFolder: my_captures_folder
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
 **Options**: <br>
-**Default**: 2.1.21.13<br>
+**Default**: 2.1.22.4<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.16
+  cassandraVersion: 2.1.22.4
+```
+
+## **sysdig.cassandraExporterVersion**
+**Required**: `false`<br>
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
+**Options**: <br>
+**Default**: latest<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraExporterVersion: latest
 ```
 
 ## **sysdig.cassandra.useCassandra3**
 **Required**: `false`<br>
 **Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -832,12 +885,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
 **Options**: <br>
-**Default**: `3.11.7.0`<br>
+**Default**: `3.11.11.1`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.7.0
+  cassandra3Version: 3.11.11.1
 ```
 
 ## **sysdig.cassandra.external**
@@ -896,6 +949,19 @@ sysdig:
    ssl: true
 ```
 
+## **sysdig.cassandra.enableMetrics**
+**Required**: `false`<br>
+**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   enableMetrics: true
+```
+
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1092,12 +1158,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.6<br>
+**Default**: 6.8.6.12<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.6
+  elasticsearch6Version: 6.8.6.12
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1209,12 +1275,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.5.1.7018
+  monitorVersion: 5.0.4.11001
 ```
 
 ## **sysdig.secureVersion**
@@ -1224,12 +1290,12 @@ configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 3.5.1.7018
+  secureVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1239,12 +1305,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.5.1.7018
+  sysdigAPIVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1254,12 +1320,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.5.1.7018
+  sysdigCollectorVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1269,12 +1335,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.5.1.7018
+  sysdigWorkerVersion: 5.0.4.11001
 ```
 
 ## **sysdig.enableAlerter**
@@ -1296,7 +1362,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
 **Options**:`true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -1361,6 +1427,32 @@ sysdig:
       apiToken: A_VALID_TOKEN
 ```
 
+## **sysdig.alertingSystem.alertNotifierReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertNotifier<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifierReplicaCount: 3
+```
+
+## **sysdig.alertingSystem.alertManagerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertManager<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManagerReplicaCount: 3
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1530,24 +1622,36 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.6.0.1<br>
+**Default**: 0.7.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.6.0.1
+  natsExporterVersion: 0.7.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.16.2.1<br>
+**Default**: 0.22.0.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.16.2.1
+  natsStreamingVersion: 0.22.0.2
+```
+
+## **sysdig.natsStreamingInitVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming init.<br>
+**Options**:<br>
+**Default**: 0.22.0.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingInitVersion: 0.22.0.2
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -8253,6 +8357,18 @@ sysdig:
     certificate:
       key: certs/collector.key
 ```
+## **sysdig.worker.enabled**
+**Required**: `false`<br>
+**Description**: Enables Sysdig Worker component<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    enabled: true
+```
 
 ## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
@@ -9275,6 +9391,18 @@ sysdig:
   scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
+## **sysdig.scanningAlertMgrForceAutoScan**
+**Required**: `false`<br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Options**:<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  scanningAlertMgrForceAutoScan: false
+```
+
 ## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
 **Description**: Cronjob schedule<br>
@@ -9320,7 +9448,7 @@ sysdig:
 
 ## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: This creates a deployment for Metadata-Service
+**Description**: Whether to enable metadata-service or not
 **Do not modify this unless you
 know what you are doing as modifying it could have unintended
 consequences**<br>
@@ -9455,6 +9583,143 @@ sysdig:
   metadataServiceVersion: 1.0.1.12
 ```
 
+## **sysdig.helmRenderer.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  helmRenderer:
+    enabled: true
+```
+
+## **sysdig.resources.helmRenderer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.helmRenderer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.helmRenderer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.helmRenderer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.helmRendererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
+**Example**:
+
+```yaml
+sysdig:
+  helmRendererReplicaCount: 4
+```
+
+## **sysdig.helmRendererVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 0.1.32<br>
+**Example**:
+
+```yaml
+sysdig:
+  helmRendererVersion: 0.1.32
+```
+
 ## **sysdig.secure.activityAudit.enabled**
 **Required**: `false`<br>
 **Description**: Enable activity audit for Sysdig secure.<br>

From b14136c335d476ec1512d3e6cd93c891cfb65d6e Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 23 Feb 2022 11:09:47 +0000
Subject: [PATCH 101/156] updating installer docs

---
 installer/examples/rbac/README.md             |   7 +-
 .../rbac/openshift-pgha/clusterrole.yaml      | 236 ++++++++++++++++++
 .../openshift-pgha/clusterrolebinding.yaml    |  57 +++++
 .../examples/rbac/openshift-pgha/role.yaml    |  96 +++++++
 .../rbac/openshift-pgha/rolebinding.yaml      |  15 ++
 .../examples/rbac/openshift-pgha/sa.yaml      |   7 +
 .../examples/rbac/openshift/clusterrole.yaml  |  64 +++++
 .../rbac/openshift/clusterrolebinding.yaml    |  57 +++++
 installer/examples/rbac/openshift/role.yaml   |  96 +++++++
 .../examples/rbac/openshift/rolebinding.yaml  |  15 ++
 installer/examples/rbac/openshift/sa.yaml     |   7 +
 11 files changed, 656 insertions(+), 1 deletion(-)
 create mode 100644 installer/examples/rbac/openshift-pgha/clusterrole.yaml
 create mode 100644 installer/examples/rbac/openshift-pgha/clusterrolebinding.yaml
 create mode 100644 installer/examples/rbac/openshift-pgha/role.yaml
 create mode 100644 installer/examples/rbac/openshift-pgha/rolebinding.yaml
 create mode 100644 installer/examples/rbac/openshift-pgha/sa.yaml
 create mode 100644 installer/examples/rbac/openshift/clusterrole.yaml
 create mode 100644 installer/examples/rbac/openshift/clusterrolebinding.yaml
 create mode 100644 installer/examples/rbac/openshift/role.yaml
 create mode 100644 installer/examples/rbac/openshift/rolebinding.yaml
 create mode 100644 installer/examples/rbac/openshift/sa.yaml

diff --git a/installer/examples/rbac/README.md b/installer/examples/rbac/README.md
index b5908716..a84b9c7c 100644
--- a/installer/examples/rbac/README.md
+++ b/installer/examples/rbac/README.md
@@ -16,7 +16,10 @@
 - allows the execution of `installer` as-is, including rights for `StorageClass` and `IngressController`
 
 [openshift](openshift)
-- TBD
+- same base of `fullaccess` with some ocp specific bindings: the scc ones that give the installer the power of running `oc adm policy add-scc-to-user <scc> <installer-sa>`. Please be aware that this example will not work with openshift 3.11, in that case you need to create the scc roles first (with `use` as verb)
+
+[openshift-pgha](openshift-pgha)
+- same of `openshift` but the installer sa has more grants since it need to create a clusterroles for the zalando postgres operator service account.
 
 ## Instructions
 
@@ -29,3 +32,5 @@
 - create a `kubeconfig` for the ServiceAccount installer
 
 - use the `kubeconfig` to execute the installer
+
+- protip: if you have the openshift binary installed you can just use `oc serviceaccounts create-kubeconfig installer` and this will create the serviceaccount kubeconfig for you
diff --git a/installer/examples/rbac/openshift-pgha/clusterrole.yaml b/installer/examples/rbac/openshift-pgha/clusterrole.yaml
new file mode 100644
index 00000000..8811e8a2
--- /dev/null
+++ b/installer/examples/rbac/openshift-pgha/clusterrole.yaml
@@ -0,0 +1,236 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: installer
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - patch
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - nodes
+  - persistentvolumes
+  - pods
+  - secrets
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+# No GS
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - create
+  - update
+# No Gs
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  - clusterroles
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - list
+  - watch
+  - get
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses/status
+  verbs:
+  - update
+# -----> PG HA
+# PG Ha notes: Even if we are going to repeat some apigroup/resources this is how we can
+# grants all the rbac we need and at the same time use the less-privileges method
+# -----> Not d-r-y but better than wide grants
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - delete
+  - create
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - delete
+  - deletecollection
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - delete
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - update
+  - patch
+# We need to have the grants to have the power to create grants at cluster level to the target sa
+- apiGroups:
+  - acid.zalan.do
+  resources:
+  - postgresqls
+  - postgresqls/status
+  - operatorconfigurations
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+# operator only reads PostgresTeams
+- apiGroups:
+  - acid.zalan.do
+  resources:
+  - postgresteams
+  verbs:
+  - get
+  - list
+  - watch
+# to create or get/update CRDs when starting up
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - create
+  - get
+  - patch
+  - update
+# to watch Spilo pods and do rolling updates. Creation via StatefulSet
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - delete
+  - update
+  - patch
+# to resize the filesystem in Spilo pods when increasing volume size
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - create
+# to get namespaces operator resources can run in
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+# to create sts/cronjob/pdb
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - delete
+  - get
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - create
+  - delete
+  - get
+...
diff --git a/installer/examples/rbac/openshift-pgha/clusterrolebinding.yaml b/installer/examples/rbac/openshift-pgha/clusterrolebinding.yaml
new file mode 100644
index 00000000..44151781
--- /dev/null
+++ b/installer/examples/rbac/openshift-pgha/clusterrolebinding.yaml
@@ -0,0 +1,57 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: installer
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+---
+# We need the scc clusterrole to be able to
+# grants scc to sysdig service-accounts in
+# sysdig namespace.
+#
+# Starting from OCP 4.6 we already have
+# all the built-in clusteroles:
+#
+# system:openshift:scc:anyuid
+# system:openshift:scc:hostaccess
+# system:openshift:scc:hostmount
+# system:openshift:scc:hostnetwork
+# system:openshift:scc:nonroot
+# system:openshift:scc:privileged
+# system:openshift:scc:restricted
+#
+# According to:
+# https://github.com/draios/installer/blob/4d7b1886c4c91796a17c706eb85a20e6e25ba041/installer/pkg/installer/deploy.go#L1298-L1306
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer-scc-anyuid
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:anyuid
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer-scc-privileged
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:privileged
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+...
diff --git a/installer/examples/rbac/openshift-pgha/role.yaml b/installer/examples/rbac/openshift-pgha/role.yaml
new file mode 100644
index 00000000..6b8912bf
--- /dev/null
+++ b/installer/examples/rbac/openshift-pgha/role.yaml
@@ -0,0 +1,96 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: sysdigcloud
+  name: installer
+rules:
+  - apiGroups: 
+      - networking.k8s.io
+    resources: 
+      - ingresses
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - update
+      - delete
+  - apiGroups:
+      - 'policy'
+    resources:
+      - poddisruptionbudgets
+    verbs:
+      - create
+      - update
+      - get
+      - list
+      - patch
+  - apiGroups:
+      - '*'
+    resources:
+      - networkpolicies
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - '*'
+    resources:
+      - cronjobs
+      - configmaps
+      - deployments
+      - deployments/scale
+      - daemonsets
+      - endpoints
+      - events
+      - jobs
+      - namespaces
+      - podtemplates
+      - podsecuritypolicies
+      - pods
+      - pods/log
+      - pods/exec
+      - pod/delete
+      - pod/status
+      - podpreset
+      - persistentvolumeclaims
+      - replicationcontrollers
+      - replicasets
+      - secrets
+      - services
+      - serviceaccounts
+      - statefulsets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - '*'
+    resources:
+      - namespace
+    verbs:
+      - create
+      - get
+      - list
+      - update
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - roles
+      - rolebindings
+    verbs:
+      - create
+      - update
+      - delete
+      - get
+      - list
+...
diff --git a/installer/examples/rbac/openshift-pgha/rolebinding.yaml b/installer/examples/rbac/openshift-pgha/rolebinding.yaml
new file mode 100644
index 00000000..6ccd2581
--- /dev/null
+++ b/installer/examples/rbac/openshift-pgha/rolebinding.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: installer
+  namespace: sysdigcloud
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: installer
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+...
diff --git a/installer/examples/rbac/openshift-pgha/sa.yaml b/installer/examples/rbac/openshift-pgha/sa.yaml
new file mode 100644
index 00000000..a59bb243
--- /dev/null
+++ b/installer/examples/rbac/openshift-pgha/sa.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: installer
+  namespace: sysdigcloud
+...
diff --git a/installer/examples/rbac/openshift/clusterrole.yaml b/installer/examples/rbac/openshift/clusterrole.yaml
new file mode 100644
index 00000000..68994eae
--- /dev/null
+++ b/installer/examples/rbac/openshift/clusterrole.yaml
@@ -0,0 +1,64 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: installer
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - patch
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - nodes
+  - persistentvolumes
+  - pods
+  - secrets
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+# No GS
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - create
+  - update
+# No Gs
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  - clusterroles
+  verbs:
+  - get
+  - list
+  - patch
+  - create
+  - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - list
+  - watch
+  - get
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses/status
+  verbs:
+  - update
+...
diff --git a/installer/examples/rbac/openshift/clusterrolebinding.yaml b/installer/examples/rbac/openshift/clusterrolebinding.yaml
new file mode 100644
index 00000000..44151781
--- /dev/null
+++ b/installer/examples/rbac/openshift/clusterrolebinding.yaml
@@ -0,0 +1,57 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: installer
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+---
+# We need the scc clusterrole to be able to
+# grants scc to sysdig service-accounts in
+# sysdig namespace.
+#
+# Starting from OCP 4.6 we already have
+# all the built-in clusteroles:
+#
+# system:openshift:scc:anyuid
+# system:openshift:scc:hostaccess
+# system:openshift:scc:hostmount
+# system:openshift:scc:hostnetwork
+# system:openshift:scc:nonroot
+# system:openshift:scc:privileged
+# system:openshift:scc:restricted
+#
+# According to:
+# https://github.com/draios/installer/blob/4d7b1886c4c91796a17c706eb85a20e6e25ba041/installer/pkg/installer/deploy.go#L1298-L1306
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer-scc-anyuid
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:anyuid
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer-scc-privileged
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:privileged
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+...
diff --git a/installer/examples/rbac/openshift/role.yaml b/installer/examples/rbac/openshift/role.yaml
new file mode 100644
index 00000000..6b8912bf
--- /dev/null
+++ b/installer/examples/rbac/openshift/role.yaml
@@ -0,0 +1,96 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: sysdigcloud
+  name: installer
+rules:
+  - apiGroups: 
+      - networking.k8s.io
+    resources: 
+      - ingresses
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - update
+      - delete
+  - apiGroups:
+      - 'policy'
+    resources:
+      - poddisruptionbudgets
+    verbs:
+      - create
+      - update
+      - get
+      - list
+      - patch
+  - apiGroups:
+      - '*'
+    resources:
+      - networkpolicies
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - '*'
+    resources:
+      - cronjobs
+      - configmaps
+      - deployments
+      - deployments/scale
+      - daemonsets
+      - endpoints
+      - events
+      - jobs
+      - namespaces
+      - podtemplates
+      - podsecuritypolicies
+      - pods
+      - pods/log
+      - pods/exec
+      - pod/delete
+      - pod/status
+      - podpreset
+      - persistentvolumeclaims
+      - replicationcontrollers
+      - replicasets
+      - secrets
+      - services
+      - serviceaccounts
+      - statefulsets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - '*'
+    resources:
+      - namespace
+    verbs:
+      - create
+      - get
+      - list
+      - update
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - roles
+      - rolebindings
+    verbs:
+      - create
+      - update
+      - delete
+      - get
+      - list
+...
diff --git a/installer/examples/rbac/openshift/rolebinding.yaml b/installer/examples/rbac/openshift/rolebinding.yaml
new file mode 100644
index 00000000..6ccd2581
--- /dev/null
+++ b/installer/examples/rbac/openshift/rolebinding.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: installer
+  namespace: sysdigcloud
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: installer
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+...
diff --git a/installer/examples/rbac/openshift/sa.yaml b/installer/examples/rbac/openshift/sa.yaml
new file mode 100644
index 00000000..a59bb243
--- /dev/null
+++ b/installer/examples/rbac/openshift/sa.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: installer
+  namespace: sysdigcloud
+...

From 52d2c32ea998f65752f771c7a6dc7aa1d4a9571c Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 1 Apr 2022 21:12:44 +0000
Subject: [PATCH 102/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 41 ++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 8d5fdddc..1f3bd78e 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -37,6 +37,19 @@ Disk, and Replicas.<br>
 size: medium
 ```
 
+## **kubernetesServerVersion**
+**Required**: `false`<br>
+**Description**: The Kubernetes version of the targeted cluster.
+ This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1` 
+ must be used with k8s version 1.22+. <br/>
+**Options**:<br>
+**Default**:If not provided, it will be pulled during `generate` and/or `import` phases. <br>
+**Example**:
+
+```yaml
+kubernetesServerVersion: v1.18.10
+```
+
 ## **storageClassProvisioner**
 **Required**: `false`<br>
 **Description**: The name of the [storage class
@@ -9890,6 +9903,34 @@ sysdig:
       enabled: true
 ```
 
+## **sysdig.secure.falcoRulesUpdater.enabled**
+**Required**: `false`<br>
+**Description**: Enable the falcoRulesUpdater CronJob. It runs an automated update of the Falco rules. For airgap installs, it expects to find the image in the same registry used for all other services.<br>
+**Options**:<br>
+**Default**: false<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    falcoRulesUpdater:
+      enabled: true
+```
+
+## **sysdig.secure.falcoRulesUpdater.schedule**
+**Required**: `false`<br>
+**Description**: Sets the `.spec.schedule` for the falcoRulesUpdater CronJob<br>
+**Options**:<br>
+**Default**: "0 1 * * *"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    falcoRulesUpdater:
+      schedule: "*/10 * * * *"
+```
+
 ## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to rapid-response-connector pods<br>

From 85b35a7e93630b03024f71023d3a71db2421e501 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 19 Apr 2022 09:50:05 +0000
Subject: [PATCH 103/156] updating installer docs

---
 installer/examples/rbac/README.md             |   5 +-
 .../examples/rbac/fullaccess/clusterrole.yaml |   7 --
 .../openshift-nopgha-noagent/clusterrole.yaml |  39 ++++++
 .../clusterrolebinding.yaml                   |  57 +++++++++
 .../rbac/openshift-nopgha-noagent/role.yaml   | 117 ++++++++++++++++++
 .../openshift-nopgha-noagent/rolebinding.yaml |  15 +++
 .../rbac/openshift-nopgha-noagent/sa.yaml     |   7 ++
 .../rbac/openshift-pgha/clusterrole.yaml      |  11 +-
 .../examples/rbac/openshift/clusterrole.yaml  |   9 --
 9 files changed, 241 insertions(+), 26 deletions(-)
 create mode 100644 installer/examples/rbac/openshift-nopgha-noagent/clusterrole.yaml
 create mode 100644 installer/examples/rbac/openshift-nopgha-noagent/clusterrolebinding.yaml
 create mode 100644 installer/examples/rbac/openshift-nopgha-noagent/role.yaml
 create mode 100644 installer/examples/rbac/openshift-nopgha-noagent/rolebinding.yaml
 create mode 100644 installer/examples/rbac/openshift-nopgha-noagent/sa.yaml

diff --git a/installer/examples/rbac/README.md b/installer/examples/rbac/README.md
index a84b9c7c..cd8ae585 100644
--- a/installer/examples/rbac/README.md
+++ b/installer/examples/rbac/README.md
@@ -1,4 +1,4 @@
-# RBAC for Installer (work in progress) v0.0.0a
+# RBAC for Installer
 
 - RBAC resources required to run the `installer`
 
@@ -21,6 +21,9 @@
 [openshift-pgha](openshift-pgha)
 - same of `openshift` but the installer sa has more grants since it need to create a clusterroles for the zalando postgres operator service account.
 
+[openshift-nopgha-noagent](openshift-nopgha-noagent)
+- openshift case where we don't need rbac to deploy the agent since is done externally to the installer and we already have a zalando postgres operator installed so we just need to use it.
+
 ## Instructions
 
 - for each usecase we provide YAMLs to create the necessary RBAC resources
diff --git a/installer/examples/rbac/fullaccess/clusterrole.yaml b/installer/examples/rbac/fullaccess/clusterrole.yaml
index b989b23c..4c011a3d 100644
--- a/installer/examples/rbac/fullaccess/clusterrole.yaml
+++ b/installer/examples/rbac/fullaccess/clusterrole.yaml
@@ -4,13 +4,6 @@ kind: ClusterRole
 metadata:
   name: installer
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - patch
-  - create
 - apiGroups:
   - ""
   resources:
diff --git a/installer/examples/rbac/openshift-nopgha-noagent/clusterrole.yaml b/installer/examples/rbac/openshift-nopgha-noagent/clusterrole.yaml
new file mode 100644
index 00000000..a3b97b33
--- /dev/null
+++ b/installer/examples/rbac/openshift-nopgha-noagent/clusterrole.yaml
@@ -0,0 +1,39 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: installer
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - nodes
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+...
diff --git a/installer/examples/rbac/openshift-nopgha-noagent/clusterrolebinding.yaml b/installer/examples/rbac/openshift-nopgha-noagent/clusterrolebinding.yaml
new file mode 100644
index 00000000..44151781
--- /dev/null
+++ b/installer/examples/rbac/openshift-nopgha-noagent/clusterrolebinding.yaml
@@ -0,0 +1,57 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: installer
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+---
+# We need the scc clusterrole to be able to
+# grants scc to sysdig service-accounts in
+# sysdig namespace.
+#
+# Starting from OCP 4.6 we already have
+# all the built-in clusteroles:
+#
+# system:openshift:scc:anyuid
+# system:openshift:scc:hostaccess
+# system:openshift:scc:hostmount
+# system:openshift:scc:hostnetwork
+# system:openshift:scc:nonroot
+# system:openshift:scc:privileged
+# system:openshift:scc:restricted
+#
+# According to:
+# https://github.com/draios/installer/blob/4d7b1886c4c91796a17c706eb85a20e6e25ba041/installer/pkg/installer/deploy.go#L1298-L1306
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer-scc-anyuid
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:anyuid
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: installer-scc-privileged
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:privileged
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+...
diff --git a/installer/examples/rbac/openshift-nopgha-noagent/role.yaml b/installer/examples/rbac/openshift-nopgha-noagent/role.yaml
new file mode 100644
index 00000000..6825dcdd
--- /dev/null
+++ b/installer/examples/rbac/openshift-nopgha-noagent/role.yaml
@@ -0,0 +1,117 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: sysdigcloud
+  name: installer
+rules:
+  - apiGroups: 
+      - networking.k8s.io
+    resources: 
+      - ingresses
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - update
+      - delete
+  - apiGroups:
+      - 'policy'
+    resources:
+      - poddisruptionbudgets
+    verbs:
+      - create
+      - update
+      - get
+      - list
+      - patch
+  - apiGroups:
+      - '*'
+    resources:
+      - networkpolicies
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - '*'
+    resources:
+      - cronjobs
+      - configmaps
+      - deployments
+      - deployments/scale
+      - daemonsets
+      - endpoints
+      - events
+      - jobs
+      - namespaces
+      - podtemplates
+      - podsecuritypolicies
+      - pods
+      - pods/log
+      - pods/exec
+      - pod/delete
+      - pod/status
+      - podpreset
+      - persistentvolumeclaims
+      - replicationcontrollers
+      - replicasets
+      - secrets
+      - services
+      - serviceaccounts
+      - statefulsets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - roles
+      - rolebindings
+    verbs:
+      - create
+      - update
+      - delete
+      - get
+      - list
+  - apiGroups:
+    - acid.zalan.do
+    resources:
+    - postgresqls
+    - postgresqls/status
+    verbs:
+    - create
+    - delete
+    - deletecollection
+    - get
+    - list
+    - patch
+    - update
+    - watch
+  - apiGroups:
+    - acid.zalan.do
+    resources:
+    - postgresteams
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - acid.zalan.do
+    resources:
+    - operatorconfigurations
+    verbs:
+    - get
+    - list
+    - watch
+...
diff --git a/installer/examples/rbac/openshift-nopgha-noagent/rolebinding.yaml b/installer/examples/rbac/openshift-nopgha-noagent/rolebinding.yaml
new file mode 100644
index 00000000..6ccd2581
--- /dev/null
+++ b/installer/examples/rbac/openshift-nopgha-noagent/rolebinding.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: installer
+  namespace: sysdigcloud
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: installer
+subjects:
+- kind: ServiceAccount
+  name: installer
+  namespace: sysdigcloud
+...
diff --git a/installer/examples/rbac/openshift-nopgha-noagent/sa.yaml b/installer/examples/rbac/openshift-nopgha-noagent/sa.yaml
new file mode 100644
index 00000000..a59bb243
--- /dev/null
+++ b/installer/examples/rbac/openshift-nopgha-noagent/sa.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: installer
+  namespace: sysdigcloud
+...
diff --git a/installer/examples/rbac/openshift-pgha/clusterrole.yaml b/installer/examples/rbac/openshift-pgha/clusterrole.yaml
index 8811e8a2..e402d2f8 100644
--- a/installer/examples/rbac/openshift-pgha/clusterrole.yaml
+++ b/installer/examples/rbac/openshift-pgha/clusterrole.yaml
@@ -4,13 +4,6 @@ kind: ClusterRole
 metadata:
   name: installer
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - patch
-  - create
 - apiGroups:
   - ""
   resources:
@@ -25,7 +18,6 @@ rules:
   - get
   - list
   - watch
-# No GS
 - apiGroups:
   - storage.k8s.io
   resources:
@@ -35,7 +27,6 @@ rules:
   - list
   - create
   - update
-# No Gs
 - apiGroups:
   - rbac.authorization.k8s.io
   resources:
@@ -112,6 +103,8 @@ rules:
   - list
   - update
   - watch
+  - patch
+  - create
 - apiGroups:
   - ""
   resources:
diff --git a/installer/examples/rbac/openshift/clusterrole.yaml b/installer/examples/rbac/openshift/clusterrole.yaml
index 68994eae..65dcbf14 100644
--- a/installer/examples/rbac/openshift/clusterrole.yaml
+++ b/installer/examples/rbac/openshift/clusterrole.yaml
@@ -4,13 +4,6 @@ kind: ClusterRole
 metadata:
   name: installer
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - patch
-  - create
 - apiGroups:
   - ""
   resources:
@@ -25,7 +18,6 @@ rules:
   - get
   - list
   - watch
-# No GS
 - apiGroups:
   - storage.k8s.io
   resources:
@@ -35,7 +27,6 @@ rules:
   - list
   - create
   - update
-# No Gs
 - apiGroups:
   - rbac.authorization.k8s.io
   resources:

From c0fcfef9891f8b522dcf802ccc7d22eb7a87cdc3 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 25 Apr 2022 21:18:37 +0000
Subject: [PATCH 104/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 374 +++------------------
 1 file changed, 41 insertions(+), 333 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 1f3bd78e..fcae0e4f 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -37,19 +37,6 @@ Disk, and Replicas.<br>
 size: medium
 ```
 
-## **kubernetesServerVersion**
-**Required**: `false`<br>
-**Description**: The Kubernetes version of the targeted cluster.
- This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1` 
- must be used with k8s version 1.22+. <br/>
-**Options**:<br>
-**Default**:If not provided, it will be pulled during `generate` and/or `import` phases. <br>
-**Example**:
-
-```yaml
-kubernetesServerVersion: v1.18.10
-```
-
 ## **storageClassProvisioner**
 **Required**: `false`<br>
 **Description**: The name of the [storage class
@@ -85,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
-and [full airgap instructions](../README.md#full-airgap-install) for more
+multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
+and [full airgap instructions](../usage.md#full-airgap-installation) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -334,33 +321,6 @@ elasticsearch:
   useES6: true
 ```
 
-## **elasticsearch.enableMetrics**
-**Required**: `false`<br>
-**Description**:
-Allow Elasticsearch to export prometheus metrics.
-
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-elasticsearch:
-  enableMetrics: true
-```
-
-## **sysdig.elasticsearchExporterVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
-`elasticsearch.enableMetrics` is `true`.<br>
-**Options**:<br>
-**Default**: v1.2.0<br>
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchExporterVersion: v1.2.0
-```
-
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -755,12 +715,12 @@ pvStorageSize:
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.32<br>
+**Default**: 0.6.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.32
+  anchoreVersion: 0.8.1.21
 ```
 
 ## **sysdig.accessKey**
@@ -843,49 +803,23 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
-## **sysdig.s3.capturesFolder**
-**Required**: `false`<br>
-**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    capturesFolder: my_captures_folder
-```
-
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
 **Options**: <br>
-**Default**: 2.1.22.4<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraVersion: 2.1.22.4
-```
-
-## **sysdig.cassandraExporterVersion**
-**Required**: `false`<br>
-**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
-**Options**: <br>
-**Default**: latest<br>
+**Default**: 2.1.21.13<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraExporterVersion: latest
+  cassandraVersion: 2.1.21.16
 ```
 
 ## **sysdig.cassandra.useCassandra3**
 **Required**: `false`<br>
 **Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -898,12 +832,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
 **Options**: <br>
-**Default**: `3.11.11.1`<br>
+**Default**: `3.11.7.0`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.11.1
+  cassandra3Version: 3.11.7.0
 ```
 
 ## **sysdig.cassandra.external**
@@ -962,19 +896,6 @@ sysdig:
    ssl: true
 ```
 
-## **sysdig.cassandra.enableMetrics**
-**Required**: `false`<br>
-**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
- cassandra:
-   enableMetrics: true
-```
-
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1171,12 +1092,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.12<br>
+**Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.12
+  elasticsearch6Version: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1288,12 +1209,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.4.11001
+  monitorVersion: 3.5.1.7018
 ```
 
 ## **sysdig.secureVersion**
@@ -1303,12 +1224,12 @@ configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.4.11001
+  secureVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1318,12 +1239,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.4.11001
+  sysdigAPIVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1333,12 +1254,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.4.11001
+  sysdigCollectorVersion: 3.5.1.7018
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1348,12 +1269,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.5.1.7018<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.4.11001
+  sysdigWorkerVersion: 3.5.1.7018
 ```
 
 ## **sysdig.enableAlerter**
@@ -1375,7 +1296,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
 **Options**:`true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -1440,32 +1361,6 @@ sysdig:
       apiToken: A_VALID_TOKEN
 ```
 
-## **sysdig.alertingSystem.alertNotifierReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertNotifier<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifierReplicaCount: 3
-```
-
-## **sysdig.alertingSystem.alertManagerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertManager<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManagerReplicaCount: 3
-```
-
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1635,36 +1530,24 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.7.0.1<br>
+**Default**: 0.6.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.7.0.1
+  natsExporterVersion: 0.6.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.22.0.2<br>
+**Default**: 0.16.2.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.22.0.2
-```
-
-## **sysdig.natsStreamingInitVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of NATS streaming init.<br>
-**Options**:<br>
-**Default**: 0.22.0.2<br>
-**Example**:
-
-```yaml
-sysdig:
-  natsStreamingInitVersion: 0.22.0.2
+  natsStreamingVersion: 0.16.2.1
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -2013,6 +1896,20 @@ sysdig:
       replicas: 3
 ```
 
+## **sysdig.postgresql.ha.checkCRDs**
+**Required**: `false`<br>
+**Description**: Check if zalando pg operator CRDs are already present, if yes stop the installation. If disable the installation will continue to be performed even if the CRDs are present.
+**Options**:<br>
+**Default**: `true`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      checkCRD: true
+```
 
 ## **sysdig.postgresql.ha.enableExporter**
 **Required**: `false`<br>
@@ -8370,18 +8267,6 @@ sysdig:
     certificate:
       key: certs/collector.key
 ```
-## **sysdig.worker.enabled**
-**Required**: `false`<br>
-**Description**: Enables Sysdig Worker component<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    enabled: true
-```
 
 ## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
@@ -9404,18 +9289,6 @@ sysdig:
   scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-## **sysdig.scanningAlertMgrForceAutoScan**
-**Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
-**Options**:<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  scanningAlertMgrForceAutoScan: false
-```
-
 ## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
 **Description**: Cronjob schedule<br>
@@ -9461,7 +9334,7 @@ sysdig:
 
 ## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: Whether to enable metadata-service or not
+**Description**: This creates a deployment for Metadata-Service
 **Do not modify this unless you
 know what you are doing as modifying it could have unintended
 consequences**<br>
@@ -9596,143 +9469,6 @@ sysdig:
   metadataServiceVersion: 1.0.1.12
 ```
 
-## **sysdig.helmRenderer.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  helmRenderer:
-    enabled: true
-```
-
-## **sysdig.resources.helmRenderer.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.helmRenderer.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        memory: 10Mi
-```
-
-## **sysdig.resources.helmRenderer.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.helmRenderer.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.helmRendererReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
-
-**Example**:
-
-```yaml
-sysdig:
-  helmRendererReplicaCount: 4
-```
-
-## **sysdig.helmRendererVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 0.1.32<br>
-**Example**:
-
-```yaml
-sysdig:
-  helmRendererVersion: 0.1.32
-```
-
 ## **sysdig.secure.activityAudit.enabled**
 **Required**: `false`<br>
 **Description**: Enable activity audit for Sysdig secure.<br>
@@ -9903,34 +9639,6 @@ sysdig:
       enabled: true
 ```
 
-## **sysdig.secure.falcoRulesUpdater.enabled**
-**Required**: `false`<br>
-**Description**: Enable the falcoRulesUpdater CronJob. It runs an automated update of the Falco rules. For airgap installs, it expects to find the image in the same registry used for all other services.<br>
-**Options**:<br>
-**Default**: false<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    falcoRulesUpdater:
-      enabled: true
-```
-
-## **sysdig.secure.falcoRulesUpdater.schedule**
-**Required**: `false`<br>
-**Description**: Sets the `.spec.schedule` for the falcoRulesUpdater CronJob<br>
-**Options**:<br>
-**Default**: "0 1 * * *"<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    falcoRulesUpdater:
-      schedule: "*/10 * * * *"
-```
-
 ## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to rapid-response-connector pods<br>

From 8e2de2d3ff8a81cdb1fe904b6de5c903e2ba822e Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 26 Apr 2022 21:24:27 +0000
Subject: [PATCH 105/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 333 ++++++++++++++++++---
 1 file changed, 292 insertions(+), 41 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index fcae0e4f..3c2ddd94 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -72,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
-and [full airgap instructions](../usage.md#full-airgap-installation) for more
+multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
+and [full airgap instructions](../README.md#full-airgap-install) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -321,6 +321,33 @@ elasticsearch:
   useES6: true
 ```
 
+## **elasticsearch.enableMetrics**
+**Required**: `false`<br>
+**Description**:
+Allow Elasticsearch to export prometheus metrics.
+
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  enableMetrics: true
+```
+
+## **sysdig.elasticsearchExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
+`elasticsearch.enableMetrics` is `true`.<br>
+**Options**:<br>
+**Default**: v1.2.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchExporterVersion: v1.2.0
+```
+
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -715,12 +742,12 @@ pvStorageSize:
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.6.1.2<br>
+**Default**: 0.8.1.32<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.21
+  anchoreVersion: 0.8.1.32
 ```
 
 ## **sysdig.accessKey**
@@ -803,23 +830,49 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
+## **sysdig.s3.capturesFolder**
+**Required**: `false`<br>
+**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    capturesFolder: my_captures_folder
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
 **Options**: <br>
-**Default**: 2.1.21.13<br>
+**Default**: 2.1.22.4<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraVersion: 2.1.22.4
+```
+
+## **sysdig.cassandraExporterVersion**
+**Required**: `false`<br>
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
+**Options**: <br>
+**Default**: latest<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.16
+  cassandraExporterVersion: latest
 ```
 
 ## **sysdig.cassandra.useCassandra3**
 **Required**: `false`<br>
 **Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -832,12 +885,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
 **Options**: <br>
-**Default**: `3.11.7.0`<br>
+**Default**: `3.11.11.1`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.7.0
+  cassandra3Version: 3.11.11.1
 ```
 
 ## **sysdig.cassandra.external**
@@ -896,6 +949,19 @@ sysdig:
    ssl: true
 ```
 
+## **sysdig.cassandra.enableMetrics**
+**Required**: `false`<br>
+**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   enableMetrics: true
+```
+
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1092,12 +1158,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.6<br>
+**Default**: 6.8.6.12<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.6
+  elasticsearch6Version: 6.8.6.12
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1209,12 +1275,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 5.0.5.11721<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.5.1.7018
+  monitorVersion: 5.0.5.11721
 ```
 
 ## **sysdig.secureVersion**
@@ -1224,12 +1290,12 @@ configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 5.0.5.11721<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 3.5.1.7018
+  secureVersion: 5.0.5.11721
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1239,12 +1305,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 5.0.5.11721<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.5.1.7018
+  sysdigAPIVersion: 5.0.5.11721
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1254,12 +1320,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 5.0.5.11721<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.5.1.7018
+  sysdigCollectorVersion: 5.0.5.11721
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1269,12 +1335,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.5.1.7018<br>
+**Default**: 5.0.5.11721<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.5.1.7018
+  sysdigWorkerVersion: 5.0.5.11721
 ```
 
 ## **sysdig.enableAlerter**
@@ -1296,7 +1362,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
 **Options**:`true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -1361,6 +1427,32 @@ sysdig:
       apiToken: A_VALID_TOKEN
 ```
 
+## **sysdig.alertingSystem.alertNotifierReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertNotifier<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifierReplicaCount: 3
+```
+
+## **sysdig.alertingSystem.alertManagerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertManager<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManagerReplicaCount: 3
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1530,24 +1622,36 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.6.0.1<br>
+**Default**: 0.7.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.6.0.1
+  natsExporterVersion: 0.7.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.16.2.1<br>
+**Default**: 0.22.0.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.16.2.1
+  natsStreamingVersion: 0.22.0.2
+```
+
+## **sysdig.natsStreamingInitVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming init.<br>
+**Options**:<br>
+**Default**: 0.22.0.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingInitVersion: 0.22.0.2
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1896,20 +2000,6 @@ sysdig:
       replicas: 3
 ```
 
-## **sysdig.postgresql.ha.checkCRDs**
-**Required**: `false`<br>
-**Description**: Check if zalando pg operator CRDs are already present, if yes stop the installation. If disable the installation will continue to be performed even if the CRDs are present.
-**Options**:<br>
-**Default**: `true`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      checkCRD: true
-```
 
 ## **sysdig.postgresql.ha.enableExporter**
 **Required**: `false`<br>
@@ -8267,6 +8357,18 @@ sysdig:
     certificate:
       key: certs/collector.key
 ```
+## **sysdig.worker.enabled**
+**Required**: `false`<br>
+**Description**: Enables Sysdig Worker component<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    enabled: true
+```
 
 ## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
@@ -9289,6 +9391,18 @@ sysdig:
   scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
+## **sysdig.scanningAlertMgrForceAutoScan**
+**Required**: `false`<br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Options**:<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  scanningAlertMgrForceAutoScan: false
+```
+
 ## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
 **Description**: Cronjob schedule<br>
@@ -9334,7 +9448,7 @@ sysdig:
 
 ## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: This creates a deployment for Metadata-Service
+**Description**: Whether to enable metadata-service or not
 **Do not modify this unless you
 know what you are doing as modifying it could have unintended
 consequences**<br>
@@ -9469,6 +9583,143 @@ sysdig:
   metadataServiceVersion: 1.0.1.12
 ```
 
+## **sysdig.helmRenderer.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  helmRenderer:
+    enabled: true
+```
+
+## **sysdig.resources.helmRenderer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.helmRenderer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.helmRenderer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.helmRenderer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.helmRendererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
+**Example**:
+
+```yaml
+sysdig:
+  helmRendererReplicaCount: 4
+```
+
+## **sysdig.helmRendererVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 0.1.32<br>
+**Example**:
+
+```yaml
+sysdig:
+  helmRendererVersion: 0.1.32
+```
+
 ## **sysdig.secure.activityAudit.enabled**
 **Required**: `false`<br>
 **Description**: Enable activity audit for Sysdig secure.<br>

From 1ab60deaa8791cec13487d7eff4854342f9df56f Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 4 May 2022 12:39:42 +0000
Subject: [PATCH 106/156] updating installer docs

---
 installer/single-node/README.md | 75 +--------------------------------
 1 file changed, 2 insertions(+), 73 deletions(-)

diff --git a/installer/single-node/README.md b/installer/single-node/README.md
index 83833d64..87770056 100644
--- a/installer/single-node/README.md
+++ b/installer/single-node/README.md
@@ -73,77 +73,6 @@ To need to run `kubectl` as root on the host.
 - the script will be hosted in a public location so you can `curl | sudo bash`
 the script.
 
+# Airgapped pov installer (VMDK images)
 
-# Airgapped pov installer
-
-The airgapped image is built off a debian 9 base image.
-
-The vdmk images are present in s3://sysdig-installer/debian s3 bucket in draios-dev account in us-east.
-
-## Installation
-
-The vmdk image specified above can be imported using the import external hard disk option.
-
-The cpu, memory and disk requirements are 16cpu, 32gig and 60 gig.
-
-## Credentials
-
-The image is built user `sysdig` user with `sysdig` password and sudo access.
-
-## Running installer
-
-After logging in use the above credentials to run the pov installer in airgapped mode.
-
-```bash
-  #enter sysdig password `sysdig`
-  sudo su
-  #start installation in airgapped mode -i in short
-  ./install.sh --airgap-install
-```
-
-## Gotchas
-
-Initial copy into datastore lists the image as ~5Gig. A recopy into another folder sets the correct size to ~60gig.
-
-## Sharing Image
-
-The objects can exposed by pre-signing with an expiry token using aws cli.
-
-```bash
-aws s3 presign --expires-in 86400 s3://sysdig-installer/debian/<RELEASE-TAG>/<IMAGE_NAME>.vmdk
-```
-
-The above command produces a pre-signed url which expires in 1 day (60 * 60 * 24 = 86400). Download example below.
-
-```bash
-URL="https://sysdig-installer.s3.amazonaws.com/debian/<RELEASE-TAG>/<IMAGE_NAME>UR.vmdk?AWSAccessKeyId=<REDACTED>&Expires=1581191285&Signature=esNl8e7LLwVdNVS4FCBYSTZhJgg%3D" ; wget ${URL}
-```
-
-## Exporting as ovf
-
-Use ovftool command line tool to convert vmdk into ovf from <https://www.vmware.com/support/developer/ovf/>.
-
-A example vmx_template.vmx file in installer/single-node/.
-
-Edit setting `nvme0:0.fileName = "/tmp/ovf/sysdig-pov-image.vmdk"` in vmx_template to point to vmdk file.
-
-Running this will create a sysdig-pov-image.ovf.
-
-```bash
-ovftool -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
-```
-
-Enable verbose logging and stdout.
-
-```bash
-ovftool --X:logToConsole --X:logLevel=verbose -st=VMX /tmp/ovf/vmx_template.vmx sysdig-pov-image.ovf
-```
-
-## Base AMI for VMDK
-
-- this is the AMI used as base to produce the VMDK
-
-
-|       AMI Name         |          id           |
-| ---------------------- | --------------------- |
-| CentOS 7.8.2003 x86_64 | ami-06cf02a98a61f9f5e |
+The VMDK image distribution was retired in May 2022.

From 9c1af46927fe05f167b49bcf81cca410db2be310 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 6 May 2022 23:24:26 +0000
Subject: [PATCH 107/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 77 ++++++++++++++++++----
 1 file changed, 66 insertions(+), 11 deletions(-)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 3c2ddd94..5f8c1f2c 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -37,6 +37,19 @@ Disk, and Replicas.<br>
 size: medium
 ```
 
+## **kubernetesServerVersion**
+**Required**: `false`<br>
+**Description**: The Kubernetes version of the targeted cluster.
+ This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1` 
+ must be used with k8s version 1.22+. <br/>
+**Options**:<br>
+**Default**:If not provided, it will be pulled during `generate` and/or `import` phases. <br>
+**Example**:
+
+```yaml
+kubernetesServerVersion: v1.18.10
+```
+
 ## **storageClassProvisioner**
 **Required**: `false`<br>
 **Description**: The name of the [storage class
@@ -204,7 +217,7 @@ cloudProvider:
 ## **cloudProvider.name**
 **Required**: `false`<br>
 **Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gke`<br>
+**Options**: `aws|gcp`<br>
 **Default**:<br>
 **Example**:
 
@@ -1275,12 +1288,12 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.5.11721<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.5.11721
+  monitorVersion: 5.0.4.11001
 ```
 
 ## **sysdig.secureVersion**
@@ -1290,12 +1303,12 @@ configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.5.11721<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.5.11721
+  secureVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1305,12 +1318,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.5.11721<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.5.11721
+  sysdigAPIVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1320,12 +1333,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.5.11721<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.5.11721
+  sysdigCollectorVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1335,12 +1348,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.5.11721<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.5.11721
+  sysdigWorkerVersion: 5.0.4.11001
 ```
 
 ## **sysdig.enableAlerter**
@@ -2000,6 +2013,20 @@ sysdig:
       replicas: 3
 ```
 
+## **sysdig.postgresql.ha.checkCRDs**
+**Required**: `false`<br>
+**Description**: Check if zalando pg operator CRDs are already present, if yes stop the installation. If disable the installation will continue to be performed even if the CRDs are present.
+**Options**:<br>
+**Default**: `true`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      checkCRD: true
+```
 
 ## **sysdig.postgresql.ha.enableExporter**
 **Required**: `false`<br>
@@ -9890,6 +9917,34 @@ sysdig:
       enabled: true
 ```
 
+## **sysdig.secure.falcoRulesUpdater.enabled**
+**Required**: `false`<br>
+**Description**: Enable the falcoRulesUpdater CronJob. It runs an automated update of the Falco rules. For airgap installs, it expects to find the image in the same registry used for all other services.<br>
+**Options**:<br>
+**Default**: false<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    falcoRulesUpdater:
+      enabled: true
+```
+
+## **sysdig.secure.falcoRulesUpdater.schedule**
+**Required**: `false`<br>
+**Description**: Sets the `.spec.schedule` for the falcoRulesUpdater CronJob<br>
+**Options**:<br>
+**Default**: "0 1 * * *"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    falcoRulesUpdater:
+      schedule: "*/10 * * * *"
+```
+
 ## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to rapid-response-connector pods<br>

From 8ec1b7b209a792873cf4e789127ab085a83cc65c Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 24 May 2022 21:21:21 +0000
Subject: [PATCH 108/156] updating installer docs

---
 installer/docs/configuration_parameters.md | 30 ++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 5f8c1f2c..68811202 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -5980,6 +5980,36 @@ sysdig:
         storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
+## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
+**Required**: `true`<br />
+**Description**: The flag to enable on-demand generation of reports globally<br />
+**Options**: false, true<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        onDemandGenerationEnabled: true
+```
+
+## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
+**Required**: `false`<br />
+**Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        onDemandGenerationCustomers: "1,12,123"
+```
+
 ## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
 **Description**: The sleep interval between two runs of the reporting worker<br>

From 78ad78efe440bd24e4b3a2ccd39756d579662f52 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 25 May 2022 08:36:53 +0000
Subject: [PATCH 109/156] updating installer docs

---
 installer/docs/01-command_line_arguments.md   |    71 +
 installer/docs/02-configuration_parameters.md | 11189 ++++++++++++++++
 installer/docs/03-upgrade.md                  |   130 +
 installer/docs/04-advanced_configuration.md   |   158 +
 4 files changed, 11548 insertions(+)
 create mode 100644 installer/docs/01-command_line_arguments.md
 create mode 100644 installer/docs/02-configuration_parameters.md
 create mode 100644 installer/docs/03-upgrade.md
 create mode 100644 installer/docs/04-advanced_configuration.md

diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
new file mode 100644
index 00000000..0b638351
--- /dev/null
+++ b/installer/docs/01-command_line_arguments.md
@@ -0,0 +1,71 @@
+<!-- Space: TOOLS -->
+<!-- Parent: Installer -->
+<!-- Title: Command Line Arguments -->
+<!-- Layout: plain -->
+
+# Command line arguments explained
+
+<br />
+
+## Phase: `deploy`
+
+`--skip-namespace`
+
+- installer does not deploy the `namespace.yaml` manifest.
+  It expects the Namespace to exist and to match the value in `values.yaml`
+  There is no validation, in case of mismatch the installer will fail
+
+`--skip-pull-secret`
+
+- the services expect the pull secret to exist,
+  to have the expected name (`sysdigcloud-pull-secret`) and to allow access to the registry.
+- if the pull secret is missing, the behaviour could be unpredictable:
+  some Pods could start if they can find the image locally and if their `imagePullPolicy`
+  is not `Always`
+- Other Pods will fail because they can't pull the image
+
+`--skip-serviceaccount`
+
+- The user must provide SAs with the exact same name expected:
+
+```
+sysdig-serviceaccount.yaml:  name: sysdig
+sysdig-serviceaccount.yaml:  name: node-labels-to-files
+sysdig-serviceaccount.yaml:  name: sysdig-with-root
+sysdig-serviceaccount.yaml:  name: sysdig-elasticsearch
+sysdig-serviceaccount.yaml:  name: sysdig-cassandra
+```
+
+- One implication of this is that unless the `node-to-labels` SA is added,
+  rack awareness will not work neither in Cassandra nor in ES (to be verified)
+  Another implication is that if SA(s) are missing, the user will have to `describe`
+  the STS because Pods will not start at all:
+
+```
+Events:
+  Type     Reason            Age                   From                    Message
+  ----     ------            ----                  ----                    -------
+  Normal   SuccessfulCreate  2m29s                 statefulset-controller  create Claim data-sysdigcloud-cassandra-0 Pod sysdigcloud-cassandra-0 in StatefulSet sysdigcloud-cassandra success
+  Warning  FailedCreate      67s (x15 over 2m29s)  statefulset-controller  create Pod sysdigcloud-cassandra-0 in StatefulSet sysdigcloud-cassandra failed error: pods "sysdigcloud-cassandra-0" is forbidden: error looking up service account benedetto/sysdig-cassandra: serviceaccount "sysdig-cassandra" not found
+```
+
+`--skip-storageclass`
+
+- installer does not apply the StorageClass manifest.
+  It expects the storageClassName specified in values.yaml to exist.
+
+## Phase `import`
+
+`--zookeeper-workloadname <string value>`
+
+- This is the value that will be used for the `zookeeper` StatefulSet.
+The default value is `zookeeper`, this argument must be used when the 
+actual name of the STS in the cluster differs
+
+`--kafka-workloadname <value>`
+
+- Same as above for `kafka`
+
+`--cassandra-workloadname <value>`
+
+- Same as above for `cassandra`
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
new file mode 100644
index 00000000..18228e12
--- /dev/null
+++ b/installer/docs/02-configuration_parameters.md
@@ -0,0 +1,11189 @@
+<!-- Space: TOOLS -->
+<!-- Parent: Installer -->
+<!-- Title: Configuration Parameters -->
+<!-- Layout: plain -->
+
+# Configuration Parameters
+
+<br />
+
+## **quaypullsecret**
+
+**Required**: `true`<br />
+**Description**: quay.io credentials provided with your Sysdig purchase confirmation
+mail.<br />
+**Options**:<br />
+**Default**: <br />
+**Example**:
+
+```yaml
+quaypullsecret: Y29tZS13b3JrLWF0LXN5c2RpZwo=
+```
+
+## **schema_version**
+
+**Required**: `true`<br />
+**Description**: Represents the schema version of the values.yaml
+configuration. Versioning follows [Semver](https://semver.org/) (Semantic
+Versioning) and maintains semver guarantees about versioning.<br />
+**Options**:<br />
+**Default**: `1.0.0`<br />
+**Example**:
+
+```yaml
+schema_version: 1.0.0
+```
+
+## **size**
+
+**Required**: `true`<br />
+**Description**: Specifies the size of the cluster. Size defines CPU, Memory,
+Disk, and Replicas.<br />
+**Options**: `small|medium|large`<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+size: medium
+```
+
+## **kubernetesServerVersion**
+
+**Required**: `false`<br />
+**Description**: The Kubernetes version of the targeted cluster.
+This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1`
+must be used with k8s version 1.22+. <br />
+**Options**:<br />
+**Default**:If not provided, it will be pulled during `import` phase. <br />
+**Example**:
+
+```yaml
+kubernetesServerVersion: v1.18.10
+```
+
+## **storageClassProvisioner**
+
+**Required**: `false`<br />
+**Description**: The name of the [storage class
+provisioner](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner)
+to use when creating the configured storageClassName parameter. Use hostPath
+or local in clusters that do not have a provisioner. For setups where
+Persistent Volumes and Persistent Volume Claims are created manually this
+should be configured as `none`. If this is not configured
+[`storageClassName`](#storageclassname) needs to be configured.<br />
+**Options**: `aws|gke|hostPath|none`<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+storageClassProvisioner: aws
+```
+
+## **apps**
+
+**Required**: `false`<br />
+**Description**: Specifies the Sysdig Platform components to be installed.<br />
+Combine multiple components by space separating them. Specify at least one
+app, for example, `monitor`.<br />
+**Options**: `monitor|monitor secure|agent|monitor agent|monitor secure agent`<br />
+**Default**: `monitor secure`<br />
+**Example**:
+
+```yaml
+apps: monitor secure
+```
+
+## **airgapped_registry_name**
+
+**Required**: `false`<br />
+**Description**: The URL of the airgapped (internal) docker registry. This URL
+is used for installations where the Kubernetes cluster can not pull images
+directly from Quay. See [airgap instructions
+multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
+and [full airgap instructions](../README.md#full-airgap-install) for more
+details.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+airgapped_registry_name: my-awesome-domain.docker.io
+```
+
+## **airgapped_repository_prefix**
+
+**Required**: `false`<br />
+**Description**: This defines custom repository prefix for airgapped_registry.
+Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag<br />
+**Options**:<br />
+**Default**: sysdig<br />
+**Example**:
+
+```yaml
+#tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
+airgapped_repository_prefix: foo/bar
+```
+
+## **airgapped_registry_password**
+
+**Required**: `false`<br />
+**Description**: The password for the configured
+`airgapped_registry_username`. Ignore this parameter if the registry does not
+require authentication.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+airgapped_registry_password: my-@w350m3-p@55w0rd
+```
+
+## **airgapped_registry_username**
+
+**Required**: `false`<br />
+**Description**: The username for the configured `airgapped_registry_name`.
+Ignore this parameter if the registry does not require authentication.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+airgapped_registry_username: bob+alice
+```
+
+## **deployment**
+
+**Required**: `false`<br />
+**Description**: The name of the Kubernetes installation.<br />
+**Options**: `iks|kubernetes|openshift|goldman`<br />
+**Default**: `kubernetes`<br />
+**Example**:
+
+```yaml
+deployment: kubernetes
+```
+
+## **context**
+
+**Required**: `false`<br />
+**Description**: Kubernetes context to use for deploying Sysdig Platform.
+If this param is not not or a blank value is specified, it will use the default context.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+context: production
+```
+
+## **namespace**
+
+**Required**: `false`<br />
+**Description**: Kubernetes namespace to deploy Sysdig Platform to.<br />
+**Options**:<br />
+**Default**: `sysdig`<br />
+**Example**:
+
+```yaml
+namespace: sysdig
+```
+
+## **scripts**
+
+**Required**: `false`<br />
+**Description**: Defines which scripts needs to be run.<br />
+
+- `generate`: performs templating and customization.<br />
+- `diff`: generates diff against in-cluster configuration.<br />
+- `deploy`: applies the generated script in Kubernetes environment.<br />
+
+These options can be combined by space separating them.<br />
+**Options**: `generate|diff|deploy|generate diff|generate deploy|diff deploy|generate diff deploy`<br />
+**Default**: `generate deploy`<br />
+**Example**:
+
+```yaml
+scripts: generate diff
+```
+
+## **storageClassName**
+
+**Required**: `false`<br />
+**Description**: The name of the preconfigured [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/).
+If the storage class does not exist, Installer will attempt to create it using the `storageClassProvisioner` as the provisioner.
+This has no effect if `storageClassProvisioner` is configured to `none`.<br />
+**Options**:<br />
+**Default**: `sysdig`<br />
+**Example**:
+
+```yaml
+storageClassName: sysdig
+```
+
+## ~~**cloudProvider.create_loadbalancer**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: This is deprecated, prefer
+[`sysdig.ingressNetworking`](#sysdigingressnetworking) instead. When set to
+true a service of type
+[LoadBalancer](https://kubernetes.io/docs/concepts/services-networking/#loadbalancer)
+is created.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+cloudProvider:
+  create_loadbalancer: true
+```
+
+## **cloudProvider.name**
+
+**Required**: `false`<br />
+**Description**: The name of the cloud provider Sysdig Platform will run on.<br />
+**Options**: `aws|gcp`<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+cloudProvider:
+  name: aws
+```
+
+## **cloudProvider.isMultiAZ**
+
+**Required**: `false`<br />
+**Description**: Specifies whether the underlying Kubernetes cluster is
+deployed in multiple availability zones. The parameter requires
+[`cloudProvider.name`](#cloudprovidername) to be configured. <br />
+If enabled, all of the datastores will be deployed with `podAntiAffinity` on the zone label against other pods of the same statefulset.
+If kubernetesServerVersion > 1.19, Cassandra will be deployed with `topologySpreadConstraints` instead of `podAntiAffinity`.
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+cloudProvider:
+  isMultiAZ: false
+```
+
+## **cloudProvider.region**
+
+**Required**: `false`<br />
+**Description**: The cloud provider region the underlying Kubernetes Cluster
+runs on. This parameter is required if
+[`cloudProvider.name`](#cloudprovidername) is configured.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+cloudProvider:
+  region: us-east-1
+```
+
+## **elasticsearch.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames printed out by the `kubectl get node -o name` command. ElasticSearch hostPath persistent volumes should be
+created on these nodes. The number of nodes must be at minimum whatever the
+value of
+[`sysdig.elasticsearchReplicaCount`](#sysdigelasticsearchreplicacount) is.
+This is required if configured
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+elasticsearch:
+  hostPathNodes:
+    - my-cool-host1.com
+    - my-cool-host2.com
+    - my-cool-host3.com
+    - my-cool-host4.com
+    - my-cool-host5.com
+    - my-cool-host6.com
+```
+
+## **elasticsearch.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Elasticsearch JVM.<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+elasticsearch:
+  jvmOptions: -Xms4G -Xmx4G
+```
+
+## **elasticsearch.external**
+
+**Required**: `false`<br />
+**Description**: If set does not create a local Elasticsearch cluster, tries connecting to an external Elasticsearch cluster.
+This can be used in conjunction with [`elasticsearch.hostname`](#elasticsearchhostname) <br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+elasticsearch:
+  external: true
+```
+
+## **elasticsearch.hostname**
+
+**Required**: `false`<br />
+**Description**: External Elasticsearch hostname can be provided here and certificates for clients can be provided under certs/elasticsearch-tls-certs.<br />
+**Options**: <br />
+**Default**: 'sysdigcloud-elasticsearch'<br />
+**Example**:
+
+```yaml
+elasticsearch:
+  external: true
+  hostname: external.elasticsearch.cluster
+```
+
+## **elasticsearch.useES6**
+
+**Required**: `false`<br />
+**Description**: Install Elasticsearch 6.8.x along with user authentication and TLS-encrypted data-in-transit
+using Elasticsearch's native TLS Encrpytion.
+If TLS Encrpytion is enabled Installer does the following in the provided order:
+
+1. Checks for existing Elasticsearch certificates in the provided environment to setup ES cluster. (applicable for upgrades)
+2. If they are not present Installer autogenerates tls certificates and uses them to setup es cluster.
+
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+elasticsearch:
+  useES6: true
+```
+
+## **elasticsearch.enableMetrics**
+
+**Required**: `false`<br />
+**Description**:
+Allow Elasticsearch to export prometheus metrics.
+
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+elasticsearch:
+  enableMetrics: true
+```
+
+## **sysdig.elasticsearchExporterVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
+`elasticsearch.enableMetrics` is `true`.<br />
+**Options**:<br />
+**Default**: v1.2.0<br />
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchExporterVersion: v1.2.0
+```
+
+## **elasticsearch.tlsencryption.adminUser**
+
+**Required**: `false`<br />
+**Description**: The user bound to the ElasticSearch admin role.<br />
+**Options**: <br />
+**Default**: `sysdig`<br />
+**Example**:
+
+```yaml
+elasticsearch:
+  tlsencryption:
+    adminUser: admin
+```
+
+## ~~**elasticsearch.searchguard.enabled**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Enables user authentication and TLS-encrypted data-in-transit
+with [Searchguard](https://search-guard.com/)
+If Searchguard is enabled Installer does the following in the provided order:
+
+1. Checks for user provided certificates under certs/elasticsearch-tls-certs if present uses that to setup elasticsearch(es) cluster.
+2. Checks for existing searchguard certificates in the provided environment to setup ES cluster. (applicable for upgrades)
+3. If neither of them are present Installer autogenerates searchguard certificates and uses them to setup es cluster.
+
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+elasticsearch:
+  searchguard:
+    enabled: false
+```
+
+## ~~**elasticsearch.searchguard.adminUser**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: The user bound to the ElasticSearch Searchguard admin role.<br />
+**Options**: <br />
+**Default**: `sysdig`<br />
+**Example**:
+
+```yaml
+elasticsearch:
+  searchguard:
+    adminUser: admin
+```
+
+## **elasticsearch.snitch.extractCMD**
+
+**Required**: `false`<br />
+**Description**: The command used to determine [elasticsearch cluster routing
+allocation awareness
+attributes](https://www.elastic.co/guide/en/elasticsearch/reference/current/allocation-awareness.html).
+The command will be passed to the bash eval command and is expected to return
+a single string. For example: `cut -d- -f2 /host/etc/hostname`.<br />
+**Options**: <br />
+**Default**: `sysdig`<br />
+**Example**:
+
+```yaml
+elasticsearch:
+  snitch:
+    extractCMD: cut -d- -f2 /host/etc/hostname
+```
+
+## **elasticsearch.snitch.hostnameFile**
+
+**Required**: `false`<br />
+**Description**: The name of the location to bind mount the host's
+`/etc/hostname` file to. This can be combined with
+[`elasticsearch.snitch.extractCMD`](#elasticsearchsnitchextractcmd) to
+determine cluster routing allocation associated with the node's hostname.<br />
+**Options**: <br />
+**Default**: `sysdig`<br />
+**Example**:
+
+```yaml
+elasticsearch:
+  snitch:
+    hostnameFile: /host/etc/hostname
+```
+
+## **hostPathCustomPaths.cassandra**
+
+**Required**: `false`<br />
+**Description**: The directory to bind mount Cassandra pod's
+`/var/lib/cassandra` to on the host. This parameter is relevant only when
+`storageClassProvisioner` is `hostPath`. <br />
+**Options**: <br />
+**Default**: `/var/lib/cassandra`<br />
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  cassandra: `/sysdig/cassandra`
+```
+
+## **hostPathCustomPaths.elasticsearch**
+
+**Required**: `false`<br />
+**Description**: The directory to bind mount elasticsearch pod's
+`/usr/share/elasticsearch` to on the host. This parameter is relevant only when
+`storageClassProvisioner` is `hostPath`.<br />
+**Options**: <br />
+**Default**: `/usr/share/elasticsearch`<br />
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  elasticsearch: `/sysdig/elasticsearch`
+```
+
+## **hostPathCustomPaths.mysql**
+
+**Required**: `false`<br />
+**Description**: The directory to bind mount mysql pod's `/var/lib/mysql` to
+on the host. This is relevant only when `storageClassProvisioner` is
+`hostPath`.<br />
+**Options**:<br />
+**Default**: `/var/lib/mysql`<br />
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  mysql: `/sysdig/mysql`
+```
+
+## **hostPathCustomPaths.postgresql**
+
+**Required**: `false`<br />
+**Description**: The directory to bind mount PostgreSQL pod's
+`/var/lib/postgresql/data/pgdata` to on the host. This parameter is relevant
+only when `storageClassProvisioner` is `hostPath`.<br />
+**Options**: <br />
+**Default**: `/var/lib/postgresql/data/pgdata`<br />
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  postgresql: `/sysdig/pgdata`
+```
+
+## **nodeaffinityLabel.key**
+
+**Required**: `false`<br />
+**Description**: The key of the label that is used to configure the nodes that the
+Sysdig Platform pods are expected to run on. The nodes are expected to have
+been labeled with the key.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+nodeaffinityLabel:
+  key: instancegroup
+```
+
+## **nodeaffinityLabel.value**
+
+**Required**: `false`<br />
+**Description**: The value of the label that is used to configure the nodes
+that the Sysdig Platform pods are expected to run on. The nodes are expected
+to have been labeled with the value of
+[`nodeaffinityLabel.key`](#nodeaffinitylabelkey), and is required if
+[`nodeaffinityLabel.key`](#nodeaffinitylabelkey) is configured.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+nodeaffinityLabel:
+  value: sysdig
+```
+
+## **pvStorageSize.large.cassandra**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 300Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    cassandra: 500Gi
+```
+
+## **pvStorageSize.large.elasticsearch**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Elasticsearch
+in a cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 300Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    elasticsearch: 500Gi
+```
+
+## **pvStorageSize.large.mysql**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to MySQL in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 25Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    mysql: 100Gi
+```
+
+## **pvStorageSize.large.postgresql**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to PostgreSQL in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 60Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    postgresql: 100Gi
+```
+
+## **pvStorageSize.medium.cassandra**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 100Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    cassandra: 300Gi
+```
+
+## **pvStorageSize.medium.elasticsearch**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Elasticsearch in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 100Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    elasticsearch: 300Gi
+```
+
+## **pvStorageSize.medium.mysql**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to MySQL in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 25Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    mysql: 100Gi
+```
+
+## **pvStorageSize.medium.postgresql**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to PostgreSQL in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 60Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    postgresql: 100Gi
+```
+
+## **pvStorageSize.small.cassandra**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 30Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    cassandra: 100Gi
+```
+
+## **pvStorageSize.small.elasticsearch**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Elasticsearch
+in a cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 30Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    elasticsearch: 100Gi
+```
+
+## **pvStorageSize.small.mysql**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to MySQL in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 25Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    mysql: 100Gi
+```
+
+## **pvStorageSize.small.postgresql**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to PostgreSQL in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 30Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    postgresql: 100Gi
+```
+
+## **pvStorageSize.large.nats**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 10Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    nats: 10Gi
+```
+
+## **pvStorageSize.medium.nats**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 10Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    nats: 10Gi
+```
+
+## **pvStorageSize.small.nats**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 10Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    nats: 10Gi
+```
+
+## **sysdig.anchoreVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of the Sysdig Anchore Core.<br />
+**Options**:<br />
+**Default**: 0.8.1.32<br />
+**Example**:
+
+```yaml
+sysdig:
+  anchoreVersion: 0.8.1.32
+```
+
+## **sysdig.accessKey**
+
+**Required**: `false`<br />
+**Description**: The AWS (or AWS compatible) accessKey to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  accessKey: my_awesome_aws_access_key
+```
+
+## **sysdig.awsRegion**
+
+**Required**: `false`<br />
+**Description**: The AWS (or AWS compatible) region to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  awsRegion: my_aws_region
+```
+
+## **sysdig.secretKey**
+
+**Required**: `false`<br />
+**Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  secretKey: my_super_secret_secret_key
+```
+
+## **sysdig.s3.enabled**
+
+**Required**: `false`<br />
+**Description**: Specifies if storing Sysdig Captures in S3 or S3-compatible storage is enabled.<br />
+**Options**:`true|false`<br />
+**Default**:false<br />
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    enabled: true
+```
+
+## **sysdig.s3.endpoint**
+
+**Required**: `false`<br />
+**Description**: S3-compatible endpoint for the bucket, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured. This option is not required if using an AWS S3 Bucket for captures.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    endpoint: s3.us-south.cloud-object-storage.appdomain.cloud
+```
+
+## **sysdig.s3.bucketName**
+
+**Required**: `false`<br />
+**Description**: Name of the S3 bucket to be used for captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    bucketName: my_awesome_bucket
+```
+
+## **sysdig.s3.capturesFolder**
+
+**Required**: `false`<br />
+**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    capturesFolder: my_captures_folder
+```
+
+## **sysdig.cassandraVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of Cassandra.<br />
+**Options**: <br />
+**Default**: 2.1.22.4<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandraVersion: 2.1.22.4
+```
+
+## **sysdig.cassandraExporterVersion**
+
+**Required**: `false`<br />
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br />
+**Options**: <br />
+**Default**: latest<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandraExporterVersion: latest
+```
+
+## **sysdig.cassandra.useCassandra3**
+
+**Required**: `false`<br />
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    useCassandra3: false
+```
+
+## **sysdig.Cassandra3Version**
+
+**Required**: `false`<br />
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
+**Options**: <br />
+**Default**: `3.11.11.1`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra3Version: 3.11.11.1
+```
+
+## **sysdig.cassandra.external**
+
+**Required**: `false`<br />
+**Description**: If set does not create a local Cassandra cluster, tries connecting to an external Cassandra cluster.
+This can be used in conjunction with [`sysdig.cassandra.endpoint`](#sysdigcassandraendpoint) <br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    external: true
+```
+
+## **sysdig.cassandra.tolerations**
+
+**Required**: `false`<br />
+**Description**: If set add tolerations to Cassandra statefulset<br />
+**Options**: <br />
+**Default**: `[]`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    tolerations:
+      key: dedicated
+      operator: Equal
+      value: cassandra
+      effect: NoSchedule
+```
+
+## **sysdig.cassandra.nodeSelector**
+
+**Required**: `false`<br />
+**Description**: If set add nodeSelector map to Cassandra statefulset<br />
+**Options**: <br />
+**Default**: `[]`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    nodeSelector:
+      worker-role: cassandra
+```
+
+## **sysdig.cassandra.nodeaffinityLabel**
+
+**Required**: `false`<br />
+**Description**: The key and the value of the label that is used to configure the nodes that the
+Cassandra pods are expected to run on.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    nodeaffinityLabel:
+      key: sysdig/worker-pool
+      value: cassandra
+```
+
+## **sysdig.cassandra.endpoint**
+
+**Required**: `false`<br />
+**Description**: External Cassandra endpoint can be provided here. <br />
+**Options**: <br />
+**Default**: 'sysdigcloud-cassandra'<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    external: true
+    endpoint: external.cassandra.cluster
+```
+
+## **sysdig.cassandra.secure**
+
+**Required**: `false`<br />
+**Description**: Enables cassandra server and clients to use authentication. <br />
+**Options**: `true|false`<br />
+**Default**:`true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    secure: true
+    ssl: true
+```
+
+## **sysdig.cassandra.ssl**
+
+**Required**: `false`<br />
+**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    secure: true
+    ssl: true
+```
+
+## **sysdig.cassandra.enableMetrics**
+
+**Required**: `false`<br />
+**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    enableMetrics: true
+```
+
+## **sysdig.cassandra.user**
+
+**Required**: `false`<br />
+**Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br />
+**Options**: <br />
+**Default**: `sysdigcassandra`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    user: cassandrauser
+```
+
+## **sysdig.cassandra.password**
+
+**Required**: `false`<br />
+**Description**: Sets cassandra password <br />
+**Options**: <br />
+**Default**: Autogenerated 16 alphanumeric characters<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    user: cassandrauser
+    password: cassandrapassword
+```
+
+## **sysdig.cassandra.workloadName**
+
+**Required**: `false`<br />
+**Description**: Name assigned to the Cassandra objects(statefulset and
+service)<br />
+**Options**: <br />
+**Default**: `sysdigcloud-cassandra`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    workloadName: sysdigcloud-cassandra
+```
+
+## **sysdig.cassandra.customOverrides**
+
+**Required**: `false`<br />
+**Description**: The custom overrides of Cassandra's default configuration. The parameter
+expects a YAML block of key-value pairs as described in the [Cassandra
+documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/configuration/configCassandra_yaml_r.html).<br />
+**Options**:<br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    customOverrides: |
+      hinted_handoff_enabled: false
+      concurrent_compactors: 8
+      read_request_timeout_in_ms: 10000
+      write_request_timeout_in_ms: 10000
+```
+
+## **sysdig.cassandra.datacenterName**
+
+**Required**: `false`<br />
+**Description**: The datacenter name used for the [Cassandra
+Snitch](http://cassandra.apache.org/doc/latest/operating/snitch.html).<br />
+**Options**:<br />
+**Default**: In AWS the value is ec2Region as determined by the code
+[here](https://github.com/apache/cassandra/blob/a85afbc7a83709da8d96d92fc4154675794ca7fb/src/java/org/apache/cassandra/locator/Ec2Snitch.java#L61-L63),
+elsewhere defaults to an empty string. <br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    datacenterName: my-cool-datacenter
+```
+
+## **sysdig.cassandra.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: The custom configuration for Cassandra JVM.<br />
+**Options**:<br />
+**Default**: `-Xms4g -Xmx4g`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    jvmOptions: -Xms6G -Xmx6G -XX:+PrintGCDateStamps -XX:+PrintGCDetails
+```
+
+## **sysdig.cassandra.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames printed out by the `kubectl get node -o name` command. These are the nodes where Cassandra hostPath persistent volumes should be created on. The number of nodes must be at minimum whatever the value of
+[`sysdig.cassandraReplicaCount`](#sysdigcassandrareplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    hostPathNodes:
+      - my-cool-host1.com
+      - my-cool-host2.com
+      - my-cool-host3.com
+      - my-cool-host4.com
+      - my-cool-host5.com
+      - my-cool-host6.com
+```
+
+## **sysdig.collectorPort**
+
+**Required**: `false`<br />
+**Description**: The port to publicly serve Sysdig collector on.<br />
+_**Note**: collectorPort is not configurable in openshift deployments. It is always 443._<br />
+**Options**: `1024-65535`<br />
+**Default**: `6443` <br />
+**Example**:
+
+```yaml
+sysdig:
+  collectorPort: 7000
+```
+
+## **sysdig.certificate.customCA**
+
+**Required**: `false`<br />
+**Description**:
+The Sysdig platform may sometimes open connections over SSL to certain external services, including:
+
+- LDAP over SSL
+- SAML over SSL
+- OpenID Connect over SSL
+- HTTPS Proxies<br />
+
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform
+(e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more
+PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/
+in the same level as `values.yaml`.<br />
+
+**Options**: `true|false`<br />
+**Default**: false<br />
+**Example**:
+
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+# certificate3.p12 will be loaded to the keystore together with it's private key.
+bash-5.0$ find certs values.yaml
+certs
+certs/custom-java-certs
+certs/custom-java-certs/certificate1.crt
+certs/custom-java-certs/certificate2.crt
+certs/custom-java-certs/certificate3.p12
+certs/custom-java-certs/certificate3.p12.passwd
+
+
+values.yaml
+```
+
+```yaml
+sysdig:
+  certificate:
+    customCA: true
+```
+
+## **sysdig.dnsName**
+
+**Required**: `true`<br />
+**Description**: The domain name the Sysdig APIs will be served on.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  dnsName: my-awesome-domain-name.com
+```
+
+## **sysdig.elasticsearchVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of Elasticsearch.<br />
+**Options**:<br />
+**Default**: 5.6.16.18<br />
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchVersion: 5.6.16.18
+```
+
+## **sysdig.elasticsearch6Version**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of Elasticsearch.<br />
+**Options**:<br />
+**Default**: 6.8.6.12<br />
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearch6Version: 6.8.6.12
+```
+
+## **sysdig.haproxyVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of HAProxy ingress controller. The
+parameter is relevant only when configured `deployment` is `kubernetes`.<br />
+**Options**:<br />
+**Default**: v0.7-beta.7.1<br />
+**Example**:
+
+```yaml
+sysdig:
+  haproxyVersion: v0.7-beta.7.1
+```
+
+## **sysdig.ingressNetworking**
+
+**Required**: `false`<br />
+**Description**: The networking construct used to expose the Sysdig API and collector.
+
+- hostnetwork, sets the hostnetworking in ingress daemonset and opens host ports for api and collector. This does not create a service.
+- loadbalancer, creates a service of type [`loadbalancer`](https://kubernetes.io/docs/concepts/services-networking/#loadbalancer)
+- nodeport, creates a service of type [`nodeport`](https://kubernetes.io/docs/concepts/services-networking/#nodeport). The node ports can be customized with:
+  - [`sysdig.ingressNetworkingInsecureApiNodePort`](#sysdigingressnetworkinginsecureapinodeport)
+  - [`sysdig.ingressNetworkingApiNodePort`](#sysdigingressnetworkingapinodeport)
+  - [`sysdig.ingressNetworkingCollectorNodePort`](#sysdigingressnetworkingcollectornodeport)
+- external, assumes external ingress is used and does not create ingress objects.
+
+**Options**:
+[`hostnetwork`](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces)|[`loadbalancer`](https://kubernetes.io/docs/concepts/services-networking/#loadbalancer)|[`nodeport`](https://kubernetes.io/docs/concepts/services-networking/#nodeport)| external
+
+**Default**: `hostnetwork`
+**Example**:
+
+```yaml
+sysdig:
+  ingressNetworking: loadbalancer
+```
+
+## **sysdig.ingressNetworkingInsecureApiNodePort**
+
+**Required**: `false`<br />
+**Description**: When [`sysdig.ingressNetworking`](#sysdigingressnetworking)
+is configured as `nodeport`, this is the NodePort requested by Installer
+from Kubernetes for the Sysdig non-TLS API endpoint.<br />
+**Options**: <br />
+**Default**: `30000`
+**Example**:
+
+```yaml
+sysdig:
+  ingressNetworkingInsecureApiNodePort: 30000
+```
+
+## **sysdig.ingressLoadBalancerAnnotation**
+
+**Required**: `false`<br />
+**Description**: Annotations that will be added to the
+`haproxy-ingress-service` object, this is useful to set annotations related to
+creating internal loadbalancers.<br />
+**Options**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  ingressLoadBalancerAnnotation:
+    cloud.google.com/load-balancer-type: Internal
+```
+
+## **sysdig.ingressNetworkingApiNodePort**
+
+**Required**: `false`<br />
+**Description**: When [`sysdig.ingressNetworking`](#sysdigingressnetworking)
+is configured as `nodeport`, this is the NodePort requested by Installer
+from Kubernetes for the Sysdig TLS API endpoint.<br />
+**Options**: <br />
+**Default**: `30001`
+**Example**:
+
+```yaml
+sysdig:
+  ingressNetworkingApiNodePort: 30001
+```
+
+## **sysdig.ingressNetworkingCollectorNodePort**
+
+**Required**: `false`<br />
+**Description**: When [`sysdig.ingressNetworking`](#sysdigingressnetworking)
+is configured as `nodeport`, this is the NodePort requested by Installer
+from Kubernetes for the Sysdig collector endpoint.<br />
+**Options**: <br />
+**Default**: `30002`
+**Example**:
+
+```yaml
+sysdig:
+  ingressNetworkingCollectorNodePort: 30002
+```
+
+## **sysdig.license**
+
+**Required**: `true`<br />
+**Description**: Sysdig license provided with the deployment.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  license: replace_with_your_license
+```
+
+## **sysdig.monitorVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of the Sysdig Monitor. **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:<br />
+**Default**: 3.5.1.7018<br />
+**Example**:
+
+```yaml
+sysdig:
+  monitorVersion: 3.5.1.7018
+```
+
+## **sysdig.secureVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of the Sysdig Secure, if this is not
+configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:<br />
+**Default**: 3.5.1.7018<br />
+**Example**:
+
+```yaml
+sysdig:
+  secureVersion: 3.5.1.7018
+```
+
+## **sysdig.sysdigAPIVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of Sysdig API components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:<br />
+**Default**: 3.5.1.7018<br />
+**Example**:
+
+```yaml
+sysdig:
+  sysdigAPIVersion: 3.5.1.7018
+```
+
+## **sysdig.sysdigCollectorVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of Sysdig Collector components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:<br />
+**Default**: 3.5.1.7018<br />
+**Example**:
+
+```yaml
+sysdig:
+  sysdigCollectorVersion: 3.5.1.7018
+```
+
+## **sysdig.sysdigWorkerVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of Sysdig Worker components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+this unless you know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:<br />
+**Default**: 3.5.1.7018<br />
+**Example**:
+
+```yaml
+sysdig:
+  sysdigWorkerVersion: 3.5.1.7018
+```
+
+## **sysdig.enableAlerter**
+
+**Required**: `false`<br />
+**Description**: This creates a separate deployment for Alerters while
+disabling this functionality in workers. **Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  enableAlerter: true
+```
+
+## **sysdig.alertingSystem.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br />
+**Options**:`true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    enabled: true
+```
+
+## **sysdig.alertingSystem.alertManager.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Sysdig Alert Manager jvm.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertManager.apiToken**
+
+**Required**: `false`<br />
+**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifier.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertNotifier.apiToken**
+
+**Required**: `false`<br />
+**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifierReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Replica for the alertNotifier<br />
+**Options**:<br />
+**Default**: small: 1, medium: 3, large: 5<br />
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifierReplicaCount: 3
+```
+
+## **sysdig.alertingSystem.alertManagerReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Replica for the alertManager<br />
+**Options**:<br />
+**Default**: small: 1, medium: 3, large: 5<br />
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManagerReplicaCount: 3
+```
+
+## **sysdig.mysqlHa**
+
+**Required**: `false`<br />
+**Description**: Determines if mysql should run in HA mode.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysqlHa: false
+```
+
+## **sysdig.useMySQL8**
+
+**Required**: `false`<br />
+**Description**: Determines if standalone mysql should run MySQL8.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  useMySQL8: true
+```
+
+## **sysdig.mysqlHaVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of MySQL used for HA.<br />
+**Options**:<br />
+**Default**: 8.0.16.4<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysqlHaVersion: 8.0.16.4
+```
+
+## **sysdig.mysqlHaAgentVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of MySQL Agent used for HA.<br />
+**Options**:<br />
+**Default**: 0.1.1.6<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysqlHaAgentVersion: 0.1.1.6
+```
+
+## **sysdig.mysqlVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of MySQL.<br />
+**Options**:<br />
+**Default**: 5.6.44.0<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysqlVersion: 5.6.44.0
+```
+
+## **sysdig.mysql8Version**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of MySQL8.<br />
+**Options**:<br />
+**Default**: 8.0.16.0<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysqlVersion: 8.0.16.0
+```
+
+## **sysdig.mysql.external**
+
+**Required**: `false`<br />
+**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
+[`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    external: true
+```
+
+## **sysdig.mysql.hostname**
+
+**Required**: `false`<br />
+**Description**: Name of the mySQL host that the sysdig platform components
+should connect to.<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    hostname: mysql.foo.com
+```
+
+## **sysdig.mysql.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames printed out by the `kubectl get node -o name` command. These are the nodes where MySQL hostPath persistent
+volumes should be created on. The number of nodes must be at minimum whatever
+the value of [`sysdig.mysqlReplicaCount`](#sysdigmysqlreplicacount) is. This
+parameter is required if configured
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
+## **sysdig.mysql.maxConnections**
+
+**Required**: `false`<br />
+**Description**: The maximum permitted number of simultaneous client connections.<br />
+**Options**:<br />
+**Default**: `1024`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    maxConnections: 1024
+```
+
+## **sysdig.mysql.password**
+
+**Required**: `false`<br />
+**Description**: The password of the MySQL user that the Sysdig Platform backend
+components will use in communicating with MySQL.<br />
+**Options**:<br />
+**Default**: `mysql-admin`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    user: awesome-user
+```
+
+## **sysdig.mysql.user**
+
+**Required**: `false`<br />
+**Description**: The username of the MySQL user that the Sysdig Platform backend
+components will use in communicating with MySQL.<br />
+_**Note**: Do NOT use `root` user for this value._<br />
+**Options**:<br />
+**Default**: `mysql-admin`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  mysql:
+    user: awesome-user
+```
+
+## **sysdig.natsExporterVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of the Prometheus exporter for NATS.<br />
+**Options**:<br />
+**Default**: 0.9.0.1<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.9.0.1
+```
+
+## **sysdig.natsStreamingVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS streaming.<br />
+**Options**:<br />
+**Default**: 0.22.0.7<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingVersion: 0.22.0.7
+```
+
+## **sysdig.natsStreamingInitVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS streaming init.<br />
+**Options**:<br />
+**Default**: 0.22.0.7<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingInitVersion: 0.22.0.7
+```
+
+## **sysdig.nats.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable NATS deployment for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    enabled: true
+```
+
+## **sysdig.nats.secure.enabled**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming TLS enabled.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+```
+
+## **sysdig.nats.secure.username**
+
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
+**Description**: NATS username<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
+**Description**: NATS password<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
+## **sysdig.nats.ca**
+
+**Required**: `false`<br />
+**Description**: NATS CA<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ca: <base64(ca.pem)>
+```
+
+## **sysdig.nats.cakey**
+
+**Required**: `false`<br />
+**Description**: NATS CA KEY<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    cakey: <base64(ca.pem)>
+```
+
+## **sysdig.nats.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming HA (High Availability) enabled.<br />
+**Options**:<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ha:
+      enabled: false
+```
+
+## **sysdig.nats.urlha**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming URL for HA deployment.<br />
+**Options**:<br />
+**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
+```
+
+## **sysdig.nats.urltls**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming URL for TLS enabled.<br />
+**Options**:<br />
+**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    urltls: nats://sysdigcloud-nats-streaming-tls:4222
+```
+
+## **sysdig.openshiftUrl**
+
+**Required**: `false`<br />
+**Description**: Openshift API url along with its port number, this is
+required if configured `deployment` is `openshift`.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  openshiftUrl: https://api.my-awesome-openshift.com:6443
+```
+
+## **sysdig.openshiftUser**
+
+**Required**: `false`<br />
+**Description**: Username of the user to access the configured
+`sysdig.openshiftUrl`, required if configured `deployment` is `openshift`.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  openshiftUser: bob+alice
+```
+
+## **sysdig.openshiftPassword**
+
+**Required**: `false`<br />
+**Description**: Password of the user(`sysdig.openshiftUser`) to access the
+configured `sysdig.openshiftUrl`, required if configured `deployment` is
+`openshift`.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  openshiftPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.postgresVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Postgres, relevant when configured `apps`
+is `monitor secure` and when `postgres.HA.enabled` is false.<br />
+**Options**:<br />
+**Default**: 10.6.11<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresVersion: 10.6.11
+```
+
+## **sysdig.mysqlToPostgresMigrationVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br />
+**Options**:<br />
+**Default**: 1.2.5-mysql-to-postgres<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+```
+
+## **sysdig.postgresql.rootUser**
+
+**Required**: `false`<br />
+**Description**: Root user of the in-cluster postgresql instance.<br />
+**Options**:<br />
+**Default**: `postgres`<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    rootUser: postgres
+```
+
+## **sysdig.postgresql.rootDb**
+
+**Required**: `false`<br />
+**Description**: Root database of the in-cluster postgresql instance.<br />
+**Options**:<br />
+**Default**: `anchore`<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    rootDb: anchore
+```
+
+## **sysdig.postgresql.rootPassword**
+
+**Required**: `false`<br />
+**Description**: Password for the root user of the in-cluster postgresql instance.<br />
+**Options**:<br />
+**Default**: Autogenerated 16 alphanumeric characters<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    rootPassword: my_root_password
+```
+
+## **sysdig.postgresql.primary**
+
+**Required**: `false`<br />
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+```
+
+## **sysdig.postgresql.external**
+
+**Required**: `false`<br />
+**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+    sysdig:
+      host: my-sysdig-db-external.com
+```
+
+## **sysdig.postgresql.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
+## **sysdig.postgresql.pgParameters**
+
+**Required**: `false`<br />
+**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Options**:<br />
+**Default**: ``<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    pgParameters:
+      max_connections: "1024"
+      shared_buffers: "110MB"
+```
+
+## **sysdig.postgresql.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: true if you want to deploy postgreSQL in HA mode.
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      enabled: true
+```
+
+## **sysdig.postgresql.ha.spiloVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of the postgreSQL node in HA mode.
+**Options**:<br />
+**Default**: `2.0-p7`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      spiloVersion: 2.0-p7
+```
+
+## **sysdig.postgresql.ha.operatorVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
+**Options**:<br />
+**Default**: `v1.6.3`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      operatorVersion: v1.6.3
+```
+
+## **sysdig.postgresql.ha.exporterVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br />
+**Default**: `latest`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      exporterVersion: v0.3
+```
+
+## **sysdig.postgresql.ha.clusterDomain**
+
+**Required**: `false`<br />
+**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
+**Options**:<br />
+**Default**: `cluster.local`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      clusterDomain: cluster.local
+```
+
+## **sysdig.postgresql.ha.replicas**
+
+**Required**: `false`<br />
+**Description**: number of replicas for postgreSQL nodes in HA mode.
+**Options**:<br />
+**Default**: `3`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      replicas: 3
+```
+
+## **sysdig.postgresql.ha.checkCRDs**
+
+**Required**: `false`<br />
+**Description**: Check if zalando pg operator CRDs are already present, if yes stop the installation. If disable the installation will continue to be performed even if the CRDs are present.
+**Options**:<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      checkCRD: true
+```
+
+## **sysdig.postgresql.ha.enableExporter**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      enableExporter: true
+```
+
+## **sysdig.postgresql.ha.migrate.retryCount**
+
+**Required**: `false`<br />
+**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Options**: `true|false`<br />
+**Default**: `3600`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retryCount: 3600
+```
+
+## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
+
+**Required**: `false`<br />
+**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
+**Options**:<br />
+**Default**: `10`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retrySleepSeconds: 10
+```
+
+## **sysdig.postgresql.ha.migrate.retainBackup**
+
+**Required**: `false`<br />
+**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retainBackup: true
+```
+
+## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of the migration job from postgres single node to HA mode.
+**Options**:<br />
+**Default**: `postgres-to-postgres-ha-0.0.4`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        migrationJobImageVersion: v0.1
+```
+
+## **sysdig.postgresql.ha.customTls.enabled**
+
+**Required**: `false`<br />
+**Description**: If set to true will pass to the target pg crd the option to add
+custom certificates and CA
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+        enabled: true
+```
+
+## **sysdig.postgresql.ha.customTls.crtSecretName**
+
+**Required**: `false`<br />
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container certificate and key that will be used in postgres HA for ssl
+NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
+**Options**: `secret-name`<br />
+**Default**: `nil`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+        enabled: true
+        crtSecretName: sysdigcloud-postgres-tls-crt
+```
+
+## **sysdig.postgresql.ha.customTls.caSecretName**
+
+**Required**: `false`<br />
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container the CA certificate that will be used in postgres HA for ssl
+NOTE: the CA certificate file must be called `ca.crt`
+**Options**: `secret-name`<br />
+**Default**: `nil`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+        enabled: true
+        crtSecretName: sysdigcloud-postgres-tls-crt
+        caSecretName: sysdigcloud-postgres-tls-ca
+```
+
+## **sysdig.postgresDatabases.useNonAdminUsers**
+
+**Required**: `false`<br />
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
+```
+
+## **sysdig.postgresDatabases.anchore**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.profiling**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.policies**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.scanning**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.reporting**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.padvisor**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.sysdig**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.serviceOwnerManagement**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    serviceOwnerManagement:
+      host: my-som-db-external.com
+      port: 5432
+      db: som_db
+      username: som_user
+      password: my_som_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.beacon**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    beacon:
+      host: my-beacon-db-external.com
+      port: 5432
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.promBeacon**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    promBeacon:
+      host: my-prom-beacon-db-external.com
+      port: 5432
+      db: prom_beacon_db
+      username: prom_beacon_user
+      password: my_prom_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.quartz**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    quartz:
+      host: my-quartz-db-external.com
+      port: 5432
+      db: quartz_db
+      username: quartz_user
+      password: my_quartz_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.compliance**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    compliance:
+      host: my-compliance-db-external.com
+      port: 5432
+      db: compliance_db
+      username: compliance_user
+      password: my_compliance_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.admissionController**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    admissionController:
+      host: my-admission-controller-db-external.com
+      port: 5432
+      db: admission_controller_db
+      username: admission_controller_user
+      password: my_admission_controller_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.rapidResponse**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-rapid-response-db-external.com
+      port: 5432
+      db: rapid_response_db
+      username: rapid_response_user
+      password: my_rapid_response_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.proxy.defaultNoProxy**
+
+**Required**: `false`<br />
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br />
+**Options**:<br />
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
+```
+
+## **sysdig.proxy.enable**
+
+**Required**: `false`<br />
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br />
+**Options**:<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+```
+
+## **sysdig.proxy.host**
+
+**Required**: `false`<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
+```
+
+## **sysdig.proxy.noProxy**
+
+**Required**: `false`<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Options**:<br />
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
+```
+
+## **sysdig.proxy.password**
+
+**Required**: `false`<br />
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    password: F00B@r!
+```
+
+## **sysdig.proxy.port**
+
+**Required**: `false`<br />
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
+**Options**:<br />
+**Default**: `80`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    port: 3128
+```
+
+## **sysdig.proxy.protocol**
+
+**Required**: `false`<br />
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    protocol: https
+```
+
+## **sysdig.proxy.user**
+
+**Required**: `false`<br />
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  proxy:
+    enable: true
+    user: alice
+```
+
+## **sysdig.slack.client.id**
+
+**Required**: `false`<br />
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br />
+**Options**:<br />
+**Default**: `awesomeclientid`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client:
+      id: 2255883163.123123123534
+```
+
+## **sysdig.slack.client.secret**
+
+**Required**: `false`<br />
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br />
+**Options**:<br />
+**Default**: `awesomeclientsecret`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client:
+      secret: 8a8af18123128acd312d12d12da
+```
+
+## **sysdig.slack.client.scope**
+
+**Required**: `false`<br />
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br />
+**Options**:<br />
+**Default**: `incoming-webhook`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client:
+      scope: incoming-webhook
+```
+
+## **sysdig.slack.client.endpoint**
+
+**Required**: `false`<br />
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br />
+**Options**:<br />
+**Default**: `https://slack.com/oauth/v2/authorize` <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client:
+      endpoint: https://slack.com/oauth/v2/authorize
+```
+
+## **sysdig.slack.client.oauth.endpoint**
+
+**Required**: `false`<br />
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br />
+**Options**:<br />
+**Default**: `https://slack.com/api/oauth.v2.access` <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  slack:
+    client:
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
+```
+
+## **sysdig.saml.certificate.name**
+
+**Required**: `false`<br />
+**Description**: The filename of the certificate that will be used for signing SAML requests.
+The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
+the certificate name used when creating the certificate.<br />
+**Options**:<br />
+**Default**: <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  saml:
+    certificate:
+      name: saml-cert.p12
+```
+
+## **sysdig.saml.certificate.password**
+
+**Required**: `false`<br />
+**Description**: The password required to read the certificate that will be used for signing SAML requests.
+If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br />
+**Options**:<br />
+**Default**: <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  saml:
+    certificate:
+      name: saml-cert.p12
+      password: changeit
+```
+
+## **sysdig.inactivitySettings.trackerEnabled**
+
+**Required**: `false`<br />
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  inactivitySettings:
+    trackerEnabled: true
+```
+
+## **sysdig.inactivitySettings.trackerTimeout**
+
+**Required**: `false`<br />
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br />
+**Options**: `60-1209600`<br />
+**Default**: `1800`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  inactivitySettings:
+    trackerTimeout: 900
+```
+
+## **sysdig.secure.anchore.customCerts**
+
+**Required**: `false`<br />
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br />
+**Options**: `true|false`<br />
+**Default**: false<br />
+**Example**:
+
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
+```yaml
+sysdig:
+  secure:
+    anchore:
+      customCerts: true
+```
+
+## **sysdig.secure.anchore.enableMetrics**
+
+**Required**: `false`<br />
+**Description**:
+Allow Anchore to export prometheus metrics.
+
+**Options**: `true|false`<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    anchore:
+      enableMetrics: true
+```
+
+## **sysdig.redis.deploy **
+
+**Required**: `false`<br />
+**Description**: Determines if redis should be deployed by the installer<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  redis:
+    deploy: false
+```
+
+## **sysdig.redisVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Redis.<br />
+**Options**:<br />
+**Default**: 4.0.12.7<br />
+**Example**:
+
+```yaml
+sysdig:
+  redisVersion: 4.0.12.7
+```
+
+## **sysdig.redisHaVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br />
+**Options**:<br />
+**Default**: 4.0.12-1.0.1<br />
+**Example**:
+
+```yaml
+sysdig:
+  redisHaVersion: 4.0.12-1.0.1
+```
+
+## **sysdig.redisHa**
+
+**Required**: `false`<br />
+**Description**: Determines if redis should run in HA mode<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  redisHa: false
+```
+
+## **sysdig.useRedis6**
+
+**Required**: `false`<br />
+**Description**: Determines if redis should be installed with version 6.x<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  useRedis6: false
+```
+
+## **sysdig.redis6Version**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Redis 6, relevant when configured
+`sysdig.useRedis6` is `true`.<br />
+**Options**:<br />
+**Default**: 6.0.10.1<br />
+**Example**:
+
+```yaml
+sysdig:
+  redis6Version: 6.0.10.1
+```
+
+## **sysdig.redis6SentinelVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Redis Sentinel, relevant when configured
+`sysdig.useRedis6` is `true`.<br />
+**Options**:<br />
+**Default**: 6.0.10.1<br />
+**Example**:
+
+```yaml
+sysdig:
+  redis6SentinelVersion: 6.0.10.1
+```
+
+## **sysdig.redis6ExporterVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
+`sysdig.useRedis6` is `true`.<br />
+**Options**:<br />
+**Default**: 1.15.1.1<br />
+**Example**:
+
+```yaml
+sysdig:
+  redis6ExporterVersion: 1.15.1.1
+```
+
+## **sysdig.useRedisTls**
+
+**Required**: `false`<br />
+**Description**: Determines if legacy Redis env (only present in Monitor) should target _Redis with TLS_ deployed by installer<br /> (**will be deprecated**). Legacy Redis env (es. REDIS_ENDPOINT) will deleted in favor of prefixed Redis env (es. IBM_CACHE_REDIS_ENDPOINT) <br />
+**Options**: true|false<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  useRedisTLS: true
+```
+
+## **redisTls.enabled**
+
+**Required**: `false`<br />
+**Description**: Create _Redis TLS_ secrets for apps using it. When used in conjuction with `redisTls.deploy` also deploys a _Redis with TLS_ and _Sentinel_ support<br />
+**Options**: true|false<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+redisTls:
+  enabled: true
+```
+
+## **redisTls.deploy**
+
+**Required**: `false`<br />
+**Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
+**Options**: true|false<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+redisTls:
+  install: true
+```
+
+## **redisTls.password**
+
+**Required**: `false`<br />
+**Description**: _Redis with TLS_ password<br />
+**Options**:<br />
+**Default**: <br />
+**Example**:
+
+```yaml
+redisTls:
+  password: "yourSecret!"
+```
+
+## **redisTls.ha**
+
+**Required**: `false`<br />
+**Description**: Creates 3 _Redis with TLS_ in replication mode. If `false` only one Redis and Sentinel server will be available<br />
+**Options**: true|false<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+redisTls:
+  ha: true
+```
+
+## **redisTls.version**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Redis, relevant when configured
+`redisTls.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 6.0.10.1<br />
+**Example**:
+
+```yaml
+redisTls:
+  version: 6.0.10.1
+```
+
+## **redisTls.sentinel.version**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Redis Sentinel, relevant when configured
+`redisTls.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 6.0.10.1<br />
+**Example**:
+
+```yaml
+redisTls:
+  sentinel:
+    version: 6.0.10.1
+```
+
+## **redisClientsMonitor**
+
+**Required**: `false`<br />
+**Description**: Setup component connection to a specified Redis for Monitor. Is possible to define on which Redis to connect: _Redis standalone/Redis HA_, _Redis with TLS_ or to an _external Redis_. _Redis standalone/Redis HA_ are defined using `useRedis6` and `redisHa` values. Current available components:
+
+- cache
+- ibmCache
+- common
+- agent
+- metering
+- distributedJobs
+- alerting
+
+A Monitor service can have multiple component [connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343)<br />
+**Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
+**Default**: _Redis standalone/Redis HA_<br />
+**Example**:
+
+If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
+
+```yaml
+redisClientsMonitor:
+  ibmCache:
+    tls: true
+```
+
+If `tls` is `false` the component `ibmCache` continue to use the non TLS solution. This is the default, not needed to specify
+
+```yaml
+redisClientsMonitor:
+  ibmCache:
+    tls: false
+```
+
+Connect the component `ibmCache` to an external Redis
+
+```yaml
+redisClientsMonitor:
+  ibmCache:
+    endpoint: redistls
+    password: "yourSecret!"
+    tls: true
+    sentinel:
+      endpoint: redistls
+```
+
+## **redisClientsSecure**
+
+**Required**: `false`<br />
+**Description**: Setup component connection to a specified Redis for Secure. Is possible to define on which Redis to connect: _Redis standalone/Redis HA_, _Redis with TLS_ or to an external Redis. _Redis standalone/Redis HA_ are defined using `useRedis6` and `redisHa` values. Current available components:
+
+- scanning
+- forensic
+- overview
+- compliance
+- policies
+- netsec
+- padvisor
+
+**Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
+**Default**: _Redis standalone/Redis HA_<br />
+**Example**:
+
+If `tls` is `true` the component `scanning` will use the TLS solution (`redisTls.enabled` to `true` is required)
+
+```yaml
+redisClientsSecure:
+  scanning:
+    tls: true
+```
+
+If `tls` is `false` the component `scanning` continue to use the non TLS solution. This is the default, not needed to specify
+
+```yaml
+redisClientsSecure:
+  scanning:
+    tls: false
+```
+
+Connect the component `scanning` to an external Redis
+
+```yaml
+redisClientsSecure:
+  scanning:
+    endpoint: redistls
+    password: "yourSecret!"
+    tls: true
+    sentinel:
+      endpoint: redistls
+```
+
+If a CA is needed for `scanning` to trust the connection you must add it in the installer path `certs/redis-certs/`. IE most cloud provider Redis aaS doesn't need that
+
+```yaml
+certs/redis-certs/scanning_ca.crt
+```
+
+## **sysdig.resources.cassandra.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to cassandra pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    cassandra:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.cassandra.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to cassandra pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    cassandra:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.cassandra.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule cassandra pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    cassandra:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.cassandra.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule cassandra pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 8Gi      |
+| medium       | 8Gi      |
+| large        | 8Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    cassandra:
+      requests:
+        memory: 8Gi
+```
+
+## **sysdig.resources.elasticsearch.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to elasticsearch pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    elasticsearch:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.elasticsearch.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to elasticsearch pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    elasticsearch:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.elasticsearch.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule elasticsearch pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    elasticsearch:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.elasticsearch.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule elasticsearch pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    elasticsearch:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.mysql-router.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to mysql-router pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql-router:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.mysql-router.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to mysql-router pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql-router:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.mysql-router.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule mysql-router pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql-router:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.mysql-router.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule mysql-router pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql-router:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.mysql.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to mysql pods<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.mysql.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to mysql pods<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.mysql.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule mysql pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.mysql.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule mysql pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    mysql:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.postgresql.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to postgresql pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    postgresql:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.postgresql.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to postgresql pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 8Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    postgresql:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.postgresql.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule postgresql pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    postgresql:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.postgresql.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule postgresql pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    postgresql:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.redis.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to redis pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.redis.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to redis pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.redis.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule redis pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.redis.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule redis pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.redis-sentinel.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to redis-sentinel pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-sentinel.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to redis-sentinel pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.redis-sentinel.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-sentinel.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule redis-sentinel pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.redis-sentinel.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to redis-sentinel pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-sentinel.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to redis-sentinel pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.redis-sentinel.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.redis-sentinel.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule redis-sentinel pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.timescale-adapter.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to timescale-adapter containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    timescale-adapter:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.timescale-adapter.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to timescale-adapter containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    timescale-adapter:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.timescale-adapter.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    timescale-adapter:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.timescale-adapter.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule timescale-adapter containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    timescale-adapter:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    ingressControllerHaProxy:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.ingressControllerHaProxy.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    ingressControllerHaProxy:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 100m     |
+| large        | 100m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    ingressControllerHaProxy:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.ingressControllerHaProxy.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    ingressControllerHaProxy:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 125m   |
+| medium       | 250m   |
+| large        | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    ingressControllerRsyslog:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.ingressControllerRsyslog.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 50Mi   |
+| medium       | 100Mi  |
+| large        | 100Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    ingressControllerRsyslog:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    ingressControllerRsyslog:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.ingressControllerRsyslog.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 20Mi     |
+| medium       | 20Mi     |
+| large        | 20Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    ingressControllerRsyslog:
+      requests:
+        memory: 500Mi
+```
+
+## **sysdig.resources.api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to api containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to api containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    api:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule api containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    api:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule api containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    api:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.apiNginx.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to nginx containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    apiNginx:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.apiNginx.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to nginx containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    apiNginx:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.apiNginx.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule nginx containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    apiNginx:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.apiNginx.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule nginx containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    apiNginx:
+      requests:
+        memory: 100Mi
+```
+
+## **sysdig.resources.apiEmailRenderer.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to email-renderer containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    apiEmailRenderer:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.apiEmailRenderer.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to email-renderer containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    apiEmailRenderer:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.apiEmailRenderer.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    apiEmailRenderer:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.apiEmailRenderer.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule email-renderer containers in api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    apiEmailRenderer:
+      requests:
+        memory: 100Mi
+```
+
+## **sysdig.resources.worker.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    worker:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.worker.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    worker:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.worker.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    worker:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.worker.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    worker:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.alerter.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.alerter.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.alerter.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.alerter.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.collector.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to collector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.collector.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to collector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.collector.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule collector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.collector.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule collector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.anchore-core.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to anchore-core pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-core:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.anchore-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to anchore-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.anchore-catalog.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to anchore-catalog pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-catalog:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.anchore-policy-engine.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to anchore-policy-engine pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-policy-engine:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.anchore-core.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to anchore-core pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-core:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.anchore-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to anchore-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-api:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.anchore-catalog.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to anchore-catalog pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-catalog:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.anchore-policy-engine.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to anchore-policy-engine pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-policy-engine:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.anchore-core.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule anchore-core pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-core:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule anchore-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-api:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-catalog.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule anchore-catalog pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-catalog:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-policy-engine.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-policy-engine:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-core.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule anchore-core pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-core:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.anchore-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule anchore-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-api:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.anchore-catalog.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule anchore-catalog pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-catalog:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.anchore-policy-engine.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule anchore-policy-engine pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-policy-engine:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.anchore-worker.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to anchore-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-worker.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to anchore-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.anchore-worker.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule anchore-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.anchore-worker.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule anchore-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    anchore-worker:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.scanning-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanning-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanning-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.scanning-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanning-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanning-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-api:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.scanningalertmgr.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningalertmgr pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.scanningalertmgr.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.scanningalertmgr.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningalertmgr:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-retention-mgr:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-retention-mgr:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-retention-mgr:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-retention-mgr:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.secure.scanning.retentionMgr.cronjob**
+
+**Required**: `false`<br />
+**Description**: Retention manager Cronjob<br />
+**Options**:<br />
+**Default**: "0 3 \* \* \*"<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
+```
+
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+
+**Required**: `false`<br />
+**Description**: Max execution duration for the retention policy<br />
+**Options**:<br />
+**Default**: 23h<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
+```
+
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+
+**Required**: `false`<br />
+**Description**: Grace period for the retention policy<br />
+**Options**:<br />
+**Default**: 168h<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
+```
+
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+
+**Required**: `false`<br />
+**Description**: Artifical delay after each image deletion<br />
+**Options**:<br />
+**Default**: 1s<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
+```
+
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+
+**Required**: `false`<br />
+**Description**: Scanning GRPC endpoint<br />
+**Options**:<br />
+**Default**: sysdigcloud-scanning-api:6000<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+```
+
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+
+**Required**: `false`<br />
+**Description**: Scanning DB engine<br />
+**Options**:<br />
+**Default**: mysql<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
+```
+
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
+
+**Required**: `false`<br />
+**Description**: Default value for the date policy<br />
+**Options**:<br />
+**Default**: 90<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
+```
+
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+
+**Required**: `false`<br />
+**Description**: Default value for the tags policy<br />
+**Options**:<br />
+**Default**: 5<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
+
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+
+**Required**: `false`<br />
+**Description**: Default value for the digests policy<br />
+**Options**:<br />
+**Default**: 5<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
+```
+
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 500m   |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-ve-janitor:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-ve-janitor:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-ve-janitor:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanning-ve-janitor:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to admission-controller-api containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApi:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to admission-controller-api containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApi:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule admission-controller-api containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApi:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule admission-controller-api containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    admission-controller-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to admission-controller-api PG
+migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to admission-controller-api PG
+migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 256Mi  |
+| medium       | 256Mi  |
+| large        | 256Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        memory: 256Mi
+```
+
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule admission-controller-api
+PG migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      requests:
+        cpu: 100m
+```
+
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule admission-controller-api
+PG migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    admission-controller-api-pg-migrate:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.reporting-init.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to reporting-init pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-init:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.reporting-init.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to reporting-init pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-init:
+      limits:
+        memory: 256Mi
+```
+
+## **sysdig.resources.reporting-init.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule reporting-init pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-init:
+      requests:
+        cpu: 100m
+```
+
+## **sysdig.resources.reporting-init.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule reporting-init pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-init:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.reporting-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to reporting-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1500m    |
+| medium       | 1500m    |
+| large        | 1500m    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-api:
+      limits:
+        cpu: 1500m
+```
+
+## **sysdig.resources.reporting-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to reporting-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1536Mi   |
+| medium       | 1536Mi   |
+| large        | 1536Mi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-api:
+      limits:
+        memory: 1536Mi
+```
+
+## **sysdig.resources.reporting-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule reporting-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-api:
+      requests:
+        cpu: 200m
+```
+
+## **sysdig.resources.reporting-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule reporting-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-api:
+      requests:
+        memory: 256Mi
+```
+
+## **sysdig.resources.reporting-worker.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to reporting-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2        |
+| medium       | 2        |
+| large        | 2        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-worker:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.reporting-worker.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to reporting-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 16Gi     |
+| medium       | 16Gi     |
+| large        | 16Gi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-worker:
+      limits:
+        memory: 16Gi
+```
+
+## **sysdig.resources.reporting-worker.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule reporting-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-worker:
+      requests:
+        cpu: 200m
+```
+
+## **sysdig.resources.reporting-worker.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule reporting-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 10Gi     |
+| medium       | 10Gi     |
+| large        | 10Gi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    reporting-worker:
+      requests:
+        memory: 10Gi
+```
+
+## **sysdig.secure.scanning.reporting.debug**
+
+**Required**: `false`<br />
+**Description**: Enable logging at debug level<br />
+**Options**:<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        debug: false
+```
+
+## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
+
+**Required**: `false`<br />
+**Description**: Reporting GRPC endpoint<br />
+**Options**:<br />
+**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
+```
+
+## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
+
+**Required**: `false`<br />
+**Description**: Scanning GRPC endpoint<br />
+**Options**:<br />
+**Default**: sysdigcloud-scanning-api:6000<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+```
+
+## **sysdig.secure.scanning.reporting.storageDriver**
+
+**Required**: `false`<br />
+**Description**: Storage kind for generated reports<br />
+**Options**: postgres, fs, s3<br />
+**Default**: postgres<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageDriver: postgres
+```
+
+## **sysdig.secure.scanning.reporting.storageCompression**
+
+**Required**: `false`<br />
+**Description**: Compression format for generated reports<br />
+**Options**: zip, gzip, none<br />
+**Default**: zip<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageCompression: zip
+```
+
+## **sysdig.secure.scanning.reporting.storageFsDir**
+
+**Required**: `false`<br />
+**Description**: The directory where reports will saved (required when using `fs` driver)<br />
+**Options**: <br />
+**Default**: .<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageFsDir: /reports
+```
+
+## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
+
+**Required**: `false`<br />
+**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br />
+**Options**: <br />
+**Default**: 1<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storagePostgresRetentionDays: 1
+```
+
+## **sysdig.secure.scanning.reporting.storageS3Bucket**
+
+**Required**: `false`<br />
+**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3Bucket: secure-scanning-reporting
+```
+
+## **sysdig.secure.scanning.reporting.storageS3Prefix**
+
+**Required**: `false`<br />
+**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3Prefix: reports
+```
+
+## **sysdig.secure.scanning.reporting.storageS3Endpoint**
+
+**Required**: `false`<br />
+**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3Endpoint: s3.example.com
+```
+
+## **sysdig.secure.scanning.reporting.storageS3Region**
+
+**Required**: `false`<br />
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3Region: us-east-1
+```
+
+## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
+
+**Required**: `false`<br />
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
+```
+
+## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
+
+**Required**: `false`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+```
+
+## **sysdig.secure.scanning.reporting.workerSleepTime**
+
+**Required**: `false`<br />
+**Description**: The sleep interval between two runs of the reporting worker<br />
+**Options**: <br />
+**Default**: 120s<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        workerSleepTime: 120s
+```
+
+## **sysdig.resources.policy-advisor.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to policy-advisor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    policy-advisor:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.policy-advisor.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to policy-advisor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    policy-advisor:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.policy-advisor.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule policy-advisor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    policy-advisor:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.policy-advisor.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule policy-advisor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    policy-advisor:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.netsec-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to netsec-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.netsec-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to netsec-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.netsec-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule netsec-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-api:
+      requests:
+        cpu: 300m
+```
+
+## **sysdig.resources.netsec-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule netsec-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-api:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.resources.netsec-ingest.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to netsec-ingest pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.netsec-ingest.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to netsec-ingest pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 4Gi
+```
+
+## **sysdig.resources.netsec-ingest.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.netsec-ingest.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.netsec-janitor.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to netsec-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.netsec-janitor.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to netsec-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.netsec-janitor.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      requests:
+        cpu: 1
+```
+
+## **sysdig.resources.netsec-janitor.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule netsec-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.resources.nats-streaming.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.nats-streaming.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.nats-streaming.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.nats-streaming.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.resources.activity-audit-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to activity-audit-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.activity-audit-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to activity-audit-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule activity-audit-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-worker.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.activity-audit-worker.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to activity-audit-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-worker.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-worker.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to profiling-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.profiling-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to profiling-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule profiling-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule profiling-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-worker.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to profiling-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.profiling-worker.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to profiling-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-worker.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule profiling-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-worker.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule profiling-worker pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.secure-overview-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to secure-overview-api containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-overview-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to secure-overview-api containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.secure-overview-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-overview-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule secure-overview-api containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
+```
+
+## **sysdig.resources.secure-prometheus.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to secure-prometheus containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-prometheus.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to secure-prometheus containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.secure-prometheus.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-prometheus.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule secure-prometheus containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.events-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to events-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to events-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule events-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule events-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-gatherer.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to events-gatherer pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.events-gatherer.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to events-gatherer pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.events-gatherer.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule events-gatherer pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-gatherer.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule events-gatherer pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to events-dispatcher pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-dispatcher.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to events-dispatcher pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-dispatcher.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule events-dispatcher pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to events-forwarder-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to events-forwarder pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to events-forwarder pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule events-forwarder pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule events-forwarder pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-janitor.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to events-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-janitor.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to events-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.events-janitor.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule events-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-janitor.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule events-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+
+**Required**: `false`<br />
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br />
+**Options**:<br />
+**Default**: 8.34.0.7<br />
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+
+**Required**: `Conditional - True if smptServer is configured`<br />
+**Description**: Email address to use for the FROM field of sent emails.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+
+**Required**: `false`<br />
+**Description**: Password for the configured `sysdig.smtpUser`.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+
+**Required**: `false`<br />
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br />
+**Options**: `true|false` <br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+
+**Required**: `false`<br />
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br />
+**Options**: `true|false` <br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+
+**Required**: `false`<br />
+**Description**: SMTP server to use to send emails<br />
+**Options**: <br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+
+**Required**: `false`<br />
+**Description**: Port of the configured `sysdig.smtpServer`<br />
+**Options**: `1-65535`<br />
+**Default**: `25`<br />
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br />
+```
+
+## **sysdig.smtpUser**
+
+**Required**: `false`<br />
+**Description**: User for the configured `sysdig.smtpServer`<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br />
+```
+
+## **sysdig.tolerations**
+
+**Required**: `false`<br />
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 5
+```
+
+## **sysdig.anchoreAPIReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig Anchore API replicas, this is a noop for
+clusters of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreAPIReplicaCount: 4
+```
+
+## **sysdig.anchoreCatalogReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
+clusters of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCatalogReplicaCount: 4
+```
+
+## **sysdig.anchorePolicyEngineReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
+clusters of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchorePolicyEngineReplicaCount: 4
+```
+
+## **sysdig.anchoreWorkerReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig Anchore Worker replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreWorkerReplicaCount: 5
+```
+
+## **sysdig.apiReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  apiReplicaCount: 5
+```
+
+## **sysdig.cassandraReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandraReplicaCount: 20
+```
+
+## **sysdig.collectorReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  collectorReplicaCount: 7
+```
+
+## **sysdig.activityAuditWorkerReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Activity Audit Worker replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditWorkerReplicaCount: 20
+```
+
+## **sysdig.activityAuditApiReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Activity Audit API replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditApiReplicaCount: 20
+```
+
+## **sysdig.policyAdvisorReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Policy Advisor replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  policyAdvisorReplicaCount: 20
+```
+
+## **sysdig.scanningAdmissionControllerAPIReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of scanning Admission Controller API replicas, this is
+a noop for clusters of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningAdmissionControllerAPIReplicaCount: 1
+```
+
+## **sysdig.netsecApiReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Netsec API replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecApiReplicaCount: 1
+```
+
+## **sysdig.netsecIngestReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Netsec Ingest replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecIngestReplicaCount: 1
+```
+
+## **sysdig.netsecCommunicationShards**
+
+**Required**: `false`<br />
+**Description**: Number of Netsec communications index shards.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 9     |
+| large        | 15    |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecCommunicationShards: 5
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Anchore Core replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 2
+```
+
+## **sysdig.scanningApiReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Scanning API replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningApiReplicaCount: 3
+```
+
+## **sysdig.elasticsearchReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchReplicaCount: 20
+```
+
+## **sysdig.workerReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  workerReplicaCount: 7
+```
+
+## **sysdig.alerterReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
+## **sysdig.eventsGathererReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsGathererReplicaCount: 2
+```
+
+## **sysdig.eventsAPIReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsAPIReplicaCount: 1
+```
+
+## **sysdig.eventsDispatcherReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsDispatcherReplicaCount: 1
+```
+
+## **sysdig.eventsForwarderReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderReplicaCount: 2
+```
+
+## **sysdig.eventsForwarderAPIReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderAPIReplicaCount: 1
+```
+
+## **sysdig.admin.username**
+
+**Required**: `true`<br />
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
+```
+
+## **sysdig.admin.password**
+
+**Required**: `false`<br />
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    password: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.api.enabled**
+
+**Required**: `false`<br />
+**Description**: Enables Sysdig API component<br />
+**Options**:`true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  api:
+    enabled: true
+```
+
+## **sysdig.api.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Sysdig API jvm.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+```
+
+## **sysdig.certificate.generate**
+
+**Required**: `false`<br />
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    generate: true
+```
+
+## **sysdig.certificate.crt**
+
+**Required**: `false`<br />
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br />
+**Options**:<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    crt: certs/server.crt
+```
+
+## **sysdig.certificate.key**
+
+**Required**: `false`<br />
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br />
+**Options**:<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    key: certs/server.key
+```
+
+## **sysdig.collector.enabled**
+
+**Required**: `false`<br />
+**Description**: Enables Sysdig Collector component<br />
+**Options**:`true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    enabled: true
+```
+
+## **sysdig.collector.dnsName**
+
+**Required**: `false`<br />
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
+```
+
+## **sysdig.collector.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Sysdig collector jvm.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.collector.certificate.generate**
+
+**Required**: `false`<br />
+**Description**: This determines if Installer should generate self-signed<br />
+certificates for the domain configured in `sysdig.collector.dnsName`.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      generate: true
+```
+
+## **sysdig.collector.certificate.crt**
+
+**Required**: `false`<br />
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
+```
+
+## **sysdig.collector.certificate.key**
+
+**Required**: `false`<br />
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
+```
+
+## **sysdig.worker.enabled**
+
+**Required**: `false`<br />
+**Description**: Enables Sysdig Worker component<br />
+**Options**:`true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    enabled: true
+```
+
+## **sysdig.worker.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Sysdig worker jvm.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Sysdig Alerter jvm.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **agent.apiKey**
+
+**Required**: `false`<br />
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br />
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+agent:
+  apiKey: replace_with_your_monitor_access_key
+```
+
+## **agent.appChecks.settings.limit**
+
+**Required**: `false`<br />
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    settings:
+      limit: 1500
+```
+
+## **agent.collectorEndpoint**
+
+**Required**: `false`<br />
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
+```
+
+## **agent.collectorPort**
+
+**Required**: `false`<br />
+**Description**: Sysdig Colletor TCP Port.<br />
+**Options**: `1024-65535`<br />
+**Default**: `6443`<br />
+**Example**:
+
+```yaml
+agent:
+  collectorPort: 6443
+```
+
+## **agent.namespace**
+
+**Required**: `false`<br />
+**Description**: A kubernetes namespace for setting up the agent in.<br />
+**Options**: <br />
+**Default**: `agent`<br />
+**Example**:
+
+```yaml
+agent:
+  namespace: sysdig-agent
+```
+
+## **agent.useSlim**
+
+**Required**: `false`<br />
+**Description**: Whether to use the slim version of agent or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  useSlim: true
+```
+
+## **agent.version**
+
+**Required**: `false`<br />
+**Description**: Version of agent to install.<br />
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br />
+**Options**: <br />
+**Default**: `latest`<br />
+**Example**:
+
+```yaml
+agent:
+  version: 1.10.1
+```
+
+## **agent.useSSL**
+
+**Required**: `false`<br />
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+agent:
+  useSSL: false
+```
+
+## **agent.verifySSL**
+
+**Required**: `false`<br />
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br />
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  verifySSL: false
+```
+
+## **agent.clusterName**
+
+**Required**: `false`<br />
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br />
+**Options**: <br />
+**Default**: `production`<br />
+**Example**:
+
+```yaml
+agent:
+  clusterName: false
+```
+
+## **agent.tags**
+
+**Required**: `false`<br />
+**Description**: List of user-provided metadata at agent level.<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  tags: environment:production linux:ubuntu
+```
+
+## **agent.capturesEnabled**
+
+**Required**: `false`<br />
+**Description**: TBD.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+agent:
+  capturesEnabled: false
+```
+
+## **agent.feature_mode**
+
+**Required**: `false`<br />
+**Description**: TBD.<br />
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br />
+**Default**: `monitor`<br />
+**Example**:
+
+```yaml
+agent:
+  feature_mode: troubleshooting
+```
+
+## **agent.timezone**
+
+**Required**: `false`<br />
+**Description**: Set daemonset timezone.<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  timezone: America/New_York.
+```
+
+## **agent.proxy.httpProxy**
+
+**Required**: `false`<br />
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
+```
+
+## **agent.proxy.httpsProxy**
+
+**Required**: `false`<br />
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
+```
+
+## **agent.proxy.noProxy**
+
+**Required**: `false`<br />
+**Description**: A space-separated list of URLs for which no proxy should be used.<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
+```
+
+## **agent.snaplenPortRange.start**
+
+**Required**: `false`<br />
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br />
+_**Note**: This should only be set if you push a lot of statsd metrics._<br />
+**Options**: <br />
+**Default**: `0`<br />
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.snaplenPortRange.end**
+
+**Required**: `false`<br />
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br />
+_**Note**: This should only be set if you push a lot of statsd metrics._<br />
+**Options**: <br />
+**Default**: `0`<br />
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.customKernelModules.enabled**
+
+**Required**: `false`<br />
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  customKernelModules:
+    enabled: true
+```
+
+## **agent.secure.enabled**
+
+**Required**: `false`<br />
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  secure:
+    enabled: true
+```
+
+## **agent.secure.commandLineCapturesEnabled**
+
+**Required**: `false`<br />
+**Description**: Whether you want to enable Command Line Captures or not.<br />
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+agent:
+  secure:
+    commandLineCapturesEnabled: true
+```
+
+## **agent.secure.memoryDumpEnabled**
+
+**Required**: `false`<br />
+**Description**: Whether you want to enable Memory Dump or not.<br />
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+agent:
+  secure:
+    memoryDumpEnabled: true
+```
+
+## **agent.secure.settings.k8sAuditServerURL**
+
+**Required**: `false`<br />
+**Description**: Kubernetes Audit Server URL.<br />
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br />
+**Options**: <br />
+**Default**: `0.0.0.0`<br />
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
+```
+
+## **agent.secure.settings.k8sAuditServerPort**
+
+**Required**: `false`<br />
+**Description**: Kubernetes Audit Server Port.<br />
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br />
+**Options**: `1024-65535`<br />
+**Default**: `7765`<br />
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
+```
+
+## **agent.prometheus.enabled**
+
+**Required**: `false`<br />
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    enabled: true
+```
+
+## **agent.prometheus.settings.interval**
+
+**Required**: `false`<br />
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br />
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
+**Options**: <br />
+**Default**: `10`<br />
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      interval: 30
+```
+
+## **agent.prometheus.settings.logErrors**
+
+**Required**: `false`<br />
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br />
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      logErrors: true
+```
+
+## **agent.prometheus.settings.maxMetrics**
+
+**Required**: `false`<br />
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br />
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
+**Options**: <br />
+**Default**: `3000`<br />
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
+```
+
+## **agent.prometheus.settings.maxMetricsPerProcess**
+
+**Required**: `false`<br />
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br />
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
+**Options**: <br />
+**Default**: `3000`<br />
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
+```
+
+## **agent.prometheus.settings.maxTagsPerMetric**
+
+**Required**: `false`<br />
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br />
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
+**Options**: <br />
+**Default**: `40`<br />
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
+```
+
+## **agent.prometheus.settings.histograms**
+
+**Required**: `false`<br />
+**Description**: Whether the Agent should scrape and report histogram metrics.<br />
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
+
+## **agent.statsd.enabled**
+
+**Required**: `false`<br />
+**Description**: Whether to enable ingestion of statsd metrics or not.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    enabled: true
+```
+
+## **agent.statsd.settings.limit**
+
+**Required**: `false`<br />
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br />
+**Options**: <br />
+**Default**: `100`<br />
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    settings:
+      limit: 1000
+```
+
+## **agent.jmx.enabled**
+
+**Required**: `false`<br />
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    enabled: true
+```
+
+## **agent.jmx.settings.limit**
+
+**Required**: `false`<br />
+**Description**: The total number of JMX metrics polled per host.<br />
+**Options**: <br />
+**Default**: `3000`<br />
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    settings:
+      limit: 1000
+```
+
+## **agent.ebpf.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br />
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    enabled: true
+```
+
+## **agent.ebpf.settings.mountEtcVolume**
+
+**Required**: `false`<br />
+**Description**: Needed to detect which kernel version are running in Google COS.<br />
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
+```
+
+## **agent.appChecks.elasticsearch.authEnabled**
+
+**Required**: `false`<br />
+**Description**: Whether elasticsearch has auth enabled or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
+```
+
+## **agent.appChecks.elasticsearch.url**
+
+**Required**: `false`<br />
+**Description**: Elasticsearch Endpoint.<br />
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
+```
+
+## **agent.appChecks.elasticsearch.port**
+
+**Required**: `false`<br />
+**Description**: Elasticsearch Port.<br />
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br />
+**Options**: `1024-65535`<br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
+```
+
+## **agent.appChecks.elasticsearch.username**
+
+**Required**: `false`<br />
+**Description**: Username to use for authentication to elasticsearch.<br />
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
+```
+
+## **agent.appChecks.elasticsearch.password**
+
+**Required**: `false`<br />
+**Description**: Password to use for authentication to elasticsearch.<br />
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
+```
+
+## **agent.appChecks.elasticsearch.verifySSL**
+
+**Required**: `false`<br />
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br />
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br />
+**Options**: `true|false`<br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
+```
+
+## **agent.appChecks.kafka.enabled**
+
+**Required**: `false`<br />enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enabled: true
+```
+
+## **agent.appChecks.kafka.arg**
+
+**Required**: `false`<br />enabled
+**Description**: Process arguments to match for Kafka<br />
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
+```
+
+## **agent.appChecks.kafka.url**
+
+**Required**: `false`<br />
+**Description**: Kafka Endpoint.<br />
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
+```
+
+## **agent.appChecks.kafka.port**
+
+**Required**: `false`<br />
+**Description**: Kafka Port.<br />
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br />
+**Options**: `1024-65535`<br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      port: 9200
+```
+
+## **agent.appChecks.kafka.zk.url**
+
+**Required**: `false`<br />
+**Description**: Kafka Zookeeper Endpoint.<br />
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
+```
+
+## **agent.appChecks.kafka.zk.port**
+
+**Required**: `false`<br />
+**Description**: Kafka Zookeeper Port.<br />
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br />
+**Options**: `1024-65535`<br />
+**Default**: <br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
+```
+
+## **agent.appChecks.kafka.enableConsumerOffsets**
+
+**Required**: `false`<br />enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
+```
+
+## **agent.appChecks.kafka.enableAggregationPartitions**
+
+**Required**: `false`<br />enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
+```
+
+## **agent.appChecks.mysql.enabled**
+
+**Required**: `false`<br />
+**Description**: Whether to enable mysql app check.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    mysql:
+      enabled: true
+```
+
+## **agent.appChecks.mysql.hostname**
+
+**Required**: `false`<br />
+**Description**: Name of the mySQL host that the agent should connect to.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
+```
+
+## **agent.appChecks.mysql.user**
+
+**Required**: `false`<br />
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    mysql:
+      user: mysql-user
+```
+
+## **agent.appChecks.mysql.password**
+
+**Required**: `false`<br />
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    mysql:
+      password: mysql-password
+```
+
+## **agent.resources.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to agent pods.<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    limits:
+      cpu: 2
+```
+
+## **agent.resources.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to agent pods.<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    limits:
+      memory: 2
+```
+
+## **agent.resources.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule agent pods.<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    requests:
+      cpu: 2
+```
+
+## **agent.resources.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule agent pods.<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    requests:
+      memory: 2
+```
+
+## **agent.resources.watchdog.max_memory_usage_mb**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
+```
+
+## **agent.resources.watchdog.cointerface**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
+
+**Example**:
+
+```yaml
+agent:
+  resources:
+    watchdog:
+      cointerface: 1024
+```
+
+## **sysdig.eventsForwarderEnabledIntegrations**
+
+**Required**: `false`<br />
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br />
+**Options**:<br />
+**Default**: ""<br />
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+```
+
+## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
+
+**Required**: `false`<br />
+**Description**: Max duration after the last ping from an AC before it is considered
+disconnected. It cannot be greater than 30m. See also pingTTLDuration<br />
+**Options**:<br />
+**Default**: 10m<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        maxDurationBeforeDisconnection: 20m
+```
+
+## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
+
+**Required**: `false`<br />
+**Description**: TTL of the cache for the cluster configuration. It should be
+used by the AC as polling interval to retrieve the updated cluster configuration
+from the API. It cannot be greater than 30m<br />
+**Options**:<br />
+**Default**: 5m<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        confTTLDuration: 10m
+```
+
+## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
+
+**Required**: `false`<br />
+**Description**: TTL of an AC ping. It should be used by the AC as polling
+interval to perform a HEAD on the ping endpoint to notify it's still alive and
+connected. It cannot be greater than 30m and it cannot be greater than
+maxDurationBeforeDisconnection<br />
+**Options**:<br />
+**Default**: 5m<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        pingTTLDuration: 8m
+```
+
+## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
+
+**Required**: `false`<br />
+**Description**: Max duration of the cluster configuration cache. The API returns
+this value as max-age in seconds and the FE uses it for caching the cluster
+configuration. FE also asks for a new cluster configuration using this value
+as time interval. It cannot be greater than 30m<br />
+**Options**:<br />
+**Default**: 5m<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        clusterConfCacheMaxDuration: 9m
+```
+
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+
+**Required**: `false`<br />
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br />
+**Options**:<br />
+**Default**: "5"<br />
+**Example**:
+
+```yaml
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
+```
+
+## **sysdig.scanningAlertMgrForceAutoScan**
+
+**Required**: `false`<br />
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br />
+**Options**:<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  scanningAlertMgrForceAutoScan: false
+```
+
+## **sysdig.secure.scanning.veJanitor.cronjob**
+
+**Required**: `false`<br />
+**Description**: Cronjob schedule<br />
+**Options**:<br />
+**Default**: "0 0 \* \* \*"<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
+```
+
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+
+**Required**: `false`<br />
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br />
+**Options**:<br />
+**Default**: "disable"<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
+```
+
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+
+**Required**: `false`<br />
+**Description**: which scanning database engine to use. <br />
+**Options**: mysql<br />
+**Default**: "mysql"<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
+```
+
+## **sysdig.metadataService.enabled**
+
+**Required**: `false`<br />
+**Description**: Whether to enable metadata-service or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  metadataService:
+    enabled: true
+```
+
+## **sysdig.metadataService.operatorEnabled**
+
+**Required**: `false`<br />
+**Description**: Whether to enable metadata-service-operator or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:`true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  metadataService:
+    operatorEnabled: true
+```
+
+## **sysdig.resources.metadataService.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to metadataService pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.metadataService.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to metadataService pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.metadataService.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule metadataService pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.metadataService.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule metadataService pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.mdsDeploymentCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig metadataService deployment replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  mdsDeploymentCount: 2
+```
+
+## **sysdig.mdsOperatorReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig metadataService operator replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  mdsOperatorReplicaCount: 2
+```
+
+## **sysdig.mdsPodCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig metadataService pod count, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 4     |
+| large        | 8     |
+
+**Example**:
+
+```yaml
+sysdig:
+  mdsPodCount: 2
+```
+
+## **sysdig.MdsOperatorVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.operatorEnabled` is `true`.<br />
+**Options**:<br />
+**Default**: 1.0.1.1<br />
+**Example**:
+
+```yaml
+sysdig:
+  mdsOperatorVersion: 1.0.1.5
+```
+
+## **sysdig.helmRenderer.enabled**
+
+**Required**: `false`<br />
+**Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  helmRenderer:
+    enabled: true
+```
+
+## **sysdig.resources.helmRenderer.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to helmRenderer pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.helmRenderer.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to helmRenderer pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.helmRenderer.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule helmRenderer pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.helmRenderer.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule helmRenderer pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.helmRendererReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  helmRendererReplicaCount: 1
+```
+
+## **sysdig.helmRendererVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 1.0.296<br />
+**Example**:
+
+```yaml
+sysdig:
+  helmRendererVersion: 1.0.296
+```
+
+## **sysdig.secure.activityAudit.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable activity audit for Sysdig secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    activityAudit:
+      enabled: true
+```
+
+## **sysdig.secure.activityAudit.janitor.retentionDays**
+
+**Required**: `false`<br />
+**Description**: Retention period for Activity Audit data.<br />
+**Options**:<br />
+**Default**: 90<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    activityAudit:
+      janitor:
+        retentionDays: 90
+```
+
+## **sysdig.secure.events.janitor.policiesRetentionDays**
+
+**Required**: `false`<br />
+**Description**: Retention period for Policy Events.<br />
+**Options**:<br />
+**Default**: 90<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      janitor:
+        policiesRetentionDays: 90
+```
+
+## **sysdig.secure.events.janitor.scanningRetentionDays**
+
+**Required**: `false`<br />
+**Description**: Retention period for Scanning Events.<br />
+**Options**:<br />
+**Default**: 90<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      janitor:
+        scanningRetentionDays: 90
+```
+
+## **sysdig.secure.events.janitor.benchmarksRetentionDays**
+
+**Required**: `false`<br />
+**Description**: Retention period for Benchmarks Events.<br />
+**Options**:<br />
+**Default**: 365<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      janitor:
+        benchmarksRetentionDays: 365
+```
+
+## **sysdig.secure.events.janitor.complianceRetentionDays**
+
+**Required**: `false`<br />
+**Description**: Retention period for Compliance Events.<br />
+**Options**:<br />
+**Default**: 90<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      janitor:
+        complianceRetentionDays: 90
+```
+
+## **sysdig.secure.events.janitor.profilingDetectionRetentionDays**
+
+**Required**: `false`<br />
+**Description**: Retention period for Profiling-Detection Events.<br />
+**Options**:<br />
+**Default**: 90<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      janitor:
+        profilingDetectionRetentionDays: 90
+```
+
+## **sysdig.secure.anchore.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable anchore for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    anchore:
+      enabled: true
+```
+
+## **sysdig.secure.compliance.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable compliance for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    compliance:
+      enabled: true
+```
+
+## **sysdig.secure.compliance.benchmarks.readFromCompIndex**
+
+**Required**: `false`<br />
+**Description**: Fetch benchmarks reports from Compliance v2 Index.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    compliance:
+      benchmarks:
+        readFromCompIndex: true
+```
+
+## **sysdig.secure.compliance.benchmarks.writeToCompIndex**
+
+**Required**: `false`<br />
+**Description**: Write benchmarks events to new Compliance Index for Compliance v2. Current Benchmarks index will be deprecated soon <br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    compliance:
+      benchmarks:
+        writeToCompIndex: false
+```
+
+## **sysdig.secure.netsec.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable netsec for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    netsec:
+      enabled: true
+```
+
+## **sysdig.secure.overview.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable overview for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    overview:
+      enabled: true
+```
+
+## **sysdig.secure.padvisor.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable policy advisor for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    padvisor:
+      enabled: true
+```
+
+## **sysdig.secure.profiling.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable profiling for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    profiling:
+      enabled: true
+```
+
+## **sysdig.secure.scanning.reporting.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable reporting for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        enabled: true
+```
+
+## **sysdig.secure.scanning.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable scanning for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      enabled: true
+```
+
+## **sysdig.secure.events.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable events for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      enabled: true
+```
+
+## **sysdig.secure.eventsForwarder.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable events forwarder for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      enabled: true
+```
+
+## **sysdig.resources.rapid-response-connector.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to rapid-response-connector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    rapid-response-connector:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.rapid-response-connector.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to rapid-response-connector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    rapid-response-connector:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.rapid-response-connector.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule rapid-response-connector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    rapid-response-connector:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.rapid-response-connector.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule rapid-response-connector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    rapid-response-connector:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.rapidResponseConnectorReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig rapid-response-connector replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  rapidResponseConnectorReplicaCount: 1
+```
+
+## **sysdig.secure.rapidResponse.enabled**
+
+**Required**: `false`<br />
+**Description**: Whether to deploy rapid response or not.<br />
+**Options**:<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    rapidResponse:
+      enabled: false
+```
+
+## **sysdig.secure.rapidResponse.validationCodeLength**
+
+**Required**: `false`<br />
+**Description**: Length of mfa validation code sent via e-mail.<br />
+**Options**:<br />
+**Default**: 6<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    rapidResponse:
+      validationCodeLength: 8
+```
+
+## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
+
+**Required**: `false`<br />
+**Description**: Duration in seconds of mfa validation code sent via e-mail.<br />
+**Options**:<br />
+**Default**: 180<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    rapidResponse:
+      validationCodeSecondsDuration: 8
+```
+
+## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
+
+**Required**: `false`<br />
+**Description**: Global duration of session in seconds.<br />
+**Options**:<br />
+**Default**: 7200<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    rapidResponse:
+      sessionTotalSecondsTTL: 7200
+```
+
+## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
+
+**Required**: `false`<br />
+**Description**: Idle duration of session in seconds.<br />
+**Options**:<br />
+**Default**: 300<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    rapidResponse:
+      sessionIdleSecondsTTL: 300
+```
+
+## **sysdig.secure.scanning.feedsEnabled**
+
+**Required**: `false`<br />
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      feedsEnabled: true
+```
+
+## **sysdig.feedsAPIVersion**
+
+**Required**: `false`<br />
+**Description**: Sets feeds API version<br />
+**Options**:<br />
+**Default**: `latest`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  feedsAPIVersion: 0.5.0
+```
+
+## **sysdig.feedsDBVersion**
+
+**Required**: `false`<br />
+**Description**: Sets feeds database version<br />
+**Options**:<br />
+**Default**: `latest`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  feedsDBVersion: 0.5.0-2020-03-11
+```
+
+## **sysdig.feedsVerifySSL**
+
+**Required**: `false`<br />
+**Description**: Whether to validate the SSL certificate, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  feedsVerifySSL: false
+```
diff --git a/installer/docs/03-upgrade.md b/installer/docs/03-upgrade.md
new file mode 100644
index 00000000..a561b517
--- /dev/null
+++ b/installer/docs/03-upgrade.md
@@ -0,0 +1,130 @@
+<!-- Space: TOOLS -->
+<!-- Parent: Installer -->
+<!-- Title: Upgrade -->
+<!-- Layout: plain -->
+
+# Upgrade
+
+<br />
+
+<!-- Include: ac:toc -->
+
+<br />
+
+## Overview
+
+The Installer can be used to upgrade a Sysdig implementation. As in an
+install, you must meet the prerequisites, download the values.yaml, edit the
+values as indicated, and run the Installer. The main difference is that you
+run it twice: once to discover the differences between the old and new
+versions, and the second time to deploy the new version.
+
+As with installs, it can be used in airgapped or non-airgapped environments.
+
+Review the [Prerequisites](../README.md#prerequisites) and [Installation
+Options](../README.md#quickstart-install) for more context.
+
+## Upgrade Steps
+
+<br />
+
+### Step 1
+
+Copy the current version sysdig-chart/values.yaml to your working directory.
+
+```bash
+wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+```
+
+<br />
+
+### Step 2
+
+Edit the following values:
+
+- [`scripts`](docs/configuration_parameters.md#scripts): Set this to
+  `generate diff`. This setting will generate the differences between the
+  installed environment and the upgrade version. The changes will be displayed
+  in your terminal.
+- [`size`](docs/configuration_parameters.md#size): Specifies the size of the
+  cluster. Size defines CPU, Memory, Disk, and Replicas. Valid options are:
+  small, medium and large.
+- [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret):
+  quay.io credentials provided with your Sysdig purchase confirmation mail.
+- [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+  The name of the storage class provisioner to use when creating the
+  configured storageClassName parameter. If you do not use one of those two
+  dynamic storage provisioners, then enter: hostPath and refer to the Advanced
+  examples for how to configure static storage provisioning with this option.
+  Valid options: aws, gke, hostPath
+- [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  provided with your Sysdig purchase confirmation mail
+- [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  the Sysdig APIs will be served on.
+- [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  (OpenShift installs only) Domain name the Sysdig collector will be served on.
+  When not configured it defaults to whatever is configured for sysdig.dnsName.
+- [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  The networking construct used to expose the Sysdig API and collector. Options
+  are:
+
+  - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
+    host ports for api and collector. This does not create a Kubernetes service.
+  - loadbalancer: creates a service of type loadbalancer and expects that
+    your Kubernetes cluster can provision a load balancer with your cloud provider.
+  - nodeport: creates a service of type nodeport. The node ports can be
+    customized with:
+
+    - sysdig.ingressNetworkingInsecureApiNodePort
+    - sysdig.ingressNetworkingApiNodePort
+    - sysdig.ingressNetworkingCollectorNodePort
+
+**NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
+would also edit the following values:
+
+- [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  The URL of the airgapped (internal) docker registry. This URL is used for
+  installations where the Kubernetes cluster can not pull images directly from
+  Quay.
+- [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  The password for the configured airgapped_registry_username. Ignore this
+  parameter if the registry does not require authentication.
+- [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  The username for the configured airgapped_registry_name. Ignore this
+  parameter if the registry does not require authentication.
+
+<br />
+
+### Step 3
+
+Run the Installer (if you are in airgapped environment make sure you follow
+instructions from installation on how to get the images to your airgapped
+registry)
+
+```bash
+./installer diff
+```
+
+<br />
+
+### Step 4
+
+If you are fine with the differences displayed, then run:
+
+```bash
+./installer deploy
+```
+
+If you find differences that you want to preserve you should
+look in the [Configuration Parameters](docs/configuration_parameters.md)
+documentation for the configuration parameter that matches the difference
+you intend preserving and update your values.yaml accordingly then repeat
+step 3 until you are fine with the differences. Then set scripts to deploy
+and run for the final time.
+
+<br />
+
+### Step 5
+
+The datastores Cassandra and ElasticSearch have onDelete update strategy
+and need to be manually restarted to complete upgrade.
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
new file mode 100644
index 00000000..2025f535
--- /dev/null
+++ b/installer/docs/04-advanced_configuration.md
@@ -0,0 +1,158 @@
+<!-- Space: TOOLS -->
+<!-- Parent: Installer -->
+<!-- Title: Advanced Configuration -->
+<!-- Layout: plain -->
+
+# Advanced configuration
+
+<br />
+
+<!-- Include: ac:toc -->
+
+<br />
+
+## Use hostPath for Static Storage of Sysdig Components
+
+As described in the Installation Storage Requirements, the Installer assumes usage of a dynamic storage provider (AWS or GKE). In case these are not used in your environment, add the entries below to the values.yaml to configure static storage.
+
+Based on the `size` entered in the values.yaml file (small/medium/large), the Installer assumes a minimum number of replicas and nodes to be provided. You will enter the names of the nodes on which you will run the Cassandra, ElasticSearch, mySQL and Postgres components of Sysdig in the values.yaml, as in the parameters and example below.
+
+### Parameters
+
+`storageClassProvisioner`: hostPath.<br />
+`sysdig.cassandra.hostPathNodes`: The number of nodes configured here needs to be at minimum 1 when configured `size` is `small`, 3 when configured `size` is
+`medium` and 6 when configured `size` is large.<br />
+`elasticsearch.hostPathNodes`: The number of nodes configured here needs to be be at minimum 1 when configured `size` is `small`, 3 when configured `size` is
+`medium` and 6 when configured `size` is large.<br />
+`sysdig.mysql.hostPathNodes`: When sysdig.mysqlHa is configured to true this has to be at least 3 nodes and when sysdig.mysqlHa is not configured it should be at least one node.<br />
+`sysdig.postgresql.hostPathNodes`: This can be ignored if Sysdig Secure is not licensed or used on this environment. If Secure is used, then the parameter should be set to 1, regardless of the environment size setting.<br />
+
+### Example
+
+```yaml
+storageClassProvisioner: hostPath
+elasticsearch:
+  hostPathNodes:
+    - my-cool-host1.com
+    - my-cool-host2.com
+    - my-cool-host3.com
+    - my-cool-host4.com
+    - my-cool-host5.com
+    - my-cool-host6.com
+sysdig:
+  cassandra:
+    hostPathNodes:
+      - my-cool-host1.com
+      - my-cool-host2.com
+      - my-cool-host3.com
+      - my-cool-host4.com
+      - my-cool-host5.com
+      - my-cool-host6.com
+  mysql:
+    hostPathNodes:
+      - my-cool-host1.com
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
+## Installer on EKS
+
+### Creating a cluster
+
+Please do not use eksctl 0.10.0 and 0.10.1 as those are known to be buggy see: kubernetes/kubernetes#73906 (comment)
+
+```bash
+eksctl create cluster \
+   --name=eks-installer1 \
+   --node-type=m5.4xlarge \
+   --nodes=3 \
+   --version 1.14 \
+   --region=us-east-1 \
+   --vpc-public-subnets=<subnet1,subnet2>
+```
+
+### Additional config for installer
+
+EKS uses aws-iam-authenticator to authorize kubectl commands.
+aws-iam-authenticator needs aws credentials mounted from **~/.aws** to the installer.
+
+```bash
+docker run  \
+  -v ~/.aws:/.aws \
+  -e HOST_USER=$(id -u) \
+  -e KUBECONFIG=/.kube/config \
+  -v ~/.kube:/.kube:Z \
+  -v $(pwd):/manifests:Z \
+  quay.io/sysdig/installer:<InstallerVersion>
+```
+
+### Running airgapped EKS
+
+```bash
+EKS=true bash sysdig_installer.tar.gz
+```
+
+The above ensures the `~/.aws` directory is correctly mounted for the airgap
+installer container.
+
+### Exposing the sysdig endpoint
+
+Get the external ip/endpoint for the ingress service.
+
+```bash
+kubectl -n <namespace>  get service haproxy-ingress-service
+```
+
+In route53 create an A record with the dns name pointing to external ip/endpoint.
+
+### Gotchas
+
+Make sure that subnets have internet gateway configured and has enough ips.
+
+## Airgapped installations
+
+### Method for automatically updating the feeds database in airgapped environments
+
+This is a procedure that can be used to automatically update the feeds database:
+
+1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
+2. move the file from the jumpbox server to the customer airgapped environment (optional)
+3. load the image file and push it to the customer's airgapped image registry
+4. restart the pod sysdigcloud-feeds-db
+5. restart the pod feeds-api
+
+Finally, steps 1 to 5 will be performed periodically once a day.
+
+This is an example script that contains all the steps:
+
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/vuln-feed-database:latest
+# Save image
+docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
+# Optionally move image
+mv vuln-feed-database.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
+ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
+# Restart database pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
+# Restart feeds-api pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
+```
+
+The script can be scheduled using a cron job that run every day
+
+```bash
+0 8 * * * feeds-database-update.sh >/dev/null 2>&1
+```

From 4c53348aaf13fb1acc9951c1beaac400a5b89b96 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 7 Jul 2022 22:43:10 +0000
Subject: [PATCH 110/156] updating installer docs

---
 installer/README.md                        |    4 +-
 installer/docs/configuration_parameters.md | 1601 ++++++--------------
 2 files changed, 435 insertions(+), 1170 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..4f45e10f 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.5.1-1-uber
+  docker pull quay.io/sysdig/installer:4.0.7-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:4.0.7-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 68811202..fee5b3b4 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -37,19 +37,6 @@ Disk, and Replicas.<br>
 size: medium
 ```
 
-## **kubernetesServerVersion**
-**Required**: `false`<br>
-**Description**: The Kubernetes version of the targeted cluster.
- This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1` 
- must be used with k8s version 1.22+. <br/>
-**Options**:<br>
-**Default**:If not provided, it will be pulled during `generate` and/or `import` phases. <br>
-**Example**:
-
-```yaml
-kubernetesServerVersion: v1.18.10
-```
-
 ## **storageClassProvisioner**
 **Required**: `false`<br>
 **Description**: The name of the [storage class
@@ -85,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
-and [full airgap instructions](../README.md#full-airgap-install) for more
+multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
+and [full airgap instructions](../usage.md#full-airgap-installation) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -137,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift|goldman`<br>
+**Options**: `iks|kubernetes|openshift`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -217,7 +204,7 @@ cloudProvider:
 ## **cloudProvider.name**
 **Required**: `false`<br>
 **Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gcp`<br>
+**Options**: `aws|gke`<br>
 **Default**:<br>
 **Example**:
 
@@ -334,33 +321,6 @@ elasticsearch:
   useES6: true
 ```
 
-## **elasticsearch.enableMetrics**
-**Required**: `false`<br>
-**Description**:
-Allow Elasticsearch to export prometheus metrics.
-
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-elasticsearch:
-  enableMetrics: true
-```
-
-## **sysdig.elasticsearchExporterVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
-`elasticsearch.enableMetrics` is `true`.<br>
-**Options**:<br>
-**Default**: v1.2.0<br>
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchExporterVersion: v1.2.0
-```
-
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -751,16 +711,40 @@ pvStorageSize:
     nats: 10Gi
 ```
 
+## **sysdig.activityAuditVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Activity Audit services.<br>
+**Options**:<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditVersion: 4.0.7.11006
+```
+
+## **sysdig.profilingVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Profiling services.<br>
+**Options**:<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Example**:
+
+```yaml
+sysdig:
+  profilingVersion: 4.0.7.11006
+```
+
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.32<br>
+**Default**: 0.8.1.30<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.32
+  anchoreVersion: 0.8.1.30
 ```
 
 ## **sysdig.accessKey**
@@ -843,49 +827,23 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
-## **sysdig.s3.capturesFolder**
-**Required**: `false`<br>
-**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    capturesFolder: my_captures_folder
-```
-
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
 **Options**: <br>
-**Default**: 2.1.22.4<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraVersion: 2.1.22.4
-```
-
-## **sysdig.cassandraExporterVersion**
-**Required**: `false`<br>
-**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
-**Options**: <br>
-**Default**: latest<br>
+**Default**: 2.1.21.13<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraExporterVersion: latest
+  cassandraVersion: 2.1.21.16
 ```
 
 ## **sysdig.cassandra.useCassandra3**
 **Required**: `false`<br>
 **Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -898,12 +856,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
 **Options**: <br>
-**Default**: `3.11.11.1`<br>
+**Default**: `3.11.7.0`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.11.1
+  cassandra3Version: 3.11.7.0
 ```
 
 ## **sysdig.cassandra.external**
@@ -962,19 +920,6 @@ sysdig:
    ssl: true
 ```
 
-## **sysdig.cassandra.enableMetrics**
-**Required**: `false`<br>
-**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
- cassandra:
-   enableMetrics: true
-```
-
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1171,12 +1116,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.12<br>
+**Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.12
+  elasticsearch6Version: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1288,27 +1233,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 4.0.7.11006<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.4.11001
+  monitorVersion: 4.0.7.11006
 ```
 
-## **sysdig.secureVersion**
+## **sysdig.scanningVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Secure, if this is not 
-configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Scanning components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.4.11001
+  scanningVersion: 4.0.7.11006
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1318,12 +1263,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.4.11001
+  sysdigAPIVersion: 4.0.7.11006
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1333,12 +1278,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.4.11001
+  sysdigCollectorVersion: 4.0.7.11006
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1348,12 +1293,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.4.11001
+  sysdigWorkerVersion: 4.0.7.11006
 ```
 
 ## **sysdig.enableAlerter**
@@ -1375,7 +1320,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
 **Options**:`true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -1440,32 +1385,6 @@ sysdig:
       apiToken: A_VALID_TOKEN
 ```
 
-## **sysdig.alertingSystem.alertNotifierReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertNotifier<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifierReplicaCount: 3
-```
-
-## **sysdig.alertingSystem.alertManagerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertManager<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManagerReplicaCount: 3
-```
-
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1635,36 +1554,24 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.7.0.1<br>
+**Default**: 0.6.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.7.0.1
+  natsExporterVersion: 0.6.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.22.0.2<br>
-**Example**:
-
-```yaml
-sysdig:
-  natsStreamingVersion: 0.22.0.2
-```
-
-## **sysdig.natsStreamingInitVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of NATS streaming init.<br>
-**Options**:<br>
-**Default**: 0.22.0.2<br>
+**Default**: 0.16.2.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingInitVersion: 0.22.0.2
+  natsStreamingVersion: 0.16.2.1
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1794,7 +1701,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure` and when `postgres.HA.enabled` is false.<br>
+is `monitor secure`.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1906,377 +1813,279 @@ sysdig:
       - my-cool-host1.com
 ```
 
-## **sysdig.postgresql.pgParameters**
-**Required**: `false`<br>
-**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
-**Options**:<br>
-**Default**: ``<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:      
-    pgParameters:
-      max_connections: '1024'
-      shared_buffers: '110MB'
-```
-
-
-## **sysdig.postgresql.ha.enabled**
+## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
-**Description**: true if you want to deploy postgreSQL in HA mode.
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
-
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      enabled: true
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
 ```
 
-## **sysdig.postgresql.ha.spiloVersion**
+## **sysdig.postgresDatabases.anchore**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL node in HA mode.
-**Options**:<br>
-**Default**: `2.0-p7`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      spiloVersion: 2.0-p7
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.operatorVersion**
+## **sysdig.postgresDatabases.profiling**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
-**Options**:<br>
-**Default**: `v1.6.3`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      operatorVersion: v1.6.3
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.exporterVersion**
+## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
-**Options**:<br>
-**Default**: `latest`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      exporterVersion: v0.3
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.clusterDomain**
+## **sysdig.postgresDatabases.scanning**
 **Required**: `false`<br>
-**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
-**Options**:<br>
-**Default**: `cluster.local`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      clusterDomain: cluster.local
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.replicas**
+## **sysdig.postgresDatabases.reporting**
 **Required**: `false`<br>
-**Description**: number of replicas for postgreSQL nodes in HA mode.
-**Options**:<br>
-**Default**: `3`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      replicas: 3
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.checkCRDs**
+## **sysdig.postgresDatabases.padvisor**
 **Required**: `false`<br>
-**Description**: Check if zalando pg operator CRDs are already present, if yes stop the installation. If disable the installation will continue to be performed even if the CRDs are present.
-**Options**:<br>
-**Default**: `true`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      checkCRD: true
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.enableExporter**
+## **sysdig.postgresDatabases.sysdig**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
-**Options**:<br>
-**Default**: `true`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      enableExporter: true
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.migrate.retryCount**
+## **sysdig.postgresDatabases.serviceOwnerManagement**
 **Required**: `false`<br>
-**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
-**Options**: `true|false`<br>
-**Default**: `3600`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retryCount: 3600
-```
-
-## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
-**Required**: `false`<br>
-**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
-**Options**:<br>
-**Default**: `10`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retrySleepSeconds: 10
-```
-
-## **sysdig.postgresql.ha.migrate.retainBackup**
-**Required**: `false`<br>
-**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retainBackup: true
-```
-
-## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of the migration job from postgres single node to HA mode.
-**Options**:<br>
-**Default**: `postgres-to-postgres-ha-0.0.4`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        migrationJobImageVersion: v0.1
-```
-
-## **sysdig.postgresql.ha.customTls.enabled**
-**Required**: `false`<br>
-**Description**: If set to true will pass to the target pg crd the option to add
-custom certificates and CA
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-```
-
-## **sysdig.postgresql.ha.customTls.crtSecretName**
-**Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container certificate and key that will be used in postgres HA for ssl
-NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
-```
-
-## **sysdig.postgresql.ha.customTls.caSecretName**
-**Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container the CA certificate that will be used in postgres HA for ssl
-NOTE: the CA certificate file must be called `ca.crt`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
-       caSecretName: sysdigcloud-postgres-tls-ca
-
-```
-
-## **sysdig.postgresDatabases.useNonAdminUsers**
-**Required**: `false`<br>
-**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-    profiling:
-      host: my-profiling-db-external.com
-```
-
-## **sysdig.postgresDatabases.anchore**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
+    primary: true
     external: true
   postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
+    serviceOwnerManagement:
+      host: my-som-db-external.com
       port: 5432
-      db: anchore_db
-      username: anchore_user
-      password: my_anchore_user_password
+      db: som_db
+      username: som_user
+      password: my_som_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.profiling**
+## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
+    primary: true
     external: true
   postgresDatabases:
-    useNonAdminUsers: true
-    profiling:
-      host: my-profiling-db-external.com
+    beacon:
+      host: my-beacon-db-external.com
       port: 5432
-      db: anchore_db
-      username: profiling_user
-      password: my_profiling_user_password
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.policies**
+## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
+    primary: true
     external: true
   postgresDatabases:
-    policies:
-      host: my-policies-db-external.com
+    quartz:
+      host: my-quartz-db-external.com
       port: 5432
-      db: policies_db
-      username: policies_user
-      password: my_policies_user_password
+      db: quartz_db
+      username: quartz_user
+      password: my_quartz_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.scanning**
+## **sysdig.postgresDatabases.compliance**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
     external: true
   postgresDatabases:
-    scanning:
-      host: my-scanning-db-external.com
+    compliance:
+      host: my-compliance-db-external.com
       port: 5432
-      db: scanning_db
-      username: scanning_user
-      password: my_scanning_user_password
+      db: compliance_db
+      username: compliance_user
+      password: my_compliance_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.reporting**
+## **sysdig.postgresDatabases.admissionController**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
@@ -2284,267 +2093,85 @@ sysdig:
   postgresql:
     external: true
   postgresDatabases:
-    reporting:
-      host: my-reporting-db-external.com
+    admissionController:
+      host: my-admission-controller-db-external.com
       port: 5432
-      db: reporting_db
-      username: reporting_user
-      password: my_reporting_user_password
+      db: admission_controller_db
+      username: admission_controller_user
+      password: my_admission_controller_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.padvisor**
+## **sysdig.postgresDatabases.rapidResponse**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
     external: true
   postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
+    rapidResponse:
+      host: my-rapid-response-db-external.com
       port: 5432
-      db: padvisor_db
-      username: padvisor_user
-      password: my_padvisor_user_password
+      db: rapid_response_db
+      username: rapid_response_user
+      password: my_rapid_response_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.sysdig**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
+**Options**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    sysdig:
-      host: my-sysdig-db-external.com
-      port: 5432
-      db: sysdig_db
-      username: sysdig_user
-      password: my_sysdig_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
 ```
 
-## **sysdig.postgresDatabases.serviceOwnerManagement**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Options**:<br>
+**Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    serviceOwnerManagement:
-      host: my-som-db-external.com
-      port: 5432
-      db: som_db
-      username: som_user
-      password: my_som_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  proxy:
+    enable: true
 ```
 
-## **sysdig.postgresDatabases.beacon**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    beacon:
-      host: my-beacon-db-external.com
-      port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.promBeacon**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    promBeacon:
-      host: my-prom-beacon-db-external.com
-      port: 5432
-      db: prom_beacon_db
-      username: prom_beacon_user
-      password: my_prom_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.quartz**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    quartz:
-      host: my-quartz-db-external.com
-      port: 5432
-      db: quartz_db
-      username: quartz_user
-      password: my_quartz_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.compliance**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    compliance:
-      host: my-compliance-db-external.com
-      port: 5432
-      db: compliance_db
-      username: compliance_user
-      password: my_compliance_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.admissionController**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    admissionController:
-      host: my-admission-controller-db-external.com
-      port: 5432
-      db: admission_controller_db
-      username: admission_controller_user
-      password: my_admission_controller_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.rapidResponse**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-rapid-response-db-external.com
-      port: 5432
-      db: rapid_response_db
-      username: rapid_response_user
-      password: my_rapid_response_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.proxy.defaultNoProxy**
-**Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
-**Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
-```
-
-## **sysdig.proxy.enable**
-**Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
-**Options**:<br>
-**Default**: `false`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  proxy:
-    enable: true
-```
-
-## **sysdig.proxy.host**
-**Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
-**Options**:<br>
-**Default**:<br>
-
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
+**Options**:<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
@@ -5980,36 +5607,6 @@ sysdig:
         storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
-**Required**: `true`<br />
-**Description**: The flag to enable on-demand generation of reports globally<br />
-**Options**: false, true<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        onDemandGenerationEnabled: true
-```
-
-## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
-**Required**: `false`<br />
-**Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        onDemandGenerationCustomers: "1,12,123"
-```
-
 ## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
 **Description**: The sleep interval between two runs of the reporting worker<br>
@@ -8414,18 +8011,6 @@ sysdig:
     certificate:
       key: certs/collector.key
 ```
-## **sysdig.worker.enabled**
-**Required**: `false`<br>
-**Description**: Enables Sysdig Worker component<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    enabled: true
-```
 
 ## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
@@ -9298,681 +8883,361 @@ agent:
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    requests:
-      memory: 2
-```
-
-## **agent.resources.watchdog.max_memory_usage_mb**
-**Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
-```
-
-## **agent.resources.watchdog.cointerface**
-**Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
-```
-
-## **sysdig.eventsForwarderEnabledIntegrations**
-**Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
-**Options**:<br>
-**Default**: ""<br>
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
-```
-
-## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
-**Required**: `false`<br>
-**Description**: Max duration after the last ping from an AC before it is considered
-disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
-**Options**:<br>
-**Default**: 10m<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        maxDurationBeforeDisconnection: 20m
-```
-
-## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
-**Required**: `false`<br>
-**Description**: TTL of the cache for the cluster configuration. It should be
-used by the AC as polling interval to retrieve the updated cluster configuration
-from the API. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        confTTLDuration: 10m
-```
-
-## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
-**Required**: `false`<br>
-**Description**: TTL of an AC ping. It should be used by the AC as polling
-interval to perform a HEAD on the ping endpoint to notify it's still alive and
-connected. It cannot be greater than 30m and it cannot be greater than
-maxDurationBeforeDisconnection<br>
-**Options**:<br>
-**Default**: 5m<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        pingTTLDuration: 8m
-```
-
-## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
-**Required**: `false`<br>
-**Description**: Max duration of the cluster configuration cache. The API returns
-this value as max-age in seconds and the FE uses it for caching the cluster
-configuration. FE also asks for a new cluster configuration using this value
-as time interval. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        clusterConfCacheMaxDuration: 9m
-```
-
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
-**Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
-**Options**:<br>
-**Default**: "5"<br>
-**Example**:
-
-```yaml
-sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
-```
-
-## **sysdig.scanningAlertMgrForceAutoScan**
-**Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
-**Options**:<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  scanningAlertMgrForceAutoScan: false
-```
-
-## **sysdig.secure.scanning.veJanitor.cronjob**
-**Required**: `false`<br>
-**Description**: Cronjob schedule<br>
-**Options**:<br>
-**Default**: "0 0 * * *"<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
-```
-
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
-**Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
-**Options**:<br>
-**Default**: "disable"<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
-```
-
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
-**Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
-```
-
-
-## **sysdig.metadataService.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  metadataService:
-    enabled: true
-```
-
-## **sysdig.resources.metadataService.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.metadataService.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        memory: 10Mi
-```
-
-## **sysdig.resources.metadataService.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.metadataService.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.metadataServiceReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
-
-**Example**:
-
-```yaml
-sysdig:
-  metadataServiceReplicaCount: 4
-```
-
-## **sysdig.metadataServiceVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 1.0.1.1<br>
-**Example**:
-
-```yaml
-sysdig:
-  metadataServiceVersion: 1.0.1.12
-```
-
-## **sysdig.helmRenderer.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  helmRenderer:
-    enabled: true
-```
-
-## **sysdig.resources.helmRenderer.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.helmRenderer.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    helmRenderer:
-      limits:
-        memory: 10Mi
+    requests:
+      memory: 2
 ```
 
-## **sysdig.resources.helmRenderer.requests.cpu**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule helmRenderer pods<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    helmRenderer:
-      requests:
-        cpu: 2
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **sysdig.resources.helmRenderer.requests.memory**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule helmRenderer pods<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    helmRenderer:
-      requests:
-        memory: 200Mi
+    watchdog:
+      cointerface: 1024
 ```
 
-## **sysdig.helmRendererReplicaCount**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: ""<br>
+**Example**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
+```yaml
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+```
 
+## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
+**Required**: `false`<br>
+**Description**: Max duration after the last ping from an AC before it is considered
+disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
+**Options**:<br>
+**Default**: 10m<br>
 **Example**:
 
 ```yaml
 sysdig:
-  helmRendererReplicaCount: 4
+  secure:
+    scanning:
+      admissionControllerAPI:
+        maxDurationBeforeDisconnection: 20m
 ```
 
-## **sysdig.helmRendererVersion**
+## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
 **Required**: `false`<br>
-**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
+**Description**: TTL of the cache for the cluster configuration. It should be
+used by the AC as polling interval to retrieve the updated cluster configuration
+from the API. It cannot be greater than 30m<br>
 **Options**:<br>
-**Default**: 0.1.32<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
 sysdig:
-  helmRendererVersion: 0.1.32
+  secure:
+    scanning:
+      admissionControllerAPI:
+        confTTLDuration: 10m
 ```
 
-## **sysdig.secure.activityAudit.enabled**
+## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
 **Required**: `false`<br>
-**Description**: Enable activity audit for Sysdig secure.<br>
+**Description**: TTL of an AC ping. It should be used by the AC as polling
+interval to perform a HEAD on the ping endpoint to notify it's still alive and
+connected. It cannot be greater than 30m and it cannot be greater than
+maxDurationBeforeDisconnection<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    activityAudit:
-      enabled: true
+    scanning:
+      admissionControllerAPI:
+        pingTTLDuration: 8m
 ```
 
-## **sysdig.secure.activityAudit.janitor.retentionDays**
+## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
 **Required**: `false`<br>
-**Description**: Retention period for Activity Audit data.<br>
+**Description**: Max duration of the cluster configuration cache. The API returns
+this value as max-age in seconds and the FE uses it for caching the cluster
+configuration. FE also asks for a new cluster configuration using this value
+as time interval. It cannot be greater than 30m<br>
 **Options**:<br>
-**Default**: 90<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    activityAudit:
-      janitor:
-        retentionDays: 90
+    scanning:
+      admissionControllerAPI:
+        clusterConfCacheMaxDuration: 9m
 ```
 
-## **sysdig.secure.anchore.enabled**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Enable anchore for Sysdig Secure.<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      enabled: true
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-## **sysdig.secure.compliance.enabled**
+## **sysdig.scanningAlertMgrForceAutoScan**
 **Required**: `false`<br>
-**Description**: Enable compliance for Sysdig Secure.<br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    compliance:
-      enabled: true
+  scanningAlertMgrForceAutoScan: false
 ```
 
-## **sysdig.secure.netsec.enabled**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Enable netsec for Sysdig Secure.<br>
+**Description**: Cronjob schedule<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    netsec:
-      enabled: true
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-## **sysdig.secure.overview.enabled**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Enable overview for Sysdig Secure.<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**: "disable"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    overview:
-      enabled: true
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **sysdig.secure.padvisor.enabled**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: Enable policy advisor for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    padvisor:
-      enabled: true
+    veJanitor:
+      scanningDbEngine: "mysql"
+```
+
+
+## **sysdig.metadataService.enabled**
+**Required**: `false`<br>
+**Description**: This creates a deployment for Metadata-Service
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  metadataService:
+    enabled: true
 ```
 
-## **sysdig.secure.profiling.enabled**
+## **sysdig.resources.metadataService.limits.cpu**
 **Required**: `false`<br>
-**Description**: Enable profiling for Sysdig Secure.<br>
+**Description**: The amount of cpu assigned to metadataService pods<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    profiling:
-      enabled: true
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.reporting.enabled**
+## **sysdig.resources.metadataService.limits.memory**
 **Required**: `false`<br>
-**Description**: Enable reporting for Sysdig Secure.<br>
+**Description**: The amount of memory assigned to metadataService pods<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        enabled: true
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.secure.scanning.enabled**
+## **sysdig.resources.metadataService.requests.cpu**
 **Required**: `false`<br>
-**Description**: Enable scanning for Sysdig Secure.<br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      enabled: true
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.events.enabled**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: Enable events for Sysdig Secure.<br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    events:
-      enabled: true
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.secure.eventsForwarder.enabled**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: Enable events forwarder for Sysdig Secure.<br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      enabled: true
+  metadataServiceReplicaCount: 4
 ```
 
-## **sysdig.secure.falcoRulesUpdater.enabled**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: Enable the falcoRulesUpdater CronJob. It runs an automated update of the Falco rules. For airgap installs, it expects to find the image in the same registry used for all other services.<br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
 **Options**:<br>
-**Default**: false<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    falcoRulesUpdater:
-      enabled: true
+  metadataServiceVersion: 1.0.1.12
 ```
 
-## **sysdig.secure.falcoRulesUpdater.schedule**
+## **sysdig.secure.activityAudit.janitor.retentionDays**
 **Required**: `false`<br>
-**Description**: Sets the `.spec.schedule` for the falcoRulesUpdater CronJob<br>
+**Description**: Retention period for Activity Audit data.<br>
 **Options**:<br>
-**Default**: "0 1 * * *"<br>
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    falcoRulesUpdater:
-      schedule: "*/10 * * * *"
+    activityAudit:
+      janitor:
+        retentionDays: 90
 ```
 
 ## **sysdig.resources.rapid-response-connector.limits.cpu**

From cd0e97a49da8d6f138e2fc7e86d9ceedff503976 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 18 Aug 2022 19:49:15 +0000
Subject: [PATCH 111/156] updating installer docs

---
 installer/README.md                           |   31 +-
 installer/docs/02-configuration_parameters.md | 1197 ++---------------
 installer/docs/03-upgrade.md                  |    5 -
 3 files changed, 131 insertions(+), 1102 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 4f45e10f..1dd5e112 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,8 +1,7 @@
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
-Agent), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -123,29 +122,6 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -202,11 +178,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:4.0.7-1-uber
+  docker pull quay.io/sysdig/installer:3.5.1-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:4.0.7-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -349,4 +325,3 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 18228e12..4d304db2 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -85,7 +85,7 @@ storageClassProvisioner: aws
 **Description**: Specifies the Sysdig Platform components to be installed.<br />
 Combine multiple components by space separating them. Specify at least one
 app, for example, `monitor`.<br />
-**Options**: `monitor|monitor secure|agent|monitor agent|monitor secure agent`<br />
+**Options**: `monitor|monitor secure`<br />
 **Default**: `monitor secure`<br />
 **Example**:
 
@@ -176,6 +176,18 @@ If this param is not not or a blank value is specified, it will use the default
 context: production
 ```
 
+## **clusterDomain**
+
+**Required**: `false`<br />
+**Description**: Domain of the kubernetes cluster.<br />
+**Options**:<br />
+**Default**: `cluster.local`<br />
+**Example**:
+
+```yaml
+clusterDomain: cluster.local
+```
+
 ## **namespace**
 
 **Required**: `false`<br />
@@ -942,9 +954,9 @@ sysdig:
 ## **sysdig.cassandraExporterVersion**
 
 **Required**: `false`<br />
-**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br />
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:v0.17.0-ubi` <br />
 **Options**: <br />
-**Default**: latest<br />
+**Default**: v0.17.0-ubi<br />
 **Example**:
 
 ```yaml
@@ -3174,12 +3186,12 @@ sysdig:
 **Description**: Docker image tag of Redis 6, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
 **Options**:<br />
-**Default**: 6.0.10.1<br />
+**Default**: 1.0.0<br />
 **Example**:
 
 ```yaml
 sysdig:
-  redis6Version: 6.0.10.1
+  redis6Version: 1.0.0
 ```
 
 ## **sysdig.redis6SentinelVersion**
@@ -3188,12 +3200,12 @@ sysdig:
 **Description**: Docker image tag of Redis Sentinel, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
 **Options**:<br />
-**Default**: 6.0.10.1<br />
+**Default**: 1.0.0<br />
 **Example**:
 
 ```yaml
 sysdig:
-  redis6SentinelVersion: 6.0.10.1
+  redis6SentinelVersion: 1.0.0
 ```
 
 ## **sysdig.redis6ExporterVersion**
@@ -3202,12 +3214,52 @@ sysdig:
 **Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
 **Options**:<br />
-**Default**: 1.15.1.1<br />
+**Default**: 1.0.9<br />
+**Example**:
+
+```yaml
+sysdig:
+  redis6ExporterVersion: 1.0.9
+```
+
+
+## **sysdig.redis6ImageName**
+**Required**: `false`<br />
+**Description**: Docker image name of Redis 6, relevant when configured
+`sysdig.useRedis6` is `true`.<br />
+**Options**:<br />
+**Default**: redis-6<br />
+**Example**:
+
+```yaml
+sysdig:
+  redis6ImageName: redis-6
+```
+
+## **sysdig.redis6SentinelImageName**
+**Required**: `false`<br />
+**Description**: Docker image name of Redis Sentinel, relevant when configured
+`sysdig.useRedis6` is `true`.<br />
+**Options**:<br />
+**Default**: redis-sentinel-6<br />
+**Example**:
+
+```yaml
+sysdig:
+  redis6SentinelImageName: redis-sentinel-6
+```
+
+## **sysdig.redis6ExporterImageName**
+**Required**: `false`<br />
+**Description**: Docker image name of Redis Metrics Exporter, relevant when configured
+`sysdig.useRedis6` is `true`.<br />
+**Options**:<br />
+**Default**: redis-exporter-1<br />
 **Example**:
 
 ```yaml
 sysdig:
-  redis6ExporterVersion: 1.15.1.1
+  redis6ExporterImageName: redis-exporter-1
 ```
 
 ## **sysdig.useRedisTls**
@@ -3235,6 +3287,17 @@ sysdig:
 redisTls:
   enabled: true
 ```
+## **redisTls.deploy**
+**Required**: `false`<br />
+**Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
+**Options**: true|false<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+redisTls:
+  install: true
+```
 
 ## **redisTls.deploy**
 
@@ -3274,36 +3337,86 @@ redisTls:
 redisTls:
   ha: true
 ```
+## **redisTls.imageName**
+**Required**: `false`<br />
+**Description**: Docker image name of Redis, relevant when configured
+`redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
+**Options**:<br />
+**Default**:redis-6<br />
+**Example**:
 
+```yaml
+redisTls:
+  imageName: redis-6
+```
 ## **redisTls.version**
 
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis, relevant when configured
-`redisTls.enabled` is `true`.<br />
+`redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
 **Options**:<br />
-**Default**: 6.0.10.1<br />
+**Default**: 1.0.0<br />
 **Example**:
 
 ```yaml
 redisTls:
-  version: 6.0.10.1
+  version: 1.0.0
 ```
 
+## **redisTls.sentinel.imageName**
+**Required**: `false`<br />
+**Description**: Docker image name of Redis Sentinel, relevant when configured
+`redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
+**Options**:<br />
+**Default**:redis-sentinel-6<br />
+**Example**:
+
+```yaml
+redisTls:
+  sentinel:
+    imageName: redis-sentinel-6
+```
 ## **redisTls.sentinel.version**
 
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis Sentinel, relevant when configured
-`redisTls.enabled` is `true`.<br />
+`redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
 **Options**:<br />
-**Default**: 6.0.10.1<br />
+**Default**: 1.0.0<br />
 **Example**:
 
 ```yaml
 redisTls:
   sentinel:
-    version: 6.0.10.1
+    version: 1.0.0
+```
+
+## **redisTls.exporter.imageName**
+**Required**: `false`<br />
+**Description**: Docker image name of Redis exporter, relevant when configured
+`redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
+**Options**:<br />
+**Default**:redis-exporter-1<br />
+**Example**:
+
+```yaml
+redisTls:
+  exporter:
+    imageName: redis-exporter-1
 ```
+## **redisTls.exporter.version**
+**Required**: `false`<br />
+**Description**: Docker image tag of Redis exporter, relevant when configured
+`redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
+**Options**:<br />
+**Default**: 1.0.9<br />
+**Example**:
 
+```yaml
+redisTls:
+  exporter:
+    version: 1.0.9
+```
 ## **redisClientsMonitor**
 
 **Required**: `false`<br />
@@ -4585,98 +4698,6 @@ sysdig:
         memory: 100Mi
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to email-renderer containers in api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    apiEmailRenderer:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.apiEmailRenderer.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to email-renderer containers in api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    apiEmailRenderer:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.apiEmailRenderer.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    apiEmailRenderer:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.apiEmailRenderer.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule email-renderer containers in api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    apiEmailRenderer:
-      requests:
-        memory: 100Mi
-```
-
 ## **sysdig.resources.worker.limits.cpu**
 
 **Required**: `false`<br />
@@ -9185,968 +9206,6 @@ sysdig:
       -XX:-UseContainerSupport
 ```
 
-## **agent.apiKey**
-
-**Required**: `false`<br />
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br />
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-agent:
-  apiKey: replace_with_your_monitor_access_key
-```
-
-## **agent.appChecks.settings.limit**
-
-**Required**: `false`<br />
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    settings:
-      limit: 1500
-```
-
-## **agent.collectorEndpoint**
-
-**Required**: `false`<br />
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
-```
-
-## **agent.collectorPort**
-
-**Required**: `false`<br />
-**Description**: Sysdig Colletor TCP Port.<br />
-**Options**: `1024-65535`<br />
-**Default**: `6443`<br />
-**Example**:
-
-```yaml
-agent:
-  collectorPort: 6443
-```
-
-## **agent.namespace**
-
-**Required**: `false`<br />
-**Description**: A kubernetes namespace for setting up the agent in.<br />
-**Options**: <br />
-**Default**: `agent`<br />
-**Example**:
-
-```yaml
-agent:
-  namespace: sysdig-agent
-```
-
-## **agent.useSlim**
-
-**Required**: `false`<br />
-**Description**: Whether to use the slim version of agent or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  useSlim: true
-```
-
-## **agent.version**
-
-**Required**: `false`<br />
-**Description**: Version of agent to install.<br />
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br />
-**Options**: <br />
-**Default**: `latest`<br />
-**Example**:
-
-```yaml
-agent:
-  version: 1.10.1
-```
-
-## **agent.useSSL**
-
-**Required**: `false`<br />
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br />
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-agent:
-  useSSL: false
-```
-
-## **agent.verifySSL**
-
-**Required**: `false`<br />
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br />
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  verifySSL: false
-```
-
-## **agent.clusterName**
-
-**Required**: `false`<br />
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br />
-**Options**: <br />
-**Default**: `production`<br />
-**Example**:
-
-```yaml
-agent:
-  clusterName: false
-```
-
-## **agent.tags**
-
-**Required**: `false`<br />
-**Description**: List of user-provided metadata at agent level.<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  tags: environment:production linux:ubuntu
-```
-
-## **agent.capturesEnabled**
-
-**Required**: `false`<br />
-**Description**: TBD.<br />
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-agent:
-  capturesEnabled: false
-```
-
-## **agent.feature_mode**
-
-**Required**: `false`<br />
-**Description**: TBD.<br />
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br />
-**Default**: `monitor`<br />
-**Example**:
-
-```yaml
-agent:
-  feature_mode: troubleshooting
-```
-
-## **agent.timezone**
-
-**Required**: `false`<br />
-**Description**: Set daemonset timezone.<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  timezone: America/New_York.
-```
-
-## **agent.proxy.httpProxy**
-
-**Required**: `false`<br />
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
-```
-
-## **agent.proxy.httpsProxy**
-
-**Required**: `false`<br />
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
-```
-
-## **agent.proxy.noProxy**
-
-**Required**: `false`<br />
-**Description**: A space-separated list of URLs for which no proxy should be used.<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
-```
-
-## **agent.snaplenPortRange.start**
-
-**Required**: `false`<br />
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br />
-_**Note**: This should only be set if you push a lot of statsd metrics._<br />
-**Options**: <br />
-**Default**: `0`<br />
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.snaplenPortRange.end**
-
-**Required**: `false`<br />
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br />
-_**Note**: This should only be set if you push a lot of statsd metrics._<br />
-**Options**: <br />
-**Default**: `0`<br />
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.customKernelModules.enabled**
-
-**Required**: `false`<br />
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  customKernelModules:
-    enabled: true
-```
-
-## **agent.secure.enabled**
-
-**Required**: `false`<br />
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  secure:
-    enabled: true
-```
-
-## **agent.secure.commandLineCapturesEnabled**
-
-**Required**: `false`<br />
-**Description**: Whether you want to enable Command Line Captures or not.<br />
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br />
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-agent:
-  secure:
-    commandLineCapturesEnabled: true
-```
-
-## **agent.secure.memoryDumpEnabled**
-
-**Required**: `false`<br />
-**Description**: Whether you want to enable Memory Dump or not.<br />
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br />
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-agent:
-  secure:
-    memoryDumpEnabled: true
-```
-
-## **agent.secure.settings.k8sAuditServerURL**
-
-**Required**: `false`<br />
-**Description**: Kubernetes Audit Server URL.<br />
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br />
-**Options**: <br />
-**Default**: `0.0.0.0`<br />
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
-```
-
-## **agent.secure.settings.k8sAuditServerPort**
-
-**Required**: `false`<br />
-**Description**: Kubernetes Audit Server Port.<br />
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br />
-**Options**: `1024-65535`<br />
-**Default**: `7765`<br />
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
-```
-
-## **agent.prometheus.enabled**
-
-**Required**: `false`<br />
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br />
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    enabled: true
-```
-
-## **agent.prometheus.settings.interval**
-
-**Required**: `false`<br />
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br />
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
-**Options**: <br />
-**Default**: `10`<br />
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
-```
-
-## **agent.prometheus.settings.logErrors**
-
-**Required**: `false`<br />
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br />
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
-```
-
-## **agent.prometheus.settings.maxMetrics**
-
-**Required**: `false`<br />
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br />
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
-**Options**: <br />
-**Default**: `3000`<br />
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
-```
-
-## **agent.prometheus.settings.maxMetricsPerProcess**
-
-**Required**: `false`<br />
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br />
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
-**Options**: <br />
-**Default**: `3000`<br />
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
-```
-
-## **agent.prometheus.settings.maxTagsPerMetric**
-
-**Required**: `false`<br />
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br />
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
-**Options**: <br />
-**Default**: `40`<br />
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
-```
-
-## **agent.prometheus.settings.histograms**
-
-**Required**: `false`<br />
-**Description**: Whether the Agent should scrape and report histogram metrics.<br />
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br />
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      histograms: 3000
-```
-
-## **agent.statsd.enabled**
-
-**Required**: `false`<br />
-**Description**: Whether to enable ingestion of statsd metrics or not.<br />
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    enabled: true
-```
-
-## **agent.statsd.settings.limit**
-
-**Required**: `false`<br />
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br />
-**Options**: <br />
-**Default**: `100`<br />
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
-```
-
-## **agent.jmx.enabled**
-
-**Required**: `false`<br />
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br />
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    enabled: true
-```
-
-## **agent.jmx.settings.limit**
-
-**Required**: `false`<br />
-**Description**: The total number of JMX metrics polled per host.<br />
-**Options**: <br />
-**Default**: `3000`<br />
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    settings:
-      limit: 1000
-```
-
-## **agent.ebpf.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br />
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    enabled: true
-```
-
-## **agent.ebpf.settings.mountEtcVolume**
-
-**Required**: `false`<br />
-**Description**: Needed to detect which kernel version are running in Google COS.<br />
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br />
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
-```
-
-## **agent.appChecks.elasticsearch.authEnabled**
-
-**Required**: `false`<br />
-**Description**: Whether elasticsearch has auth enabled or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
-```
-
-## **agent.appChecks.elasticsearch.url**
-
-**Required**: `false`<br />
-**Description**: Elasticsearch Endpoint.<br />
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
-```
-
-## **agent.appChecks.elasticsearch.port**
-
-**Required**: `false`<br />
-**Description**: Elasticsearch Port.<br />
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br />
-**Options**: `1024-65535`<br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
-```
-
-## **agent.appChecks.elasticsearch.username**
-
-**Required**: `false`<br />
-**Description**: Username to use for authentication to elasticsearch.<br />
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
-```
-
-## **agent.appChecks.elasticsearch.password**
-
-**Required**: `false`<br />
-**Description**: Password to use for authentication to elasticsearch.<br />
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
-```
-
-## **agent.appChecks.elasticsearch.verifySSL**
-
-**Required**: `false`<br />
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br />
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br />
-**Options**: `true|false`<br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
-```
-
-## **agent.appChecks.kafka.enabled**
-
-**Required**: `false`<br />enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enabled: true
-```
-
-## **agent.appChecks.kafka.arg**
-
-**Required**: `false`<br />enabled
-**Description**: Process arguments to match for Kafka<br />
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
-```
-
-## **agent.appChecks.kafka.url**
-
-**Required**: `false`<br />
-**Description**: Kafka Endpoint.<br />
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
-```
-
-## **agent.appChecks.kafka.port**
-
-**Required**: `false`<br />
-**Description**: Kafka Port.<br />
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br />
-**Options**: `1024-65535`<br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      port: 9200
-```
-
-## **agent.appChecks.kafka.zk.url**
-
-**Required**: `false`<br />
-**Description**: Kafka Zookeeper Endpoint.<br />
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
-```
-
-## **agent.appChecks.kafka.zk.port**
-
-**Required**: `false`<br />
-**Description**: Kafka Zookeeper Port.<br />
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br />
-**Options**: `1024-65535`<br />
-**Default**: <br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
-```
-
-## **agent.appChecks.kafka.enableConsumerOffsets**
-
-**Required**: `false`<br />enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
-```
-
-## **agent.appChecks.kafka.enableAggregationPartitions**
-
-**Required**: `false`<br />enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
-```
-
-## **agent.appChecks.mysql.enabled**
-
-**Required**: `false`<br />
-**Description**: Whether to enable mysql app check.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    mysql:
-      enabled: true
-```
-
-## **agent.appChecks.mysql.hostname**
-
-**Required**: `false`<br />
-**Description**: Name of the mySQL host that the agent should connect to.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
-```
-
-## **agent.appChecks.mysql.user**
-
-**Required**: `false`<br />
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    mysql:
-      user: mysql-user
-```
-
-## **agent.appChecks.mysql.password**
-
-**Required**: `false`<br />
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    mysql:
-      password: mysql-password
-```
-
-## **agent.resources.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to agent pods.<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    limits:
-      cpu: 2
-```
-
-## **agent.resources.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to agent pods.<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    limits:
-      memory: 2
-```
-
-## **agent.resources.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule agent pods.<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    requests:
-      cpu: 2
-```
-
-## **agent.resources.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule agent pods.<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    requests:
-      memory: 2
-```
-
-## **agent.resources.watchdog.max_memory_usage_mb**
-
-**Required**: `false`<br />
-**Description**: The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
-```
-
-## **agent.resources.watchdog.cointerface**
-
-**Required**: `false`<br />
-**Description**: The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
-```
-
 ## **sysdig.eventsForwarderEnabledIntegrations**
 
 **Required**: `false`<br />
diff --git a/installer/docs/03-upgrade.md b/installer/docs/03-upgrade.md
index a561b517..4c47f78e 100644
--- a/installer/docs/03-upgrade.md
+++ b/installer/docs/03-upgrade.md
@@ -123,8 +123,3 @@ step 3 until you are fine with the differences. Then set scripts to deploy
 and run for the final time.
 
 <br />
-
-### Step 5
-
-The datastores Cassandra and ElasticSearch have onDelete update strategy
-and need to be manually restarted to complete upgrade.

From 09b137a49cdd602f687d66f5b9954f2d86943b46 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 19 Sep 2022 17:26:40 +0000
Subject: [PATCH 112/156] updating installer docs

---
 installer/README.md                        |   27 +-
 installer/docs/configuration_parameters.md | 1179 ++++++++++++++++----
 2 files changed, 983 insertions(+), 223 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 1dd5e112..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,7 +1,8 @@
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
+Agent), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -122,6 +123,29 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -325,3 +349,4 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index fee5b3b4..68811202 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -37,6 +37,19 @@ Disk, and Replicas.<br>
 size: medium
 ```
 
+## **kubernetesServerVersion**
+**Required**: `false`<br>
+**Description**: The Kubernetes version of the targeted cluster.
+ This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1` 
+ must be used with k8s version 1.22+. <br/>
+**Options**:<br>
+**Default**:If not provided, it will be pulled during `generate` and/or `import` phases. <br>
+**Example**:
+
+```yaml
+kubernetesServerVersion: v1.18.10
+```
+
 ## **storageClassProvisioner**
 **Required**: `false`<br>
 **Description**: The name of the [storage class
@@ -72,8 +85,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
-and [full airgap instructions](../usage.md#full-airgap-installation) for more
+multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
+and [full airgap instructions](../README.md#full-airgap-install) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -124,7 +137,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift`<br>
+**Options**: `iks|kubernetes|openshift|goldman`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -204,7 +217,7 @@ cloudProvider:
 ## **cloudProvider.name**
 **Required**: `false`<br>
 **Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gke`<br>
+**Options**: `aws|gcp`<br>
 **Default**:<br>
 **Example**:
 
@@ -321,6 +334,33 @@ elasticsearch:
   useES6: true
 ```
 
+## **elasticsearch.enableMetrics**
+**Required**: `false`<br>
+**Description**:
+Allow Elasticsearch to export prometheus metrics.
+
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  enableMetrics: true
+```
+
+## **sysdig.elasticsearchExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
+`elasticsearch.enableMetrics` is `true`.<br>
+**Options**:<br>
+**Default**: v1.2.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchExporterVersion: v1.2.0
+```
+
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -711,40 +751,16 @@ pvStorageSize:
     nats: 10Gi
 ```
 
-## **sysdig.activityAuditVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Activity Audit services.<br>
-**Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditVersion: 4.0.7.11006
-```
-
-## **sysdig.profilingVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Profiling services.<br>
-**Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
-**Example**:
-
-```yaml
-sysdig:
-  profilingVersion: 4.0.7.11006
-```
-
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.30<br>
+**Default**: 0.8.1.32<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.30
+  anchoreVersion: 0.8.1.32
 ```
 
 ## **sysdig.accessKey**
@@ -827,23 +843,49 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
+## **sysdig.s3.capturesFolder**
+**Required**: `false`<br>
+**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    capturesFolder: my_captures_folder
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
 **Options**: <br>
-**Default**: 2.1.21.13<br>
+**Default**: 2.1.22.4<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraVersion: 2.1.22.4
+```
+
+## **sysdig.cassandraExporterVersion**
+**Required**: `false`<br>
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
+**Options**: <br>
+**Default**: latest<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.16
+  cassandraExporterVersion: latest
 ```
 
 ## **sysdig.cassandra.useCassandra3**
 **Required**: `false`<br>
 **Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -856,12 +898,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
 **Options**: <br>
-**Default**: `3.11.7.0`<br>
+**Default**: `3.11.11.1`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.7.0
+  cassandra3Version: 3.11.11.1
 ```
 
 ## **sysdig.cassandra.external**
@@ -920,6 +962,19 @@ sysdig:
    ssl: true
 ```
 
+## **sysdig.cassandra.enableMetrics**
+**Required**: `false`<br>
+**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   enableMetrics: true
+```
+
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1116,12 +1171,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.6<br>
+**Default**: 6.8.6.12<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.6
+  elasticsearch6Version: 6.8.6.12
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1233,27 +1288,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.7.11006<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 4.0.7.11006
+  monitorVersion: 5.0.4.11001
 ```
 
-## **sysdig.scanningVersion**
+## **sysdig.secureVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Scanning components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Secure, if this is not 
+configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 4.0.7.11006
+  secureVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1263,12 +1318,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 4.0.7.11006
+  sysdigAPIVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1278,12 +1333,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 4.0.7.11006
+  sysdigCollectorVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1293,12 +1348,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 4.0.7.11006
+  sysdigWorkerVersion: 5.0.4.11001
 ```
 
 ## **sysdig.enableAlerter**
@@ -1320,7 +1375,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
 **Options**:`true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -1385,6 +1440,32 @@ sysdig:
       apiToken: A_VALID_TOKEN
 ```
 
+## **sysdig.alertingSystem.alertNotifierReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertNotifier<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifierReplicaCount: 3
+```
+
+## **sysdig.alertingSystem.alertManagerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertManager<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManagerReplicaCount: 3
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1554,24 +1635,36 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.6.0.1<br>
+**Default**: 0.7.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.6.0.1
+  natsExporterVersion: 0.7.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.16.2.1<br>
+**Default**: 0.22.0.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingVersion: 0.22.0.2
+```
+
+## **sysdig.natsStreamingInitVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming init.<br>
+**Options**:<br>
+**Default**: 0.22.0.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.16.2.1
+  natsStreamingInitVersion: 0.22.0.2
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1701,7 +1794,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure`.<br>
+is `monitor secure` and when `postgres.HA.enabled` is false.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1813,194 +1906,451 @@ sysdig:
       - my-cool-host1.com
 ```
 
-## **sysdig.postgresDatabases.useNonAdminUsers**
+## **sysdig.postgresql.pgParameters**
 **Required**: `false`<br>
-**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Options**:<br>
+**Default**: ``<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:      
+    pgParameters:
+      max_connections: '1024'
+      shared_buffers: '110MB'
+```
+
+
+## **sysdig.postgresql.ha.enabled**
+**Required**: `false`<br>
+**Description**: true if you want to deploy postgreSQL in HA mode.
 **Options**: `true|false`<br>
 **Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-    profiling:
-      host: my-profiling-db-external.com
+    ha:
+      enabled: true
 ```
 
-## **sysdig.postgresDatabases.anchore**
+## **sysdig.postgresql.ha.spiloVersion**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: Docker image tag of the postgreSQL node in HA mode.
+**Options**:<br>
+**Default**: `2.0-p7`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-      port: 5432
-      db: anchore_db
-      username: anchore_user
-      password: my_anchore_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      spiloVersion: 2.0-p7
 ```
 
-## **sysdig.postgresDatabases.profiling**
+## **sysdig.postgresql.ha.operatorVersion**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
+**Options**:<br>
+**Default**: `v1.6.3`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    profiling:
-      host: my-profiling-db-external.com
-      port: 5432
-      db: anchore_db
-      username: profiling_user
-      password: my_profiling_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      operatorVersion: v1.6.3
 ```
 
-## **sysdig.postgresDatabases.policies**
+## **sysdig.postgresql.ha.exporterVersion**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `latest`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    policies:
-      host: my-policies-db-external.com
-      port: 5432
-      db: policies_db
-      username: policies_user
-      password: my_policies_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      exporterVersion: v0.3
 ```
 
-## **sysdig.postgresDatabases.scanning**
+## **sysdig.postgresql.ha.clusterDomain**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
+**Options**:<br>
+**Default**: `cluster.local`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    scanning:
-      host: my-scanning-db-external.com
-      port: 5432
-      db: scanning_db
-      username: scanning_user
-      password: my_scanning_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      clusterDomain: cluster.local
 ```
 
-## **sysdig.postgresDatabases.reporting**
+## **sysdig.postgresql.ha.replicas**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: number of replicas for postgreSQL nodes in HA mode.
+**Options**:<br>
+**Default**: `3`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    external: true
-  postgresDatabases:
-    reporting:
-      host: my-reporting-db-external.com
-      port: 5432
-      db: reporting_db
-      username: reporting_user
-      password: my_reporting_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      replicas: 3
 ```
 
-## **sysdig.postgresDatabases.padvisor**
+## **sysdig.postgresql.ha.checkCRDs**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Check if zalando pg operator CRDs are already present, if yes stop the installation. If disable the installation will continue to be performed even if the CRDs are present.
+**Options**:<br>
+**Default**: `true`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-      port: 5432
-      db: padvisor_db
-      username: padvisor_user
-      password: my_padvisor_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      checkCRD: true
 ```
 
-## **sysdig.postgresDatabases.sysdig**
+## **sysdig.postgresql.ha.enableExporter**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `true`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    sysdig:
-      host: my-sysdig-db-external.com
-      port: 5432
-      db: sysdig_db
-      username: sysdig_user
-      password: my_sysdig_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      enableExporter: true
 ```
 
-## **sysdig.postgresDatabases.serviceOwnerManagement**
+## **sysdig.postgresql.ha.migrate.retryCount**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Options**: `true|false`<br>
+**Default**: `3600`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
+    ha:
+      migrate:
+        retryCount: 3600
+```
+
+## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
+**Required**: `false`<br>
+**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
+**Options**:<br>
+**Default**: `10`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retrySleepSeconds: 10
+```
+
+## **sysdig.postgresql.ha.migrate.retainBackup**
+**Required**: `false`<br>
+**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retainBackup: true
+```
+
+## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the migration job from postgres single node to HA mode.
+**Options**:<br>
+**Default**: `postgres-to-postgres-ha-0.0.4`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        migrationJobImageVersion: v0.1
+```
+
+## **sysdig.postgresql.ha.customTls.enabled**
+**Required**: `false`<br>
+**Description**: If set to true will pass to the target pg crd the option to add
+custom certificates and CA
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+```
+
+## **sysdig.postgresql.ha.customTls.crtSecretName**
+**Required**: `false`<br>
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container certificate and key that will be used in postgres HA for ssl
+NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+```
+
+## **sysdig.postgresql.ha.customTls.caSecretName**
+**Required**: `false`<br>
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container the CA certificate that will be used in postgres HA for ssl
+NOTE: the CA certificate file must be called `ca.crt`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+       caSecretName: sysdigcloud-postgres-tls-ca
+
+```
+
+## **sysdig.postgresDatabases.useNonAdminUsers**
+**Required**: `false`<br>
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
+```
+
+## **sysdig.postgresDatabases.anchore**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.profiling**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.policies**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.scanning**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.reporting**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.padvisor**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.sysdig**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.serviceOwnerManagement**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
     external: true
   postgresDatabases:
     serviceOwnerManagement:
@@ -2017,7 +2367,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
 **Example**:
 
 ```yaml
@@ -2038,6 +2388,29 @@ sysdig:
       adminpassword: my_root_user_password
 ```
 
+## **sysdig.postgresDatabases.promBeacon**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    promBeacon:
+      host: my-prom-beacon-db-external.com
+      port: 5432
+      db: prom_beacon_db
+      username: prom_beacon_user
+      password: my_prom_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
 ## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
 **Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
@@ -5607,6 +5980,36 @@ sysdig:
         storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
+## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
+**Required**: `true`<br />
+**Description**: The flag to enable on-demand generation of reports globally<br />
+**Options**: false, true<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        onDemandGenerationEnabled: true
+```
+
+## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
+**Required**: `false`<br />
+**Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        onDemandGenerationCustomers: "1,12,123"
+```
+
 ## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
 **Description**: The sleep interval between two runs of the reporting worker<br>
@@ -8011,6 +8414,18 @@ sysdig:
     certificate:
       key: certs/collector.key
 ```
+## **sysdig.worker.enabled**
+**Required**: `false`<br>
+**Description**: Enables Sysdig Worker component<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    enabled: true
+```
 
 ## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
@@ -9023,74 +9438,211 @@ sysdig:
 
 ## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Options**:<br>
+**Default**: "5"<br>
+**Example**:
+
+```yaml
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
+```
+
+## **sysdig.scanningAlertMgrForceAutoScan**
+**Required**: `false`<br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Options**:<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  scanningAlertMgrForceAutoScan: false
+```
+
+## **sysdig.secure.scanning.veJanitor.cronjob**
+**Required**: `false`<br>
+**Description**: Cronjob schedule<br>
+**Options**:<br>
+**Default**: "0 0 * * *"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
+```
+
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+**Required**: `false`<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
+```
+
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+**Required**: `false`<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
+```
+
+
+## **sysdig.metadataService.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable metadata-service or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  metadataService:
+    enabled: true
+```
+
+## **sysdig.resources.metadataService.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.metadataService.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to metadataService pods<br>
 **Options**:<br>
-**Default**: "5"<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.scanningAlertMgrForceAutoScan**
+## **sysdig.resources.metadataService.requests.cpu**
 **Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
 **Options**:<br>
-**Default**: `false`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAlertMgrForceAutoScan: false
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
 **Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**: "disable"<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+  metadataServiceReplicaCount: 4
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+  metadataServiceVersion: 1.0.1.12
 ```
 
-
-## **sysdig.metadataService.enabled**
+## **sysdig.helmRenderer.enabled**
 **Required**: `false`<br>
-**Description**: This creates a deployment for Metadata-Service
+**Description**: Whether to enable helm-renderer or not
 **Do not modify this unless you
 know what you are doing as modifying it could have unintended
 consequences**<br>
@@ -9100,13 +9652,13 @@ consequences**<br>
 
 ```yaml
 sysdig:
-  metadataService:
+  helmRenderer:
     enabled: true
 ```
 
-## **sysdig.resources.metadataService.limits.cpu**
+## **sysdig.resources.helmRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to metadataService pods<br>
+**Description**: The amount of cpu assigned to helmRenderer pods<br>
 **Options**:<br>
 **Default**:
 
@@ -9121,14 +9673,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    metadataService:
+    helmRenderer:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.metadataService.limits.memory**
+## **sysdig.resources.helmRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to metadataService pods<br>
+**Description**: The amount of memory assigned to helmRenderer pods<br>
 **Options**:<br>
 **Default**:
 
@@ -9144,14 +9696,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    metadataService:
+    helmRenderer:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.metadataService.requests.cpu**
+## **sysdig.resources.helmRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule metadataService pods<br>
+**Description**: The amount of cpu required to schedule helmRenderer pods<br>
 **Options**:<br>
 **Default**:
 
@@ -9166,14 +9718,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    metadataService:
+    helmRenderer:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.metadataService.requests.memory**
+## **sysdig.resources.helmRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule metadataService pods<br>
+**Description**: The amount of memory required to schedule helmRenderer pods<br>
 **Options**:<br>
 **Default**:
 
@@ -9188,14 +9740,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    metadataService:
+    helmRenderer:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.metadataServiceReplicaCount**
+## **sysdig.helmRendererReplicaCount**
 **Required**: `false`<br>
-**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
 of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
@@ -9210,19 +9762,33 @@ of `size` `small`.<br>
 
 ```yaml
 sysdig:
-  metadataServiceReplicaCount: 4
+  helmRendererReplicaCount: 4
 ```
 
-## **sysdig.metadataServiceVersion**
+## **sysdig.helmRendererVersion**
 **Required**: `false`<br>
-**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
 **Options**:<br>
-**Default**: 1.0.1.1<br>
+**Default**: 0.1.32<br>
 **Example**:
 
 ```yaml
 sysdig:
-  metadataServiceVersion: 1.0.1.12
+  helmRendererVersion: 0.1.32
+```
+
+## **sysdig.secure.activityAudit.enabled**
+**Required**: `false`<br>
+**Description**: Enable activity audit for Sysdig secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    activityAudit:
+      enabled: true
 ```
 
 ## **sysdig.secure.activityAudit.janitor.retentionDays**
@@ -9240,6 +9806,175 @@ sysdig:
         retentionDays: 90
 ```
 
+## **sysdig.secure.anchore.enabled**
+**Required**: `false`<br>
+**Description**: Enable anchore for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    anchore:
+      enabled: true
+```
+
+## **sysdig.secure.compliance.enabled**
+**Required**: `false`<br>
+**Description**: Enable compliance for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    compliance:
+      enabled: true
+```
+
+## **sysdig.secure.netsec.enabled**
+**Required**: `false`<br>
+**Description**: Enable netsec for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    netsec:
+      enabled: true
+```
+
+## **sysdig.secure.overview.enabled**
+**Required**: `false`<br>
+**Description**: Enable overview for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    overview:
+      enabled: true
+```
+
+## **sysdig.secure.padvisor.enabled**
+**Required**: `false`<br>
+**Description**: Enable policy advisor for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    padvisor:
+      enabled: true
+```
+
+## **sysdig.secure.profiling.enabled**
+**Required**: `false`<br>
+**Description**: Enable profiling for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    profiling:
+      enabled: true
+```
+
+## **sysdig.secure.scanning.reporting.enabled**
+**Required**: `false`<br>
+**Description**: Enable reporting for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        enabled: true
+```
+
+## **sysdig.secure.scanning.enabled**
+**Required**: `false`<br>
+**Description**: Enable scanning for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      enabled: true
+```
+
+## **sysdig.secure.events.enabled**
+**Required**: `false`<br>
+**Description**: Enable events for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      enabled: true
+```
+
+## **sysdig.secure.eventsForwarder.enabled**
+**Required**: `false`<br>
+**Description**: Enable events forwarder for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      enabled: true
+```
+
+## **sysdig.secure.falcoRulesUpdater.enabled**
+**Required**: `false`<br>
+**Description**: Enable the falcoRulesUpdater CronJob. It runs an automated update of the Falco rules. For airgap installs, it expects to find the image in the same registry used for all other services.<br>
+**Options**:<br>
+**Default**: false<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    falcoRulesUpdater:
+      enabled: true
+```
+
+## **sysdig.secure.falcoRulesUpdater.schedule**
+**Required**: `false`<br>
+**Description**: Sets the `.spec.schedule` for the falcoRulesUpdater CronJob<br>
+**Options**:<br>
+**Default**: "0 1 * * *"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    falcoRulesUpdater:
+      schedule: "*/10 * * * *"
+```
+
 ## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to rapid-response-connector pods<br>

From b8638a88a70ce88bb7bb906c1f75fa0badb28616 Mon Sep 17 00:00:00 2001
From: sysdig-installer <installer@sysdig.com>
Date: Thu, 13 Oct 2022 17:50:19 +0000
Subject: [PATCH 113/156] updating installer docs

---
 installer/README.md                           | 77 +++++++------------
 installer/docs/02-configuration_parameters.md | 19 ++++-
 installer/values.yaml                         |  1 +
 3 files changed, 45 insertions(+), 52 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..146b1956 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,8 +1,7 @@
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
-Agent), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -44,25 +43,25 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -82,17 +81,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -123,29 +122,6 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -220,25 +196,25 @@ the installation machine.
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -250,17 +226,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -296,12 +272,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/configuration_parameters.md)
+[configuration_parameters.md](docs/02-configuration_parameters.md)
 
 # Permissions
 
@@ -330,7 +306,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/advanced.md)
+For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
 
 # Example values.yaml
 
@@ -349,4 +325,3 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 4d304db2..ccd8f438 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -1370,6 +1370,23 @@ sysdig:
   ingressNetworking: loadbalancer
 ```
 
+
+## **sysdig.ingressClassName**
+
+**Required**: `false`<br />
+**Description**: Ingress class name to assign on generated `Ingress` resources. This is useful in cases where the value of [`ingressNetworking`](#sysdigingressnetworking) is set to `external` and the targeted Ingress controller has a class name which is different from the default.
+
+**Options**: <br />
+
+**Default**: `haproxy`
+**Example**:
+
+```yaml
+sysdig:
+  ingressClassName: haproxy
+```
+
+
 ## **sysdig.ingressNetworkingInsecureApiNodePort**
 
 **Required**: `false`<br />
@@ -9923,7 +9940,7 @@ sysdig:
 sysdig:
   secure:
     padvisor:
-      enabled: true
+      enabled: false
 ```
 
 ## **sysdig.secure.profiling.enabled**
diff --git a/installer/values.yaml b/installer/values.yaml
index 41c0b5a2..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,3 +21,4 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
+  ingressClassName: haproxy

From 377f15d1c34e385c09e0e7aad8074b1f86cf51ef Mon Sep 17 00:00:00 2001
From: sysdig-installer <installer@sysdig.com>
Date: Fri, 14 Oct 2022 08:30:53 +0000
Subject: [PATCH 114/156] updating installer docs

---
 installer/examples/single-node/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/examples/single-node/values.yaml b/installer/examples/single-node/values.yaml
index a30e3477..ffa790ac 100644
--- a/installer/examples/single-node/values.yaml
+++ b/installer/examples/single-node/values.yaml
@@ -27,7 +27,7 @@ sysdig:
   dnsName: <PLEASE_REPLACE>
   admin:
     username: pov@sysdig.com
-  # Replace with license provided by the sales team.
+  # Replace with license provided by the sales team
   license: <PLEASE_REPLACE>
   # For PoC do not change the below
   resources:

From 1095085ba7ca765d7fdfca42ead30981a70c770d Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 3 Nov 2022 22:19:53 +0000
Subject: [PATCH 115/156] updating installer docs

---
 installer/README.md                        | 77 ++++++++++++++--------
 installer/docs/configuration_parameters.md | 32 ++++-----
 installer/values.yaml                      |  1 -
 3 files changed, 67 insertions(+), 43 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 146b1956..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,7 +1,8 @@
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
+Agent), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -43,25 +44,25 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -81,17 +82,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -122,6 +123,29 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -196,25 +220,25 @@ the installation machine.
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -226,17 +250,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -272,12 +296,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/02-configuration_parameters.md)
+[configuration_parameters.md](docs/configuration_parameters.md)
 
 # Permissions
 
@@ -306,7 +330,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
+For advanced configuration option see [advanced.md](docs/advanced.md)
 
 # Example values.yaml
 
@@ -325,3 +349,4 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 68811202..23cf33d4 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -40,7 +40,7 @@ size: medium
 ## **kubernetesServerVersion**
 **Required**: `false`<br>
 **Description**: The Kubernetes version of the targeted cluster.
- This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1` 
+ This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1`
  must be used with k8s version 1.22+. <br/>
 **Options**:<br>
 **Default**:If not provided, it will be pulled during `generate` and/or `import` phases. <br>
@@ -755,12 +755,12 @@ pvStorageSize:
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.32<br>
+**Default**: 0.8.1-49<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.32
+  anchoreVersion: 0.8.1-49
 ```
 
 ## **sysdig.accessKey**
@@ -1109,13 +1109,13 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform
    (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more
 PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
-This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/
 in the same level as `values.yaml`.<br>
 
 **Options**: `true|false`<br>
@@ -1298,7 +1298,7 @@ sysdig:
 
 ## **sysdig.secureVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Secure, if this is not 
+**Description**: The docker image tag of the Sysdig Secure, if this is not
 configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
@@ -1916,7 +1916,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  postgresql:      
+  postgresql:
     pgParameters:
       max_connections: '1024'
       shared_buffers: '110MB'
@@ -2648,7 +2648,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client: 
+    client:
       id: 2255883163.123123123534
 ```
 
@@ -2663,7 +2663,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client: 
+    client:
       secret: 8a8af18123128acd312d12d12da
 ```
 
@@ -2678,7 +2678,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client: 
+    client:
       scope: incoming-webhook
 ```
 
@@ -2693,7 +2693,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client: 
+    client:
       endpoint: https://slack.com/oauth/v2/authorize
 ```
 
@@ -2708,13 +2708,13 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client: 
+    client:
       oauth:
         endpoint: https://slack.com/api/oauth.v2.access
 ```
 ## **sysdig.saml.certificate.name**
 **Required**: `false`<br>
-**Description**: The filename of the certificate that will be used for signing SAML requests. 
+**Description**: The filename of the certificate that will be used for signing SAML requests.
 The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
 the certificate name used when creating the certificate.<br>
 **Options**:<br>
@@ -2730,7 +2730,7 @@ sysdig:
 ```
 ## **sysdig.saml.certificate.password**
 **Required**: `false`<br>
-**Description**: The password required to read the certificate that will be used for signing SAML requests. 
+**Description**: The password required to read the certificate that will be used for signing SAML requests.
 If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
 **Options**:<br>
 **Default**:  <br>
@@ -10156,7 +10156,7 @@ sysdig:
 
 ## **sysdig.secure.scanning.feedsEnabled**
 **Required**: `false`<br>
-**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..41c0b5a2 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,4 +21,3 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
-  ingressClassName: haproxy

From 672a48a7e5893414cd89c688184e4c4e3d24e5cf Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 16 Nov 2022 12:07:29 +0000
Subject: [PATCH 116/156] updating installer docs

---
 .../elasticsearch-init-vmmaxmapcount/overlays/patch.yaml      | 4 ++--
 installer/examples/single-node/values.yaml                    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml b/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml
index 36f2954a..931ed07c 100644
--- a/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml
+++ b/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml
@@ -9,7 +9,7 @@ spec:
     spec:
       initContainers:
         - name: elasticsearch-init-vmmaxmapcount
-          image: quay.io/sysdig/elasticsearch:<CURRENT_ES_VERSION>
+          image: quay.io/sysdig/opensearch-1:<CURRENT_ES_VERSION>
           securityContext:
             privileged: true
             runAsUser: 0
@@ -17,4 +17,4 @@ spec:
             - sysctl
             - -w
           args:
-            - vm.max_map_count=262144
\ No newline at end of file
+            - vm.max_map_count=262144
diff --git a/installer/examples/single-node/values.yaml b/installer/examples/single-node/values.yaml
index ffa790ac..a30e3477 100644
--- a/installer/examples/single-node/values.yaml
+++ b/installer/examples/single-node/values.yaml
@@ -27,7 +27,7 @@ sysdig:
   dnsName: <PLEASE_REPLACE>
   admin:
     username: pov@sysdig.com
-  # Replace with license provided by the sales team
+  # Replace with license provided by the sales team.
   license: <PLEASE_REPLACE>
   # For PoC do not change the below
   resources:

From 57a0a1e9efc476d8fbd809fb90403b2bdc15cd09 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 8 Dec 2022 06:05:48 +0000
Subject: [PATCH 117/156] updating installer docs

---
 installer/README.md                        |   10 +-
 installer/docs/configuration_parameters.md | 1623 ++++++--------------
 installer/docs/upgrade.md                  |    2 +-
 3 files changed, 450 insertions(+), 1185 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..c6d56b5b 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -40,7 +40,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
@@ -134,7 +134,7 @@ In case, you are setting up both Monitor and Agent together, you can provide a b
 - Copy the current version sysdig-chart/values.yaml to your working directory.
 
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 
 - The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.5.1-1-uber
+  docker pull quay.io/sysdig/installer:4.0.8-2-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:4.0.8-2-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -216,7 +216,7 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 23cf33d4..51ee8431 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -37,19 +37,6 @@ Disk, and Replicas.<br>
 size: medium
 ```
 
-## **kubernetesServerVersion**
-**Required**: `false`<br>
-**Description**: The Kubernetes version of the targeted cluster.
- This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1`
- must be used with k8s version 1.22+. <br/>
-**Options**:<br>
-**Default**:If not provided, it will be pulled during `generate` and/or `import` phases. <br>
-**Example**:
-
-```yaml
-kubernetesServerVersion: v1.18.10
-```
-
 ## **storageClassProvisioner**
 **Required**: `false`<br>
 **Description**: The name of the [storage class
@@ -85,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
-and [full airgap instructions](../README.md#full-airgap-install) for more
+multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
+and [full airgap instructions](../usage.md#full-airgap-installation) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -137,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift|goldman`<br>
+**Options**: `iks|kubernetes|openshift`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -217,7 +204,7 @@ cloudProvider:
 ## **cloudProvider.name**
 **Required**: `false`<br>
 **Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gcp`<br>
+**Options**: `aws|gke`<br>
 **Default**:<br>
 **Example**:
 
@@ -334,33 +321,6 @@ elasticsearch:
   useES6: true
 ```
 
-## **elasticsearch.enableMetrics**
-**Required**: `false`<br>
-**Description**:
-Allow Elasticsearch to export prometheus metrics.
-
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-elasticsearch:
-  enableMetrics: true
-```
-
-## **sysdig.elasticsearchExporterVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
-`elasticsearch.enableMetrics` is `true`.<br>
-**Options**:<br>
-**Default**: v1.2.0<br>
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchExporterVersion: v1.2.0
-```
-
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -751,16 +711,40 @@ pvStorageSize:
     nats: 10Gi
 ```
 
+## **sysdig.activityAuditVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Activity Audit services.<br>
+**Options**:<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditVersion: 4.0.8.12113
+```
+
+## **sysdig.profilingVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Profiling services.<br>
+**Options**:<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Example**:
+
+```yaml
+sysdig:
+  profilingVersion: 4.0.8.12113
+```
+
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1-49<br>
+**Default**: 0.8.1.30<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1-49
+  anchoreVersion: 0.8.1.30
 ```
 
 ## **sysdig.accessKey**
@@ -843,49 +827,23 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
-## **sysdig.s3.capturesFolder**
-**Required**: `false`<br>
-**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    capturesFolder: my_captures_folder
-```
-
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
 **Options**: <br>
-**Default**: 2.1.22.4<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraVersion: 2.1.22.4
-```
-
-## **sysdig.cassandraExporterVersion**
-**Required**: `false`<br>
-**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
-**Options**: <br>
-**Default**: latest<br>
+**Default**: 2.1.21.13<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraExporterVersion: latest
+  cassandraVersion: 2.1.21.16
 ```
 
 ## **sysdig.cassandra.useCassandra3**
 **Required**: `false`<br>
 **Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -898,12 +856,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
 **Options**: <br>
-**Default**: `3.11.11.1`<br>
+**Default**: `3.11.7.0`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.11.1
+  cassandra3Version: 3.11.7.0
 ```
 
 ## **sysdig.cassandra.external**
@@ -962,19 +920,6 @@ sysdig:
    ssl: true
 ```
 
-## **sysdig.cassandra.enableMetrics**
-**Required**: `false`<br>
-**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
- cassandra:
-   enableMetrics: true
-```
-
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1109,13 +1054,13 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
    (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
 PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
-This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
 in the same level as `values.yaml`.<br>
 
 **Options**: `true|false`<br>
@@ -1171,12 +1116,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.12<br>
+**Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.12
+  elasticsearch6Version: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1288,27 +1233,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 4.0.8.12113<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.4.11001
+  monitorVersion: 4.0.8.12113
 ```
 
-## **sysdig.secureVersion**
+## **sysdig.scanningVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Secure, if this is not
-configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Scanning components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.4.11001
+  scanningVersion: 4.0.8.12113
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1318,12 +1263,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.4.11001
+  sysdigAPIVersion: 4.0.8.12113
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1333,12 +1278,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.4.11001
+  sysdigCollectorVersion: 4.0.8.12113
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1348,12 +1293,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.4.11001
+  sysdigWorkerVersion: 4.0.8.12113
 ```
 
 ## **sysdig.enableAlerter**
@@ -1375,7 +1320,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
 **Options**:`true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -1440,32 +1385,6 @@ sysdig:
       apiToken: A_VALID_TOKEN
 ```
 
-## **sysdig.alertingSystem.alertNotifierReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertNotifier<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifierReplicaCount: 3
-```
-
-## **sysdig.alertingSystem.alertManagerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertManager<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManagerReplicaCount: 3
-```
-
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1635,36 +1554,24 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.7.0.1<br>
+**Default**: 0.6.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.7.0.1
+  natsExporterVersion: 0.6.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.22.0.2<br>
-**Example**:
-
-```yaml
-sysdig:
-  natsStreamingVersion: 0.22.0.2
-```
-
-## **sysdig.natsStreamingInitVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of NATS streaming init.<br>
-**Options**:<br>
-**Default**: 0.22.0.2<br>
+**Default**: 0.16.2.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingInitVersion: 0.22.0.2
+  natsStreamingVersion: 0.16.2.1
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1794,7 +1701,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure` and when `postgres.HA.enabled` is false.<br>
+is `monitor secure`.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1906,377 +1813,279 @@ sysdig:
       - my-cool-host1.com
 ```
 
-## **sysdig.postgresql.pgParameters**
-**Required**: `false`<br>
-**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
-**Options**:<br>
-**Default**: ``<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    pgParameters:
-      max_connections: '1024'
-      shared_buffers: '110MB'
-```
-
-
-## **sysdig.postgresql.ha.enabled**
+## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
-**Description**: true if you want to deploy postgreSQL in HA mode.
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
-
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      enabled: true
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
 ```
 
-## **sysdig.postgresql.ha.spiloVersion**
+## **sysdig.postgresDatabases.anchore**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL node in HA mode.
-**Options**:<br>
-**Default**: `2.0-p7`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      spiloVersion: 2.0-p7
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.operatorVersion**
+## **sysdig.postgresDatabases.profiling**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
-**Options**:<br>
-**Default**: `v1.6.3`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      operatorVersion: v1.6.3
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.exporterVersion**
+## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
-**Options**:<br>
-**Default**: `latest`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      exporterVersion: v0.3
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.clusterDomain**
+## **sysdig.postgresDatabases.scanning**
 **Required**: `false`<br>
-**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
-**Options**:<br>
-**Default**: `cluster.local`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      clusterDomain: cluster.local
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.replicas**
+## **sysdig.postgresDatabases.reporting**
 **Required**: `false`<br>
-**Description**: number of replicas for postgreSQL nodes in HA mode.
-**Options**:<br>
-**Default**: `3`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      replicas: 3
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.checkCRDs**
+## **sysdig.postgresDatabases.padvisor**
 **Required**: `false`<br>
-**Description**: Check if zalando pg operator CRDs are already present, if yes stop the installation. If disable the installation will continue to be performed even if the CRDs are present.
-**Options**:<br>
-**Default**: `true`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      checkCRD: true
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.enableExporter**
+## **sysdig.postgresDatabases.sysdig**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
-**Options**:<br>
-**Default**: `true`<br>
-
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    ha:
-      enableExporter: true
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresql.ha.migrate.retryCount**
+## **sysdig.postgresDatabases.serviceOwnerManagement**
 **Required**: `false`<br>
-**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
-**Options**: `true|false`<br>
-**Default**: `3600`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retryCount: 3600
-```
-
-## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
-**Required**: `false`<br>
-**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
-**Options**:<br>
-**Default**: `10`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retrySleepSeconds: 10
-```
-
-## **sysdig.postgresql.ha.migrate.retainBackup**
-**Required**: `false`<br>
-**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retainBackup: true
-```
-
-## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of the migration job from postgres single node to HA mode.
-**Options**:<br>
-**Default**: `postgres-to-postgres-ha-0.0.4`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      migrate:
-        migrationJobImageVersion: v0.1
-```
-
-## **sysdig.postgresql.ha.customTls.enabled**
-**Required**: `false`<br>
-**Description**: If set to true will pass to the target pg crd the option to add
-custom certificates and CA
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-```
-
-## **sysdig.postgresql.ha.customTls.crtSecretName**
-**Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container certificate and key that will be used in postgres HA for ssl
-NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
-```
-
-## **sysdig.postgresql.ha.customTls.caSecretName**
-**Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container the CA certificate that will be used in postgres HA for ssl
-NOTE: the CA certificate file must be called `ca.crt`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
-       caSecretName: sysdigcloud-postgres-tls-ca
-
-```
-
-## **sysdig.postgresDatabases.useNonAdminUsers**
-**Required**: `false`<br>
-**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-    profiling:
-      host: my-profiling-db-external.com
-```
-
-## **sysdig.postgresDatabases.anchore**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
+    primary: true
     external: true
   postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
+    serviceOwnerManagement:
+      host: my-som-db-external.com
       port: 5432
-      db: anchore_db
-      username: anchore_user
-      password: my_anchore_user_password
+      db: som_db
+      username: som_user
+      password: my_som_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.profiling**
+## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
+    primary: true
     external: true
   postgresDatabases:
-    useNonAdminUsers: true
-    profiling:
-      host: my-profiling-db-external.com
+    beacon:
+      host: my-beacon-db-external.com
       port: 5432
-      db: anchore_db
-      username: profiling_user
-      password: my_profiling_user_password
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.policies**
+## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
+    primary: true
     external: true
   postgresDatabases:
-    policies:
-      host: my-policies-db-external.com
+    quartz:
+      host: my-quartz-db-external.com
       port: 5432
-      db: policies_db
-      username: policies_user
-      password: my_policies_user_password
+      db: quartz_db
+      username: quartz_user
+      password: my_quartz_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.scanning**
+## **sysdig.postgresDatabases.compliance**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
     external: true
   postgresDatabases:
-    scanning:
-      host: my-scanning-db-external.com
+    compliance:
+      host: my-compliance-db-external.com
       port: 5432
-      db: scanning_db
-      username: scanning_user
-      password: my_scanning_user_password
+      db: compliance_db
+      username: compliance_user
+      password: my_compliance_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.reporting**
+## **sysdig.postgresDatabases.admissionController**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
@@ -2284,267 +2093,85 @@ sysdig:
   postgresql:
     external: true
   postgresDatabases:
-    reporting:
-      host: my-reporting-db-external.com
+    admissionController:
+      host: my-admission-controller-db-external.com
       port: 5432
-      db: reporting_db
-      username: reporting_user
-      password: my_reporting_user_password
+      db: admission_controller_db
+      username: admission_controller_user
+      password: my_admission_controller_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.padvisor**
+## **sysdig.postgresDatabases.rapidResponse**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
     external: true
   postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
+    rapidResponse:
+      host: my-rapid-response-db-external.com
       port: 5432
-      db: padvisor_db
-      username: padvisor_user
-      password: my_padvisor_user_password
+      db: rapid_response_db
+      username: rapid_response_user
+      password: my_rapid_response_user_password
       sslmode: disable
       admindb: root_db
       adminusername: root_user
       adminpassword: my_root_user_password
 ```
 
-## **sysdig.postgresDatabases.sysdig**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
+**Options**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    sysdig:
-      host: my-sysdig-db-external.com
-      port: 5432
-      db: sysdig_db
-      username: sysdig_user
-      password: my_sysdig_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
 ```
 
-## **sysdig.postgresDatabases.serviceOwnerManagement**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Options**:<br>
+**Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    serviceOwnerManagement:
-      host: my-som-db-external.com
-      port: 5432
-      db: som_db
-      username: som_user
-      password: my_som_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  proxy:
+    enable: true
 ```
 
-## **sysdig.postgresDatabases.beacon**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    beacon:
-      host: my-beacon-db-external.com
-      port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.promBeacon**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    promBeacon:
-      host: my-prom-beacon-db-external.com
-      port: 5432
-      db: prom_beacon_db
-      username: prom_beacon_user
-      password: my_prom_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.quartz**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    quartz:
-      host: my-quartz-db-external.com
-      port: 5432
-      db: quartz_db
-      username: quartz_user
-      password: my_quartz_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.compliance**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    compliance:
-      host: my-compliance-db-external.com
-      port: 5432
-      db: compliance_db
-      username: compliance_user
-      password: my_compliance_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.admissionController**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    admissionController:
-      host: my-admission-controller-db-external.com
-      port: 5432
-      db: admission_controller_db
-      username: admission_controller_user
-      password: my_admission_controller_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.postgresDatabases.rapidResponse**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-rapid-response-db-external.com
-      port: 5432
-      db: rapid_response_db
-      username: rapid_response_user
-      password: my_rapid_response_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
-
-## **sysdig.proxy.defaultNoProxy**
-**Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
-**Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
-```
-
-## **sysdig.proxy.enable**
-**Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
-**Options**:<br>
-**Default**: `false`<br>
-
-**Example**:
-
-```yaml
-sysdig:
-  proxy:
-    enable: true
-```
-
-## **sysdig.proxy.host**
-**Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
-**Options**:<br>
-**Default**:<br>
-
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
+**Options**:<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
@@ -2648,7 +2275,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client:
+    client: 
       id: 2255883163.123123123534
 ```
 
@@ -2663,7 +2290,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client:
+    client: 
       secret: 8a8af18123128acd312d12d12da
 ```
 
@@ -2678,7 +2305,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client:
+    client: 
       scope: incoming-webhook
 ```
 
@@ -2693,7 +2320,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client:
+    client: 
       endpoint: https://slack.com/oauth/v2/authorize
 ```
 
@@ -2708,13 +2335,13 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client:
+    client: 
       oauth:
         endpoint: https://slack.com/api/oauth.v2.access
 ```
 ## **sysdig.saml.certificate.name**
 **Required**: `false`<br>
-**Description**: The filename of the certificate that will be used for signing SAML requests.
+**Description**: The filename of the certificate that will be used for signing SAML requests. 
 The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
 the certificate name used when creating the certificate.<br>
 **Options**:<br>
@@ -2730,7 +2357,7 @@ sysdig:
 ```
 ## **sysdig.saml.certificate.password**
 **Required**: `false`<br>
-**Description**: The password required to read the certificate that will be used for signing SAML requests.
+**Description**: The password required to read the certificate that will be used for signing SAML requests. 
 If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
 **Options**:<br>
 **Default**:  <br>
@@ -5980,36 +5607,6 @@ sysdig:
         storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
-**Required**: `true`<br />
-**Description**: The flag to enable on-demand generation of reports globally<br />
-**Options**: false, true<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        onDemandGenerationEnabled: true
-```
-
-## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
-**Required**: `false`<br />
-**Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        onDemandGenerationCustomers: "1,12,123"
-```
-
 ## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
 **Description**: The sleep interval between two runs of the reporting worker<br>
@@ -8414,18 +8011,6 @@ sysdig:
     certificate:
       key: certs/collector.key
 ```
-## **sysdig.worker.enabled**
-**Required**: `false`<br>
-**Description**: Enables Sysdig Worker component<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    enabled: true
-```
 
 ## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
@@ -9298,681 +8883,361 @@ agent:
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    requests:
-      memory: 2
-```
-
-## **agent.resources.watchdog.max_memory_usage_mb**
-**Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
-```
-
-## **agent.resources.watchdog.cointerface**
-**Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
-**Example**:
-
-```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
-```
-
-## **sysdig.eventsForwarderEnabledIntegrations**
-**Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
-**Options**:<br>
-**Default**: ""<br>
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
-```
-
-## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
-**Required**: `false`<br>
-**Description**: Max duration after the last ping from an AC before it is considered
-disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
-**Options**:<br>
-**Default**: 10m<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        maxDurationBeforeDisconnection: 20m
-```
-
-## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
-**Required**: `false`<br>
-**Description**: TTL of the cache for the cluster configuration. It should be
-used by the AC as polling interval to retrieve the updated cluster configuration
-from the API. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        confTTLDuration: 10m
-```
-
-## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
-**Required**: `false`<br>
-**Description**: TTL of an AC ping. It should be used by the AC as polling
-interval to perform a HEAD on the ping endpoint to notify it's still alive and
-connected. It cannot be greater than 30m and it cannot be greater than
-maxDurationBeforeDisconnection<br>
-**Options**:<br>
-**Default**: 5m<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        pingTTLDuration: 8m
-```
-
-## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
-**Required**: `false`<br>
-**Description**: Max duration of the cluster configuration cache. The API returns
-this value as max-age in seconds and the FE uses it for caching the cluster
-configuration. FE also asks for a new cluster configuration using this value
-as time interval. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        clusterConfCacheMaxDuration: 9m
-```
-
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
-**Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
-**Options**:<br>
-**Default**: "5"<br>
-**Example**:
-
-```yaml
-sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
-```
-
-## **sysdig.scanningAlertMgrForceAutoScan**
-**Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
-**Options**:<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  scanningAlertMgrForceAutoScan: false
-```
-
-## **sysdig.secure.scanning.veJanitor.cronjob**
-**Required**: `false`<br>
-**Description**: Cronjob schedule<br>
-**Options**:<br>
-**Default**: "0 0 * * *"<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
-```
-
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
-**Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
-**Options**:<br>
-**Default**: "disable"<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
-```
-
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
-**Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
-```
-
-
-## **sysdig.metadataService.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  metadataService:
-    enabled: true
-```
-
-## **sysdig.resources.metadataService.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.metadataService.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        memory: 10Mi
-```
-
-## **sysdig.resources.metadataService.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.metadataService.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.metadataServiceReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
-
-**Example**:
-
-```yaml
-sysdig:
-  metadataServiceReplicaCount: 4
-```
-
-## **sysdig.metadataServiceVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 1.0.1.1<br>
-**Example**:
-
-```yaml
-sysdig:
-  metadataServiceVersion: 1.0.1.12
-```
-
-## **sysdig.helmRenderer.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  helmRenderer:
-    enabled: true
-```
-
-## **sysdig.resources.helmRenderer.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.helmRenderer.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    helmRenderer:
-      limits:
-        memory: 10Mi
+    requests:
+      memory: 2
 ```
 
-## **sysdig.resources.helmRenderer.requests.cpu**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule helmRenderer pods<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    helmRenderer:
-      requests:
-        cpu: 2
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **sysdig.resources.helmRenderer.requests.memory**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule helmRenderer pods<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    helmRenderer:
-      requests:
-        memory: 200Mi
+    watchdog:
+      cointerface: 1024
 ```
 
-## **sysdig.helmRendererReplicaCount**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
-of `size` `small`.<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: ""<br>
+**Example**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
+```yaml
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+```
 
+## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
+**Required**: `false`<br>
+**Description**: Max duration after the last ping from an AC before it is considered
+disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
+**Options**:<br>
+**Default**: 10m<br>
 **Example**:
 
 ```yaml
 sysdig:
-  helmRendererReplicaCount: 4
+  secure:
+    scanning:
+      admissionControllerAPI:
+        maxDurationBeforeDisconnection: 20m
 ```
 
-## **sysdig.helmRendererVersion**
+## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
 **Required**: `false`<br>
-**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
+**Description**: TTL of the cache for the cluster configuration. It should be
+used by the AC as polling interval to retrieve the updated cluster configuration
+from the API. It cannot be greater than 30m<br>
 **Options**:<br>
-**Default**: 0.1.32<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
 sysdig:
-  helmRendererVersion: 0.1.32
+  secure:
+    scanning:
+      admissionControllerAPI:
+        confTTLDuration: 10m
 ```
 
-## **sysdig.secure.activityAudit.enabled**
+## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
 **Required**: `false`<br>
-**Description**: Enable activity audit for Sysdig secure.<br>
+**Description**: TTL of an AC ping. It should be used by the AC as polling
+interval to perform a HEAD on the ping endpoint to notify it's still alive and
+connected. It cannot be greater than 30m and it cannot be greater than
+maxDurationBeforeDisconnection<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    activityAudit:
-      enabled: true
+    scanning:
+      admissionControllerAPI:
+        pingTTLDuration: 8m
 ```
 
-## **sysdig.secure.activityAudit.janitor.retentionDays**
+## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
 **Required**: `false`<br>
-**Description**: Retention period for Activity Audit data.<br>
+**Description**: Max duration of the cluster configuration cache. The API returns
+this value as max-age in seconds and the FE uses it for caching the cluster
+configuration. FE also asks for a new cluster configuration using this value
+as time interval. It cannot be greater than 30m<br>
 **Options**:<br>
-**Default**: 90<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    activityAudit:
-      janitor:
-        retentionDays: 90
+    scanning:
+      admissionControllerAPI:
+        clusterConfCacheMaxDuration: 9m
 ```
 
-## **sysdig.secure.anchore.enabled**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Enable anchore for Sysdig Secure.<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      enabled: true
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-## **sysdig.secure.compliance.enabled**
+## **sysdig.scanningAlertMgrForceAutoScan**
 **Required**: `false`<br>
-**Description**: Enable compliance for Sysdig Secure.<br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    compliance:
-      enabled: true
+  scanningAlertMgrForceAutoScan: false
 ```
 
-## **sysdig.secure.netsec.enabled**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Enable netsec for Sysdig Secure.<br>
+**Description**: Cronjob schedule<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    netsec:
-      enabled: true
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-## **sysdig.secure.overview.enabled**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Enable overview for Sysdig Secure.<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**: "disable"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    overview:
-      enabled: true
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **sysdig.secure.padvisor.enabled**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: Enable policy advisor for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    padvisor:
-      enabled: true
+    veJanitor:
+      scanningDbEngine: "mysql"
+```
+
+
+## **sysdig.metadataService.enabled**
+**Required**: `false`<br>
+**Description**: This creates a deployment for Metadata-Service
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  metadataService:
+    enabled: true
 ```
 
-## **sysdig.secure.profiling.enabled**
+## **sysdig.resources.metadataService.limits.cpu**
 **Required**: `false`<br>
-**Description**: Enable profiling for Sysdig Secure.<br>
+**Description**: The amount of cpu assigned to metadataService pods<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    profiling:
-      enabled: true
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.reporting.enabled**
+## **sysdig.resources.metadataService.limits.memory**
 **Required**: `false`<br>
-**Description**: Enable reporting for Sysdig Secure.<br>
+**Description**: The amount of memory assigned to metadataService pods<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        enabled: true
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.secure.scanning.enabled**
+## **sysdig.resources.metadataService.requests.cpu**
 **Required**: `false`<br>
-**Description**: Enable scanning for Sysdig Secure.<br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      enabled: true
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.events.enabled**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: Enable events for Sysdig Secure.<br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    events:
-      enabled: true
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.secure.eventsForwarder.enabled**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: Enable events forwarder for Sysdig Secure.<br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**: true<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      enabled: true
+  metadataServiceReplicaCount: 4
 ```
 
-## **sysdig.secure.falcoRulesUpdater.enabled**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: Enable the falcoRulesUpdater CronJob. It runs an automated update of the Falco rules. For airgap installs, it expects to find the image in the same registry used for all other services.<br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
 **Options**:<br>
-**Default**: false<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    falcoRulesUpdater:
-      enabled: true
+  metadataServiceVersion: 1.0.1.12
 ```
 
-## **sysdig.secure.falcoRulesUpdater.schedule**
+## **sysdig.secure.activityAudit.janitor.retentionDays**
 **Required**: `false`<br>
-**Description**: Sets the `.spec.schedule` for the falcoRulesUpdater CronJob<br>
+**Description**: Retention period for Activity Audit data.<br>
 **Options**:<br>
-**Default**: "0 1 * * *"<br>
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    falcoRulesUpdater:
-      schedule: "*/10 * * * *"
+    activityAudit:
+      janitor:
+        retentionDays: 90
 ```
 
 ## **sysdig.resources.rapid-response-connector.limits.cpu**
@@ -10156,7 +9421,7 @@ sysdig:
 
 ## **sysdig.secure.scanning.feedsEnabled**
 **Required**: `false`<br>
-**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index 17fd8ca7..d211cc34 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -19,7 +19,7 @@ To upgrade:<br>
 
 1. Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 2. Edit the following values:
   - [`scripts`](docs/configuration_parameters.md#scripts): Set this to

From a85ec0e1a3a5e8cbfeb835122ae0a8c6ae9acbab Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 5 Jan 2023 16:18:22 +0000
Subject: [PATCH 118/156] updating installer docs

---
 installer/README.md                        |   10 +-
 installer/docs/configuration_parameters.md | 1199 ++++++++++++++++----
 installer/docs/upgrade.md                  |    2 +-
 3 files changed, 973 insertions(+), 238 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index c6d56b5b..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -40,7 +40,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
@@ -134,7 +134,7 @@ In case, you are setting up both Monitor and Agent together, you can provide a b
 - Copy the current version sysdig-chart/values.yaml to your working directory.
 
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 
 - The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
@@ -202,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:4.0.8-2-uber
+  docker pull quay.io/sysdig/installer:3.5.1-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:4.0.8-2-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -216,7 +216,7 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 51ee8431..8968fb27 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -37,6 +37,19 @@ Disk, and Replicas.<br>
 size: medium
 ```
 
+## **kubernetesServerVersion**
+**Required**: `false`<br>
+**Description**: The Kubernetes version of the targeted cluster.
+ This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1`
+ must be used with k8s version 1.22+. <br/>
+**Options**:<br>
+**Default**:If not provided, it will be pulled during `generate` and/or `import` phases. <br>
+**Example**:
+
+```yaml
+kubernetesServerVersion: v1.18.10
+```
+
 ## **storageClassProvisioner**
 **Required**: `false`<br>
 **Description**: The name of the [storage class
@@ -72,8 +85,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
-and [full airgap instructions](../usage.md#full-airgap-installation) for more
+multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
+and [full airgap instructions](../README.md#full-airgap-install) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -124,7 +137,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift`<br>
+**Options**: `iks|kubernetes|openshift|goldman`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -204,7 +217,7 @@ cloudProvider:
 ## **cloudProvider.name**
 **Required**: `false`<br>
 **Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gke`<br>
+**Options**: `aws|gcp`<br>
 **Default**:<br>
 **Example**:
 
@@ -321,6 +334,33 @@ elasticsearch:
   useES6: true
 ```
 
+## **elasticsearch.enableMetrics**
+**Required**: `false`<br>
+**Description**:
+Allow Elasticsearch to export prometheus metrics.
+
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  enableMetrics: true
+```
+
+## **sysdig.elasticsearchExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
+`elasticsearch.enableMetrics` is `true`.<br>
+**Options**:<br>
+**Default**: v1.2.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchExporterVersion: v1.2.0
+```
+
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -711,40 +751,16 @@ pvStorageSize:
     nats: 10Gi
 ```
 
-## **sysdig.activityAuditVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Activity Audit services.<br>
-**Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditVersion: 4.0.8.12113
-```
-
-## **sysdig.profilingVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Profiling services.<br>
-**Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
-**Example**:
-
-```yaml
-sysdig:
-  profilingVersion: 4.0.8.12113
-```
-
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1.30<br>
+**Default**: 0.8.1-51<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.30
+  anchoreVersion: 0.8.1-51
 ```
 
 ## **sysdig.accessKey**
@@ -827,23 +843,49 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
+## **sysdig.s3.capturesFolder**
+**Required**: `false`<br>
+**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    capturesFolder: my_captures_folder
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
 **Options**: <br>
-**Default**: 2.1.21.13<br>
+**Default**: 2.1.22.4<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraVersion: 2.1.22.4
+```
+
+## **sysdig.cassandraExporterVersion**
+**Required**: `false`<br>
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
+**Options**: <br>
+**Default**: latest<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.16
+  cassandraExporterVersion: latest
 ```
 
 ## **sysdig.cassandra.useCassandra3**
 **Required**: `false`<br>
 **Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -856,12 +898,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
 **Options**: <br>
-**Default**: `3.11.7.0`<br>
+**Default**: `3.11.11.1`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.7.0
+  cassandra3Version: 3.11.11.1
 ```
 
 ## **sysdig.cassandra.external**
@@ -920,6 +962,19 @@ sysdig:
    ssl: true
 ```
 
+## **sysdig.cassandra.enableMetrics**
+**Required**: `false`<br>
+**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   enableMetrics: true
+```
+
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1054,13 +1109,13 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform 
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform
    (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more 
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more
 PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
-This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/ 
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/
 in the same level as `values.yaml`.<br>
 
 **Options**: `true|false`<br>
@@ -1116,12 +1171,12 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.6<br>
+**Default**: 6.8.6.12<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.6
+  elasticsearch6Version: 6.8.6.12
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1233,27 +1288,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 4.0.8.12113<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 4.0.8.12113
+  monitorVersion: 5.0.4.11001
 ```
 
-## **sysdig.scanningVersion**
+## **sysdig.secureVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Scanning components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Secure, if this is not
+configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 4.0.8.12113
+  secureVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1263,12 +1318,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 4.0.8.12113
+  sysdigAPIVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1278,12 +1333,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 4.0.8.12113
+  sysdigCollectorVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1293,12 +1348,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 4.0.8.12113
+  sysdigWorkerVersion: 5.0.4.11001
 ```
 
 ## **sysdig.enableAlerter**
@@ -1320,7 +1375,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
 **Options**:`true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -1385,6 +1440,32 @@ sysdig:
       apiToken: A_VALID_TOKEN
 ```
 
+## **sysdig.alertingSystem.alertNotifierReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertNotifier<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifierReplicaCount: 3
+```
+
+## **sysdig.alertingSystem.alertManagerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertManager<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManagerReplicaCount: 3
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1554,24 +1635,36 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.6.0.1<br>
+**Default**: 0.7.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.6.0.1
+  natsExporterVersion: 0.7.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.16.2.1<br>
+**Default**: 0.22.0.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingVersion: 0.22.0.2
+```
+
+## **sysdig.natsStreamingInitVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming init.<br>
+**Options**:<br>
+**Default**: 0.22.0.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.16.2.1
+  natsStreamingInitVersion: 0.22.0.2
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1701,7 +1794,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure`.<br>
+is `monitor secure` and when `postgres.HA.enabled` is false.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1813,188 +1906,445 @@ sysdig:
       - my-cool-host1.com
 ```
 
-## **sysdig.postgresDatabases.useNonAdminUsers**
+## **sysdig.postgresql.pgParameters**
 **Required**: `false`<br>
-**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Options**:<br>
+**Default**: ``<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    pgParameters:
+      max_connections: '1024'
+      shared_buffers: '110MB'
+```
+
+
+## **sysdig.postgresql.ha.enabled**
+**Required**: `false`<br>
+**Description**: true if you want to deploy postgreSQL in HA mode.
 **Options**: `true|false`<br>
 **Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-    profiling:
-      host: my-profiling-db-external.com
+    ha:
+      enabled: true
 ```
 
-## **sysdig.postgresDatabases.anchore**
+## **sysdig.postgresql.ha.spiloVersion**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: Docker image tag of the postgreSQL node in HA mode.
+**Options**:<br>
+**Default**: `2.0-p7`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-      port: 5432
-      db: anchore_db
-      username: anchore_user
-      password: my_anchore_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      spiloVersion: 2.0-p7
 ```
 
-## **sysdig.postgresDatabases.profiling**
+## **sysdig.postgresql.ha.operatorVersion**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
+**Options**:<br>
+**Default**: `v1.6.3`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    profiling:
-      host: my-profiling-db-external.com
-      port: 5432
-      db: anchore_db
-      username: profiling_user
-      password: my_profiling_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      operatorVersion: v1.6.3
 ```
 
-## **sysdig.postgresDatabases.policies**
+## **sysdig.postgresql.ha.exporterVersion**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `latest`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    policies:
-      host: my-policies-db-external.com
-      port: 5432
-      db: policies_db
-      username: policies_user
-      password: my_policies_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      exporterVersion: v0.3
 ```
 
-## **sysdig.postgresDatabases.scanning**
+## **sysdig.postgresql.ha.clusterDomain**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
+**Options**:<br>
+**Default**: `cluster.local`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    scanning:
-      host: my-scanning-db-external.com
-      port: 5432
-      db: scanning_db
-      username: scanning_user
-      password: my_scanning_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      clusterDomain: cluster.local
 ```
 
-## **sysdig.postgresDatabases.reporting**
+## **sysdig.postgresql.ha.replicas**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: number of replicas for postgreSQL nodes in HA mode.
+**Options**:<br>
+**Default**: `3`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    external: true
-  postgresDatabases:
-    reporting:
-      host: my-reporting-db-external.com
-      port: 5432
-      db: reporting_db
-      username: reporting_user
-      password: my_reporting_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      replicas: 3
 ```
 
-## **sysdig.postgresDatabases.padvisor**
+## **sysdig.postgresql.ha.checkCRDs**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Check if zalando pg operator CRDs are already present, if yes stop the installation. If disable the installation will continue to be performed even if the CRDs are present.
+**Options**:<br>
+**Default**: `true`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-      port: 5432
-      db: padvisor_db
-      username: padvisor_user
-      password: my_padvisor_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      checkCRD: true
 ```
 
-## **sysdig.postgresDatabases.sysdig**
+## **sysdig.postgresql.ha.enableExporter**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `true`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
   postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    sysdig:
-      host: my-sysdig-db-external.com
-      port: 5432
-      db: sysdig_db
-      username: sysdig_user
-      password: my_sysdig_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+    ha:
+      enableExporter: true
 ```
 
-## **sysdig.postgresDatabases.serviceOwnerManagement**
+## **sysdig.postgresql.ha.migrate.retryCount**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Options**: `true|false`<br>
+**Default**: `3600`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retryCount: 3600
+```
+
+## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
+**Required**: `false`<br>
+**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
+**Options**:<br>
+**Default**: `10`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retrySleepSeconds: 10
+```
+
+## **sysdig.postgresql.ha.migrate.retainBackup**
+**Required**: `false`<br>
+**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        retainBackup: true
+```
+
+## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of the migration job from postgres single node to HA mode.
+**Options**:<br>
+**Default**: `postgres-to-postgres-ha-0.0.4`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      migrate:
+        migrationJobImageVersion: v0.1
+```
+
+## **sysdig.postgresql.ha.customTls.enabled**
+**Required**: `false`<br>
+**Description**: If set to true will pass to the target pg crd the option to add
+custom certificates and CA
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+```
+
+## **sysdig.postgresql.ha.customTls.crtSecretName**
+**Required**: `false`<br>
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container certificate and key that will be used in postgres HA for ssl
+NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+```
+
+## **sysdig.postgresql.ha.customTls.caSecretName**
+**Required**: `false`<br>
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container the CA certificate that will be used in postgres HA for ssl
+NOTE: the CA certificate file must be called `ca.crt`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
+
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+       caSecretName: sysdigcloud-postgres-tls-ca
+
+```
+
+## **sysdig.postgresDatabases.useNonAdminUsers**
+**Required**: `false`<br>
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
+```
+
+## **sysdig.postgresDatabases.anchore**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.profiling**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.policies**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.scanning**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.reporting**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.padvisor**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.sysdig**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.postgresDatabases.serviceOwnerManagement**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
@@ -2017,7 +2367,7 @@ sysdig:
 
 ## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
 **Example**:
 
 ```yaml
@@ -2038,6 +2388,29 @@ sysdig:
       adminpassword: my_root_user_password
 ```
 
+## **sysdig.postgresDatabases.promBeacon**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    promBeacon:
+      host: my-prom-beacon-db-external.com
+      port: 5432
+      db: prom_beacon_db
+      username: prom_beacon_user
+      password: my_prom_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
 ## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
 **Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
@@ -2275,7 +2648,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client: 
+    client:
       id: 2255883163.123123123534
 ```
 
@@ -2290,7 +2663,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client: 
+    client:
       secret: 8a8af18123128acd312d12d12da
 ```
 
@@ -2305,7 +2678,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client: 
+    client:
       scope: incoming-webhook
 ```
 
@@ -2320,7 +2693,7 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client: 
+    client:
       endpoint: https://slack.com/oauth/v2/authorize
 ```
 
@@ -2335,13 +2708,13 @@ sysdig:
 ```yaml
 sysdig:
   slack:
-    client: 
+    client:
       oauth:
         endpoint: https://slack.com/api/oauth.v2.access
 ```
 ## **sysdig.saml.certificate.name**
 **Required**: `false`<br>
-**Description**: The filename of the certificate that will be used for signing SAML requests. 
+**Description**: The filename of the certificate that will be used for signing SAML requests.
 The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
 the certificate name used when creating the certificate.<br>
 **Options**:<br>
@@ -2357,7 +2730,7 @@ sysdig:
 ```
 ## **sysdig.saml.certificate.password**
 **Required**: `false`<br>
-**Description**: The password required to read the certificate that will be used for signing SAML requests. 
+**Description**: The password required to read the certificate that will be used for signing SAML requests.
 If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
 **Options**:<br>
 **Default**:  <br>
@@ -5607,6 +5980,36 @@ sysdig:
         storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
+## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
+**Required**: `true`<br />
+**Description**: The flag to enable on-demand generation of reports globally<br />
+**Options**: false, true<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        onDemandGenerationEnabled: true
+```
+
+## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
+**Required**: `false`<br />
+**Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        onDemandGenerationCustomers: "1,12,123"
+```
+
 ## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
 **Description**: The sleep interval between two runs of the reporting worker<br>
@@ -8011,6 +8414,18 @@ sysdig:
     certificate:
       key: certs/collector.key
 ```
+## **sysdig.worker.enabled**
+**Required**: `false`<br>
+**Description**: Enables Sysdig Worker component<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    enabled: true
+```
 
 ## **sysdig.worker.jvmOptions**
 **Required**: `false`<br>
@@ -9023,74 +9438,211 @@ sysdig:
 
 ## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Options**:<br>
+**Default**: "5"<br>
+**Example**:
+
+```yaml
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
+```
+
+## **sysdig.scanningAlertMgrForceAutoScan**
+**Required**: `false`<br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Options**:<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  scanningAlertMgrForceAutoScan: false
+```
+
+## **sysdig.secure.scanning.veJanitor.cronjob**
+**Required**: `false`<br>
+**Description**: Cronjob schedule<br>
+**Options**:<br>
+**Default**: "0 0 * * *"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
+```
+
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+**Required**: `false`<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
+```
+
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+**Required**: `false`<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
+```
+
+
+## **sysdig.metadataService.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable metadata-service or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  metadataService:
+    enabled: true
+```
+
+## **sysdig.resources.metadataService.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.metadataService.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to metadataService pods<br>
 **Options**:<br>
-**Default**: "5"<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.scanningAlertMgrForceAutoScan**
+## **sysdig.resources.metadataService.requests.cpu**
 **Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
 **Options**:<br>
-**Default**: `false`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAlertMgrForceAutoScan: false
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
 **Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**: "disable"<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+  metadataServiceReplicaCount: 4
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+  metadataServiceVersion: 1.0.1.12
 ```
 
-
-## **sysdig.metadataService.enabled**
+## **sysdig.helmRenderer.enabled**
 **Required**: `false`<br>
-**Description**: This creates a deployment for Metadata-Service
+**Description**: Whether to enable helm-renderer or not
 **Do not modify this unless you
 know what you are doing as modifying it could have unintended
 consequences**<br>
@@ -9100,13 +9652,13 @@ consequences**<br>
 
 ```yaml
 sysdig:
-  metadataService:
+  helmRenderer:
     enabled: true
 ```
 
-## **sysdig.resources.metadataService.limits.cpu**
+## **sysdig.resources.helmRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to metadataService pods<br>
+**Description**: The amount of cpu assigned to helmRenderer pods<br>
 **Options**:<br>
 **Default**:
 
@@ -9121,14 +9673,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    metadataService:
+    helmRenderer:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.metadataService.limits.memory**
+## **sysdig.resources.helmRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to metadataService pods<br>
+**Description**: The amount of memory assigned to helmRenderer pods<br>
 **Options**:<br>
 **Default**:
 
@@ -9144,14 +9696,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    metadataService:
+    helmRenderer:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.metadataService.requests.cpu**
+## **sysdig.resources.helmRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule metadataService pods<br>
+**Description**: The amount of cpu required to schedule helmRenderer pods<br>
 **Options**:<br>
 **Default**:
 
@@ -9166,14 +9718,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    metadataService:
+    helmRenderer:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.metadataService.requests.memory**
+## **sysdig.resources.helmRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule metadataService pods<br>
+**Description**: The amount of memory required to schedule helmRenderer pods<br>
 **Options**:<br>
 **Default**:
 
@@ -9188,14 +9740,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    metadataService:
+    helmRenderer:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.metadataServiceReplicaCount**
+## **sysdig.helmRendererReplicaCount**
 **Required**: `false`<br>
-**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
 of `size` `small`.<br>
 **Options**:<br>
 **Default**:<br>
@@ -9210,19 +9762,33 @@ of `size` `small`.<br>
 
 ```yaml
 sysdig:
-  metadataServiceReplicaCount: 4
+  helmRendererReplicaCount: 4
 ```
 
-## **sysdig.metadataServiceVersion**
+## **sysdig.helmRendererVersion**
 **Required**: `false`<br>
-**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
 **Options**:<br>
-**Default**: 1.0.1.1<br>
+**Default**: 0.1.32<br>
 **Example**:
 
 ```yaml
 sysdig:
-  metadataServiceVersion: 1.0.1.12
+  helmRendererVersion: 0.1.32
+```
+
+## **sysdig.secure.activityAudit.enabled**
+**Required**: `false`<br>
+**Description**: Enable activity audit for Sysdig secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    activityAudit:
+      enabled: true
 ```
 
 ## **sysdig.secure.activityAudit.janitor.retentionDays**
@@ -9240,6 +9806,175 @@ sysdig:
         retentionDays: 90
 ```
 
+## **sysdig.secure.anchore.enabled**
+**Required**: `false`<br>
+**Description**: Enable anchore for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    anchore:
+      enabled: true
+```
+
+## **sysdig.secure.compliance.enabled**
+**Required**: `false`<br>
+**Description**: Enable compliance for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    compliance:
+      enabled: true
+```
+
+## **sysdig.secure.netsec.enabled**
+**Required**: `false`<br>
+**Description**: Enable netsec for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    netsec:
+      enabled: true
+```
+
+## **sysdig.secure.overview.enabled**
+**Required**: `false`<br>
+**Description**: Enable overview for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    overview:
+      enabled: true
+```
+
+## **sysdig.secure.padvisor.enabled**
+**Required**: `false`<br>
+**Description**: Enable policy advisor for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    padvisor:
+      enabled: true
+```
+
+## **sysdig.secure.profiling.enabled**
+**Required**: `false`<br>
+**Description**: Enable profiling for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    profiling:
+      enabled: true
+```
+
+## **sysdig.secure.scanning.reporting.enabled**
+**Required**: `false`<br>
+**Description**: Enable reporting for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        enabled: true
+```
+
+## **sysdig.secure.scanning.enabled**
+**Required**: `false`<br>
+**Description**: Enable scanning for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      enabled: true
+```
+
+## **sysdig.secure.events.enabled**
+**Required**: `false`<br>
+**Description**: Enable events for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      enabled: true
+```
+
+## **sysdig.secure.eventsForwarder.enabled**
+**Required**: `false`<br>
+**Description**: Enable events forwarder for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      enabled: true
+```
+
+## **sysdig.secure.falcoRulesUpdater.enabled**
+**Required**: `false`<br>
+**Description**: Enable the falcoRulesUpdater CronJob. It runs an automated update of the Falco rules. For airgap installs, it expects to find the image in the same registry used for all other services.<br>
+**Options**:<br>
+**Default**: false<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    falcoRulesUpdater:
+      enabled: true
+```
+
+## **sysdig.secure.falcoRulesUpdater.schedule**
+**Required**: `false`<br>
+**Description**: Sets the `.spec.schedule` for the falcoRulesUpdater CronJob<br>
+**Options**:<br>
+**Default**: "0 1 * * *"<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    falcoRulesUpdater:
+      schedule: "*/10 * * * *"
+```
+
 ## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
 **Description**: The amount of cpu assigned to rapid-response-connector pods<br>
@@ -9421,7 +10156,7 @@ sysdig:
 
 ## **sysdig.secure.scanning.feedsEnabled**
 **Required**: `false`<br>
-**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>	
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 
diff --git a/installer/docs/upgrade.md b/installer/docs/upgrade.md
index d211cc34..17fd8ca7 100644
--- a/installer/docs/upgrade.md
+++ b/installer/docs/upgrade.md
@@ -19,7 +19,7 @@ To upgrade:<br>
 
 1. Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 2. Edit the following values:
   - [`scripts`](docs/configuration_parameters.md#scripts): Set this to

From f4fec54ec977aecdbeea60c84b0d47e55f23807b Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 30 Mar 2023 18:01:10 +0000
Subject: [PATCH 119/156] updating installer docs

---
 installer/README.md                           |  83 ++--
 installer/docs/01-command_line_arguments.md   | 121 ++++++
 installer/docs/02-configuration_parameters.md | 389 +++++++++++-------
 installer/docs/03-upgrade.md                  |   2 +-
 installer/docs/04-advanced_configuration.md   |  14 +-
 installer/docs/05-networkPolicies.md          | 107 +++++
 installer/values.yaml                         |   1 +
 7 files changed, 516 insertions(+), 201 deletions(-)
 create mode 100644 installer/docs/05-networkPolicies.md

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..cd47ed96 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,8 +1,9 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
+
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
-Agent), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -40,29 +41,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -82,17 +83,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -123,29 +124,6 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -216,29 +194,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -250,17 +228,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -296,12 +274,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/configuration_parameters.md)
+[configuration_parameters.md](docs/02-configuration_parameters.md)
 
 # Permissions
 
@@ -330,7 +308,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/advanced.md)
+For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
 
 # Example values.yaml
 
@@ -349,4 +327,3 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 0b638351..831c5863 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -69,3 +69,124 @@ actual name of the STS in the cluster differs
 `--cassandra-workloadname <value>`
 
 - Same as above for `cassandra`
+
+## `update-license`
+
+Added November 2022, this is a new command.
+
+This command performs the minimal changes and restarts to apply a new license.
+Based on [this page](https://docs.sysdig.com/en/docs/administration/on-premises-deployments/upgrade-an-on-premises-license/)
+
+This command performs the following:
+
+- Gets a new license from either `--license` or from `--license-file name.ext`
+
+- applies the license to `common-config` and to the relevant Secret of the following backend services:
+
+  - `api`
+  - `collector`
+  - `worker`
+
+- If `secure` and `anchore` are enabled, it also applies and restarts all Anchore services.
+
+## image-list
+
+Added November 2022
+
+This command prints to `stdout` (and optionally to a file) a list of all images in a generated stack.
+
+It requires a `values.yaml` and it produces a list of images based on that `values.yaml`.
+
+It does not require a live cluster, and it does not fetches any value from a live cluster, if one is accessible.
+
+### Flags
+
+`-f <filename>` - write the list to a file. **If the file exists, it is overwritten**
+
+### Example
+
+```
+./installer/out/installer-darwin-amd64 image-list
+I1118 18:48:44.643520   97065 main.go:64] Installer version
+I1118 18:48:44.646391   97065 values.go:122] using namespace sysdig from values.yaml
+I1118 18:48:44.660236   97065 imagelist.go:44] installerVersion:     darwin amd64 gc
+I1118 18:48:44.660263   97065 imagelist.go:13] generating manifests
+I1118 18:48:44.722172   97065 validate.go:1255] skipping Kubernetes version validation for PostgreSQL because HA is not enabled
+I1118 18:48:44.723158   97065 generate.go:171] validation stage:generate passed
+I1118 18:49:00.625921   97065 generate.go:234] Generating kubernetes manifests
+I1118 18:49:00.642116   97065 generate.go:253] Generating kubernetes manifests for dependencies
+I1118 18:49:00.987615   97065 imagelist.go:20] extracting images from generated manifests
+I1118 18:49:01.147089   97065 imagelist.go:23] writing images list to file image_list.txt
+I1118 18:49:01.147276   97065 imagelist.go:30] found 72 images in the generated manifests
+quay.io/sysdig/activity-audit-api:6.0.0.12431
+quay.io/sysdig/certman-janitor:6.0.0.12431
+quay.io/sysdig/nginx:6.0.0.12431
+quay.io/sysdig/anchore:0.8.1-49
+quay.io/sysdig/postgres:12.10.0.0
+quay.io/sysdig/cp-kafka-6:0.2.1
+quay.io/sysdig/kube-rbac-proxy:v0.8.0
+quay.io/sysdig/secure-onboarding-api:6.0.0.12431
+quay.io/sysdig/nats-streaming-init:0.22.0.8
+quay.io/sysdig/ui-monitor-nginx:6.0.0.12431
+quay.io/sysdig/sysdig-worker:6.0.0.12431
+quay.io/sysdig/profiling-api:6.0.0.12431
+quay.io/sysdig/scanning-retention-mgr:6.0.0.12431
+quay.io/sysdig/sysdig-api:6.0.0.12431
+quay.io/sysdig/helm-renderer:1.0.677
+quay.io/sysdig/cp-zookeeper-6:0.4.0
+quay.io/sysdig/redis-sentinel-6:1.0.1
+quay.io/sysdig/activity-audit-janitor:6.0.0.12431
+quay.io/sysdig/secure-todo-worker:6.0.0.12431
+quay.io/sysdig/reporting-init:6.0.0.12431
+quay.io/sysdig/certman:6.0.0.12431
+quay.io/sysdig/sysdig-meerkat-collector:6.0.0.12431
+quay.io/sysdig/policies:6.0.0.12431
+quay.io/sysdig/profiling-worker:6.0.0.12431
+quay.io/sysdig/cloudsec-api:6.0.0.12431
+quay.io/sysdig/compliance-api:6.0.0.12431
+quay.io/sysdig/elasticsearch-tools:0.0.35
+quay.io/sysdig/events-forwarder:6.0.0.12431
+quay.io/sysdig/ingress-default-backend:1.5
+docker.io/sysdig/falco_rules_installer:latest
+quay.io/sysdig/events-api:6.0.0.12431
+quay.io/sysdig/events-forwarder-api:6.0.0.12431
+quay.io/sysdig/promqlator:0.99.0-master.2022-10-03T12-41-14Z.2f800e101b
+quay.io/sysdig/ui-secure-nginx:6.0.0.12431
+quay.io/sysdig/reporting-worker:6.0.0.12431
+quay.io/sysdig/scanning-ve-janitor:6.0.0.12431
+quay.io/sysdig/rapid-response-janitor:6.0.0.12431
+quay.io/sysdig/compliance-worker:6.0.0.12431
+quay.io/sysdig/events-janitor:6.0.0.12431
+quay.io/sysdig/events-dispatcher:6.0.0.12431
+quay.io/sysdig/haproxy-ingress:1.1.5-v0.10
+quay.io/sysdig/sysdig-meerkat-api:6.0.0.12431
+quay.io/sysdig/metadata-service-operator:1.0.1.23
+quay.io/sysdig/netsec:6.0.0.12431
+quay.io/sysdig/nats-streaming:0.22.0.8
+quay.io/sysdig/nats-exporter:0.9.0.2
+quay.io/sysdig/secure-prometheus:2.17.2
+quay.io/sysdig/opensearch-1:0.0.16
+quay.io/sysdig/events-gatherer:6.0.0.12431
+quay.io/sysdig/reporting-api:6.0.0.12431
+quay.io/sysdig/promchap:0.99.0-master.2022-11-18T13-46-40Z.d6b3d10f83
+quay.io/sysdig/redis-6:1.0.1
+quay.io/sysdig/ui-admin-nginx:6.0.0.12431
+quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
+quay.io/sysdig/admission-controller-api:6.0.0.12431
+quay.io/sysdig/scanning:6.0.0.12431
+quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
+quay.io/sysdig/cassandra-3:0.0.36
+quay.io/sysdig/metadata-service-server:1.10.63
+quay.io/sysdig/rapid-response-connector:6.0.0.12431
+quay.io/sysdig/secure-todo-api:6.0.0.12431
+quay.io/sysdig/api-docs:6.0.0.12431
+quay.io/sysdig/cloudsec-worker:6.0.0.12431
+quay.io/sysdig/sysdig-collector:6.0.0.12431
+quay.io/sysdig/events-ingestion:6.0.0.12431
+quay.io/sysdig/rsyslog:8.2102.0.4
+quay.io/sysdig/sysdig-meerkat-aggregator:6.0.0.12431
+quay.io/sysdig/secure-todo-janitor:6.0.0.12431
+quay.io/sysdig/sysdig-alert-manager:6.0.0.12431
+quay.io/sysdig/redis-exporter-1:1.0.9
+quay.io/sysdig/ui-inspect-nginx:6.0.0.12431
+```
\ No newline at end of file
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index ccd8f438..36eac2f6 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -319,6 +319,28 @@ elasticsearch:
     - my-cool-host6.com
 ```
 
+## **elasticsearch.hostPathMasterNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames printed out by the `kubectl get node -o name` command. ElasticSearch hostPath persistent volumes should be
+created on these nodes for Master nodes. The number of nodes must be at minimum whatever the
+value of
+[`sysdig.elasticsearchMastersReplicaCount`](#sysdigelasticsearchmastersreplicacount) is.
+This is required if configured
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath` and `dedicatedMasters` is `true` .<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+elasticsearch:
+  hostPathMasterNodes:
+    - my-cool-host1.com
+    - my-cool-host2.com
+    - my-cool-host3.com
+```
+
 ## **elasticsearch.jvmOptions**
 
 **Required**: `false`<br />
@@ -360,23 +382,32 @@ elasticsearch:
   hostname: external.elasticsearch.cluster
 ```
 
-## **elasticsearch.useES6**
+## **elasticsearch.jobs.rollNodes**
 
 **Required**: `false`<br />
-**Description**: Install Elasticsearch 6.8.x along with user authentication and TLS-encrypted data-in-transit
-using Elasticsearch's native TLS Encrpytion.
-If TLS Encrpytion is enabled Installer does the following in the provided order:
+**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+elasticsearch:
+  jobs:
+    rollNodes: true
+```
 
-1. Checks for existing Elasticsearch certificates in the provided environment to setup ES cluster. (applicable for upgrades)
-2. If they are not present Installer autogenerates tls certificates and uses them to setup es cluster.
+## **elasticsearch.jobs.toolsImageVersion**
 
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+**Required**: `false`<br />
+**Description**: The docker image tag of the elasticsearch jobs<br />
+**Options**:<br />
+**Default**: 0.0.35<br />
 **Example**:
 
 ```yaml
 elasticsearch:
-  useES6: true
+  jobs:
+    toolsImageVersion: 0.0.35
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -552,6 +583,20 @@ hostPathCustomPaths:
   postgresql: `/sysdig/pgdata`
 ```
 
+## **hostPathCustomPaths.nats**
+
+**Required**: `false`<br />
+**Description**: The directory to bind mount nats streaming (in HA mode) pod's
+`/var/lib/stan` to on the host. This parameter is relevant
+only when `storageClassProvisioner` is `hostPath`.<br />
+**Options**: <br />
+**Default**: `/var/lib/stan`<br />
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  postgresql: `/sysdig/stan`
+
 ## **nodeaffinityLabel.key**
 
 **Required**: `false`<br />
@@ -829,12 +874,12 @@ pvStorageSize:
 **Required**: `false`<br />
 **Description**: The docker image tag of the Sysdig Anchore Core.<br />
 **Options**:<br />
-**Default**: 0.8.1.32<br />
+**Default**: 0.8.1-53<br />
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.32
+  anchoreVersion: 0.8.1-53
 ```
 
 ## **sysdig.accessKey**
@@ -1257,7 +1302,8 @@ The Sysdig platform may sometimes open connections over SSL to certain external
 - LDAP over SSL
 - SAML over SSL
 - OpenID Connect over SSL
-- HTTPS Proxies<br />
+- HTTPS Proxies
+- SMTPS SMTP over SSL<br />
 
 If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform
 (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
@@ -1332,6 +1378,19 @@ sysdig:
   elasticsearch6Version: 6.8.6.12
 ```
 
+## **sysdig.opensearchVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag of Opensearch.<br />
+**Options**:<br />
+**Default**: 0.0.16<br />
+**Example**:
+
+```yaml
+sysdig:
+  opensearchVersion: 0.0.16
+```
+
 ## **sysdig.haproxyVersion**
 
 **Required**: `false`<br />
@@ -2004,6 +2063,24 @@ sysdig:
     urltls: nats://sysdigcloud-nats-streaming-tls:4222
 ```
 
+## **sysdig.nats.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats streaming (in HA mode) hostPath persistent volumes should be created on. The number of nodes must be 3. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
 ## **sysdig.openshiftUrl**
 
 **Required**: `false`<br />
@@ -3130,10 +3207,10 @@ sysdig:
       enableMetrics: true
 ```
 
-## **sysdig.redis.deploy **
+## ~~**sysdig.redis.deploy**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Determines if redis should be deployed by the installer<br />
+**Description**: Determines if redis should be deployed by the installer **deprecated use redisTls instead**<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -3171,10 +3248,10 @@ sysdig:
   redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.redisHa**
+## ~~**sysdig.redisHa**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Determines if redis should run in HA mode<br />
+**Description**: Determines if redis should run in HA mode **deprecated use redisTls instead**<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -3184,10 +3261,10 @@ sysdig:
   redisHa: false
 ```
 
-## **sysdig.useRedis6**
+## ~~**sysdig.useRedis6**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Determines if redis should be installed with version 6.x<br />
+**Description**: Determines if redis should be installed with version 6.x **deprecated use redisTls instead**<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -3439,19 +3516,32 @@ redisTls:
 **Required**: `false`<br />
 **Description**: Setup component connection to a specified Redis for Monitor. Is possible to define on which Redis to connect: _Redis standalone/Redis HA_, _Redis with TLS_ or to an _external Redis_. _Redis standalone/Redis HA_ are defined using `useRedis6` and `redisHa` values. Current available components:
 
-- cache
-- ibmCache
-- common
 - agent
-- metering
+- common
+- cache
 - distributedJobs
+- ibmCache
+- promchap
+- policiesCache
 - alerting
+- meerkat
+- metering
+- prws
+
+A Monitor service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
+
+| Instance  | Component |
+| --------- | --------- |
+| agent     | agent     |
+| common    | common    |
+| monitor-1 | cache, distributedJobs, ibmCache, promchap, policiesCache |
+| monitor-2 | alerting, meerkat, metering, prws |
 
-A Monitor service can have multiple component [connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343)<br />
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
 
+
 If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
 
 ```yaml
@@ -3473,11 +3563,16 @@ Connect the component `ibmCache` to an external Redis
 ```yaml
 redisClientsMonitor:
   ibmCache:
-    endpoint: redistls
-    password: "yourSecret!"
-    tls: true
+    endpoint: redis-service-or-host.domain
+    port: 6379
+    user: "provided-username"
+    password: "yourPassword!"
     sentinel:
-      endpoint: redistls
+      enabled: false
+    pubCaCrt: |
+    -----BEGIN CERTIFICATE-----
+    clear-text-certificate-with-no-base64-encoding
+    -----END CERTIFICATE-----
 ```
 
 ## **redisClientsSecure**
@@ -3487,12 +3582,24 @@ redisClientsMonitor:
 
 - scanning
 - forensic
+- events
+- eventsForwarder
+- rapidResponse
+- profiling
 - overview
 - compliance
+- cloudsec
 - policies
 - netsec
 - padvisor
 
+A Secure service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
+
+| Instance  | Component |
+| --------- | --------- |
+| profiling | profiling |
+| secure-1  | scanning, forensic, events, rapidResponse, overview, compliance, cloudsec, policies, netsec, padvisor |
+
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
@@ -3518,11 +3625,12 @@ Connect the component `scanning` to an external Redis
 ```yaml
 redisClientsSecure:
   scanning:
-    endpoint: redistls
-    password: "yourSecret!"
+    endpoint: redis-external-host.domain
+    user: "provided-username"
+    password: "yourPassword!"
     tls: true
     sentinel:
-      endpoint: redistls
+      enabled: false
 ```
 
 If a CA is needed for `scanning` to trust the connection you must add it in the installer path `certs/redis-certs/`. IE most cloud provider Redis aaS doesn't need that
@@ -3531,6 +3639,47 @@ If a CA is needed for `scanning` to trust the connection you must add it in the
 certs/redis-certs/scanning_ca.crt
 ```
 
+## redisExporters
+
+**Required**: `false`<br />
+**Description**: Setup a Redis exporter per managed cloud or external instance. Is possible to define on which Redis to connect:
+
+- agent
+- common
+- monitor-1
+- monitor-2
+- profiling
+- secure-1
+
+Connect managed instances for a Monitor only setup sharing the public certificate:
+
+```yaml
+redisExporters:
+  agent:
+    redisAddr: rediss://redis-host.domain:port
+    redisUser: provided-username
+    redisPassword: "yourPasword!"
+    redisCertificateExistingSecret: redis-exporter-common-ca-pub-cert
+  common:
+    redisAddr: rediss://redis-host.domain:port
+    redisUser: provided-username
+    redisPassword: "yourPasword!"
+    redisCertificate: |
+      -----BEGIN CERTIFICATE-----
+      clear-text-certificate-with-no-base64-encoding
+      -----END CERTIFICATE-----
+  monitor-1:
+    redisAddr: rediss://redis-host.domain:port
+    redisUser: provided-username
+    redisPassword: "yourPasword!"
+    redisCertificateExistingSecret: redis-exporter-common-ca-pub-cert
+  monitor-2:
+    redisAddr: rediss://redis-host.domain:port
+    redisUser: provided-username
+    redisPassword: "yourPasword!"
+    redisCertificateExistingSecret: redis-exporter-common-ca-pub-cert
+```
+
 ## **sysdig.resources.cassandra.limits.cpu**
 
 **Required**: `false`<br />
@@ -4396,7 +4545,7 @@ sysdig:
 ## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br />
+**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxyCollectorAPI daemon set<br />
 **Options**:<br />
 **Default**:
 
@@ -6638,6 +6787,36 @@ sysdig:
         storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
+## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
+**Required**: `true`<br />
+**Description**: The flag to enable on-demand generation of reports globally<br />
+**Options**: false, true<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        onDemandGenerationEnabled: true
+```
+
+## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
+**Required**: `false`<br />
+**Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
+**Options**: <br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        onDemandGenerationCustomers: "1,12,123"
+```
+
 ## **sysdig.secure.scanning.reporting.workerSleepTime**
 
 **Required**: `false`<br />
@@ -7574,98 +7753,6 @@ sysdig:
         memory: 50Mi
 ```
 
-## **sysdig.resources.secure-overview-api.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to secure-overview-api containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-overview-api.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to secure-overview-api containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.secure-overview-api.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-overview-api.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule secure-overview-api containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        memory: 512Mi
-```
-
 ## **sysdig.resources.secure-prometheus.limits.cpu**
 
 **Required**: `false`<br />
@@ -8821,6 +8908,27 @@ sysdig:
   elasticsearchReplicaCount: 20
 ```
 
+## **sysdig.elasticsearchMastersReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of ElasticSearch Master replicas, this is a noop for clusters of
+`size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 3     |
+| large        | 3     |
+
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchMastersReplicaCount: 3
+```
+
 ## **sysdig.workerReplicaCount**
 
 **Required**: `false`<br />
@@ -9574,12 +9682,25 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.operatorEnabled` is `true`.<br />
 **Options**:<br />
-**Default**: 1.0.1.1<br />
+**Default**: 1.0.1.27<br />
+**Example**:
+
+```yaml
+sysdig:
+  mdsOperatorVersion: 1.0.1.27
+```
+
+## **sysdig.MdsServerVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of metadataServiceServer, relevant when `sysdig.metadataService.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 1.10.250-vf2bcc4a <br />
 **Example**:
 
 ```yaml
 sysdig:
-  mdsOperatorVersion: 1.0.1.5
+  mdsServerVersion: 1.10.250-vf2bcc4a
 ```
 
 ## **sysdig.helmRenderer.enabled**
@@ -9913,21 +10034,6 @@ sysdig:
       enabled: true
 ```
 
-## **sysdig.secure.overview.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable overview for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    overview:
-      enabled: true
-```
-
 ## **sysdig.secure.padvisor.enabled**
 
 **Required**: `false`<br />
@@ -10263,3 +10369,6 @@ sysdig:
 sysdig:
   feedsVerifySSL: false
 ```
+
+## **networkPolicies**
+Please check the [dedicated page](05-networkPolicies.md)
diff --git a/installer/docs/03-upgrade.md b/installer/docs/03-upgrade.md
index 4c47f78e..1d62842b 100644
--- a/installer/docs/03-upgrade.md
+++ b/installer/docs/03-upgrade.md
@@ -33,7 +33,7 @@ Options](../README.md#quickstart-install) for more context.
 Copy the current version sysdig-chart/values.yaml to your working directory.
 
 ```bash
-wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
 ```
 
 <br />
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 2025f535..d28cbea3 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -116,7 +116,7 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 This is a procedure that can be used to automatically update the feeds database:
 
-1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
+1. download the image file quay.io/sysdig/vuln-feed-database-12:latest from Sysdig registry to the jumpbox server and save it locally
 2. move the file from the jumpbox server to the customer airgapped environment (optional)
 3. load the image file and push it to the customer's airgapped image registry
 4. restart the pod sysdigcloud-feeds-db
@@ -133,16 +133,16 @@ QUAY_PASSWORD="<change_me>"
 
 # Download image
 docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/vuln-feed-database:latest
+docker image pull quay.io/sysdig/vuln-feed-database-12:latest
 # Save image
-docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
+docker image save quay.io/sysdig/vuln-feed-database-12:latest -o vuln-feed-database-12.tar
 # Optionally move image
-mv vuln-feed-database.tar /var/shared-folder
+mv vuln-feed-database-12.tar /var/shared-folder
 # Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database-12.tar"
 # Push image remotely
-ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
-ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
+ssh -t user@airgapped-host "docker tag vuln-feed-database-12:latest airgapped-registry/vuln-feed-database-12:latest"
+ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database-12:latest"
 # Restart database pod
 ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
 ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
new file mode 100644
index 00000000..b5cfbb01
--- /dev/null
+++ b/installer/docs/05-networkPolicies.md
@@ -0,0 +1,107 @@
+<!-- Space: TOOLS -->
+<!-- Parent: Installer -->
+<!-- Title: Network Policies v2 in the installer -->
+<!-- Layout: plain -->
+
+# Network Policies
+
+<br />
+
+<!-- Include: ac:toc -->
+
+<br />
+
+## Introduction
+
+The current version of Sysdig Network Policies v2 supports Sysdig HAProxy Ingress and IBM Cloud IKS ALBs.
+
+The NetworkPolicies (NP) are controlled via two flags:
+
+- (`.networkPolicies.ingress.default`) controls if the manifests will be generated at all or not. Manifests will be generated only if this flag is set to `deny`.
+
+- (`.networkPolicies.enabled`) controls if the NPs are active or not. This flag controls if the entries required under `.spec` to enable the NPs are rendered or not.
+
+In order to generate the manifests and enable the NPs, `networkPolicies.enabled` must be set to `true` and `networkPolicies.ingress.default` must be set to `deny`.
+
+A validation checks that the minimal requirements for each type of environment (via the `.deployment` parameter) are met:
+
+- if `.deployment=kubernetes`, then the `.networkPolicies.ingress.haproxy.allowedNetworks` is required
+
+- if `.deployment=iks`, then the `.networkPolicies.ingress.alb
+
+## Parameters
+
+### **networkPolicies.enabled**
+
+**Required**: `false`<br />
+**Description**: to activate or de-activate NetworkPolicies. This flag works together with next flag `networkPolicies.ingress.default`. It controls whether the actual `.spec` section of the NP is enabled or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+networkPolicies:
+  enabled: true
+```
+
+### **networkPolicies.ingress.default**
+
+**Required**: `false` <br />
+**Description**: to render the NetworkPolicies this flag must be set to `deny`. It works together with flag `networkPolicies.enabled`.<br />
+**Options**: `deny`/`allow`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+networkPolicies:
+  enabled: "true"
+  ingress:
+    default: "deny"
+```
+
+### **networkPolicies.ingress.haproxy.allowedNetworks**
+
+**Required**: `true` (if NPs are enabled and active and `.deployment=kubernetes`)<br />
+**Description**: If NPs are enabled (`.networkPolicies.enabled` to `"true"` and `.networkPolicies.ingress.default` to `"deny"`), then this value is required. It's the CIDR (or CIDRs) used by the HAPROXY Ingress controller<br />
+**Options**: a list of valid IP Network address/Netmask entries<br />
+**Default**: None<br />
+
+**Example**:
+
+```yaml
+deployment: kubernetes
+networkPolicies:
+  enabled: "true"
+  ingress:
+    default: "deny"
+  haproxy:
+    allowedNetworks:
+      - 100.96.0.0/11
+```
+
+### **networkPolicies.ingress.alb.selector**
+
+**Required**: `true` (if `.deployment=iks`)<br />
+**Description**: In IKS the list of ALBs must be specified via the `app` label<br />
+**Options**: A list of "app" label values to match ALB deployments to permit traffic from; make it `null` to exclude ALBs from generated rules<br />
+**Default**: `None`<br />
+
+**Example**:
+
+```yaml
+deployment: iks
+networkPolicies:
+  enabled: "true"
+  ingress:
+    default: "deny"
+    alb:
+      # -- (map) A list of "app" label values to match ALB deployments to permit traffic from; make it `null` to exclude ALBs from generated rules
+      selector: {}
+      # selector:
+      #   matchExpressions:
+      #   - key: app
+      #     operator: In
+      #     values: ["public-cr<clusterid>-alb1", "public-cr<clusterid>-alb2"]
+```
diff --git a/installer/values.yaml b/installer/values.yaml
index 41c0b5a2..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,3 +21,4 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
+  ingressClassName: haproxy

From 3b031d6899866aec89809b2911dba5df3e17cd07 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 7 Apr 2023 10:38:46 +0000
Subject: [PATCH 120/156] updating installer docs

---
 .../openshift-with-hostpath/values.yaml       | 30 ++++++++++++++-----
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/installer/examples/openshift-with-hostpath/values.yaml b/installer/examples/openshift-with-hostpath/values.yaml
index 0c704608..63133d72 100644
--- a/installer/examples/openshift-with-hostpath/values.yaml
+++ b/installer/examples/openshift-with-hostpath/values.yaml
@@ -13,6 +13,9 @@ elasticsearch:
     - my-cool-host1.com
     - my-cool-host2.com
     - my-cool-host3.com
+    - my-cool-host4.com
+    - my-cool-host5.com
+    - my-cool-host6.com
 sysdig:
   # Openshift API url along with its port number
   openshiftUrl: <REPLACE_WITH_OPENSHIFT_URL>
@@ -22,23 +25,34 @@ sysdig:
   openshiftPassword: <REPLACE_WITH_OPENSHIFT_PASSWORD>
   collector:
     dnsName: <PLEASE_REPLACE>
-  mysql:
+  # Replace with domain name the api should be served on.
+  dnsName: <PLEASE_REPLACE>
+  admin:
+    username: <REPLACE_WITH_A_VALID_EMAIL_ADDRESS>
+  # Replace with license provided by the sales team.
+  license: <PLEASE_REPLACE>
+  cassandra:
     hostPathNodes:
       # replace with the name section of kubectl get nodes
       - my-cool-host1.com
+      - my-cool-host2.com
+      - my-cool-host3.com
+      - my-cool-host4.com
+      - my-cool-host5.com
+      - my-cool-host6.com
   postgresql:
     hostPathNodes:
       # replace with the name section of kubectl get nodes
       - my-cool-host1.com
-  cassandra:
+  kafka:
+    hostPathNodes:
+      # replace with the name section of kubectl get nodes
+      - my-cool-host1.com
+      - my-cool-host2.com
+      - my-cool-host3.com
+  zookeeper:
     hostPathNodes:
       # replace with the name section of kubectl get nodes
       - my-cool-host1.com
       - my-cool-host2.com
       - my-cool-host3.com
-  # Replace with domain name the api should be served on.
-  dnsName: <PLEASE_REPLACE>
-  admin:
-    username: <REPLACE_WITH_A_VALID_EMAIL_ADDRESS>
-  # Replace with license provided by the sales team.
-  license: <PLEASE_REPLACE>

From 4825a5f5a3cbfb77d72a594376a02ad7cdcbd4df Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 27 Apr 2023 18:18:55 +0000
Subject: [PATCH 121/156] updating installer docs

---
 installer/README.md   | 83 +++++++++++++++++++++++++++----------------
 installer/values.yaml |  1 -
 2 files changed, 53 insertions(+), 31 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cd47ed96..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,9 +1,8 @@
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
-
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
+Agent), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -41,29 +40,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -83,17 +82,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -124,6 +123,29 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -194,29 +216,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -228,17 +250,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -274,12 +296,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/02-configuration_parameters.md)
+[configuration_parameters.md](docs/configuration_parameters.md)
 
 # Permissions
 
@@ -308,7 +330,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
+For advanced configuration option see [advanced.md](docs/advanced.md)
 
 # Example values.yaml
 
@@ -327,3 +349,4 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..41c0b5a2 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,4 +21,3 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
-  ingressClassName: haproxy

From 35bde4274b74300acb2485a6aae4a52e490f3df0 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 16 May 2023 10:33:28 +0000
Subject: [PATCH 122/156] updating installer docs

---
 installer/README.md                           |   83 +-
 installer/docs/01-command_line_arguments.md   |   10 +-
 installer/docs/02-configuration_parameters.md | 4121 ++++++++++++-----
 installer/docs/04-advanced_configuration.md   |   47 +-
 installer/docs/05-networkPolicies.md          |    6 +-
 installer/values.yaml                         |    1 +
 6 files changed, 3145 insertions(+), 1123 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..cd47ed96 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,8 +1,9 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
+
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
-Agent), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -40,29 +41,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -82,17 +83,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -123,29 +124,6 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -216,29 +194,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -250,17 +228,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -296,12 +274,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/configuration_parameters.md)
+[configuration_parameters.md](docs/02-configuration_parameters.md)
 
 # Permissions
 
@@ -330,7 +308,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/advanced.md)
+For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
 
 # Example values.yaml
 
@@ -349,4 +327,3 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 831c5863..2e50d8aa 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -7,7 +7,7 @@
 
 <br />
 
-## Phase: `deploy`
+## Command: `deploy`
 
 `--skip-namespace`
 
@@ -54,12 +54,12 @@ Events:
 - installer does not apply the StorageClass manifest.
   It expects the storageClassName specified in values.yaml to exist.
 
-## Phase `import`
+## Command: `import`
 
 `--zookeeper-workloadname <string value>`
 
 - This is the value that will be used for the `zookeeper` StatefulSet.
-The default value is `zookeeper`, this argument must be used when the 
+The default value is `zookeeper`, this argument must be used when the
 actual name of the STS in the cluster differs
 
 `--kafka-workloadname <value>`
@@ -70,7 +70,7 @@ actual name of the STS in the cluster differs
 
 - Same as above for `cassandra`
 
-## `update-license`
+## Command: `update-license`
 
 Added November 2022, this is a new command.
 
@@ -89,7 +89,7 @@ This command performs the following:
 
 - If `secure` and `anchore` are enabled, it also applies and restarts all Anchore services.
 
-## image-list
+## Command: `image-list`
 
 Added November 2022
 
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 36eac2f6..b3e2d5af 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -553,21 +553,6 @@ hostPathCustomPaths:
   elasticsearch: `/sysdig/elasticsearch`
 ```
 
-## **hostPathCustomPaths.mysql**
-
-**Required**: `false`<br />
-**Description**: The directory to bind mount mysql pod's `/var/lib/mysql` to
-on the host. This is relevant only when `storageClassProvisioner` is
-`hostPath`.<br />
-**Options**:<br />
-**Default**: `/var/lib/mysql`<br />
-**Example**:
-
-```yaml
-hostPathCustomPaths:
-  mysql: `/sysdig/mysql`
-```
-
 ## **hostPathCustomPaths.postgresql**
 
 **Required**: `false`<br />
@@ -661,22 +646,6 @@ pvStorageSize:
     elasticsearch: 500Gi
 ```
 
-## **pvStorageSize.large.mysql**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to MySQL in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 25Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    mysql: 100Gi
-```
-
 ## **pvStorageSize.large.postgresql**
 
 **Required**: `false`<br />
@@ -725,22 +694,6 @@ pvStorageSize:
     elasticsearch: 300Gi
 ```
 
-## **pvStorageSize.medium.mysql**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to MySQL in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 25Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  medium:
-    mysql: 100Gi
-```
-
 ## **pvStorageSize.medium.postgresql**
 
 **Required**: `false`<br />
@@ -789,22 +742,6 @@ pvStorageSize:
     elasticsearch: 100Gi
 ```
 
-## **pvStorageSize.small.mysql**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to MySQL in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 25Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  small:
-    mysql: 100Gi
-```
-
 ## **pvStorageSize.small.postgresql**
 
 **Required**: `false`<br />
@@ -1716,182 +1653,6 @@ sysdig:
     alertManagerReplicaCount: 3
 ```
 
-## **sysdig.mysqlHa**
-
-**Required**: `false`<br />
-**Description**: Determines if mysql should run in HA mode.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysqlHa: false
-```
-
-## **sysdig.useMySQL8**
-
-**Required**: `false`<br />
-**Description**: Determines if standalone mysql should run MySQL8.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  useMySQL8: true
-```
-
-## **sysdig.mysqlHaVersion**
-
-**Required**: `false`<br />
-**Description**: The docker image tag of MySQL used for HA.<br />
-**Options**:<br />
-**Default**: 8.0.16.4<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysqlHaVersion: 8.0.16.4
-```
-
-## **sysdig.mysqlHaAgentVersion**
-
-**Required**: `false`<br />
-**Description**: The docker image tag of MySQL Agent used for HA.<br />
-**Options**:<br />
-**Default**: 0.1.1.6<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysqlHaAgentVersion: 0.1.1.6
-```
-
-## **sysdig.mysqlVersion**
-
-**Required**: `false`<br />
-**Description**: The docker image tag of MySQL.<br />
-**Options**:<br />
-**Default**: 5.6.44.0<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysqlVersion: 5.6.44.0
-```
-
-## **sysdig.mysql8Version**
-
-**Required**: `false`<br />
-**Description**: The docker image tag of MySQL8.<br />
-**Options**:<br />
-**Default**: 8.0.16.0<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysqlVersion: 8.0.16.0
-```
-
-## **sysdig.mysql.external**
-
-**Required**: `false`<br />
-**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
-[`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysql:
-    external: true
-```
-
-## **sysdig.mysql.hostname**
-
-**Required**: `false`<br />
-**Description**: Name of the mySQL host that the sysdig platform components
-should connect to.<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
-
-```yaml
-sysdig:
-  mysql:
-    hostname: mysql.foo.com
-```
-
-## **sysdig.mysql.hostPathNodes**
-
-**Required**: `false`<br />
-**Description**: An array of node hostnames printed out by the `kubectl get node -o name` command. These are the nodes where MySQL hostPath persistent
-volumes should be created on. The number of nodes must be at minimum whatever
-the value of [`sysdig.mysqlReplicaCount`](#sysdigmysqlreplicacount) is. This
-parameter is required if configured
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: [] <br />
-
-**Example**:
-
-```yaml
-sysdig:
-  mysql:
-    hostPathNodes:
-      - my-cool-host1.com
-```
-
-## **sysdig.mysql.maxConnections**
-
-**Required**: `false`<br />
-**Description**: The maximum permitted number of simultaneous client connections.<br />
-**Options**:<br />
-**Default**: `1024`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  mysql:
-    maxConnections: 1024
-```
-
-## **sysdig.mysql.password**
-
-**Required**: `false`<br />
-**Description**: The password of the MySQL user that the Sysdig Platform backend
-components will use in communicating with MySQL.<br />
-**Options**:<br />
-**Default**: `mysql-admin`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  mysql:
-    user: awesome-user
-```
-
-## **sysdig.mysql.user**
-
-**Required**: `false`<br />
-**Description**: The username of the MySQL user that the Sysdig Platform backend
-components will use in communicating with MySQL.<br />
-_**Note**: Do NOT use `root` user for this value._<br />
-**Options**:<br />
-**Default**: `mysql-admin`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  mysql:
-    user: awesome-user
-```
-
 ## **sysdig.natsExporterVersion**
 
 **Required**: `false`<br />
@@ -3393,19 +3154,6 @@ redisTls:
   install: true
 ```
 
-## **redisTls.deploy**
-
-**Required**: `false`<br />
-**Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
-**Options**: true|false<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-redisTls:
-  install: true
-```
-
 ## **redisTls.password**
 
 **Required**: `false`<br />
@@ -3864,504 +3612,516 @@ sysdig:
         memory: 2Gi
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.resources.postgresql.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to mysql-router pods<br />
+**Description**: The amount of cpu assigned to postgresql pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    postgresql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.resources.postgresql.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to mysql-router pods<br />
+**Description**: The amount of memory assigned to postgresql pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    postgresql:
       limits:
         memory: 8Gi
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.resources.postgresql.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule mysql-router pods<br />
+**Description**: The amount of cpu required to schedule postgresql pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    postgresql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.resources.postgresql.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule mysql-router pods<br />
+**Description**: The amount of memory required to schedule postgresql pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    postgresql:
       requests:
         memory: 2Gi
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.resources.redis.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to mysql pods<br />
+**Description**: The amount of cpu assigned to redis pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    redis:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.resources.redis.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to mysql pods<br />
+**Description**: The amount of memory assigned to redis pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    redis:
       limits:
-        memory: 8Gi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.resources.redis.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule mysql pods<br />
+**Description**: The amount of cpu required to schedule redis pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    redis:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.resources.redis.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule mysql pods<br />
+**Description**: The amount of memory required to schedule redis pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    redis:
       requests:
         memory: 2Gi
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to postgresql pods<br />
+**Description**: The amount of cpu assigned to redis-sentinel pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to postgresql pods<br />
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 8Gi    |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
-      limits:
-        memory: 8Gi
+    redis-sentinel:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule postgresql pods<br />
+**Description**: The amount of memory required to schedule redis-sentinel pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    redis-sentinel:
       requests:
-        cpu: 2
+        memory: 200Mi
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule postgresql pods<br />
+**Description**: The amount of memory assigned to redis-sentinel pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
-      requests:
-        memory: 2Gi
+    redis-sentinel:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to redis pods<br />
+**Description**: The amount of cpu assigned to timescale-adapter containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to redis pods<br />
+**Description**: The amount of memory assigned to timescale-adapter containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    timescale-adapter:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule redis pods<br />
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule redis pods<br />
+**Description**: The amount of memory required to schedule timescale-adapter containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    timescale-adapter:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to redis-sentinel pods<br />
+**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    ingressControllerHaProxy:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.ingressControllerHaProxy.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to redis-sentinel pods<br />
+**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 250Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    ingressControllerHaProxy:
       limits:
-        memory: 10Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br />
+**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxyCollectorAPI daemon set<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    ingressControllerHaProxy:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.ingressControllerHaProxy.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule redis-sentinel pods<br />
+**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 50Mi     |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    ingressControllerHaProxy:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to redis-sentinel pods<br />
+**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 125m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    ingressControllerRsyslog:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.ingressControllerRsyslog.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to redis-sentinel pods<br />
+**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 50Mi   |
+| medium       | 100Mi  |
+| large        | 100Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    ingressControllerRsyslog:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br />
+**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br />
 **Options**:<br />
 **Default**:
 
@@ -4376,38 +4136,38 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    ingressControllerRsyslog:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.ingressControllerRsyslog.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule redis-sentinel pods<br />
+**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 20Mi     |
+| medium       | 20Mi     |
+| large        | 20Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    ingressControllerRsyslog:
       requests:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to timescale-adapter containers<br />
+**Description**: The amount of cpu assigned to api containers in api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -4422,15 +4182,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to timescale-adapter containers<br />
+**Description**: The amount of memory assigned to api containers in api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -4445,15 +4205,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br />
+**Description**: The amount of cpu required to schedule api containers in api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -4468,15 +4228,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule timescale-adapter containers<br />
+**Description**: The amount of memory required to schedule api containers in api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -4491,21 +4251,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
+## **sysdig.resources.apiNginx.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br />
+**Description**: The amount of cpu assigned to nginx containers in api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
+| small        | 1      |
 | medium       | 1      |
 | large        | 1      |
 
@@ -4514,21 +4274,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    apiNginx:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.memory**
+## **sysdig.resources.apiNginx.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br />
+**Description**: The amount of memory assigned to nginx containers in api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250Mi  |
+| small        | 500Mi  |
 | medium       | 500Mi  |
 | large        | 500Mi  |
 
@@ -4537,44 +4297,44 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    apiNginx:
       limits:
-        memory: 2Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
+## **sysdig.resources.apiNginx.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxyCollectorAPI daemon set<br />
+**Description**: The amount of cpu required to schedule nginx containers in api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    apiNginx:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.memory**
+## **sysdig.resources.apiNginx.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br />
+**Description**: The amount of memory required to schedule nginx containers in api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
+| small        | 100Mi    |
 | medium       | 100Mi    |
 | large        | 100Mi    |
 
@@ -4583,114 +4343,114 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    apiNginx:
       requests:
-        memory: 1Gi
+        memory: 100Mi
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br />
+**Description**: The amount of cpu assigned to worker pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 125m   |
-| medium       | 250m   |
-| large        | 250m   |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br />
+**Description**: The amount of memory assigned to worker pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 50Mi   |
-| medium       | 100Mi  |
-| large        | 100Mi  |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    worker:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br />
+**Description**: The amount of cpu required to schedule worker pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    worker:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br />
+**Description**: The amount of memory required to schedule worker pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 20Mi     |
-| medium       | 20Mi     |
-| large        | 20Mi     |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerRsyslog:
+    worker:
       requests:
-        memory: 500Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to api containers in api pods<br />
+**Description**: The amount of cpu assigned to alerter pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 4      |
+| medium       | 8      |
 | large        | 16     |
 
 **Example**:
@@ -4698,22 +4458,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to api containers in api pods<br />
+**Description**: The amount of memory assigned to alerter pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 4Gi    |
+| medium       | 8Gi    |
 | large        | 16Gi   |
 
 **Example**:
@@ -4721,22 +4481,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    alerter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule api containers in api pods<br />
+**Description**: The amount of cpu required to schedule alerter pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
+| medium       | 2        |
 | large        | 4        |
 
 **Example**:
@@ -4744,22 +4504,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule api containers in api pods<br />
+**Description**: The amount of memory required to schedule alerter pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
+| medium       | 2Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -4767,391 +4527,391 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    alerter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.apiNginx.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to nginx containers in api pods<br />
+**Description**: The amount of cpu assigned to collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    collector:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.apiNginx.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to nginx containers in api pods<br />
+**Description**: The amount of memory assigned to collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    collector:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.apiNginx.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule nginx containers in api pods<br />
+**Description**: The amount of cpu required to schedule collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    collector:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.apiNginx.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule nginx containers in api pods<br />
+**Description**: The amount of memory required to schedule collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    collector:
       requests:
-        memory: 100Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to worker pods<br />
+**Description**: The amount of cpu assigned to anchore-core pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    anchore-core:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.anchore-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to worker pods<br />
+**Description**: The amount of cpu assigned to anchore-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    anchore-api:
       limits:
-        memory: 10Mi
+        cpu: 1
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.anchore-catalog.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule worker pods<br />
+**Description**: The amount of cpu assigned to anchore-catalog pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
-      requests:
-        cpu: 2
+    anchore-catalog:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.anchore-policy-engine.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule worker pods<br />
+**Description**: The amount of cpu assigned to anchore-policy-engine pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
-      requests:
-        memory: 200Mi
+    anchore-policy-engine:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.anchore-core.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to alerter pods<br />
+**Description**: The amount of memory assigned to anchore-core pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    anchore-core:
       limits:
-        cpu: 2
+        memory: 10Mi
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.anchore-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to alerter pods<br />
+**Description**: The amount of memory assigned to anchore-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    anchore-api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.anchore-catalog.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule alerter pods<br />
+**Description**: The amount of memory assigned to anchore-catalog pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
-      requests:
-        cpu: 2
+    anchore-catalog:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.anchore-policy-engine.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule alerter pods<br />
+**Description**: The amount of memory assigned to anchore-policy-engine pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
-      requests:
-        memory: 200Mi
+    anchore-policy-engine:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to collector pods<br />
+**Description**: The amount of cpu required to schedule anchore-core pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
-      limits:
+    anchore-core:
+      requests:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.anchore-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to collector pods<br />
+**Description**: The amount of cpu required to schedule anchore-api pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
-      limits:
-        memory: 10Mi
+    anchore-api:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule collector pods<br />
+**Description**: The amount of cpu required to schedule anchore-catalog pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    anchore-catalog:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule collector pods<br />
+**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    anchore-policy-engine:
       requests:
-        memory: 200Mi
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.anchore-core.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to anchore-core pods<br />
+**Description**: The amount of memory required to schedule anchore-core pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
@@ -5159,22 +4919,22 @@ sysdig:
 sysdig:
   resources:
     anchore-core:
-      limits:
-        cpu: 1
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-api.limits.cpu**
+## **sysdig.resources.anchore-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to anchore-api pods<br />
+**Description**: The amount of memory required to schedule anchore-api pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
@@ -5182,22 +4942,22 @@ sysdig:
 sysdig:
   resources:
     anchore-api:
-      limits:
-        cpu: 1
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-catalog.limits.cpu**
+## **sysdig.resources.anchore-catalog.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to anchore-catalog pods<br />
+**Description**: The amount of memory required to schedule anchore-catalog pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
@@ -5205,22 +4965,22 @@ sysdig:
 sysdig:
   resources:
     anchore-catalog:
-      limits:
-        cpu: 1
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-policy-engine.limits.cpu**
+## **sysdig.resources.anchore-policy-engine.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to anchore-policy-engine pods<br />
+**Description**: The amount of memory required to schedule anchore-policy-engine pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
@@ -5228,267 +4988,175 @@ sysdig:
 sysdig:
   resources:
     anchore-policy-engine:
-      limits:
-        cpu: 1
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.anchore-worker.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to anchore-core pods<br />
+**Description**: The amount of cpu assigned to anchore-worker pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    anchore-worker:
       limits:
-        memory: 10Mi
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to anchore-api pods<br />
+**Description**: The amount of memory assigned to anchore-worker pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
+    anchore-worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-catalog.limits.memory**
+## **sysdig.resources.anchore-worker.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to anchore-catalog pods<br />
+**Description**: The amount of cpu required to schedule anchore-worker pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        memory: 10Mi
+    anchore-worker:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-policy-engine.limits.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to anchore-policy-engine pods<br />
+**Description**: The amount of memory required to schedule anchore-worker pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
-      limits:
-        memory: 10Mi
+    anchore-worker:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule anchore-core pods<br />
+**Description**: The amount of cpu assigned to scanning-api pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    anchore-core:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.anchore-api.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule anchore-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
+    scanning-api:
+      limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-catalog.requests.cpu**
+## **sysdig.resources.scanning-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule anchore-catalog pods<br />
+**Description**: The amount of memory assigned to scanning-api pods<br />
 **Options**:<br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      requests:
-        cpu: 2
+    scanning-api:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br />
+**Description**: The amount of cpu required to schedule scanning-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    scanning-api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule anchore-core pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    anchore-core:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.resources.anchore-api.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule anchore-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    anchore-api:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.resources.anchore-catalog.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule anchore-catalog pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    anchore-catalog:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.resources.anchore-policy-engine.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule anchore-policy-engine pods<br />
+**Description**: The amount of memory required to schedule scanning-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -5503,15 +5171,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    scanning-api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to anchore-worker pods<br />
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br />
 **Options**:<br />
 **Default**:
 
@@ -5526,15 +5194,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to anchore-worker pods<br />
+**Description**: The amount of memory assigned to scanningalertmgr pods<br />
 **Options**:<br />
 **Default**:
 
@@ -5549,15 +5217,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanningalertmgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule anchore-worker pods<br />
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br />
 **Options**:<br />
 **Default**:
 
@@ -5572,15 +5240,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanningalertmgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule anchore-worker pods<br />
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br />
 **Options**:<br />
 **Default**:
 
@@ -5595,15 +5263,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    scanningalertmgr:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanning-api pods<br />
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br />
 **Options**:<br />
 **Default**:
 
@@ -5618,15 +5286,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanning-api pods<br />
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br />
 **Options**:<br />
 **Default**:
 
@@ -5641,15 +5309,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanning-retention-mgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanning-api pods<br />
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br />
 **Options**:<br />
 **Default**:
 
@@ -5664,15 +5332,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanning-retention-mgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanning-api pods<br />
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br />
 **Options**:<br />
 **Default**:
 
@@ -5687,247 +5355,63 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    scanning-retention-mgr:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br />
+**Description**: Retention manager Cronjob<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
-
+**Default**: "0 3 \* \* \*"<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningalertmgr:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningalertmgr pods<br />
+**Description**: Max execution duration for the retention policy<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+**Default**: 23h<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningalertmgr:
-      limits:
-        memory: 10Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br />
+**Description**: Grace period for the retention policy<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
+**Default**: 168h<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningalertmgr:
-      requests:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningalertmgr:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanning-retention-mgr:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanning-retention-mgr:
-      limits:
-        memory: 10Mi
-```
-
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanning-retention-mgr:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanning-retention-mgr:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.secure.scanning.retentionMgr.cronjob**
-
-**Required**: `false`<br />
-**Description**: Retention manager Cronjob<br />
-**Options**:<br />
-**Default**: "0 3 \* \* \*"<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
-```
-
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
-
-**Required**: `false`<br />
-**Description**: Max execution duration for the retention policy<br />
-**Options**:<br />
-**Default**: 23h<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
-```
-
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
-
-**Required**: `false`<br />
-**Description**: Grace period for the retention policy<br />
-**Options**:<br />
-**Default**: 168h<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
-```
-
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
-
-**Required**: `false`<br />
-**Description**: Artifical delay after each image deletion<br />
+**Description**: Artifical delay after each image deletion<br />
 **Options**:<br />
 **Default**: 1s<br />
 **Example**:
@@ -6023,6 +5507,23 @@ sysdig:
           digestsPolicy: 5
 ```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.deleteSpuriousImages**
+
+**Required**: `false`<br />
+**Description**: Flag to enable/disable the deletion of spurious images<br />
+**Options**:<br />
+**Default**: "true"<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          deleteSpuriousImages: "true"
+```
+
 ## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 
 **Required**: `false`<br />
@@ -8847,26 +8348,6 @@ sysdig:
   netsecCommunicationShards: 5
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
-
-**Required**: `false`<br />
-**Description**: Number of Anchore Core replicas.<br />
-**Options**:<br />
-**Default**:<br />
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 2
-```
-
 ## **sysdig.scanningApiReplicaCount**
 
 **Required**: `false`<br />
@@ -10372,3 +9853,2547 @@ sysdig:
 
 ## **networkPolicies**
 Please check the [dedicated page](05-networkPolicies.md)
+
+## **pvStorageSize.small.kafka**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Kafka in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 20Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    kafka: 100Gi
+```
+
+## **pvStorageSize.small.zookeeper**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to ZooKeeper in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 20Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    zookeeper: 100Gi
+```
+
+## **pvStorageSize.medium.kafka**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Kafka in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 100Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    kafka: 100Gi
+```
+
+## **pvStorageSize.medium.zookeeper**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to ZooKeeper in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 20Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    zookeeper: 100Gi
+```
+
+## **pvStorageSize.large.kafka**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Kafka in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 500Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    kafka: 100Gi
+```
+
+## **pvStorageSize.large.zookeeper**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to ZooKeeper in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 20Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    zookeeper: 100Gi
+```
+
+## **sysdig.meerkat.enabled**
+**Required**: `false`<br />
+**Description**: Enables Meerkat. Meerkat represents collections of components that make up Sysdig's new, more computationally efficient, metrics store.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  meerkat:
+    enabled: true
+```
+
+## **sysdig.meerkatVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Meerkat, relevant when `sysdig.meerkat.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: [`sysdig.monitorVersion`](configuration_parameters.md#sysdigmonitorversion)<br />
+**Example**:
+
+```yaml
+sysdig:
+  meerkatVersion: 2.4.1.5032
+```
+
+## **sysdig.meerkatCollectorReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Meerkat collector replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+## **sysdig.meerkatAggregatorReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Meerkat aggregator replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+## **sysdig.meerkatApiReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Meerkat api replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+## **sysdig.meerkatDatastreamReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Meerkat Datastream replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+## **sysdig.resources.meerkatApi.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule each Meerkat Api pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatApi:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.meerkatApi.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule each Meerkat Api pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatApi:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.meerkatApi.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The max amount of cpu assigned to each Meerkat Api pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatApi:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.meerkatApi.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory assigned to each Meerkat Api pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatApi:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.meerkatApi.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Meerkat API JVM.<br />
+**Options**:<br />
+**Default**:
+
+```
+-Dlogging.level.org.springframework.transaction.interceptor=TRACE
+-Dio.netty.leakDetection.level=advanced
+-Dlogging.level.com.sysdig.meerkat.api.server.adapter.TimeSeriesGAdapter=DEBUG
+-Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.RealTimeQueryServiceImpl=DEBUG
+-Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.MeerkatClientDNSGrpcResolver=DEBUG
+-Dsysdig.meerkat.cassandra.features.queryAllMetricDescriptorsEnabled=true
+```
+
+**Example**:
+
+```yaml
+sysdig:
+  meerkatApi:
+    jvmOptions: "-Dio.netty.leakDetection.level=advanced"
+```
+
+## **sysdig.resources.meerkatAggregator.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule each Meerkat Aggregator pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatAggregator:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.meerkatAggregator.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule each Meerkat Aggregator pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatAggregator:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.meerkatAggregator.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The max amount of cpu assigned to each Meerkat Aggregator pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatAggregator:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.meerkatAggregator.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory assigned to each Meerkat Aggregator pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatAggregator:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.meerkatAggregator.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Meerkat Aggregator JVM.<br />
+**Options**:<br />
+**Default**:
+
+```
+-Dlogging.level.org.springframework.transaction.interceptor=TRACE
+-Dio.netty.leakDetection.level=advanced
+```
+
+**Example**:
+
+```yaml
+sysdig:
+  meerkatAggregator:
+    jvmOptions: "-Dio.netty.leakDetection.level=advanced"
+```
+
+## **sysdig.resources.meerkatCollector.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule each Meerkat Collector pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatCollector:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.meerkatCollector.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule each Meerkat Collector pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 3Gi      |
+| medium       | 8Gi      |
+| large        | 12Gi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatCollector:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.meerkatCollector.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The max amount of cpu assigned to each Meerkat Collector pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatCollector:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.meerkatCollector.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory assigned to each Meerkat Collector pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 16Gi   |
+| large        | 24Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatCollector:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.meerkatCollector.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Meerkat Collector JVM.<br />
+**Options**:<br />
+**Default**:
+
+```
+-Dsysdig.cassandra.auto-schema=true
+-Dlogging.level.org.springframework.transaction.interceptor=TRACE
+-Dio.netty.leakDetection.level=advanced
+-Dlogging.level.com.sysdig.meerkat.collector.kafka.epochstate.ShardEpochState=DEBUG
+-Dlogging.level.com.sysdig.meerkat.collector.service.GPartBuilderImpl=DEBUG
+-Dlogging.level.com.sysdig.meerkat.collector.service.MeerkatIndexer=DEBUG
+-Dlogging.level.com.sysdig.meerkat.collector.kafka.MeerkatWorker=DEBUG
+-Dlogging.level.com.sysdig.meerkat.collector.grpc.GPartsQueryServiceGrpcImpl=DEBUG
+```
+
+**Example**:
+
+```yaml
+sysdig:
+  meerkatCollector:
+    jvmOptions: "-Dsysdig.cassandra.auto-schema=true"
+```
+
+## **sysdig.meerkat.datastreamEnabled**
+
+**Required**: `false`<br />
+**Description**: Enables Meerkat Datastrem. Meerkat Datastream enables streaming of metric data via Kafka .<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  meerkat:
+    datastreamEnabled: true
+```
+
+## **sysdig.resources.meerkatDatastream.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule each Meerkat Datastream pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatDatastream:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.meerkatDatastream.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule each Meerkat Datastream pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatDatastream:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.meerkatDatastream.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The max amount of cpu assigned to each Meerkat Datastream pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatDatastream:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.meerkatDatastream.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory assigned to each Meerkat Datastream pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatDatastream:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.meerkatDatastream.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Meerkat Datastream JVM.<br />
+**Options**:<br />
+**Default**:
+
+```
+-Xms1g -Xmx1g
+```
+
+**Example**:
+
+```yaml
+sysdig:
+  meerkatDatastream:
+    jvmOptions: "-Xms1g -Xmx1g"
+```
+
+
+## **sysdig.kafkaVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 5.3.1.1<br />
+**Example**:
+
+```yaml
+sysdig:
+  kafkaVersion: 5.3.1.1
+```
+
+## **sysdig.kafkaReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Kafka replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 3     |
+| large        | 5     |
+
+## **sysdig.kafka.enabled**
+
+**Required**: `false`<br />
+**Description**: Enables kafka and zookeeper, if they are required by the apps.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  kafka:
+    enabled: true
+```
+
+## **sysdig.kafka.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: The custom configuration for Kafka JVM.<br />
+**Options**:<br />
+**Default**: Empty (Kafka will implicitly assume `-Xms1G -Xmx1G`<br />
+**Example**:
+
+```yaml
+sysdig:
+  kafka:
+    jvmOptions: -Xms4G -Xmx4G
+```
+
+## **sysdig.kafka.secure.enabled**
+
+**Required**: `false`<br />
+**Description**: WARNING: If this is `true`, `sysdig.monitorVersion` must be `2.4.1.5032`. Enables TLS for Kafka cluster.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  kafka:
+    secure:
+      enabled: true
+```
+
+## **sysdig.kafka.secure.zookeeper.user**
+
+**Required**: `false`<br />
+**Description**: Username for Zookeeper auth to secure Kafka cluster.<br />
+**Options**:<br />
+**Default**: `kafka`<br />
+**Example**:
+
+```yaml
+sysdig:
+  kafka:
+    secure:
+      zookeeper:
+        user: kafka
+```
+
+## **sysdig.kafka.secure.zookeeper.password**
+
+**Required**: `false`<br />
+**Description**: Password for Zookeeper auth to secure Kafka cluster.<br />
+**Options**:<br />
+**Default**: Auto-generated 16 random alphanumeric characters.<br />
+**Example**:
+
+```yaml
+sysdig:
+  kafka:
+    secure:
+      zookeeper:
+        password: GFDg4t3$tfe4
+```
+
+## **sysdig.kafka.secure.broker.user**
+
+**Required**: `false`<br />
+**Description**: Username for Kafka broker auth to secure Kafka cluster.<br />
+**Options**:<br />
+**Default**: `kafkabroker`<br />
+**Example**:
+
+```yaml
+sysdig:
+  kafka:
+    secure:
+      broker:
+        user: kafka
+```
+
+## **sysdig.kafka.secure.broker.password**
+
+**Required**: `false`<br />
+**Description**: Password for Kafka broker auth to secure Kafka cluster.<br />
+**Options**:<br />
+**Default**: Auto-generated 16 random alphanumeric characters.<br />
+**Example**:
+
+```yaml
+sysdig:
+  kafka:
+    secure:
+      broker:
+        password: eFSuhrt3$tfe4
+```
+
+## **sysdig.resources.kafka.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule each Kafka pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 200m     |
+| medium       | 1        |
+| large        | 2        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    kafka:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.kafka.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule each Kafka pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 3Gi      |
+| large        | 6Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    kafka:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.kafka.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The max amount of cpu assigned to each Kafka pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 4      |
+| large        | 8      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    kafka:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.kafka.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory assigned to each Kafka pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    kafka:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.zookeeperVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 5.3.1.1<br />
+**Example**:
+
+```yaml
+sysdig:
+  zookeeperVersion: 5.3.1.1
+```
+
+## **sysdig.zookeeperReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Zookeeper replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 3     |
+| large        | 3     |
+
+## **sysdig.zookeeper.nodeAffinityLabel**
+
+**Required**: `false`<br />
+**Description**: The key and the value of the label that is used to configure the nodes that the
+Zookeeper pods are expected to run on.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  zookeeper:
+    nodeAffinityLabel:
+      key: sysdig/worker-pool
+      value: zookeeper
+```
+
+## **sysdig.zookeeper.nodeAffinityMode**
+
+**Required**: `false`<br />
+**Description**: Make nodeAffinity "required" or "preferred" for Zookeeper<br />
+**Options**: `required|preferred`<br />
+**Default**: `preferred`<br />
+**Example**:
+
+```yaml
+sysdig:
+  zookeeper:
+    nodeAffinityMode: preferred
+```
+
+## **sysdig.zookeeper.secure.super.user**
+
+**Required**: `false`<br />
+**Description**: Zookeeper's super user's username if Kafka cluster is TLS-enabled.<br />
+**Options**:<br />
+**Default**: `super`<br />
+**Example**:
+
+```yaml
+sysdig:
+  zookeeper:
+    secure:
+      super:
+        user: super
+```
+
+## **sysdig.zookeeper.secure.super.password**
+
+**Required**: `false`<br />
+**Description**: Zookeeper's super user's password if Kafka cluster is TLS-enabled.<br />
+**Options**:<br />
+**Default**: Auto-generated 16 random alphanumeric characters.<br />
+**Example**:
+
+```yaml
+sysdig:
+  zookeeper:
+    secure:
+      super:
+        password: F3a4raW#$Rw3e
+```
+
+## **sysdig.resources.zookeeper.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule each Zookeeper pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 200m     |
+| large        | 400m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    zookeeper:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.zookeeper.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule each Zookeeper pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 128Mi    |
+| medium       | 256Mi    |
+| large        | 512Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    zookeeper:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.zookeeper.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The max amount of cpu assigned to each Zookeeper pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 500m   |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    zookeeper:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.zookeeper.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory assigned to each Zookeeper pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    zookeeper:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.beacon.enabled** (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Enables (IBM Platform Metrics version of) beacon, the components that allow Sysdig to natively ingest Prometheus metrics via remote write.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  beacon:
+    enabled: true
+```
+
+## **sysdig.beacon.platformMetricsEnabled**
+
+**Required**: `false`<br />
+**Description**: Enables IBM Platform Metrics version of beacon, the components that allow Sysdig to natively ingest Prometheus metrics via remote write.<br />
+**Options**: `true|false`<br />
+**Default**: Previously, this was called `beacon.enabled` and it defaults to that deprecated value, which defaults to `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  beacon:
+    platformMetricsEnabled: true
+```
+
+**WARNING**
+**`HostAlreadyClaimed` Error in Openshift**
+To use this feature on Openshift an overlay is required to avoid an error in Routes which will prevent the `Collector`
+Route to be active and able to receive data from the agents.
+This is what the error would look like:
+
+```
+oc get route
+NAME                                                 HOST/PORT                                                       PATH                                             SERVICES                                             PORT    TERMINATION   WILDCARD
+[omitted lines]
+sysdigcloud-collector                                HostAlreadyClaimed
+[omitted lines]
+```
+
+Use this overlay to avoid the error:
+
+```
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: sysdigcloud-beacon-prom-remote-write
+  namespace: sysdigcloud
+spec:
+  host: domain_name
+```
+
+The `domain_name` must be different from the name used for the Collectors endpoint and it must be used for Prometheus metrics ingestion.
+
+## **sysdig.beacon.promEnabled**
+
+**Required**: `false`<br />
+**Description**: Enables Generalized Beacon for Prometheus, the components that allow Sysdig to natively ingest Prometheus metrics via remote write.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  beacon:
+    promEnabled: true
+```
+
+## **sysdig.beacon.token**
+
+**Required**: `false`<br />
+**Description**: Set the Beacon access token, used by the Beacon components to authenticate against the API server.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  beacon:
+    token: change_me
+```
+
+## **sysdig.promRemoteWriteVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of prom-remote-write, relevant when `sysdig.beacon.promEnabled` or `sysdig.beacon.platformMetricsEnabled` is `true`.<br />
+**Options**:<br />
+**Default**: [`sysdig.monitorVersion`](configuration_parameters.md#sysdigmonitorversion)<br />
+**Example**:
+
+```yaml
+sysdig:
+  promRemoteWriteVersion: 2.4.1.5032
+```
+
+## **sysdig.promRemoteWriteBeaconReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of beacon-prom-remote-write replicas for Generalized Beacon.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  promRemoteWriteBeaconReplicaCount: 5
+```
+
+## **sysdig.promRemoteWritePlatformMetricsReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of prom-remote-write replicas for IBM Platform Metrics.<br />
+**Options**:<br />
+**Default**: Previously, this was called `promRemoteWriteReplicaCount` and it defaults to that deprecated value.<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  promRemoteWritePlatformMetricsReplicaCount: 5
+```
+
+## **sysdig.promRemoteWriteBeacon.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: The custom configuration for the Generalized Beacon beacon-prom-remote-write JVM.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  promRemoteWriteBeacon:
+    jvmOptions: -Xms4G -Xmx4G
+```
+
+## **sysdig.promRemoteWritePlatformMetrics.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: The custom configuration for the IBM Platform Metrics prom-remote-write JVM. Note that the profile is actually implicit.<br />
+**Options**:<br />
+**Default**: Previously, this was called `promRemoteWrite.jvmOptions` and it defaults to that deprecated value.<br />
+**Example**:
+
+```yaml
+sysdig:
+  promRemoteWritePlatformMetrics:
+    jvmOptions: -Xms4G -Xmx4G -Dspring.profiles.active=beacon-ibm
+```
+
+## **sysdig.serviceOwnerManagement.enabled**
+
+**Required**: `false`<br />
+**Description**: Enables ServiceOwnerManagement, the microservice that IBM Service Owners will use to manage their assets.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  serviceOwnerManagement:
+    enabled: true
+```
+
+## **sysdig.serviceOwnerManagement.legacyToken**
+
+**Required**: `false`<br />
+**Description**: Set the ServiceOwnerManagement-to-Legacy access token, used by this service to authenticate against the API server.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  serviceOwnerManagement:
+    legacyToken: change_me
+```
+
+## **sysdig.serviceOwnerManagement.beaconToken**
+
+**Required**: `false`<br />
+**Description**: Set the ServiceOwnerManagement-to-Beacon access token, used by this service to authenticate against the Beacon server.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  serviceOwnerManagement:
+    beaconToken: change_me
+```
+
+## **sysdig.serviceOwnerManagementVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of ServiceOwnerManagement, relevant when `sysdig.serviceOwnerManagement.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: [`sysdig.monitorVersion`](configuration_parameters.md#sysdigmonitorversion)<br />
+**Example**:
+
+```yaml
+sysdig:
+  serviceOwnerManagementVersion: 2.4.1.5032
+```
+
+## **sysdig.serviceOwnerManagementReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of ServiceOwnerManagement replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  serviceOwnerManagementReplicaCount: 2
+```
+
+## **sysdig.serviceOwnerManagement.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: The custom configuration for the ServiceOwnerManagement JVM.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  serviceOwnerManagement:
+    jvmOptions: -Xms4G -Xmx4G
+```
+
+## **sysdig.resources.promRemoteWriteBeacon.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule each Generalized Beacon beacon-prom-remote-write pod.<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promRemoteWriteBeacon:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.promRemoteWriteBeacon.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule each Generalized Beacon beacon-prom-remote-write pod.<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 3Gi      |
+| medium       | 8Gi      |
+| large        | 12Gi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promRemoteWriteBeacon:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.promRemoteWriteBeacon.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The max amount of cpu assigned to each Generalized Beacon beacon-prom-remote-write pod.<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promRemoteWriteBeacon:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.promRemoteWriteBeacon.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory assigned to each Generalized Beacon beacon-prom-remote-write pod.<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 16Gi   |
+| large        | 24Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promRemoteWriteBeacon:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.promRemoteWritePlatformMetrics.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule each IBM Platform Metrics prom-remote-write pod.<br />
+**Options**:<br />
+**Default**:
+
+Previously, this was called `promRemoteWrite.requests.cpu` and it defaults to that deprecated value which has these defaults:<br />
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promRemoteWritePlatformMetrics:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.promRemoteWritePlatformMetrics.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule each IBM Platform Metrics prom-remote-write pod.<br />
+**Options**:<br />
+**Default**:
+
+Previously, this was called `promRemoteWrite.requests.memory` and it defaults to that deprecated value which has these defaults:<br />
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 3Gi      |
+| medium       | 8Gi      |
+| large        | 12Gi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promRemoteWritePlatformMetrics:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.promRemoteWritePlatformMetrics.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The max amount of cpu assigned to each IBM Platform Metrics prom-remote-write pod.<br />
+**Options**:<br />
+**Default**:
+
+Previously, this was called `promRemoteWrite.limits.cpu` and it defaults to that deprecated value which has these defaults:<br />
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promRemoteWritePlatformMetrics:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.promRemoteWritePlatformMetrics.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory assigned to each IBM Platform Metrics prom-remote-write pod.<br />
+**Options**:<br />
+**Default**:
+
+Previously, this was called `promRemoteWrite.limits.memory` and it defaults to that deprecated value which has these defaults:<br />
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 16Gi   |
+| large        | 24Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promRemoteWritePlatformMetrics:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.prometheus.enabled**
+**Required**: `false`<br />
+**Description**: Enables Prometheus services.<br />
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  prometheus:
+    enabled: true
+```
+
+## **sysdig.promchapVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Sysdig Prometheus Chaperone service, relevant when `sysdig.prometheus.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 0.99.0-2022-07-04T12-52-09Z.d68003f677<br />
+**Example**:
+
+```yaml
+sysdig:
+  promchapVersion: 0.99.0-2022-07-04T12-52-09Z.d68003f677
+```
+
+## **sysdig.promqlatorVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Sysdig Promqlator service, relevant when `sysdig.prometheus.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 0.99.0-2022-07-12T09-19-16Z.93c0642b55<br />
+**Example**:
+
+```yaml
+sysdig:
+  promqlatorVersion: 0.99.0-2022-07-12T09-19-16Z.93c0642b55
+```
+
+## **sysdig.streamsnapVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Sysdig Streamsnap service, relevant when `sysdig.streamsnap.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
+**Example**:
+
+```yaml
+sysdig:
+  streamsnapVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
+```
+
+## ~~**sysdig.fastpathAggregatorVersion**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Sysdig Fastpath Aggregator service, relevant when `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregatorVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
+```
+
+## **sysdig.promqlatorReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Promqlator services replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+## **sysdig.resources.prometheus.redis.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule Prometheus Redis pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 3        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    prometheus:
+      redis:
+        requests:
+          cpu: 2
+```
+
+## **sysdig.resources.prometheus.redis.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The max amount of cpu assigned to Prometheus Redis pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 3      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    prometheus:
+      redis:
+        limits:
+          cpu: 2
+```
+
+## **sysdig.resources.prometheus.redis.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule Prometheus Redis pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 600Mi    |
+| medium       | 1.2Gi    |
+| large        | 2.2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    prometheus:
+      redis:
+        requests:
+          memory: 1.2Gi
+```
+
+## **sysdig.resources.prometheus.redis.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory assigned to Prometheus Redis pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 800Mi  |
+| medium       | 1.5Gi  |
+| large        | 2.5Gi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    prometheus:
+      redis:
+        requests:
+          memory: 1.5Gi
+```
+
+## **sysdig.prometheus.redis.maxmemory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory used by Redis cache<br />
+**Default**:<br />
+
+| cluster-size | size  |
+| ------------ | ----- |
+| small        | 500Mb |
+| medium       | 1Gb   |
+| large        | 2Gb   |
+
+**Example**:
+
+```yaml
+sysdig:
+  prometheus:
+    redis:
+      maxmemory: 1Gb
+```
+
+## **sysdig.resources.promchap.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to Promchap containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 3      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promchap:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.promchap.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to Promchap containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promchap:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.promchap.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule Promchap containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promchap:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.promchap.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule Promchap containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    promchap:
+      requests:
+        memory: 300Mi
+```
+
+## **sysdig.streamsnapReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Streamsnap replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 3     |
+
+**Example**:
+
+```yaml
+sysdig:
+  streamsnapReplicaCount: 2
+```
+
+## ~~**sysdig.fastpathAggregatorReplicaCount**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Number of Fastpath Aggregator replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 3     |
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregatorReplicaCount: 2
+```
+
+## **sysdig.streamsnap.enabled**
+
+**Required**: `false`<br />
+**Description**: Whether to enable Streamsnap or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  streamsnap:
+    enabled: true
+```
+
+## **sysdig.streamsnap.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Streamsnap jvm.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | jvmOptions |
+| ------------ | ---------- |
+| small        | -Xmx=4g    |
+| medium       | -Xmx=12g   |
+| large        | -Xmx=18g   |
+
+**Example**:
+
+```yaml
+sysdig:
+  streamsnap:
+    jvmOptions: "-Xmx=4g"
+```
+
+## **sysdig.streamsnap.numThreadsForInterval60**
+
+**Required**: `false`<br />
+**Description**: Number of threads Streamsnap uses for the 1-minute snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval60 |
+| ------------ | ----------------------- |
+| small        | 2                       |
+| medium       | 4                       |
+| large        | 6                       |
+
+**Example**:
+
+```yaml
+sysdig:
+  streamsnap:
+    numThreadsForInterval60: 4
+```
+
+## **sysdig.streamsnap.numThreadsForInterval600**
+
+**Required**: `false`<br />
+**Description**: Number of threads Streamsnap uses for the 10-minutes snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval600 |
+| ------------ | ------------------------ |
+| small        | 1                        |
+| medium       | 2                        |
+| large        | 6                        |
+
+**Example**:
+
+```yaml
+sysdig:
+  streamsnap:
+    numThreadsForInterval600: 2
+```
+
+## **sysdig.streamsnap.numThreadsForInterval3600**
+
+**Required**: `false`<br />
+**Description**: Number of threads Streamsnap uses for the 1-hour snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval3600 |
+| ------------ | ------------------------- |
+| small        | 1                         |
+| medium       | 2                         |
+| large        | 6                         |
+
+**Example**:
+
+```yaml
+sysdig:
+  streamsnap:
+    numThreadsForInterval3600: 2
+```
+
+## **sysdig.streamsnap.numThreadsForInterval86400**
+
+**Required**: `false`<br />
+**Description**: Number of threads Streamsnap uses for the 1-day snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval86400 |
+| ------------ | -------------------------- |
+| small        | 1                          |
+| medium       | 2                          |
+| large        | 6                          |
+
+**Example**:
+
+```yaml
+sysdig:
+  streamsnap:
+    numThreadsForInterval86400: 2
+```
+
+## **sysdig.resources.streamsnap.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to Streamsnap containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    streamsnap:
+      limits:
+        cpu: 8
+```
+
+## **sysdig.resources.streamsnap.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to Streamsnap containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8g     |
+| medium       | 16g    |
+| large        | 24g    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    streamsnap:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.streamsnap.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule Streamsnap containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2        |
+| medium       | 4        |
+| large        | 8        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    streamsnap:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.streamsnap.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule Streamsnap containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 8g       |
+| medium       | 16g      |
+| large        | 24g      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    streamsnap:
+      requests:
+        memory: 2Gi
+```
+
+## ~~**sysdig.fastpathAggregator.enabled**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Whether to enable Fastpath Aggregator or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregator:
+    enabled: true
+```
+
+## ~~**sysdig.fastpathAggregator.jvmOptions**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Custom configuration for the Fastpath Aggregator jvm.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | jvmOptions |
+| ------------ | ---------- |
+| small        | -Xmx=4g    |
+| medium       | -Xmx=12g   |
+| large        | -Xmx=16g   |
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregator:
+    jvmOptions: "-Xmx=4g"
+```
+
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval60**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 1-minute snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval60 |
+| ------------ | ----------------------- |
+| small        | 2                       |
+| medium       | 4                       |
+| large        | 4                       |
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregator:
+    numThreadsForInterval60: 4
+```
+
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval600**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 10-minutes snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval600 |
+| ------------ | ------------------------ |
+| small        | 1                        |
+| medium       | 2                        |
+| large        | 2                        |
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregator:
+    numThreadsForInterval600: 2
+```
+
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval3600**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 1-hour snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval3600 |
+| ------------ | ------------------------- |
+| small        | 1                         |
+| medium       | 2                         |
+| large        | 2                         |
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregator:
+    numThreadsForInterval3600: 2
+```
+
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval86400**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 1-day snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval86400 |
+| ------------ | -------------------------- |
+| small        | 1                          |
+| medium       | 2                          |
+| large        | 2                          |
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregator:
+    numThreadsForInterval86400: 2
+```
+
+## ~~**sysdig.resources.fastpathAggregator.limits.cpu**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to Fastpath Aggregator containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    fastpathAggregator:
+      limits:
+        cpu: 8
+```
+
+## ~~**sysdig.resources.fastpathAggregator.limits.memory**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to Fastpath Aggregator containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8g     |
+| medium       | 16g    |
+| large        | 24g    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    fastpathAggregator:
+      limits:
+        memory: 8Gi
+```
+
+## ~~**sysdig.resources.fastpathAggregator.requests.cpu**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule Fastpath Aggregator containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2        |
+| medium       | 4        |
+| large        | 8        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    fastpathAggregator:
+      requests:
+        cpu: 2
+```
+
+## ~~**sysdig.resources.fastpathAggregator.requests.memory**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule Fastpath Aggregator containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 8g       |
+| medium       | 16g      |
+| large        | 24g      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    fastpathAggregator:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.secureOnly**
+
+**Required**: `false`<br />
+**Description**: Enable product optimizations for secure that break monitor.<br />
+**Options**: `true|false`<br />
+**Default**: `false`
+
+**Example**:
+
+```yaml
+sysdig:
+  secureOnly: true
+```
+
+## **sysdig.secure.eventsForwarder.proxy.enable**
+
+**Required**: `false`<br />
+**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
+**Options**: `true|false`<br />
+**Default**:
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: false
+```
+
+## **sysdig.secure.eventsForwarder.proxy.host**
+
+**Required**: `false`<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
+is configured.<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
+```
+
+## **sysdig.secure.eventsForwarder.proxy.noProxy**
+
+**Required**: `false`<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Options**:<br />
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
+```
+
+## **sysdig.secure.eventsForwarder.proxy.password**
+
+**Required**: `false`<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        password: F00B@r!
+```
+
+## **sysdig.secure.eventsForwarder.proxy.port**
+
+**Required**: `false`<br />
+**Description**: The port the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
+**Options**:<br />
+**Default**: `80`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        port: 3128
+```
+
+## **sysdig.secure.eventsForwarder.proxy.protocol**
+
+**Required**: `false`<br />
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        protocol: https
+```
+
+## **sysdig.secure.eventsForwarder.proxy.user**
+
+**Required**: `false`<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        user: alice
+```
+
+## **sysdig.postgresDatabases.PRWSInternalIngestion**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-prw-internal-ingestion-db-external.com
+      port: 5432
+      db: prws_internal_ingestion
+      username: prws_internal_ingestion_user
+      password: my_prws_internal_ingestion_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.beacon.prwsInternalIngestionEnabled**
+
+**Required**: `false`<br />
+**Description**: Enable Prom Remote Write Internal Ingestion<br />
+**Options**:<br />
+**Default**:`false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  beacon:
+    prwsInternalIngestionEnabled: true
+```
+
+## **sysdig.prwsInternalIngestionReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of PRWS Internal Ingestion replicas<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestionReplicaCount: 5
+```
+
+## **sysdig.prwsInternalIngestion.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    jvmOptions: |-
+      -Xms12g -Xmx12g
+```
+
+## **sysdig.prwsInternalIngestion.ingress**
+
+**Required**: `false`<br />
+**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    ingress:
+      - name: my-prws-internal-ingestion
+        omitBaseAnnotations: true
+        annotations:
+          haproxy-ingress.github.io/timeout-server: 20s
+          haproxy-ingress.github.io/config-backend: |
+            retries 2
+        labels:
+          app.kubernetes.io/managed-by: ingress-config
+          app.kubernetes.io/name: ingress-config
+          app.kubernetes.io/part-of: sysdigcloud
+          role: ingress-config
+          tier: infra
+        hosts:
+          - host: my-app.my-domain.com
+            sslSecretName: ssl-secret
+            paths:
+              - path: /api
+                serviceName: my-service-name
+                servicePort: 9510
+```
+
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
+
+**Required**: `false`<br />
+**Description**: Enable private endpoint communication for PRWS Internal Ingestion
+**Options**: `true|false`<br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
+```
+
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
+
+**Required**: `false`<br />
+**Description**: Comma separated list of addresses or domain names that can
+override the `privateEndpointCommunicationEnforcement`.
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
+    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16 
+```
+
+## **sysdig.secure.netsec.rateLimit**
+
+**Required**: `false`<br />
+**Description**: Netsec api rate limit.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 200   |
+| medium       | 200   |
+| large        | 200   |
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index d28cbea3..699f3120 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -15,17 +15,19 @@
 
 As described in the Installation Storage Requirements, the Installer assumes usage of a dynamic storage provider (AWS or GKE). In case these are not used in your environment, add the entries below to the values.yaml to configure static storage.
 
-Based on the `size` entered in the values.yaml file (small/medium/large), the Installer assumes a minimum number of replicas and nodes to be provided. You will enter the names of the nodes on which you will run the Cassandra, ElasticSearch, mySQL and Postgres components of Sysdig in the values.yaml, as in the parameters and example below.
+Based on the `size` found in the `values.yaml` file (small/medium/large), the Installer assumes a minimum number of replicas and nodes to be provided. You will enter the names of the nodes on which you will run the Cassandra, ElasticSearch and Postgres components of Sysdig in the values.yaml, as in the parameters and example below.
 
 ### Parameters
 
-`storageClassProvisioner`: hostPath.<br />
-`sysdig.cassandra.hostPathNodes`: The number of nodes configured here needs to be at minimum 1 when configured `size` is `small`, 3 when configured `size` is
-`medium` and 6 when configured `size` is large.<br />
-`elasticsearch.hostPathNodes`: The number of nodes configured here needs to be be at minimum 1 when configured `size` is `small`, 3 when configured `size` is
-`medium` and 6 when configured `size` is large.<br />
-`sysdig.mysql.hostPathNodes`: When sysdig.mysqlHa is configured to true this has to be at least 3 nodes and when sysdig.mysqlHa is not configured it should be at least one node.<br />
-`sysdig.postgresql.hostPathNodes`: This can be ignored if Sysdig Secure is not licensed or used on this environment. If Secure is used, then the parameter should be set to 1, regardless of the environment size setting.<br />
+- `storageClassProvisioner`: hostPath.
+- `sysdig.cassandra.hostPathNodes`: The number of nodes configured here needs to be at minimum 1 when configured `size` is `small`, 3 when configured `size` is
+- `medium` and 6 when configured `size` is large.
+- `elasticsearch.hostPathNodes`: The number of nodes configured here needs to be be at minimum 1 when configured `size` is `small`, 3 when configured `size` is
+- `medium` and 6 when configured `size` is large.
+- `sysdig.mysql.hostPathNodes`: When sysdig.mysqlHa is configured to true this has to be at least 3 nodes and when sysdig.mysqlHa is not configured it should be at least one node.
+- `sysdig.postgresql.hostPathNodes`: This can be ignored if Sysdig Secure is not licensed or used on this environment. If Secure is used, then the parameter should be set to 1, regardless of the environment size setting.
+- `.hostPathCustomPaths`: customize the location of the directory structure on the Kubernetes node
+- `.pvStorageSize.<small|medium|large>.<datastoreservice>`: customize the size of Volumes (check in the [configuration parameters list](/docs/02-configuration_parameters.md))
 
 ### Example
 
@@ -48,12 +50,29 @@ sysdig:
       - my-cool-host4.com
       - my-cool-host5.com
       - my-cool-host6.com
-  mysql:
-    hostPathNodes:
-      - my-cool-host1.com
   postgresql:
     hostPathNodes:
       - my-cool-host1.com
+  kafka:
+    hostPathNodes:
+      - i-0082bddac2e013639
+      - i-05eb2d9719cc2dafa
+      - i-082b0341a1bb2f2be
+  zookeeper:
+    hostPathNodes:
+      - i-0082bddac2e013639
+      - i-05eb2d9719cc2dafa
+      - i-082b0341a1bb2f2be
+pvStorageSize:
+  medium:
+    cassandra: 600Gi
+    elasticsearch: 275Gi
+    postgresql: 120Gi
+hostPathCustomPaths:
+  cassandra: /sysdig/cassandra
+  elasticsearch: /sysdig/elasticsearch
+  mysql: /sysdig/mysql
+  postgresql: /sysdig/postgresql    
 ```
 
 ## Installer on EKS
@@ -72,7 +91,7 @@ eksctl create cluster \
    --vpc-public-subnets=<subnet1,subnet2>
 ```
 
-### Additional config for installer
+### Additional installer configurations
 
 EKS uses aws-iam-authenticator to authorize kubectl commands.
 aws-iam-authenticator needs aws credentials mounted from **~/.aws** to the installer.
@@ -96,7 +115,7 @@ EKS=true bash sysdig_installer.tar.gz
 The above ensures the `~/.aws` directory is correctly mounted for the airgap
 installer container.
 
-### Exposing the sysdig endpoint
+### Exposing the Sysdig endpoint
 
 Get the external ip/endpoint for the ingress service.
 
@@ -112,7 +131,7 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ## Airgapped installations
 
-### Method for automatically updating the feeds database in airgapped environments
+### Updating the feeds database in airgapped environments
 
 This is a procedure that can be used to automatically update the feeds database:
 
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index b5cfbb01..fe03c37c 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -1,9 +1,9 @@
 <!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Title: Network Policies v2 in the installer -->
+<!-- Title: Network policies v2 in the installer -->
 <!-- Layout: plain -->
 
-# Network Policies
+# Network policies
 
 <br />
 
@@ -13,7 +13,7 @@
 
 ## Introduction
 
-The current version of Sysdig Network Policies v2 supports Sysdig HAProxy Ingress and IBM Cloud IKS ALBs.
+The current version of Sysdig Network policies v2 supports Sysdig HAProxy Ingress and IBM Cloud IKS ALBs.
 
 The NetworkPolicies (NP) are controlled via two flags:
 
diff --git a/installer/values.yaml b/installer/values.yaml
index 41c0b5a2..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,3 +21,4 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
+  ingressClassName: haproxy

From 857bc6d13068f2052b50f5d9c558f5a31c92f7fd Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 1 Jun 2023 01:39:33 +0000
Subject: [PATCH 123/156] updating installer docs

---
 installer/docs/02-configuration_parameters.md | 1691 +++++++++++++++--
 1 file changed, 1574 insertions(+), 117 deletions(-)

diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index b3e2d5af..b1d4653b 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -945,6 +945,20 @@ sysdig:
 sysdig:
   cassandraExporterVersion: latest
 ```
+## **sysdig.cassandra.snitch.extractCMD**
+
+**Required**: `false`<br />
+**Description**: Shell command applied to the zone label extracted from the Kubernetes worker to extract a string to use for the `rack` <br />
+**Options**: <br />
+**Default**: `""`<br />
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    snitch:
+      extractCMD: "cat /node-labels/failure-domain.beta.kubernetes.io/zone || cat /node-labels/topology.kubernetes.io/zone"
+```
 
 ## **sysdig.cassandra.useCassandra3**
 
@@ -2657,7 +2671,7 @@ sysdig:
 **Description**: Determines if a [web
 proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
 used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br />
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) in scanningV1, by the events forwarder to forward to HTTP based targets and for the scanningv2 feeds download (remote SaaS cloud environment to get a pre-signed object-storage URL + cloud provider object-storage HTTP download).<br />
 **Options**:<br />
 **Default**: `false`<br />
 
@@ -12103,245 +12117,1441 @@ sysdig:
         memory: 2Gi
 ```
 
-## **sysdig.secureOnly**
+## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Enable product optimizations for secure that break monitor.<br />
-**Options**: `true|false`<br />
-**Default**: `false`
+**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secureOnly: true
+  resources:
+    scanningv2-agents-conf:
+      limits:
+        cpu: 500m
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.enable**
+## **sysdig.resources.scanningv2-agents-conf.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
-**Options**: `true|false`<br />
+**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
+**Options**:<br />
 **Default**:
 
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: false
+  resources:
+    scanningv2-agents-conf:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.host**
+## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
-is configured.<br />
+**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        host: my-awesome-proxy.my-awesome-domain.com
+  resources:
+    scanningv2-agents-conf:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.noProxy**
+## **sysdig.resources.scanningv2-agents-conf.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
 **Options**:<br />
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        noProxy: my-awesome.domain.com, 192.168.0.0/16
+  resources:
+    scanningv2-agents-conf:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.password**
+## **sysdig.resources.scanningv2-collector.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The password used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        password: F00B@r!
+  resources:
+    scanningv2-collector:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.port**
+## **sysdig.resources.scanningv2-collector.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The port the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
-configured it defaults to 80.<br />
+**Description**: The amount of memory assigned to scanningv2-collector pods<br />
 **Options**:<br />
-**Default**: `80`<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        port: 3128
+  resources:
+    scanningv2-collector:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.protocol**
+## **sysdig.resources.scanningv2-collector.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
-**Options**: `http|https`<br />
-**Default**: `http`<br />
+**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        protocol: https
+  resources:
+    scanningv2-collector:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.user**
+## **sysdig.resources.scanningv2-collector.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The user used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        user: alice
+  resources:
+    scanningv2-collector:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.postgresDatabases.PRWSInternalIngestion**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-prw-internal-ingestion-db-external.com
-      port: 5432
-      db: prws_internal_ingestion
-      username: prws_internal_ingestion_user
-      password: my_prws_internal_ingestion_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    scanningv2-pkgmeta-api:
+      limits:
+        cpu: 500m
 ```
 
-## **sysdig.beacon.prwsInternalIngestionEnabled**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Enable Prom Remote Write Internal Ingestion<br />
+**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
-**Default**:`false`<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  beacon:
-    prwsInternalIngestionEnabled: true
+  resources:
+    scanningv2-pkgmeta-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.prwsInternalIngestionReplicaCount**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of PRWS Internal Ingestion replicas<br />
+**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestionReplicaCount: 5
+  resources:
+    scanningv2-pkgmeta-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.prwsInternalIngestion.jvmOptions**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
+**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    jvmOptions: |-
-      -Xms12g -Xmx12g
+  resources:
+    scanningv2-pkgmeta-api:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.prwsInternalIngestion.ingress**
+## **sysdig.resources.scanningv2-policies-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
+**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    ingress:
-      - name: my-prws-internal-ingestion
-        omitBaseAnnotations: true
-        annotations:
-          haproxy-ingress.github.io/timeout-server: 20s
-          haproxy-ingress.github.io/config-backend: |
-            retries 2
-        labels:
-          app.kubernetes.io/managed-by: ingress-config
-          app.kubernetes.io/name: ingress-config
+  resources:
+    scanningv2-policies-api:
+      limits:
+        cpu: 500m
+```
+
+## **sysdig.resources.scanningv2-policies-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-policies-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.scanningv2-policies-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-policies-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.scanningv2-policies-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-policies-api:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-api:
+      limits:
+        cpu: 500m
+```
+
+## **sysdig.resources.scanningv2-reporting-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.scanningv2-reporting-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-api:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-generator:
+      limits:
+        cpu: 500m
+```
+
+## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-generator:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-generator:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-generator:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-janitor:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-scheduler:
+      limits:
+        cpu: 500m
+```
+
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-scheduler:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-scheduler:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-scheduler:
+      requests:
+        memory: 100Mi
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-host.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker-host pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-host:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-host.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker-host pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-host:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-host.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-host pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-host:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-host.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker-host pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-host:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker-k8s pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-k8s:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker-k8s pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-k8s:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-k8s pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-k8s:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker-k8s pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-k8s:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-riskmanager-api:
+      limits:
+        cpu: 500m
+```
+
+## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-riskmanager-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-riskmanager-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-riskmanager-api:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-scanresults-api:
+      limits:
+        cpu: 500m
+```
+
+## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-scanresults-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-scanresults-api:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 500Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-scanresults-api:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-vulns-api:
+      limits:
+        cpu: 500m
+```
+
+## **sysdig.resources.scanningv2-vulns-api.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-vulns-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-vulns-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.scanningv2-vulns-api.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-vulns-api:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.secureOnly**
+
+**Required**: `false`<br />
+**Description**: Enable product optimizations for secure that break monitor.<br />
+**Options**: `true|false`<br />
+**Default**: `false`
+
+**Example**:
+
+```yaml
+sysdig:
+  secureOnly: true
+```
+
+## **sysdig.secure.eventsForwarder.proxy.enable**
+
+**Required**: `false`<br />
+**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
+**Options**: `true|false`<br />
+**Default**:
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: false
+```
+
+## **sysdig.secure.eventsForwarder.proxy.host**
+
+**Required**: `false`<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
+is configured.<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
+```
+
+## **sysdig.secure.eventsForwarder.proxy.noProxy**
+
+**Required**: `false`<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Options**:<br />
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
+```
+
+## **sysdig.secure.eventsForwarder.proxy.password**
+
+**Required**: `false`<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        password: F00B@r!
+```
+
+## **sysdig.secure.eventsForwarder.proxy.port**
+
+**Required**: `false`<br />
+**Description**: The port the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
+**Options**:<br />
+**Default**: `80`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        port: 3128
+```
+
+## **sysdig.secure.eventsForwarder.proxy.protocol**
+
+**Required**: `false`<br />
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        protocol: https
+```
+
+## **sysdig.secure.eventsForwarder.proxy.user**
+
+**Required**: `false`<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        user: alice
+```
+
+## **sysdig.postgresDatabases.PRWSInternalIngestion**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-prw-internal-ingestion-db-external.com
+      port: 5432
+      db: prws_internal_ingestion
+      username: prws_internal_ingestion_user
+      password: my_prws_internal_ingestion_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.beacon.prwsInternalIngestionEnabled**
+
+**Required**: `false`<br />
+**Description**: Enable Prom Remote Write Internal Ingestion<br />
+**Options**:<br />
+**Default**:`false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  beacon:
+    prwsInternalIngestionEnabled: true
+```
+
+## **sysdig.prwsInternalIngestionReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of PRWS Internal Ingestion replicas<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestionReplicaCount: 5
+```
+
+## **sysdig.prwsInternalIngestion.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    jvmOptions: |-
+      -Xms12g -Xmx12g
+```
+
+## **sysdig.prwsInternalIngestion.ingress**
+
+**Required**: `false`<br />
+**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    ingress:
+      - name: my-prws-internal-ingestion
+        omitBaseAnnotations: true
+        annotations:
+          haproxy-ingress.github.io/timeout-server: 20s
+          haproxy-ingress.github.io/config-backend: |
+            retries 2
+        labels:
+          app.kubernetes.io/managed-by: ingress-config
+          app.kubernetes.io/name: ingress-config
           app.kubernetes.io/part-of: sysdigcloud
           role: ingress-config
           tier: infra
@@ -12397,3 +13607,250 @@ sysdig:
 | small        | 200   |
 | medium       | 200   |
 | large        | 200   |
+
+## **sysdig.secure.scanningv2.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
+NOTE: Vulnerability Engine V2 is not yet supported for airgapped installation.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      enabled: true
+```
+
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      vulnsApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+```
+
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
+
+**Required**: `false`<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      vulnsApi:
+        remoteSaaSTlsSkip: true
+```
+
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+```
+
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
+
+**Required**: `false`<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSTlsSkip: true
+```
+
+## **sysdig.secure.scanningv2.reporting.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        enabled: true
+```
+
+## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
+
+**Required**: `false`<br />
+**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
+**Options**:<br />
+**Default**: "0 3 \* \* \*"<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        reportingJanitor:
+          schedule: "0 3 * * *"
+```
+
+## **sysdig.secure.scanningv2.reporting.storageDriver**
+
+**Required**: `false`<br />
+**Description**: Storage kind for the generated reports<br />
+**Options**: postgres, s3<br />
+**Default**: postgres<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        storageDriver: postgres
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.bucket**
+
+**Required**: `false`<br />
+**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          bucket: secure-scanningv2-reporting
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.endpoint**
+
+**Required**: `false`<br />
+**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          endpoint: s3.example.com
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.region**
+
+**Required**: `false`<br />
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          region: us-east-1
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
+
+**Required**: `false`<br />
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          accessKeyId: AKIAIOSFODNN7EXAMPLE
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+
+**Required**: `false`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+
+**Required**: `false`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+```
+
+## **sysdig.secure.scanningv2.customCerts**
+
+**Required**: `false`<br />
+**Description**:
+To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .crt, .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
+**Options**: `true|false`<br />
+**Default**: false<br />
+**Example**:
+
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/scanningv2-custom-certs
+certs/scanningv2-custom-certs/certificate1.crt
+certs/scanningv2-custom-certs/certificate2.crt
+values.yaml
+```
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      customCerts: true
+```

From 31db90cb41dfbae5e8be23124b20452e96128016 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 5 Jun 2023 16:07:01 +0000
Subject: [PATCH 124/156] updating installer docs

---
 installer/docs/02-configuration_parameters.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index b1d4653b..5c3fee16 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -13833,7 +13833,7 @@ sysdig:
 **Description**:
 To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
-This configuration when set expects certificates with .crt, .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
+This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
 **Options**: `true|false`<br />
 **Default**: false<br />
 **Example**:
@@ -13843,8 +13843,8 @@ This configuration when set expects certificates with .crt, .pem extension under
 bash-5.0$ find certs values.yaml
 certs
 certs/scanningv2-custom-certs
-certs/scanningv2-custom-certs/certificate1.crt
-certs/scanningv2-custom-certs/certificate2.crt
+certs/scanningv2-custom-certs/certificate1.pem
+certs/scanningv2-custom-certs/certificate2.pem
 values.yaml
 ```
 

From 15a3a2455c10b396db9c157b7bc112358a610b9c Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 5 Jul 2023 18:25:40 +0000
Subject: [PATCH 125/156] updating installer docs

---
 installer/docs/02-configuration_parameters.md | 156 ++++++------------
 installer/docs/04-advanced_configuration.md   |   6 +-
 2 files changed, 54 insertions(+), 108 deletions(-)

diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 5c3fee16..a55aedaf 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -925,12 +925,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker image tag of Cassandra.<br />
 **Options**: <br />
-**Default**: 2.1.22.4<br />
+**Default**: 2.1.22.5<br />
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.22.4
+  cassandraVersion: 2.1.22.5
 ```
 
 ## **sysdig.cassandraExporterVersion**
@@ -9109,10 +9109,10 @@ sysdig:
         memory: 200Mi
 ```
 
-## **sysdig.mdsDeploymentCount**
+## **sysdig.mdsDeploymentReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Sysdig metadataService deployment replicas, this is a noop for clusters
+**Description**: Number of Sysdig MetadataService Deployment replicas, this is a noop for clusters
 of `size` `small`.<br />
 **Options**:<br />
 **Default**:<br />
@@ -9151,10 +9151,10 @@ sysdig:
   mdsOperatorReplicaCount: 2
 ```
 
-## **sysdig.mdsPodCount**
+## **sysdig.mdsPodReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Sysdig metadataService pod count, this is a noop for clusters
+**Description**: Number of Sysdig MetadataService Pod count, this is a noop for clusters
 of `size` `small`.<br />
 **Options**:<br />
 **Default**:<br />
@@ -10513,18 +10513,32 @@ sysdig:
     jvmOptions: "-Xms1g -Xmx1g"
 ```
 
+## **sysdig.kafka.cruiseControl.enabled**
+
+**Required**: `false`<br />
+**Description**: Enables kafka Cruise Control, if it is required.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  kafka:
+    cruiseControl:
+      enabled: true
+```
 
 ## **sysdig.kafkaVersion**
 
 **Required**: `false`<br />
 **Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
 **Options**:<br />
-**Default**: 5.3.1.1<br />
+**Default**: 1.0.0<br />
 **Example**:
 
 ```yaml
 sysdig:
-  kafkaVersion: 5.3.1.1
+  kafkaVersion: 1.0.0
 ```
 
 ## **sysdig.kafkaReplicaCount**
@@ -10543,7 +10557,7 @@ sysdig:
 ## **sysdig.kafka.enabled**
 
 **Required**: `false`<br />
-**Description**: Enables kafka and zookeeper, if they are required by the apps.<br />
+**Description**: Enables kafka, if it is required by the apps.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -10554,24 +10568,11 @@ sysdig:
     enabled: true
 ```
 
-## **sysdig.kafka.jvmOptions**
+## **sysdig.kafka.enableMetrics**
 
 **Required**: `false`<br />
-**Description**: The custom configuration for Kafka JVM.<br />
-**Options**:<br />
-**Default**: Empty (Kafka will implicitly assume `-Xms1G -Xmx1G`<br />
-**Example**:
-
-```yaml
-sysdig:
-  kafka:
-    jvmOptions: -Xms4G -Xmx4G
-```
-
-## **sysdig.kafka.secure.enabled**
+**Description**: Enables JMX exporter as a sidecar container to export prometheus metrics. <br />
 
-**Required**: `false`<br />
-**Description**: WARNING: If this is `true`, `sysdig.monitorVersion` must be `2.4.1.5032`. Enables TLS for Kafka cluster.<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -10579,72 +10580,36 @@ sysdig:
 ```yaml
 sysdig:
   kafka:
-    secure:
-      enabled: true
-```
-
-## **sysdig.kafka.secure.zookeeper.user**
-
-**Required**: `false`<br />
-**Description**: Username for Zookeeper auth to secure Kafka cluster.<br />
-**Options**:<br />
-**Default**: `kafka`<br />
-**Example**:
-
-```yaml
-sysdig:
-  kafka:
-    secure:
-      zookeeper:
-        user: kafka
-```
-
-## **sysdig.kafka.secure.zookeeper.password**
-
-**Required**: `false`<br />
-**Description**: Password for Zookeeper auth to secure Kafka cluster.<br />
-**Options**:<br />
-**Default**: Auto-generated 16 random alphanumeric characters.<br />
-**Example**:
-
-```yaml
-sysdig:
-  kafka:
-    secure:
-      zookeeper:
-        password: GFDg4t3$tfe4
+    enableMetrics: true
 ```
 
-## **sysdig.kafka.secure.broker.user**
+## **sysdig.kafka.jvmOptions**
 
 **Required**: `false`<br />
-**Description**: Username for Kafka broker auth to secure Kafka cluster.<br />
+**Description**: The custom configuration for Kafka JVM.<br />
 **Options**:<br />
-**Default**: `kafkabroker`<br />
+**Default**: Empty (Kafka will implicitly assume `-Xms1G -Xmx1G`<br />
 **Example**:
 
 ```yaml
 sysdig:
   kafka:
-    secure:
-      broker:
-        user: kafka
+    jvmOptions: -Xms4G -Xmx4G
 ```
 
-## **sysdig.kafka.secure.broker.password**
+## **sysdig.kafka.secure.enabled**
 
 **Required**: `false`<br />
-**Description**: Password for Kafka broker auth to secure Kafka cluster.<br />
-**Options**:<br />
-**Default**: Auto-generated 16 random alphanumeric characters.<br />
+**Description**: WARNING: If this is `true`, `sysdig.monitorVersion` must be `2.4.1.5032`. Enables TLS for Kafka cluster.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
   kafka:
     secure:
-      broker:
-        password: eFSuhrt3$tfe4
+      enabled: true
 ```
 
 ## **sysdig.resources.kafka.requests.cpu**
@@ -10744,12 +10709,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
 **Options**:<br />
-**Default**: 5.3.1.1<br />
+**Default**: 1.0.0<br />
 **Example**:
 
 ```yaml
 sysdig:
-  zookeeperVersion: 5.3.1.1
+  zookeeperVersion: 1.0.0
 ```
 
 ## **sysdig.zookeeperReplicaCount**
@@ -10765,6 +10730,21 @@ sysdig:
 | medium       | 3     |
 | large        | 3     |
 
+## **sysdig.zookeeper.enableMetrics**
+
+**Required**: `false`<br />
+**Description**: Enables JMX exporter as a sidecar container to export prometheus metrics. <br />
+
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  zookeeper:
+    enableMetrics: true
+```
+
 ## **sysdig.zookeeper.nodeAffinityLabel**
 
 **Required**: `false`<br />
@@ -10796,38 +10776,6 @@ sysdig:
     nodeAffinityMode: preferred
 ```
 
-## **sysdig.zookeeper.secure.super.user**
-
-**Required**: `false`<br />
-**Description**: Zookeeper's super user's username if Kafka cluster is TLS-enabled.<br />
-**Options**:<br />
-**Default**: `super`<br />
-**Example**:
-
-```yaml
-sysdig:
-  zookeeper:
-    secure:
-      super:
-        user: super
-```
-
-## **sysdig.zookeeper.secure.super.password**
-
-**Required**: `false`<br />
-**Description**: Zookeeper's super user's password if Kafka cluster is TLS-enabled.<br />
-**Options**:<br />
-**Default**: Auto-generated 16 random alphanumeric characters.<br />
-**Example**:
-
-```yaml
-sysdig:
-  zookeeper:
-    secure:
-      super:
-        password: F3a4raW#$Rw3e
-```
-
 ## **sysdig.resources.zookeeper.requests.cpu**
 
 **Required**: `false`<br />
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 699f3120..30bb4ec0 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -20,10 +20,8 @@ Based on the `size` found in the `values.yaml` file (small/medium/large), the In
 ### Parameters
 
 - `storageClassProvisioner`: hostPath.
-- `sysdig.cassandra.hostPathNodes`: The number of nodes configured here needs to be at minimum 1 when configured `size` is `small`, 3 when configured `size` is
-- `medium` and 6 when configured `size` is large.
-- `elasticsearch.hostPathNodes`: The number of nodes configured here needs to be be at minimum 1 when configured `size` is `small`, 3 when configured `size` is
-- `medium` and 6 when configured `size` is large.
+- `sysdig.cassandra.hostPathNodes`: The number of nodes configured here needs to be at minimum 1 when configured `size` is `small`, 3 when configured `size` is `medium` and 6 when configured `size` is large.
+- `elasticsearch.hostPathNodes`: The number of nodes configured here needs to be be at minimum 1 when configured `size` is `small`, 3 when configured `size` is `medium` and 6 when configured `size` is large.
 - `sysdig.mysql.hostPathNodes`: When sysdig.mysqlHa is configured to true this has to be at least 3 nodes and when sysdig.mysqlHa is not configured it should be at least one node.
 - `sysdig.postgresql.hostPathNodes`: This can be ignored if Sysdig Secure is not licensed or used on this environment. If Secure is used, then the parameter should be set to 1, regardless of the environment size setting.
 - `.hostPathCustomPaths`: customize the location of the directory structure on the Kubernetes node

From e709dbd43ad58e6ffb7b53409132bb4d546dcd5e Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 18 Jul 2023 16:36:10 +0000
Subject: [PATCH 126/156] updating installer docs

---
 installer/README.md                        |   91 +-
 installer/docs/advanced.md                 |   44 -
 installer/docs/configuration_parameters.md | 8221 ++++++--------------
 installer/values.yaml                      |    1 -
 4 files changed, 2544 insertions(+), 5813 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cd47ed96..4e7d083d 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,9 +1,8 @@
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
-
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
+Agent), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -41,29 +40,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -83,23 +82,23 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [installer releases
-  page](https://github.com/draios/installer/releases).
+  [sysdigcloud-kubernetes releases
+  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -124,6 +123,29 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -180,11 +202,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.5.1-1-uber
+  docker pull quay.io/sysdig/installer:3.6.4-2-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.6.4-2-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -194,29 +216,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -228,17 +250,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -274,12 +296,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/02-configuration_parameters.md)
+[configuration_parameters.md](docs/configuration_parameters.md)
 
 # Permissions
 
@@ -308,7 +330,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
+For advanced configuration option see [advanced.md](docs/advanced.md)
 
 # Example values.yaml
 
@@ -327,3 +349,4 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 6617e8ba..8c5de38a 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,47 +104,3 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
-
-## Airgapped installations
-
-### Method for automatically updating the feeds database in airgapped environments
-This is a procedure that can be used to automatically update the feeds database:
-
-1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
-2. move the file from the jumpbox server to the customer airgapped environment (optional)
-3. load the image file and push it to the customer's airgapped image registry
-4. restart the pod sysdigcloud-feeds-db
-5. restart the pod feeds-api
-
-Finally, steps 1 to 5 will be performed periodically once a day.
-
-This is an example script that contains all the steps:
-```bash
-#!/bin/bash
-QUAY_USERNAME="<change_me>"
-QUAY_PASSWORD="<change_me>"
-
-# Download image
-docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/vuln-feed-database:latest
-# Save image
-docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
-# Optionally move image
-mv vuln-feed-database.tar /var/shared-folder
-# Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
-# Push image remotely
-ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
-ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
-# Restart database pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
-# Restart feeds-api pod
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
-ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
-```
-
-The script can be scheduled using a cron job that run every day
-```bash
-0 8 * * * feeds-database-update.sh >/dev/null 2>&1
-```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 8968fb27..3b35c54e 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -37,19 +37,6 @@ Disk, and Replicas.<br>
 size: medium
 ```
 
-## **kubernetesServerVersion**
-**Required**: `false`<br>
-**Description**: The Kubernetes version of the targeted cluster.
- This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1`
- must be used with k8s version 1.22+. <br/>
-**Options**:<br>
-**Default**:If not provided, it will be pulled during `generate` and/or `import` phases. <br>
-**Example**:
-
-```yaml
-kubernetesServerVersion: v1.18.10
-```
-
 ## **storageClassProvisioner**
 **Required**: `false`<br>
 **Description**: The name of the [storage class
@@ -85,8 +72,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
-and [full airgap instructions](../README.md#full-airgap-install) for more
+multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
+and [full airgap instructions](../usage.md#full-airgap-installation) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -110,7 +97,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`<br>
+**Required**: `false`
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -137,7 +124,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift|goldman`<br>
+**Options**: `iks|kubernetes|openshift`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -217,7 +204,7 @@ cloudProvider:
 ## **cloudProvider.name**
 **Required**: `false`<br>
 **Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gcp`<br>
+**Options**: `aws|gke`<br>
 **Default**:<br>
 **Example**:
 
@@ -334,33 +321,6 @@ elasticsearch:
   useES6: true
 ```
 
-## **elasticsearch.enableMetrics**
-**Required**: `false`<br>
-**Description**:
-Allow Elasticsearch to export prometheus metrics.
-
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-elasticsearch:
-  enableMetrics: true
-```
-
-## **sysdig.elasticsearchExporterVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
-`elasticsearch.enableMetrics` is `true`.<br>
-**Options**:<br>
-**Default**: v1.2.0<br>
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchExporterVersion: v1.2.0
-```
-
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -706,61 +666,40 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
-**Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
-**Options**:<br>
-**Default**: 10Gi<br>
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    nats: 10Gi
-```
-
-## **pvStorageSize.medium.nats**
+## **sysdig.activityAuditVersion**
 **Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Description**: Docker image tag of Activity Audit services.<br>
 **Options**:<br>
-**Default**: 10Gi<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
-pvStorageSize:
-  medium:
-    nats: 10Gi
+sysdig:
+  activityAuditVersion: 3.6.4.11009
 ```
 
-## **pvStorageSize.small.nats**
+## **sysdig.profilingVersion**
 **Required**: `false`<br>
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Description**: Docker image tag of Profiling services.<br>
 **Options**:<br>
-**Default**: 10Gi<br>
+**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
 **Example**:
 
 ```yaml
-pvStorageSize:
-  small:
-    nats: 10Gi
+sysdig:
+  profilingVersion: 3.6.4.11009
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.8.1-51<br>
+**Default**: 0.6.1.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1-51
+  anchoreVersion: 0.8.1.8
 ```
 
 ## **sysdig.accessKey**
@@ -776,19 +715,6 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
-## **sysdig.awsRegion**
-**Required**: `false`<br>
-**Description**: The AWS (or AWS compatible) region to be used by Sysdig
-components to communicate with AWS (or an AWS compatible API).<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  awsRegion: my_aws_region
-```
-
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -843,67 +769,16 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
-## **sysdig.s3.capturesFolder**
-**Required**: `false`<br>
-**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
-[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    capturesFolder: my_captures_folder
-```
-
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**: <br>
-**Default**: 2.1.22.4<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraVersion: 2.1.22.4
-```
-
-## **sysdig.cassandraExporterVersion**
-**Required**: `false`<br>
-**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
-**Options**: <br>
-**Default**: latest<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandraExporterVersion: latest
-```
-
-## **sysdig.cassandra.useCassandra3**
-**Required**: `false`<br>
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  cassandra:
-    useCassandra3: false
-```
-
-## **sysdig.Cassandra3Version**
-**Required**: `false`<br>
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
-**Options**: <br>
-**Default**: `3.11.11.1`<br>
+**Options**:<br>
+**Default**: 2.1.21.13<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandra3Version: 3.11.11.1
+  cassandraVersion: 2.1.21.16
 ```
 
 ## **sysdig.cassandra.external**
@@ -938,7 +813,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`true`<br>
+**Default**:`false`<br>
 **Example**:
 
 ```yaml
@@ -950,9 +825,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
+**Description**: Enables cassandra server and clients communicate over ssl. <br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
@@ -962,19 +837,6 @@ sysdig:
    ssl: true
 ```
 
-## **sysdig.cassandra.enableMetrics**
-**Required**: `false`<br>
-**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
- cassandra:
-   enableMetrics: true
-```
-
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -1055,7 +917,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**: `-Xms4g -Xmx4g`<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
@@ -1109,31 +971,22 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform
-   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more
-PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
-
-This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/
-in the same level as `values.yaml`.<br>
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
-certs/custom-java-certs/certificate3.p12
-certs/custom-java-certs/certificate3.p12.passwd
-
-
 values.yaml
 ```
 
@@ -1169,14 +1022,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch.<br>
+**Description**: The docker image tag of Elasticsearch 6.<br>
 **Options**:<br>
-**Default**: 6.8.6.12<br>
+**Default**: 6.8.6.6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearch6Version: 6.8.6.12
+  elasticsearchVersion: 6.8.6.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1288,27 +1141,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 5.0.4.11001
+  monitorVersion: 3.6.4.11009
 ```
 
-## **sysdig.secureVersion**
+## **sysdig.scanningVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Secure, if this is not
-configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Scanning components, if
+this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secureVersion: 5.0.4.11001
+  scanningVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1318,12 +1171,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 5.0.4.11001
+  sysdigAPIVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1333,12 +1186,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 5.0.4.11001
+  sysdigCollectorVersion: 3.6.4.11009
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1348,12 +1201,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 5.0.4.11001<br>
+**Default**: 3.6.4.11009<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 5.0.4.11001
+  sysdigWorkerVersion: 3.6.4.11009
 ```
 
 ## **sysdig.enableAlerter**
@@ -1371,101 +1224,6 @@ sysdig:
   enableAlerter: true
 ```
 
-## **sysdig.alertingSystem.enabled**
-**Required**: `false`<br>
-**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    enabled: true
-```
-
-## **sysdig.alertingSystem.alertManager.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertManager.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManager:
-      apiToken: A_VALID_TOKEN
-```
-
-## **sysdig.alertingSystem.alertNotifier.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
-```
-
-## **sysdig.alertingSystem.alertNotifier.apiToken**
-**Required**: `false`<br>
-**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifier:
-      apiToken: A_VALID_TOKEN
-```
-
-## **sysdig.alertingSystem.alertNotifierReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertNotifier<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertNotifierReplicaCount: 3
-```
-
-## **sysdig.alertingSystem.alertManagerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Replica for the alertManager<br>
-**Options**:<br>
-**Default**: small: 1, medium: 3, large: 5<br>
-**Example**:
-
-```yaml
-sysdig:
-  alertingSystem:
-    alertManagerReplicaCount: 3
-```
-
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1540,7 +1298,8 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster
+instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1635,36 +1394,24 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.7.0.1<br>
+**Default**: 0.6.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.7.0.1
+  natsExporterVersion: 0.6.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.22.0.2<br>
-**Example**:
-
-```yaml
-sysdig:
-  natsStreamingVersion: 0.22.0.2
-```
-
-## **sysdig.natsStreamingInitVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of NATS streaming init.<br>
-**Options**:<br>
-**Default**: 0.22.0.2<br>
+**Default**: 0.16.2.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingInitVersion: 0.22.0.2
+  natsStreamingVersion: 0.16.2.1
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1681,36 +1428,6 @@ sysdig:
       enabled: true
 ```
 
-## **sysdig.nats.secure.username**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS username<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
-**Description**: NATS password<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1794,7 +1511,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure` and when `postgres.HA.enabled` is false.<br>
+is `monitor secure`.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1804,744 +1521,597 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**: 1.2.5-mysql-to-postgres<br>
+**Default**: [] <br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.postgresql.rootUser**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: Root user of the in-cluster postgresql instance.<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**: `postgres`<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootUser: postgres
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
 ```
 
-## **sysdig.postgresql.rootDb**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: Root database of the in-cluster postgresql instance.<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**: `anchore`<br>
+**Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootDb: anchore
+  proxy:
+    enable: true
 ```
 
-## **sysdig.postgresql.rootPassword**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: Password for the root user of the in-cluster postgresql instance.<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
-**Default**: Autogenerated 16 alphanumeric characters<br>
+**Default**:<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    rootPassword: my_root_password
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.postgresql.primary**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-```
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
+**Options**:<br>
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
 
-## **sysdig.postgresql.external**
-**Required**: `false`<br>
-**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-    sysdig:
-      host: my-sysdig-db-external.com
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**: [] <br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.postgresql.pgParameters**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**: ``<br>
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    pgParameters:
-      max_connections: '1024'
-      shared_buffers: '110MB'
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-
-## **sysdig.postgresql.ha.enabled**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: true if you want to deploy postgreSQL in HA mode.
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      enabled: true
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.postgresql.ha.spiloVersion**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL node in HA mode.
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**: `2.0-p7`<br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      spiloVersion: 2.0-p7
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.postgresql.ha.operatorVersion**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `v1.6.3`<br>
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      operatorVersion: v1.6.3
+  slack:
+    client: 
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.postgresql.ha.exporterVersion**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `latest`<br>
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      exporterVersion: v0.3
+  slack:
+    client: 
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.postgresql.ha.clusterDomain**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `cluster.local`<br>
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      clusterDomain: cluster.local
+  slack:
+    client: 
+      scope: incoming-webhook
 ```
 
-## **sysdig.postgresql.ha.replicas**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: number of replicas for postgreSQL nodes in HA mode.
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `3`<br>
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      replicas: 3
+  slack:
+    client: 
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-## **sysdig.postgresql.ha.checkCRDs**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: Check if zalando pg operator CRDs are already present, if yes stop the installation. If disable the installation will continue to be performed even if the CRDs are present.
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      checkCRD: true
+  slack:
+    client: 
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
 
-## **sysdig.postgresql.ha.enableExporter**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
-**Options**:<br>
-**Default**: `true`<br>
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      enableExporter: true
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.postgresql.ha.migrate.retryCount**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
-**Options**: `true|false`<br>
-**Default**: `3600`<br>
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retryCount: 3600
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
+
+## **sysdig.secure.anchore.customCerts**
 **Required**: `false`<br>
-**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
-**Options**:<br>
-**Default**: `10`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retrySleepSeconds: 10
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.postgresql.ha.migrate.retainBackup**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-
+**Description**: Docker image tag of Redis.<br>
+**Options**:<br>
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        retainBackup: true
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: Docker image tag of the migration job from postgres single node to HA mode.
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**: `postgres-to-postgres-ha-0.0.4`<br>
-
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      migrate:
-        migrationJobImageVersion: v0.1
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.postgresql.ha.customTls.enabled**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: If set to true will pass to the target pg crd the option to add
-custom certificates and CA
+**Description**: Determines if redis should run in HA mode<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
-
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
+  redisHa: false
 ```
 
-## **sysdig.postgresql.ha.customTls.crtSecretName**
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container certificate and key that will be used in postgres HA for ssl
-NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
+  resources:
+    cassandra:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresql.ha.customTls.caSecretName**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: in case of customtls enabled it's the name of the k8s secret
-that container the CA certificate that will be used in postgres HA for ssl
-NOTE: the CA certificate file must be called `ca.crt`
-**Options**: `secret-name`<br>
-**Default**: `nil`<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    ha:
-      customTls:
-       enabled: true
-       crtSecretName: sysdigcloud-postgres-tls-crt
-       caSecretName: sysdigcloud-postgres-tls-ca
-
+  resources:
+    cassandra:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.postgresDatabases.useNonAdminUsers**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-    profiling:
-      host: my-profiling-db-external.com
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
-## **sysdig.postgresDatabases.anchore**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    anchore:
-      host: my-anchore-db-external.com
-      port: 5432
-      db: anchore_db
-      username: anchore_user
-      password: my_anchore_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.profiling**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
-**Example**:
+**Description**: The amount of memory required to schedule cassandra pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    useNonAdminUsers: true
-    profiling:
-      host: my-profiling-db-external.com
-      port: 5432
-      db: anchore_db
-      username: profiling_user
-      password: my_profiling_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
 
-## **sysdig.postgresDatabases.policies**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    policies:
-      host: my-policies-db-external.com
-      port: 5432
-      db: policies_db
-      username: policies_user
-      password: my_policies_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    cassandra:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.postgresDatabases.scanning**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    scanning:
-      host: my-scanning-db-external.com
-      port: 5432
-      db: scanning_db
-      username: scanning_user
-      password: my_scanning_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
-## **sysdig.postgresDatabases.reporting**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    reporting:
-      host: my-reporting-db-external.com
-      port: 5432
-      db: reporting_db
-      username: reporting_user
-      password: my_reporting_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.padvisor**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    padvisor:
-      host: my-padvisor-db-external.com
-      port: 5432
-      db: padvisor_db
-      username: padvisor_user
-      password: my_padvisor_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
-## **sysdig.postgresDatabases.sysdig**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    sysdig:
-      host: my-sysdig-db-external.com
-      port: 5432
-      db: sysdig_db
-      username: sysdig_user
-      password: my_sysdig_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.postgresDatabases.serviceOwnerManagement**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
-**Example**:
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    serviceOwnerManagement:
-      host: my-som-db-external.com
-      port: 5432
-      db: som_db
-      username: som_user
-      password: my_som_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
-## **sysdig.postgresDatabases.beacon**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    beacon:
-      host: my-beacon-db-external.com
-      port: 5432
-      db: beacon_db
-      username: beacon_user
-      password: my_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.promBeacon**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
-**Example**:
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    promBeacon:
-      host: my-prom-beacon-db-external.com
-      port: 5432
-      db: prom_beacon_db
-      username: prom_beacon_user
-      password: my_prom_beacon_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 4Gi      |
+| medium       | 4Gi      |
+| large        | 4Gi      |
 
-## **sysdig.postgresDatabases.quartz**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    primary: true
-    external: true
-  postgresDatabases:
-    quartz:
-      host: my-quartz-db-external.com
-      port: 5432
-      db: quartz_db
-      username: quartz_user
-      password: my_quartz_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    elasticsearch:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.postgresDatabases.compliance**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
-**Example**:
+**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Options**:<br>
+**Default**:
 
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    compliance:
-      host: my-compliance-db-external.com
-      port: 5432
-      db: compliance_db
-      username: compliance_user
-      password: my_compliance_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
-## **sysdig.postgresDatabases.admissionController**
-**Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    admissionController:
-      host: my-admission-controller-db-external.com
-      port: 5432
-      db: admission_controller_db
-      username: admission_controller_user
-      password: my_admission_controller_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    mysql-router:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.postgresDatabases.rapidResponse**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-rapid-response-db-external.com
-      port: 5432
-      db: rapid_response_db
-      username: rapid_response_user
-      password: my_rapid_response_user_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  resources:
+    mysql-router:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
+  resources:
+    mysql-router:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
-**Default**: `false`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  resources:
+    mysql-router:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
 **Default**:<br>
 
@@ -2549,414 +2119,483 @@ is configured.<br>
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  resources:
+    mysql:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  resources:
+    mysql:
+      limits:
+        memory: 8Gi
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  resources:
+    mysql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
-**Default**: `80`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  resources:
+    mysql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.proxy.protocol**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  resources:
+    postgresql:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 8Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  resources:
+    postgresql:
+      limits:
+        memory: 8Gi
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
-**Default**: `awesomeclientid`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client:
-      id: 2255883163.123123123534
+  resources:
+    postgresql:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
-**Default**: `awesomeclientsecret`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client:
-      secret: 8a8af18123128acd312d12d12da
+  resources:
+    postgresql:
+      requests:
+        memory: 2Gi
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
-**Default**: `incoming-webhook`<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client:
-      scope: incoming-webhook
+  resources:
+    redis:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client:
-      endpoint: https://slack.com/oauth/v2/authorize
+  resources:
+    redis:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client:
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  resources:
+    redis:
+      requests:
+        cpu: 2
 ```
-## **sysdig.saml.certificate.name**
+
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The filename of the certificate that will be used for signing SAML requests.
-The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
-the certificate name used when creating the certificate.<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
+  resources:
+    redis:
+      requests:
+        memory: 2Gi
 ```
-## **sysdig.saml.certificate.password**
+
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The password required to read the certificate that will be used for signing SAML requests.
-If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**:  <br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  saml:
-    certificate:
-      name: saml-cert.p12
-      password: changeit
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
 
-**Example**:
-```yaml
-sysdig:
-  inactivitySettings:
-    trackerEnabled: true
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
-## **sysdig.inactivitySettings.trackerTimeout**
-**Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
 
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
-**Example**:
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
+**Example**:
 
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.anchore.enableMetrics**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**:
-Allow Anchore to export prometheus metrics.
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
-**Options**: `true|false`<br>
-**Default**: false<br>
 **Example**:
+
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      enableMetrics: true
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 4.0.12.7<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  resources:
+    redis-sentinel:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
-**Example**:
-
-```yaml
-sysdig:
-  redisHaVersion: 4.0.12-1.0.1
-```
+**Default**:
 
-## **sysdig.redisHa**
-**Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
-```yaml
-sysdig:
-  redisHa: false
-```
 
-## **sysdig.useRedis6**
-**Required**: `false`<br>
-**Description**: Determines if redis should be installed with version 6.x<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  useRedis6: false
+  resources:
+    redis-sentinel:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.redis6Version**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis 6, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 6.0.10.1<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  redis6Version: 6.0.10.1
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
-## **sysdig.redis6SentinelVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of Redis Sentinel, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
-**Options**:<br>
-**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  redis6SentinelVersion: 6.0.10.1
+  resources:
+    redis-sentinel:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.redis6ExporterVersion**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
-`sysdig.useRedis6` is `true`.<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
-**Default**: 1.15.1.1<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  redis6ExporterVersion: 1.15.1.1
+  resources:
+    redis-sentinel:
+      requests:
+        memory: 200Mi
 ```
 
-
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
+| medium       | 1        |
 | large        | 4        |
 
 **Example**:
@@ -2964,87 +2603,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8Gi      |
-| medium       | 8Gi      |
-| large        | 8Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    cassandra:
+    timescale-adapter:
       requests:
-        memory: 8Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
+**Description**: The amount of cpu assigned to api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
+**Description**: The amount of memory assigned to api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
+**Description**: The amount of cpu required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
+| medium       | 1        |
 | large        | 4        |
 
 **Example**:
@@ -3052,21 +2692,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
+**Description**: The amount of memory required to schedule api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -3074,200 +2714,214 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    elasticsearch:
+    api:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql-router:
+    worker:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    mysql:
+    alerter:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3275,7 +2929,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3283,88 +2937,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500Mi    |
+| small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    postgresql:
+    collector:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3372,88 +3026,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis:
+    anchore-core:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3461,88 +3115,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    anchore-worker:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3550,58 +3204,59 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    redis-sentinel:
+    scanning-api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3609,21 +3264,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3631,7 +3286,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 16Gi   |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3639,36 +3294,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
+| small        | 500m     |
 | medium       | 1        |
-| large        | 4        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3676,227 +3331,278 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    timescale-adapter:
+    scanningalertmgr:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       limits:
-        memory: 2Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50m      |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.ingressControllerHaProxy.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    ingressControllerHaProxy:
+    scanning-retention-mgr:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
+**Default**: 0 3 * * *<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 125m   |
-| medium       | 250m   |
-| large        | 250m   |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
+```
 
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+**Required**: `false`<br>
+**Description**: Max execution duration for the retention policy<br>
+**Options**:<br>
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      limits:
-        cpu: 2
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 168h<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 50Mi   |
-| medium       | 100Mi  |
-| large        | 100Mi  |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
+```
 
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+**Required**: `false`<br>
+**Description**: Artifical delay after each image deletion<br>
+**Options**:<br>
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      limits:
-        memory: 1Gi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
+**Default**: sysdigcloud-scanning-api:6000<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m     |
-| medium       | 50m     |
-| large        | 50m     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+```
 
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+**Required**: `false`<br>
+**Description**: Scanning DB engine<br>
+**Options**:<br>
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      requests:
-        cpu: 500m
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.ingressControllerRsyslog.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 90<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 20Mi     |
-| medium       | 20Mi     |
-| large        | 20Mi     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the tags policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    ingressControllerRsyslog:
-      requests:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
 ```
 
-## **sysdig.resources.api.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
+```
+
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api containers in api pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 300m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api containers in api pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3904,88 +3610,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api containers in api pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api containers in api pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    scanning-ve-janitor:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.apiNginx.limits.cpu**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nginx containers in api pods<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.apiNginx.limits.memory**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nginx containers in api pods<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -3993,88 +3699,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.apiNginx.requests.cpu**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.apiNginx.requests.memory**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nginx containers in api pods<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiNginx:
+    policy-advisor:
       requests:
-        memory: 100Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.cpu**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.apiEmailRenderer.limits.memory**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4082,88 +3788,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.apiEmailRenderer.requests.cpu**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 300m     |
 | medium       | 500m     |
-| large        | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       requests:
-        cpu: 500m
+        cpu: 300m
 ```
 
-## **sysdig.resources.apiEmailRenderer.requests.memory**
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
-
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    apiEmailRenderer:
+    netsec-api:
       requests:
-        memory: 100Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| medium       | 6Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -4171,88 +3877,89 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       limits:
-        memory: 10Mi
+        memory: 4Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.netsec-ingest.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    netsec-ingest:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.netsec-ingest.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
-      requests:
-        memory: 200Mi
+    netsec-ingest:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.netsec-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.netsec-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4260,88 +3967,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.netsec-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       requests:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.netsec-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    netsec-janitor:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.nats-streaming.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.nats-streaming.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -4349,36 +4056,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       limits:
-        memory: 10Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.nats-streaming.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.nats-streaming.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4386,141 +4093,139 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    nats-streaming:
       requests:
-        memory: 200Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.activity-audit-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    activity-audit-api:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.limits.cpu**
+## **sysdig.resources.activity-audit-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-api pods<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
+    activity-audit-api:
       limits:
-        cpu: 1
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-catalog.limits.cpu**
+## **sysdig.resources.activity-audit-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        cpu: 1
+    activity-audit-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.limits.cpu**
+## **sysdig.resources.activity-audit-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
-      limits:
-        cpu: 1
+    activity-audit-api:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.activity-audit-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    activity-audit-worker:
       limits:
-        memory: 10Mi
+        cpu: 1
 ```
 
-
-## **sysdig.resources.anchore-api.limits.memory**
+## **sysdig.resources.activity-audit-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-api pods<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4528,268 +4233,265 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-api:
+    activity-audit-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-
-## **sysdig.resources.anchore-catalog.limits.memory**
+## **sysdig.resources.activity-audit-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
-      limits:
-        memory: 10Mi
+    activity-audit-worker:
+      requests:
+        cpu: 250m
 ```
 
-
-## **sysdig.resources.anchore-policy-engine.limits.memory**
+## **sysdig.resources.activity-audit-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
-      limits:
-        memory: 10Mi
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
-      requests:
-        cpu: 2
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-api.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-api pods<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        cpu: 2
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    activity-audit-janitor:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.cpu**
+## **sysdig.resources.activity-audit-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    activity-audit-janitor:
       requests:
-        cpu: 2
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.profiling-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
-      requests:
-        memory: 200Mi
+    profiling-api:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.resources.anchore-api.requests.memory**
+## **sysdig.resources.profiling-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-api pods<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-api:
-      requests:
-        memory: 200Mi
+    profiling-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-catalog.requests.memory**
+## **sysdig.resources.profiling-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-catalog pods<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-catalog:
+    profiling-api:
       requests:
-        memory: 200Mi
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-policy-engine.requests.memory**
+## **sysdig.resources.profiling-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-policy-engine:
+    profiling-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.profiling-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.profiling-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -4797,88 +4499,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.profiling-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.profiling-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    profiling-worker:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.secure-overview-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.secure-overview-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -4886,89 +4588,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.secure-overview-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.secure-overview-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    secure-overview-api:
       requests:
-        memory: 200Mi
+        memory: 512Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.secure-prometheus.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.secure-prometheus.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -4976,292 +4677,329 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.secure-prometheus.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.secure-prometheus.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    secure-prometheus:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.events-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.events-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.events-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.events-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    events-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
+## **sysdig.resources.events-gatherer.limits.cpu**
 **Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
 **Options**:<br>
-**Default**: 0 3 * * *<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.events-gatherer.limits.memory**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
 **Options**:<br>
-**Default**: 23h<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
+## **sysdig.resources.events-gatherer.requests.cpu**
 **Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
 **Options**:<br>
-**Default**: 168h<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.events-gatherer.requests.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
 **Options**:<br>
-**Default**: 1s<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
+## **sysdig.resources.events-dispatcher.limits.cpu**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.events-dispatcher.limits.memory**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
 **Options**:<br>
-**Default**: mysql<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
+  resources:
+    events-dispatcher:
+      limits:
+        memory: 250Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
+## **sysdig.resources.events-dispatcher.requests.cpu**
 **Required**: `false`<br>
-**Description**: Default value for the date policy<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
 **Options**:<br>
-**Default**: 90<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
-**Options**:<br>
-**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
+  resources:
+    events-dispatcher:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+## **sysdig.resources.events-dispatcher.requests.memory**
 **Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
 **Options**:<br>
-**Default**: 5<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
+  resources:
+    events-dispatcher:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+## **sysdig.resources.events-forwarder-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
+| small        | 1      |
+| medium       | 1      |
 | large        | 1      |
 
 **Example**:
@@ -5269,4925 +5007,1940 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-forwarder-api:
       limits:
-        cpu: 2
+        cpu: 1
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
+## **sysdig.resources.events-forwarder-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-forwarder-api:
       limits:
-        memory: 10Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.events-forwarder-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-forwarder-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.events-forwarder-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    events-forwarder-api:
       requests:
-        memory: 200Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
+## **sysdig.resources.events-forwarder.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api containers<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
+## **sysdig.resources.events-forwarder.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api containers<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 500Mi  |
-| medium     | 500Mi  |
-| large      | 500Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder:
       limits:
         memory: 500Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
+## **sysdig.resources.events-forwarder.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  250m  |
-| medium     |  250m  |
-| large      |  250m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApi:
+    events-forwarder:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
+## **sysdig.resources.events-forwarder.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api containers<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api:
+    events-forwarder:
       requests:
-        memory: 50Mi
+        memory:  50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
+## **sysdig.resources.events-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 1      |
-| medium     | 1      |
-| large      | 1      |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-janitor:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
+## **sysdig.resources.events-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to admission-controller-api PG
-migrate containers<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|limits  |
-|------------|--------|
-| small      | 256Mi  |
-| medium     | 256Mi  |
-| large      | 256Mi  |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-janitor:
       limits:
-        memory: 256Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
+## **sysdig.resources.events-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  100m  |
-| medium     |  100m  |
-| large      |  100m  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningAdmissionControllerApiPgMigrate:
+    events-janitor:
       requests:
-        cpu: 100m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
+## **sysdig.resources.events-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule admission-controller-api
-PG migrate containers<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
 **Options**:<br>
 **Default**:
 
-|cluster-size|requests|
-|------------|--------|
-| small      |  50Mi  |
-| medium     |  50Mi  |
-| large      |  50Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    admission-controller-api-pg-migrate:
+    events-janitor:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.resources.reporting-init.limits.cpu**
+## **sysdig.restrictPasswordLogin**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-init pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
-
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-init:
-      limits:
-        cpu: 1
+  restrictPasswordLogin: true
 ```
 
-## **sysdig.resources.reporting-init.limits.memory**
+## **sysdig.rsyslogVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-init pods<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
-
+**Default**: 8.34.0.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-init:
-      limits:
-        memory: 256Mi
+  rsyslogVersion: 8.34.0.7
 ```
 
-## **sysdig.resources.reporting-init.requests.cpu**
+## **sysdig.smtpFromAddress**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-init pods<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-init:
-      requests:
-        cpu: 100m
+  smtpFromAddress: from-address@my-company.com
 ```
 
-## **sysdig.resources.reporting-init.requests.memory**
+## **sysdig.smtpPassword**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-init pods<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-init:
-      requests:
-        memory: 50Mi
+  smtpPassword: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.reporting-api.limits.cpu**
+## **sysdig.smtpProtocolSSL**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1500m    |
-| medium       | 1500m    |
-| large        | 1500m    |
-
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      limits:
-        cpu: 1500m
+  smtpProtocolSSL: true
 ```
 
-## **sysdig.resources.reporting-api.limits.memory**
+## **sysdig.smtpProtocolTLS**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1536Mi   |
-| medium       | 1536Mi   |
-| large        | 1536Mi   |
-
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      limits:
-        memory: 1536Mi
+  smtpProtocolTLS: true
 ```
 
-## **sysdig.resources.reporting-api.requests.cpu**
+## **sysdig.smtpServer**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-api pods<br>
-**Options**:<br>
-**Default**:
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
 
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      requests:
-        cpu: 200m
+  smtpServerPort: 587<br>
 ```
 
-## **sysdig.resources.reporting-api.requests.memory**
+## **sysdig.smtpUser**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-api pods<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-api:
-      requests:
-        memory: 256Mi
+  smtpUser: bob+alice@gmail.com<br>
 ```
 
-## **sysdig.resources.reporting-worker.limits.cpu**
+## **sysdig.tolerations**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to reporting-worker pods<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2        |
-| medium       | 2        |
-| large        | 2        |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      limits:
-        cpu: 2
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
 ```
 
-## **sysdig.resources.reporting-worker.limits.memory**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to reporting-worker pods<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 16Gi     |
-| medium       | 16Gi     |
-| large        | 16Gi     |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      limits:
-        memory: 16Gi
+  anchoreCoreReplicaCount: 5
 ```
 
-## **sysdig.resources.reporting-worker.requests.cpu**
+## **sysdig.anchoreWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule reporting-worker pods<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 200m     |
-| medium       | 200m     |
-| large        | 200m     |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      requests:
-        cpu: 200m
+  anchoreWorkerReplicaCount: 5
 ```
 
-## **sysdig.resources.reporting-worker.requests.memory**
+## **sysdig.apiReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule reporting-worker pods<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 10Gi     |
-| medium       | 10Gi     |
-| large        | 10Gi     |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    reporting-worker:
-      requests:
-        memory: 10Gi
+  apiReplicaCount: 5
 ```
 
-## **sysdig.secure.scanning.reporting.debug**
+## **sysdig.cassandraReplicaCount**
 **Required**: `false`<br>
-**Description**: Enable logging at debug level<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
 **Options**:<br>
-**Default**: false<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        debug: false
+  cassandraReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
+## **sysdig.collectorReplicaCount**
 **Required**: `false`<br>
-**Description**: Reporting GRPC endpoint<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
+  collectorReplicaCount: 7
 ```
 
-## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
+## **sysdig.activityAuditWorkerReplicaCount**
 **Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
 **Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  activityAuditWorkerReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageDriver**
+## **sysdig.activityAuditApiReplicaCount**
 **Required**: `false`<br>
-**Description**: Storage kind for generated reports<br>
-**Options**: postgres, fs, s3<br>
-**Default**: postgres<br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageDriver: postgres
+  activityAuditApiReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageCompression**
+## **sysdig.policyAdvisorReplicaCount**
 **Required**: `false`<br>
-**Description**: Compression format for generated reports<br>
-**Options**: zip, gzip, none<br>
-**Default**: zip<br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageCompression: zip
+  policyAdvisorReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageFsDir**
+## **sysdig.netsecApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The directory where reports will saved (required when using `fs` driver)<br>
-**Options**: <br>
-**Default**: .<br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageFsDir: /reports
+  netsecApiReplicaCount: 1
 ```
 
-## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
+## **sysdig.netsecIngestReplicaCount**
 **Required**: `false`<br>
-**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
-**Options**: <br>
-**Default**: 1<br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storagePostgresRetentionDays: 1
+  netsecIngestReplicaCount: 1
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Bucket**
+## **sysdig.anchoreCoreReplicaCount**
 **Required**: `false`<br>
-**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Bucket: secure-scanning-reporting
+  anchoreCoreReplicaCount: 2
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Prefix**
+## **sysdig.scanningApiReplicaCount**
 **Required**: `false`<br>
-**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of Scanning API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Prefix: reports
+  scanningApiReplicaCount: 3
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Endpoint**
+## **sysdig.elasticsearchReplicaCount**
 **Required**: `false`<br>
-**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Endpoint: s3.example.com
+  elasticsearchReplicaCount: 20
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3Region**
+## **sysdig.workerReplicaCount**
 **Required**: `false`<br>
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3Region: us-east-1
-```
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
-## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
-**Required**: `false`<br>
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
+  workerReplicaCount: 7
 ```
 
-## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
+## **sysdig.alerterReplicaCount**
 **Required**: `false`<br>
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-```
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
 
-## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
-**Required**: `true`<br />
-**Description**: The flag to enable on-demand generation of reports globally<br />
-**Options**: false, true<br />
-**Default**: false<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        onDemandGenerationEnabled: true
+  alerterReplicaCount: 7
 ```
 
-## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
-**Required**: `false`<br />
-**Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
-**Options**: <br />
-**Default**: <br />
-**Example**:
+## **sysdig.eventsGathererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        onDemandGenerationCustomers: "1,12,123"
-```
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
 
-## **sysdig.secure.scanning.reporting.workerSleepTime**
-**Required**: `false`<br>
-**Description**: The sleep interval between two runs of the reporting worker<br>
-**Options**: <br>
-**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      reporting:
-        workerSleepTime: 120s
+  eventsGathererReplicaCount: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.eventsAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        cpu: 2
+  eventsAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.eventsDispatcherReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+**Default**:<br>
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      limits:
-        memory: 10Mi
+  eventsDispatcherReplicaCount: 1
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.eventsForwarderReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 1        |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        cpu: 2
+  eventsForwarderReplicaCount: 2
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.eventsForwarderAPIReplicaCount**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    policy-advisor:
-      requests:
-        memory: 200Mi
+  eventsForwarderAPIReplicaCount: 1
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        cpu: 1
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.admin.password**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      limits:
-        memory: 1Gi
+  admin:
+    password: my-@w350m3-p@55w0rd
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.api.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+```yaml
+sysdig:
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+```
 
+## **sysdig.certificate.generate**
+**Required**: `false`<br>
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        cpu: 300m
+  certificate:
+    generate: true
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-api:
-      requests:
-        memory: 1Gi
+  certificate:
+    crt: certs/server.crt
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.certificate.key**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.netsec-ingest.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 4Gi
-```
-
-## **sysdig.resources.netsec-ingest.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    netsec-ingest:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.netsec-ingest.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    netsec-ingest:
-      limits:
-        memory: 2Gi
-```
-
-## **sysdig.resources.netsec-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.netsec-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      limits:
-        memory: 1Gi
+  certificate:
+    key: certs/server.key
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+## **sysdig.collector.dnsName**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        cpu: 1
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
 ```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+## **sysdig.collector.jvmOptions**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    netsec-janitor:
-      requests:
-        memory: 1Gi
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.collector.certificate.generate**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        cpu: 2
+  collector:
+    certificate:
+      generate: true
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.collector.certificate.crt**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-
+**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
+  collector:
+    certificate:
+      crt: certs/collector.crt
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.collector.certificate.key**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**:<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.nats-streaming.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        memory: 1Gi
-```
-
-## **sysdig.resources.activity-audit-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.activity-audit-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.activity-audit-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.activity-audit-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.activity-audit-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.activity-audit-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    activity-audit-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.profiling-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.profiling-worker.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.profiling-worker.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.profiling-worker.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.profiling-worker.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    profiling-worker:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.secure-overview-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-overview-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.secure-overview-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-overview-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-overview-api:
-      requests:
-        memory: 512Mi
-```
-
-## **sysdig.resources.secure-prometheus.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.secure-prometheus.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      limits:
-        memory: 8Gi
-```
-
-## **sysdig.resources.secure-prometheus.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        cpu: 500m
-```
-
-## **sysdig.resources.secure-prometheus.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    secure-prometheus:
-      requests:
-        memory: 2Gi
-```
-
-## **sysdig.resources.events-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-gatherer.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.events-gatherer.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.events-gatherer.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-gatherer.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-gatherer:
-      requests:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-dispatcher.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        memory: 250Mi
-```
-
-## **sysdig.resources.events-dispatcher.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-dispatcher.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder-api.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder-api.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder-api.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder-api.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.resources.events-forwarder.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-forwarder.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      limits:
-        memory: 500Mi
-```
-
-## **sysdig.resources.events-forwarder.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-forwarder.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-forwarder:
-      requests:
-        memory:  50Mi
-```
-
-## **sysdig.resources.events-janitor.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.events-janitor.limits.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      limits:
-        memory: 200Mi
-```
-
-## **sysdig.resources.events-janitor.requests.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.events-janitor.requests.memory**
-**Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    events-janitor:
-      requests:
-        memory: 50Mi
-```
-
-## **sysdig.restrictPasswordLogin**
-**Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-sysdig:
-  restrictPasswordLogin: true
-```
-
-## **sysdig.rsyslogVersion**
-**Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
-**Options**:<br>
-**Default**: 8.34.0.7<br>
-**Example**:
-
-```yaml
-sysdig:
-  rsyslogVersion: 8.34.0.7
-```
-
-## **sysdig.smtpFromAddress**
-**Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpFromAddress: from-address@my-company.com
-```
-
-## **sysdig.smtpPassword**
-**Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.smtpProtocolSSL**
-**Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolSSL: true
-```
-
-## **sysdig.smtpProtocolTLS**
-**Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpProtocolTLS: true
-```
-
-## **sysdig.smtpServer**
-**Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServer: smtp.gmail.com
-```
-
-## **sysdig.smtpServerPort**
-**Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpServerPort: 587<br>
-```
-
-## **sysdig.smtpUser**
-**Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  smtpUser: bob+alice@gmail.com<br>
-```
-
-## **sysdig.tolerations**
-**Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 5
-```
-
-## **sysdig.anchoreAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore API replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreAPIReplicaCount: 4
-```
-
-## **sysdig.anchoreCatalogReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCatalogReplicaCount: 4
-```
-
-## **sysdig.anchorePolicyEngineReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchorePolicyEngineReplicaCount: 4
-```
-
-## **sysdig.anchoreWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreWorkerReplicaCount: 5
-```
-
-## **sysdig.apiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  apiReplicaCount: 5
-```
-
-## **sysdig.cassandraReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  cassandraReplicaCount: 20
-```
-
-## **sysdig.collectorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  collectorReplicaCount: 7
-```
-
-## **sysdig.activityAuditWorkerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditWorkerReplicaCount: 20
-```
-
-## **sysdig.activityAuditApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  activityAuditApiReplicaCount: 20
-```
-
-## **sysdig.policyAdvisorReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  policyAdvisorReplicaCount: 20
-```
-
-## **sysdig.scanningAdmissionControllerAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of scanning Admission Controller API replicas, this is
-a noop for clusters of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-|cluster-size|count|
-|------------|-----|
-| small      |  1  |
-| medium     |  1  |
-| large      |  1  |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningAdmissionControllerAPIReplicaCount: 1
-```
-
-## **sysdig.netsecApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecApiReplicaCount: 1
-```
-
-## **sysdig.netsecIngestReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecIngestReplicaCount: 1
-```
-## **sysdig.netsecCommunicationShards**
-**Required**: `false`<br>
-**Description**: Number of Netsec communications index shards.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 3     |
-| medium       | 9     |
-| large        | 15    |
-
-**Example**:
-
-```yaml
-sysdig:
-  netsecCommunicationShards: 5
-```
-
-## **sysdig.anchoreCoreReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  anchoreCoreReplicaCount: 2
-```
-
-## **sysdig.scanningApiReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  scanningApiReplicaCount: 3
-```
-
-## **sysdig.elasticsearchReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
-**Example**:
-
-```yaml
-sysdig:
-  elasticsearchReplicaCount: 20
-```
-
-## **sysdig.workerReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  workerReplicaCount: 7
-```
-
-## **sysdig.alerterReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
-## **sysdig.eventsGathererReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsGathererReplicaCount: 2
-```
-
-## **sysdig.eventsAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsAPIReplicaCount: 1
-```
-
-## **sysdig.eventsDispatcherReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsDispatcherReplicaCount: 1
-```
-
-## **sysdig.eventsForwarderReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderReplicaCount: 2
-```
-
-## **sysdig.eventsForwarderAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
-**Example**:
-
-```yaml
-sysdig:
-  eventsForwarderAPIReplicaCount: 1
-```
-
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
-```
-
-## **sysdig.admin.password**
-**Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
-```
-
-## **sysdig.api.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
-```
-
-## **sysdig.certificate.generate**
-**Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    generate: true
-```
-
-## **sysdig.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    crt: certs/server.crt
-```
-
-## **sysdig.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
-**Options**:<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  certificate:
-    key: certs/server.key
-```
-
-## **sysdig.collector.dnsName**
-**Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
-```
-
-## **sysdig.collector.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.collector.certificate.generate**
-**Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      generate: true
-```
-
-## **sysdig.collector.certificate.crt**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
-```
-
-## **sysdig.collector.certificate.key**
-**Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
-```
-## **sysdig.worker.enabled**
-**Required**: `false`<br>
-**Description**: Enables Sysdig Worker component<br>
-**Options**:`true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    enabled: true
-```
-
-## **sysdig.worker.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-**Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **agent.apiKey**
-**Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  apiKey: replace_with_your_monitor_access_key
-```
-
-## **agent.appChecks.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    settings:
-      limit: 1500
-```
-
-## **agent.collectorEndpoint**
-**Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
-**Example**:
-
-```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
-```
-
-## **agent.collectorPort**
-**Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
-**Options**: `1024-65535`<br>
-**Default**: `6443`<br>
-**Example**:
-
-```yaml
-agent:
-  collectorPort: 6443
-```
-
-## **agent.namespace**
-**Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
-**Options**: <br>
-**Default**: `agent`<br>
-**Example**:
-
-```yaml
-agent:
-  namespace: sysdig-agent
-```
-
-## **agent.useSlim**
-**Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  useSlim: true
-```
-
-## **agent.version**
-**Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
-**Options**: <br>
-**Default**: `latest`<br>
-**Example**:
-
-```yaml
-agent:
-  version: 1.10.1
-```
-
-## **agent.useSSL**
-**Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  useSSL: false
-```
-
-## **agent.verifySSL**
-**Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  verifySSL: false
-```
-
-## **agent.clusterName**
-**Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
-**Example**:
-
-```yaml
-agent:
-  clusterName: false
-```
-
-## **agent.tags**
-**Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  tags: environment:production linux:ubuntu
-```
-
-## **agent.capturesEnabled**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  capturesEnabled: false
-```
-
-## **agent.feature_mode**
-**Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
-**Example**:
-
-```yaml
-agent:
-  feature_mode: troubleshooting
-```
-
-## **agent.timezone**
-**Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  timezone: America/New_York.
-```
-
-## **agent.proxy.httpProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
-```
-
-## **agent.proxy.httpsProxy**
-**Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
-```
-
-## **agent.proxy.noProxy**
-**Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
-```
-
-## **agent.snaplenPortRange.start**
-**Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.snaplenPortRange.end**
-**Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
-**Example**:
-
-```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
-```
-
-## **agent.customKernelModules.enabled**
-**Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  customKernelModules:
-    enabled: true
-```
-
-## **agent.secure.enabled**
-**Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    enabled: true
-```
-
-## **agent.secure.commandLineCapturesEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    commandLineCapturesEnabled: true
-```
-
-## **agent.secure.memoryDumpEnabled**
-**Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    memoryDumpEnabled: true
-```
-
-## **agent.secure.settings.k8sAuditServerURL**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
-```
-
-## **agent.secure.settings.k8sAuditServerPort**
-**Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
-**Example**:
-
-```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
-```
-
-## **agent.prometheus.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    enabled: true
-```
-
-## **agent.prometheus.settings.interval**
-**Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
-```
-
-## **agent.prometheus.settings.logErrors**
-**Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
-```
-
-## **agent.prometheus.settings.maxMetrics**
-**Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
-```
-
-## **agent.prometheus.settings.maxMetricsPerProcess**
-**Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
-```
-
-## **agent.prometheus.settings.maxTagsPerMetric**
-**Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
-```
-
-## **agent.prometheus.settings.histograms**
-**Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  prometheus:
-    settings:
-      histograms: 3000
-```
-
-## **agent.statsd.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    enabled: true
-```
-
-## **agent.statsd.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
-**Example**:
-
-```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
-```
-
-## **agent.jmx.enabled**
-**Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    enabled: true
-```
-
-## **agent.jmx.settings.limit**
-**Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
-**Example**:
-
-```yaml
-agent:
-  jmx:
-    settings:
-      limit: 1000
-```
-
-## **agent.ebpf.enabled**
-**Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    enabled: true
-```
-
-## **agent.ebpf.settings.mountEtcVolume**
-**Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
-**Example**:
-
-```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
-```
-
-## **agent.appChecks.elasticsearch.authEnabled**
-**Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
-```
-
-## **agent.appChecks.elasticsearch.url**
-**Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
-```
-
-## **agent.appChecks.elasticsearch.port**
-**Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
-```
-
-## **agent.appChecks.elasticsearch.username**
-**Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
-```
-
-## **agent.appChecks.elasticsearch.password**
-**Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
-```
-
-## **agent.appChecks.elasticsearch.verifySSL**
-**Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
-**Example**:
-
-```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.worker.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enabled: true
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **sysdig.alerter.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **agent.appChecks.kafka.url**
+## **agent.apiKey**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+agent:
+  apiKey: replace_with_your_monitor_access_key
 ```
 
-## **agent.appChecks.kafka.port**
+## **agent.appChecks.settings.limit**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
 agent:
   appChecks:
-    kafka:
-      port: 9200
+    settings:
+      limit: 1500
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **agent.collectorEndpoint**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
 ```
 
-## **agent.appChecks.kafka.zk.port**
+## **agent.collectorPort**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Description**: Sysdig Colletor TCP Port.<br>
 **Options**: `1024-65535`<br>
-**Default**: <br>
+**Default**: `6443`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+  collectorPort: 6443
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **agent.namespace**
+**Required**: `false`<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Options**: <br>
+**Default**: `agent`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
+  namespace: sysdig-agent
 ```
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+## **agent.useSlim**
+**Required**: `false`<br>
+**Description**: Whether to use the slim version of agent or not.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+  useSlim: true
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **agent.version**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      enabled: true
+  version: 1.10.1
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **agent.useSSL**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+  useSSL: false
 ```
 
-## **agent.appChecks.mysql.user**
+## **agent.verifySSL**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+  verifySSL: false
 ```
 
-## **agent.appChecks.mysql.password**
+## **agent.clusterName**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
 **Example**:
 
 ```yaml
 agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+  clusterName: false
 ```
 
-## **agent.resources.limits.cpu**
+## **agent.tags**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
-
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      cpu: 2
+  tags: environment:production linux:ubuntu
 ```
 
-## **agent.resources.limits.memory**
+## **agent.capturesEnabled**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
-
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    limits:
-      memory: 2
+  capturesEnabled: false
 ```
 
-## **agent.resources.requests.cpu**
+## **agent.feature_mode**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
-
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      cpu: 2
+  feature_mode: troubleshooting
 ```
 
-## **agent.resources.requests.memory**
+## **agent.timezone**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
-
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    requests:
-      memory: 2
+  timezone: America/New_York.
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **agent.proxy.httpProxy**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
-
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **agent.proxy.httpsProxy**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **agent.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
-**Options**:<br>
-**Default**: ""<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
+## **agent.snaplenPortRange.start**
 **Required**: `false`<br>
-**Description**: Max duration after the last ping from an AC before it is considered
-disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
-**Options**:<br>
-**Default**: 10m<br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        maxDurationBeforeDisconnection: 20m
+agent:
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
+## **agent.snaplenPortRange.end**
 **Required**: `false`<br>
-**Description**: TTL of the cache for the cluster configuration. It should be
-used by the AC as polling interval to retrieve the updated cluster configuration
-from the API. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        confTTLDuration: 10m
+agent:
+  snaplenPortRange:
+    start: "8125"
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
+## **agent.customKernelModules.enabled**
 **Required**: `false`<br>
-**Description**: TTL of an AC ping. It should be used by the AC as polling
-interval to perform a HEAD on the ping endpoint to notify it's still alive and
-connected. It cannot be greater than 30m and it cannot be greater than
-maxDurationBeforeDisconnection<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      admissionControllerAPI:
-        pingTTLDuration: 8m
+agent:
+  customKernelModules:
+    enabled: true
 ```
 
-## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
+## **agent.secure.enabled**
 **Required**: `false`<br>
-**Description**: Max duration of the cluster configuration cache. The API returns
-this value as max-age in seconds and the FE uses it for caching the cluster
-configuration. FE also asks for a new cluster configuration using this value
-as time interval. It cannot be greater than 30m<br>
-**Options**:<br>
-**Default**: 5m<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    scanning:
-      admissionControllerAPI:
-        clusterConfCacheMaxDuration: 9m
+    enabled: true
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **agent.secure.commandLineCapturesEnabled**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
-**Options**:<br>
-**Default**: "5"<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+agent:
+  secure:
+    commandLineCapturesEnabled: true
 ```
 
-## **sysdig.scanningAlertMgrForceAutoScan**
+## **agent.secure.memoryDumpEnabled**
 **Required**: `false`<br>
-**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
-**Options**:<br>
-**Default**: `false`<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  scanningAlertMgrForceAutoScan: false
+agent:
+  secure:
+    memoryDumpEnabled: true
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **agent.secure.settings.k8sAuditServerURL**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
-**Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+    settings:
+    k8sAuditServerURL: 127.0.0.1
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+## **agent.secure.settings.k8sAuditServerPort**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
-**Options**:<br>
-**Default**: "disable"<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+    settings:
+    k8sAuditServerPort: 7765
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+## **agent.prometheus.enabled**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+agent:
+  prometheus:
+    enabled: true
 ```
 
-
-## **sysdig.metadataService.enabled**
+## **agent.prometheus.settings.interval**
 **Required**: `false`<br>
-**Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataService:
-    enabled: true
+agent:
+  prometheus:
+    settings:
+      interval: 30
 ```
 
-## **sysdig.resources.metadataService.limits.cpu**
+## **agent.prometheus.settings.logErrors**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        cpu: 2
+agent:
+  prometheus:
+    settings:
+      logErrors: true
 ```
 
-## **sysdig.resources.metadataService.limits.memory**
+## **agent.prometheus.settings.maxMetrics**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      limits:
-        memory: 10Mi
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
 ```
 
-## **sysdig.resources.metadataService.requests.cpu**
+## **agent.prometheus.settings.maxMetricsPerProcess**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        cpu: 2
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
 ```
 
-## **sysdig.resources.metadataService.requests.memory**
+## **agent.prometheus.settings.maxTagsPerMetric**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule metadataService pods<br>
-**Options**:<br>
-**Default**:
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
+```
 
+## **agent.prometheus.settings.histograms**
+**Required**: `false`<br>
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    metadataService:
-      requests:
-        memory: 200Mi
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
 ```
 
-## **sysdig.metadataServiceReplicaCount**
+## **agent.statsd.enabled**
 **Required**: `false`<br>
-**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
-
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceReplicaCount: 4
+agent:
+  statsd:
+    enabled: true
 ```
 
-## **sysdig.metadataServiceVersion**
+## **agent.statsd.settings.limit**
 **Required**: `false`<br>
-**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 1.0.1.1<br>
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  metadataServiceVersion: 1.0.1.12
+agent:
+  statsd:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.helmRenderer.enabled**
+## **agent.jmx.enabled**
 **Required**: `false`<br>
-**Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br>
-**Options**:`true|false`<br>
-**Default**: `false`<br>
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRenderer:
+agent:
+  jmx:
     enabled: true
 ```
 
-## **sysdig.resources.helmRenderer.limits.cpu**
+## **agent.jmx.settings.limit**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        cpu: 2
+agent:
+  jmx:
+    settings:
+      limit: 1000
 ```
 
-## **sysdig.resources.helmRenderer.limits.memory**
+## **agent.ebpf.enabled**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      limits:
-        memory: 10Mi
+agent:
+  ebpf:
+    enabled: true
 ```
 
-## **sysdig.resources.helmRenderer.requests.cpu**
+## **agent.ebpf.settings.mountEtcVolume**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        cpu: 2
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
 ```
 
-## **sysdig.resources.helmRenderer.requests.memory**
+## **agent.appChecks.elasticsearch.authEnabled**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule helmRenderer pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  resources:
-    helmRenderer:
-      requests:
-        memory: 200Mi
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
 ```
 
-## **sysdig.helmRendererReplicaCount**
+## **agent.appChecks.elasticsearch.url**
 **Required**: `false`<br>
-**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 2     |
-| medium       | 6     |
-| large        | 10    |
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
+```
 
+## **agent.appChecks.elasticsearch.port**
+**Required**: `false`<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRendererReplicaCount: 4
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
 ```
 
-## **sysdig.helmRendererVersion**
+## **agent.appChecks.elasticsearch.username**
 **Required**: `false`<br>
-**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
-**Options**:<br>
-**Default**: 0.1.32<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  helmRendererVersion: 0.1.32
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
 ```
 
-## **sysdig.secure.activityAudit.enabled**
+## **agent.appChecks.elasticsearch.password**
 **Required**: `false`<br>
-**Description**: Enable activity audit for Sysdig secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    activityAudit:
-      enabled: true
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **sysdig.secure.activityAudit.janitor.retentionDays**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Retention period for Activity Audit data.<br>
-**Options**:<br>
-**Default**: 90<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    activityAudit:
-      janitor:
-        retentionDays: 90
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **sysdig.secure.anchore.enabled**
-**Required**: `false`<br>
-**Description**: Enable anchore for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    anchore:
+agent:
+  appChecks:
+    kafka:
       enabled: true
 ```
 
-## **sysdig.secure.compliance.enabled**
-**Required**: `false`<br>
-**Description**: Enable compliance for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    compliance:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **sysdig.secure.netsec.enabled**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: Enable netsec for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    netsec:
-      enabled: true
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **sysdig.secure.overview.enabled**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: Enable overview for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    overview:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **sysdig.secure.padvisor.enabled**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: Enable policy advisor for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    padvisor:
-      enabled: true
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **sysdig.secure.profiling.enabled**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: Enable profiling for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    profiling:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **sysdig.secure.scanning.reporting.enabled**
-**Required**: `false`<br>
-**Description**: Enable reporting for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      reporting:
-        enabled: true
+agent:
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **sysdig.secure.scanning.enabled**
-**Required**: `false`<br>
-**Description**: Enable scanning for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    scanning:
-      enabled: true
+agent:
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **sysdig.secure.events.enabled**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: Enable events for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Whether to enable mysql app check.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    events:
+agent:
+  appChecks:
+    mysql:
       enabled: true
 ```
 
-## **sysdig.secure.eventsForwarder.enabled**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Enable events forwarder for Sysdig Secure.<br>
-**Options**:<br>
-**Default**: true<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    eventsForwarder:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **sysdig.secure.falcoRulesUpdater.enabled**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: Enable the falcoRulesUpdater CronJob. It runs an automated update of the Falco rules. For airgap installs, it expects to find the image in the same registry used for all other services.<br>
-**Options**:<br>
-**Default**: false<br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    falcoRulesUpdater:
-      enabled: true
+agent:
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **sysdig.secure.falcoRulesUpdater.schedule**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: Sets the `.spec.schedule` for the falcoRulesUpdater CronJob<br>
-**Options**:<br>
-**Default**: "0 1 * * *"<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    falcoRulesUpdater:
-      schedule: "*/10 * * * *"
+agent:
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.cpu**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        cpu: 1
+    limits:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.limits.memory**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to rapid-response-connector pods<br>
+**Description**:  The amount of memory assigned to agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      limits:
-        memory: 500Mi
+    limits:
+      memory: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.cpu**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        cpu: 250m
+    requests:
+      cpu: 2
 ```
 
-## **sysdig.resources.rapid-response-connector.requests.memory**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
 
 **Example**:
 
 ```yaml
-sysdig:
+agent:
   resources:
-    rapid-response-connector:
-      requests:
-        memory: 50Mi
+    requests:
+      memory: 2
 ```
 
-## **sysdig.rapidResponseConnectorReplicaCount**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: Number of Sysdig rapid-response-connector replicas.<br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
 
 **Example**:
 
 ```yaml
-sysdig:
-  rapidResponseConnectorReplicaCount: 1
+agent:
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **sysdig.secure.rapidResponse.enabled**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: Whether to deploy rapid response or not.<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
 **Options**:<br>
-**Default**: false<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      enabled: false
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
 
-## **sysdig.secure.rapidResponse.validationCodeLength**
-**Required**: `false`<br>
-**Description**: Length of mfa validation code sent via e-mail.<br>
-**Options**:<br>
-**Default**: 6<br>
 **Example**:
 
 ```yaml
-sysdig:
-  secure:
-    rapidResponse:
-      validationCodeLength: 8
+agent:
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
 **Options**:<br>
-**Default**: 180<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      validationCodeSecondsDuration: 8
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Global duration of session in seconds.<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
 **Options**:<br>
-**Default**: 7200<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    rapidResponse:
-      sessionTotalSecondsTTL: 7200
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-
-## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Idle duration of session in seconds.<br>
+**Description**: Cronjob schedule<br>
 **Options**:<br>
-**Default**: 300<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    rapidResponse:
-      sessionIdleSecondsTTL: 300
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-
-## **sysdig.secure.scanning.feedsEnabled**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
-
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
+
 ```yaml
 sysdig:
   secure:
-    scanning:
-      feedsEnabled: true
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **sysdig.feedsAPIVersion**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: Sets feeds API version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
-```yaml
-sysdig:
-  feedsAPIVersion: 0.5.0
-```
 
-## **sysdig.feedsDBVersion**
-**Required**: `false`<br>
-**Description**: Sets feeds database version<br>
-**Options**:<br>
-**Default**: `latest`<br>
-
-**Example**:
 ```yaml
 sysdig:
-  feedsDBVersion: 0.5.0-2020-03-11
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..41c0b5a2 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,4 +21,3 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
-  ingressClassName: haproxy

From 499f99c4475f2ac21f4198b69bb94c013311ffec Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 27 Jul 2023 21:27:03 +0000
Subject: [PATCH 127/156] updating installer docs

---
 installer/README.md                           |  91 +++++--------
 installer/docs/02-configuration_parameters.md | 122 +++++++++++++++++-
 installer/values.yaml                         |   1 +
 3 files changed, 156 insertions(+), 58 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 4e7d083d..cd47ed96 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,8 +1,9 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
+
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
-Agent), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -40,29 +41,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -82,23 +83,23 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
 - Download the installer binary that matches your OS from the
-  [sysdigcloud-kubernetes releases
-  page](https://github.com/draios/sysdigcloud-kubernetes/releases).
+  [installer releases
+  page](https://github.com/draios/installer/releases).
 - Run the Installer.
   ```bash
   ./installer deploy
@@ -123,29 +124,6 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -202,11 +180,11 @@ the installation machine.
 - Follow the Docker Log In to quay.io steps under the Access Requirements section.
 - Pull the image containing the self-extracting tar:
   ```bash
-  docker pull quay.io/sysdig/installer:3.6.4-2-uber
+  docker pull quay.io/sysdig/installer:3.5.1-1-uber
   ```
 - Extract the tarball:
   ```bash
-  docker create --name uber_image quay.io/sysdig/installer:3.6.4-2-uber
+  docker create --name uber_image quay.io/sysdig/installer:3.5.1-1-uber
   docker cp uber_image:/sysdig_installer.tar.gz .
   docker rm uber_image
   ```
@@ -216,29 +194,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -250,17 +228,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -296,12 +274,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/configuration_parameters.md)
+[configuration_parameters.md](docs/02-configuration_parameters.md)
 
 # Permissions
 
@@ -330,7 +308,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/advanced.md)
+For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
 
 # Example values.yaml
 
@@ -349,4 +327,3 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index a55aedaf..f31146b0 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -10016,6 +10016,19 @@ sysdig:
 | medium       | 3     |
 | large        | 5     |
 
+## **sysdig.meerkatAggregatorWorkerReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Meerkat aggregator worker replicas.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
 ## **sysdig.meerkatApiReplicaCount**
 
 **Required**: `false`<br />
@@ -10270,6 +10283,113 @@ sysdig:
     jvmOptions: "-Dio.netty.leakDetection.level=advanced"
 ```
 
+## **sysdig.resources.meerkatAggregatorWorker.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule each Meerkat Aggregator Worker pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatAggregatorWorker:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.meerkatAggregatorWorker.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule each Meerkat Aggregator Worker pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatAggregatorWorker:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.meerkatAggregatorWorker.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The max amount of cpu assigned to each Meerkat Aggregator Worker pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatAggregatorWorker:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.meerkatAggregatorWorker.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The max amount of memory assigned to each Meerkat Aggregator Worker pod<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    meerkatAggregatorWorker:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.meerkatAggregatorWorker.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Meerkat Aggregator Worker JVM.<br />
+**Options**:<br />
+**Default**: ` `
+
+**Example**:
+
+```yaml
+sysdig:
+  meerkatAggregatorWorker:
+    jvmOptions: "-Xmx2Gi"
+```
+
 ## **sysdig.resources.meerkatCollector.requests.cpu**
 
 **Required**: `false`<br />
@@ -13540,7 +13660,7 @@ override the `privateEndpointCommunicationEnforcement`.
 sysdig:
   prwsInternalIngestion:
     privateEndpointCommunicationEnforcement: false
-    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16 
+    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
 ```
 
 ## **sysdig.secure.netsec.rateLimit**
diff --git a/installer/values.yaml b/installer/values.yaml
index 41c0b5a2..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,3 +21,4 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
+  ingressClassName: haproxy

From 9d6b3b5740040d12ecfe9c2d11d0b5ce70e03787 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 1 Aug 2023 17:29:48 +0000
Subject: [PATCH 128/156] updating installer docs

---
 installer/docs/02-configuration_parameters.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index f31146b0..df37b437 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -10722,7 +10722,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: WARNING: If this is `true`, `sysdig.monitorVersion` must be `2.4.1.5032`. Enables TLS for Kafka cluster.<br />
 **Options**: `true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml

From e032122f31f2ff27954b7a4d544705d799b778b4 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 28 Aug 2023 14:54:43 +0000
Subject: [PATCH 129/156] updating installer docs

---
 .../overlays/patch.yaml                              | 12 ++++++++++++
 .../elasticsearch-init-vmmaxmapcount/values.yaml     |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml b/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml
index 931ed07c..cec7e24d 100644
--- a/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml
+++ b/installer/examples/elasticsearch-init-vmmaxmapcount/overlays/patch.yaml
@@ -1,4 +1,11 @@
 #This patchfile adds an initcontainer to ElasticSearch and sets vmmaxmap count in ES hosts
+#
+# WARNING: this patch is not necessary anymore, you can just add this option to the installer values:
+#
+# elasticsearch:
+#   ...
+#   setVmMaxMapCount: true
+#
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -11,7 +18,12 @@ spec:
         - name: elasticsearch-init-vmmaxmapcount
           image: quay.io/sysdig/opensearch-1:<CURRENT_ES_VERSION>
           securityContext:
+            capabilities:
+              drop:
+              - ALL
             privileged: true
+            readOnlyRootFilesystem: true
+            runAsNonRoot: false
             runAsUser: 0
           command:
             - sysctl
diff --git a/installer/examples/elasticsearch-init-vmmaxmapcount/values.yaml b/installer/examples/elasticsearch-init-vmmaxmapcount/values.yaml
index efb0330a..9955e422 100644
--- a/installer/examples/elasticsearch-init-vmmaxmapcount/values.yaml
+++ b/installer/examples/elasticsearch-init-vmmaxmapcount/values.yaml
@@ -9,3 +9,5 @@ sysdig:
     username: foo@bar.com
   license: <PLEASE_REPLACE>
   dnsName: foo.bar
+elasticsearch:
+  setVmMaxMapCount: true

From 048651385efcbbb48f8c13416740cecc976efbcd Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 5 Sep 2023 02:48:07 +0000
Subject: [PATCH 130/156] updating installer docs

---
 installer/README.md                        |   83 +-
 installer/docs/advanced.md                 |   44 +
 installer/docs/configuration_parameters.md | 8231 ++++++++++++++------
 installer/values.yaml                      |    1 -
 4 files changed, 5836 insertions(+), 2523 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cd47ed96..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,9 +1,8 @@
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
-
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
+Agent), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -41,29 +40,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -83,17 +82,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -124,6 +123,29 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -194,29 +216,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -228,17 +250,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -274,12 +296,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/02-configuration_parameters.md)
+[configuration_parameters.md](docs/configuration_parameters.md)
 
 # Permissions
 
@@ -308,7 +330,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
+For advanced configuration option see [advanced.md](docs/advanced.md)
 
 # Example values.yaml
 
@@ -327,3 +349,4 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/advanced.md b/installer/docs/advanced.md
index 8c5de38a..6617e8ba 100644
--- a/installer/docs/advanced.md
+++ b/installer/docs/advanced.md
@@ -104,3 +104,47 @@ In route53 create an A record with the dns name pointing to external ip/endpoint
 
 ### Gotchas
 Make sure that subnets have internet gateway configured and has enough ips.
+
+## Airgapped installations
+
+### Method for automatically updating the feeds database in airgapped environments
+This is a procedure that can be used to automatically update the feeds database:
+
+1. download the image file quay.io/sysdig/vuln-feed-database:latest from Sysdig registry to the jumpbox server and save it locally
+2. move the file from the jumpbox server to the customer airgapped environment (optional)
+3. load the image file and push it to the customer's airgapped image registry
+4. restart the pod sysdigcloud-feeds-db
+5. restart the pod feeds-api
+
+Finally, steps 1 to 5 will be performed periodically once a day.
+
+This is an example script that contains all the steps:
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/vuln-feed-database:latest
+# Save image
+docker image save quay.io/sysdig/vuln-feed-database:latest -o vuln-feed-database.tar
+# Optionally move image
+mv vuln-feed-database.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/vuln-feed-database.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag vuln-feed-database:latest airgapped-registry/vuln-feed-database:latest"
+ssh -t user@airgapped-host "docker image push airgapped-registry/vuln-feed-database:latest"
+# Restart database pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-db --replicas=1"
+# Restart feeds-api pod
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=0"
+ssh -t user@airgapped-host "kubectl -n sysdigcloud scale deploy sysdigcloud-feeds-api --replicas=1"
+```
+
+The script can be scheduled using a cron job that run every day
+```bash
+0 8 * * * feeds-database-update.sh >/dev/null 2>&1
+```
diff --git a/installer/docs/configuration_parameters.md b/installer/docs/configuration_parameters.md
index 3b35c54e..8968fb27 100644
--- a/installer/docs/configuration_parameters.md
+++ b/installer/docs/configuration_parameters.md
@@ -37,6 +37,19 @@ Disk, and Replicas.<br>
 size: medium
 ```
 
+## **kubernetesServerVersion**
+**Required**: `false`<br>
+**Description**: The Kubernetes version of the targeted cluster.
+ This helps to programmatically determine which apiVersions should be used, i.e. for `Ingress` - `networking.k8s.io/v1`
+ must be used with k8s version 1.22+. <br/>
+**Options**:<br>
+**Default**:If not provided, it will be pulled during `generate` and/or `import` phases. <br>
+**Example**:
+
+```yaml
+kubernetesServerVersion: v1.18.10
+```
+
 ## **storageClassProvisioner**
 **Required**: `false`<br>
 **Description**: The name of the [storage class
@@ -72,8 +85,8 @@ apps: monitor secure
 **Description**: The URL of the airgapped (internal) docker registry. This URL
 is used for installations where the Kubernetes cluster can not pull images
 directly from Quay. See [airgap instructions
-multi-homed](usage.md#airgap-installation-with-installation-machine-multi-homed)
-and [full airgap instructions](../usage.md#full-airgap-installation) for more
+multi-homed](../README.md#airgapped-with-multi-homed-installation-machine)
+and [full airgap instructions](../README.md#full-airgap-install) for more
 details.<br>
 **Options**:<br>
 **Default**:<br>
@@ -97,7 +110,7 @@ airgapped_repository_prefix: foo/bar
 ```
 
 ## **airgapped_registry_password**
-**Required**: `false`
+**Required**: `false`<br>
 **Description**: The password for the configured
 `airgapped_registry_username`. Ignore this parameter if the registry does not
 require authentication.<br>
@@ -124,7 +137,7 @@ airgapped_registry_username: bob+alice
 ## **deployment**
 **Required**: `false`<br>
 **Description**: The name of the Kubernetes installation.<br>
-**Options**: `iks|kubernetes|openshift`<br>
+**Options**: `iks|kubernetes|openshift|goldman`<br>
 **Default**: `kubernetes`<br>
 **Example**:
 
@@ -204,7 +217,7 @@ cloudProvider:
 ## **cloudProvider.name**
 **Required**: `false`<br>
 **Description**: The name of the cloud provider Sysdig Platform will run on.<br>
-**Options**: `aws|gke`<br>
+**Options**: `aws|gcp`<br>
 **Default**:<br>
 **Example**:
 
@@ -321,6 +334,33 @@ elasticsearch:
   useES6: true
 ```
 
+## **elasticsearch.enableMetrics**
+**Required**: `false`<br>
+**Description**:
+Allow Elasticsearch to export prometheus metrics.
+
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+elasticsearch:
+  enableMetrics: true
+```
+
+## **sysdig.elasticsearchExporterVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of Elasticsearch Metrics Exporter, relevant when configured
+`elasticsearch.enableMetrics` is `true`.<br>
+**Options**:<br>
+**Default**: v1.2.0<br>
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchExporterVersion: v1.2.0
+```
+
 ## **elasticsearch.tlsencryption.adminUser**
 **Required**: `false`<br>
 **Description**: The user bound to the ElasticSearch admin role.<br>
@@ -666,40 +706,61 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **sysdig.activityAuditVersion**
+## **pvStorageSize.large.nats**
 **Required**: `false`<br>
-**Description**: Docker image tag of Activity Audit services.<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 10Gi<br>
 **Example**:
 
 ```yaml
-sysdig:
-  activityAuditVersion: 3.6.4.11009
+pvStorageSize:
+  large:
+    nats: 10Gi
 ```
 
-## **sysdig.profilingVersion**
+## **pvStorageSize.medium.nats**
 **Required**: `false`<br>
-**Description**: Docker image tag of Profiling services.<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
 **Options**:<br>
-**Default**: [`sysdig.monitorVersion`](#sysdigmonitorversion)<br>
+**Default**: 10Gi<br>
 **Example**:
 
 ```yaml
-sysdig:
-  profilingVersion: 3.6.4.11009
+pvStorageSize:
+  medium:
+    nats: 10Gi
+```
+
+## **pvStorageSize.small.nats**
+**Required**: `false`<br>
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br>
+**Options**:<br>
+**Default**: 10Gi<br>
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    nats: 10Gi
 ```
 
 ## **sysdig.anchoreVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of the Sysdig Anchore Core.<br>
 **Options**:<br>
-**Default**: 0.6.1.2<br>
+**Default**: 0.8.1-51<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreVersion: 0.8.1.8
+  anchoreVersion: 0.8.1-51
 ```
 
 ## **sysdig.accessKey**
@@ -715,6 +776,19 @@ sysdig:
   accessKey: my_awesome_aws_access_key
 ```
 
+## **sysdig.awsRegion**
+**Required**: `false`<br>
+**Description**: The AWS (or AWS compatible) region to be used by Sysdig
+components to communicate with AWS (or an AWS compatible API).<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  awsRegion: my_aws_region
+```
+
 ## **sysdig.secretKey**
 **Required**: `false`<br>
 **Description**: The AWS (or AWS compatible) secretKey to be used by Sysdig
@@ -769,16 +843,67 @@ sysdig:
     bucketName: my_awesome_bucket
 ```
 
+## **sysdig.s3.capturesFolder**
+**Required**: `false`<br>
+**Description**: Name of the folder in S3 bucket to be used for storing captures, this option is ignored if
+[`sysdig.s3.enabled`](#sysdigs3enabled) is not configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    capturesFolder: my_captures_folder
+```
+
 ## **sysdig.cassandraVersion**
 **Required**: `false`<br>
 **Description**: The docker image tag of Cassandra.<br>
-**Options**:<br>
-**Default**: 2.1.21.13<br>
+**Options**: <br>
+**Default**: 2.1.22.4<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraVersion: 2.1.22.4
+```
+
+## **sysdig.cassandraExporterVersion**
+**Required**: `false`<br>
+**Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:latest` <br>
+**Options**: <br>
+**Default**: latest<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandraExporterVersion: latest
+```
+
+## **sysdig.cassandra.useCassandra3**
+**Required**: `false`<br>
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  cassandra:
+    useCassandra3: false
+```
+
+## **sysdig.Cassandra3Version**
+**Required**: `false`<br>
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br>
+**Options**: <br>
+**Default**: `3.11.11.1`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.21.16
+  cassandra3Version: 3.11.11.1
 ```
 
 ## **sysdig.cassandra.external**
@@ -813,7 +938,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Enables cassandra server and clients to use authentication. <br>
 **Options**: `true|false`<br>
-**Default**:`false`<br>
+**Default**:`true`<br>
 **Example**:
 
 ```yaml
@@ -825,9 +950,9 @@ sysdig:
 
 ## **sysdig.cassandra.ssl**
 **Required**: `false`<br>
-**Description**: Enables cassandra server and clients communicate over ssl. <br>
+**Description**: Enables cassandra server and clients communicate over ssl. Defaults to `true` for Cassandra 3 installs (available from 4.0)<br>
 **Options**: `true|false`<br>
-**Default**: `false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
@@ -837,6 +962,19 @@ sysdig:
    ssl: true
 ```
 
+## **sysdig.cassandra.enableMetrics**
+**Required**: `false`<br>
+**Description**: Enables cassandra exporter as sidecar. Defaults to `false` for all Cassandra installs (available from 4.0)<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+ cassandra:
+   enableMetrics: true
+```
+
 ## **sysdig.cassandra.user**
 **Required**: `false`<br>
 **Description**: Sets cassandra user. The only gotcha is the user cannot be a substring of sysdigcloud-cassandra.<br>
@@ -917,7 +1055,7 @@ sysdig:
 **Required**: `false`<br>
 **Description**: The custom configuration for Cassandra JVM.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `-Xms4g -Xmx4g`<br>
 **Example**:
 
 ```yaml
@@ -971,22 +1109,31 @@ The Sysdig platform may sometimes open connections over SSL to certain external
  - SAML over SSL
  - OpenID Connect over SSL
  - HTTPS Proxies<br>
-If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
+If the signing authorities for the certificates presented by these services are not well-known to the Sysdig Platform
+   (e.g., if you maintain your own Certificate Authority), they are not trusted by default.
 
-To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+To allow the Sysdig platform to trust these certificates, use this configuration to upload one or more
+PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .crt, .pem or .p12 extensions under certs/custom-java-certs/
+in the same level as `values.yaml`.<br>
 
-This configuration when set expects certificates with .crt extension under certs/custom-java-certs/ in the same level as `values.yaml`<br>
 **Options**: `true|false`<br>
 **Default**: false<br>
 **Example**:
 
 ```bash
 #In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+# certificate3.p12 will be loaded to the keystore together with it's private key.
 bash-5.0$ find certs values.yaml
 certs
 certs/custom-java-certs
 certs/custom-java-certs/certificate1.crt
 certs/custom-java-certs/certificate2.crt
+certs/custom-java-certs/certificate3.p12
+certs/custom-java-certs/certificate3.p12.passwd
+
+
 values.yaml
 ```
 
@@ -1022,14 +1169,14 @@ sysdig:
 
 ## **sysdig.elasticsearch6Version**
 **Required**: `false`<br>
-**Description**: The docker image tag of Elasticsearch 6.<br>
+**Description**: The docker image tag of Elasticsearch.<br>
 **Options**:<br>
-**Default**: 6.8.6.6<br>
+**Default**: 6.8.6.12<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchVersion: 6.8.6.6
+  elasticsearch6Version: 6.8.6.12
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1141,27 +1288,27 @@ sysdig:
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  monitorVersion: 3.6.4.11009
+  monitorVersion: 5.0.4.11001
 ```
 
-## **sysdig.scanningVersion**
+## **sysdig.secureVersion**
 **Required**: `false`<br>
-**Description**: The docker image tag of the Sysdig Scanning components, if
-this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
+**Description**: The docker image tag of the Sysdig Secure, if this is not
+configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningVersion: 3.6.4.11009
+  secureVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigAPIVersion**
@@ -1171,12 +1318,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigAPIVersion: 3.6.4.11009
+  sysdigAPIVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigCollectorVersion**
@@ -1186,12 +1333,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigCollectorVersion: 3.6.4.11009
+  sysdigCollectorVersion: 5.0.4.11001
 ```
 
 ## **sysdig.sysdigWorkerVersion**
@@ -1201,12 +1348,12 @@ this is not configured it defaults to `sysdig.monitorVersion` **Do not modify
 this unless you know what you are doing as modifying it could have unintended
 consequences**<br>
 **Options**:<br>
-**Default**: 3.6.4.11009<br>
+**Default**: 5.0.4.11001<br>
 **Example**:
 
 ```yaml
 sysdig:
-  sysdigWorkerVersion: 3.6.4.11009
+  sysdigWorkerVersion: 5.0.4.11001
 ```
 
 ## **sysdig.enableAlerter**
@@ -1224,6 +1371,101 @@ sysdig:
   enableAlerter: true
 ```
 
+## **sysdig.alertingSystem.enabled**
+**Required**: `false`<br>
+**Description**: Enable or disable the new alert-manager and alert-notifier deployment<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    enabled: true
+```
+
+## **sysdig.alertingSystem.alertManager.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Manager jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertManager.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Manager to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManager:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifier.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alert Notifier jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      jvmOptions: -Dsysdig.redismq.watermark.consumer.threads=20
+```
+
+## **sysdig.alertingSystem.alertNotifier.apiToken**
+**Required**: `false`<br>
+**Description**: API token used by the Alert Notifier to communicate with the sysdig API server<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifier:
+      apiToken: A_VALID_TOKEN
+```
+
+## **sysdig.alertingSystem.alertNotifierReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertNotifier<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertNotifierReplicaCount: 3
+```
+
+## **sysdig.alertingSystem.alertManagerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Replica for the alertManager<br>
+**Options**:<br>
+**Default**: small: 1, medium: 3, large: 5<br>
+**Example**:
+
+```yaml
+sysdig:
+  alertingSystem:
+    alertManagerReplicaCount: 3
+```
+
 ## **sysdig.mysqlHa**
 **Required**: `false`<br>
 **Description**: Determines if mysql should run in HA mode.<br>
@@ -1298,8 +1540,7 @@ sysdig:
 
 ## **sysdig.mysql.external**
 **Required**: `false`<br>
-**Description**: If set, the installer does not create a local mysql cluster
-instead it sets up the sysdig platform to connect to the configured
+**Description**: If set, the installer does not create a local mysql cluster, instead it sets up the sysdig platform to connect to the configured
 [`sysdig.mysql.hostname`](#sysdigmysqlhostname) <br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
@@ -1394,24 +1635,36 @@ sysdig:
 **Required**: `false`<br>
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br>
 **Options**:<br>
-**Default**: 0.6.0.1<br>
+**Default**: 0.7.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.6.0.1
+  natsExporterVersion: 0.7.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of NATS streaming.<br>
 **Options**:<br>
-**Default**: 0.16.2.1<br>
+**Default**: 0.22.0.2<br>
+**Example**:
+
+```yaml
+sysdig:
+  natsStreamingVersion: 0.22.0.2
+```
+
+## **sysdig.natsStreamingInitVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of NATS streaming init.<br>
+**Options**:<br>
+**Default**: 0.22.0.2<br>
 **Example**:
 
 ```yaml
 sysdig:
-  natsStreamingVersion: 0.16.2.1
+  natsStreamingInitVersion: 0.22.0.2
 ```
 
 ## **sysdig.nats.secure.enabled**
@@ -1428,6 +1681,36 @@ sysdig:
       enabled: true
 ```
 
+## **sysdig.nats.secure.username**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS username<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br>
+**Description**: NATS password<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
 ## **sysdig.nats.ha.enabled**
 **Required**: `false`<br>
 **Description**: NATS Streaming HA (High Availability) enabled.<br>
@@ -1511,7 +1794,7 @@ sysdig:
 ## **sysdig.postgresVersion**
 **Required**: `false`<br>
 **Description**: Docker image tag of Postgres, relevant when configured `apps`
-is `monitor secure`.<br>
+is `monitor secure` and when `postgres.HA.enabled` is false.<br>
 **Options**:<br>
 **Default**: 10.6.11<br>
 **Example**:
@@ -1521,613 +1804,744 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.postgresql.hostPathNodes**
+## **sysdig.mysqlToPostgresMigrationVersion**
 **Required**: `false`<br>
-**Description**: An array of node hostnames has shown in `kubectl get node -o
-name` that postgresql hostPath persistent volumes should be created on. The
-number of nodes must be at minimum whatever the value of
-[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br>
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br>
 **Options**:<br>
-**Default**: [] <br>
-
+**Default**: 1.2.5-mysql-to-postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    hostPathNodes:
-      - my-cool-host1.com
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
 ```
 
-## **sysdig.proxy.defaultNoProxy**
+## **sysdig.postgresql.rootUser**
 **Required**: `false`<br>
-**Description**: Default comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-should only be used if there is an intent to override the defaults provided by
-Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
-instead.<br>
+**Description**: Root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
-
+**Default**: `postgres`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core
+  postgresql:
+    rootUser: postgres
 ```
 
-## **sysdig.proxy.enable**
+## **sysdig.postgresql.rootDb**
 **Required**: `false`<br>
-**Description**: Determines if a [web
-proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
-used by Anchore for fetching CVE feed from
-[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
+**Description**: Root database of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**: `false`<br>
-
+**Default**: `anchore`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
+  postgresql:
+    rootDb: anchore
 ```
 
-## **sysdig.proxy.host**
+## **sysdig.postgresql.rootPassword**
 **Required**: `false`<br>
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
-is configured.<br>
+**Description**: Password for the root user of the in-cluster postgresql instance.<br>
 **Options**:<br>
-**Default**:<br>
-
+**Default**: Autogenerated 16 alphanumeric characters<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    host: my-awesome-proxy.my-awesome-domain.com
+  postgresql:
+    rootPassword: my_root_password
 ```
 
-## **sysdig.proxy.noProxy**
+## **sysdig.postgresql.primary**
 **Required**: `false`<br>
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy].<br>
-**Options**:<br>
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core`<br>
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+```
 
+## **sysdig.postgresql.external**
+**Required**: `false`<br>
+**Description**: If set, the installer does not create a local postgresql cluster, instead it sets up the sysdig platform to connect to configured `sysdig.postgresDatabases.*.Host` databases.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    noProxy: my-awesome.domain.com, 192.168.0.0/16
+  postgresql:
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+    sysdig:
+      host: my-sysdig-db-external.com
 ```
 
-## **sysdig.proxy.password**
+## **sysdig.postgresql.hostPathNodes**
 **Required**: `false`<br>
-**Description**: The password used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: An array of node hostnames has shown in `kubectl get node -o
+name` that postgresql hostPath persistent volumes should be created on. The
+number of nodes must be at minimum whatever the value of
+[`sysdig.postgresReplicaCount`](#sysdigpostgresreplicacount) is. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: [] <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    password: F00B@r!
+  postgresql:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
-## **sysdig.proxy.port**
+## **sysdig.postgresql.pgParameters**
 **Required**: `false`<br>
-**Description**: The port the configured
-[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
-configured it defaults to 80.<br>
+**Description**: a dictionary of Postgres parameter names and values to apply to the cluster
 **Options**:<br>
-**Default**: `80`<br>
+**Default**: ``<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    port: 3128
+  postgresql:
+    pgParameters:
+      max_connections: '1024'
+      shared_buffers: '110MB'
 ```
 
-## **sysdig.proxy.protocol**
+
+## **sysdig.postgresql.ha.enabled**
 **Required**: `false`<br>
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
-**Options**: `http|https`<br>
-**Default**: `http`<br>
+**Description**: true if you want to deploy postgreSQL in HA mode.
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    protocol: https
+  postgresql:
+    ha:
+      enabled: true
 ```
 
-## **sysdig.proxy.user**
+## **sysdig.postgresql.ha.spiloVersion**
 **Required**: `false`<br>
-**Description**: The user used to access the configured
-[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Description**: Docker image tag of the postgreSQL node in HA mode.
 **Options**:<br>
-**Default**:<br>
+**Default**: `2.0-p7`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  proxy:
-    enable: true
-    user: alice
+  postgresql:
+    ha:
+      spiloVersion: 2.0-p7
 ```
-## **sysdig.slack.client.id**
+
+## **sysdig.postgresql.ha.operatorVersion**
 **Required**: `false`<br>
-**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the postgreSQL operator pod that orchestrate postgreSQL nodes in HA mode.
 **Options**:<br>
-**Default**: `awesomeclientid`<br>
+**Default**: `v1.6.3`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      id: 2255883163.123123123534
+  postgresql:
+    ha:
+      operatorVersion: v1.6.3
 ```
 
-## **sysdig.slack.client.secret**
+## **sysdig.postgresql.ha.exporterVersion**
 **Required**: `false`<br>
-**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
 **Options**:<br>
-**Default**: `awesomeclientsecret`<br>
+**Default**: `latest`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      secret: 8a8af18123128acd312d12d12da
+  postgresql:
+    ha:
+      exporterVersion: v0.3
 ```
 
-## **sysdig.slack.client.scope**
+## **sysdig.postgresql.ha.clusterDomain**
 **Required**: `false`<br>
-**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: dns domain inside the cluster. Needed by the postgres operator to select the correct kubernetes api endpoint.
 **Options**:<br>
-**Default**: `incoming-webhook`<br>
+**Default**: `cluster.local`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      scope: incoming-webhook
+  postgresql:
+    ha:
+      clusterDomain: cluster.local
 ```
 
-## **sysdig.slack.client.endpoint**
+## **sysdig.postgresql.ha.replicas**
 **Required**: `false`<br>
-**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: number of replicas for postgreSQL nodes in HA mode.
 **Options**:<br>
-**Default**: `https://slack.com/oauth/v2/authorize` <br>
+**Default**: `3`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      endpoint: https://slack.com/oauth/v2/authorize
+  postgresql:
+    ha:
+      replicas: 3
 ```
 
-## **sysdig.slack.client.oauth.endpoint**
+## **sysdig.postgresql.ha.checkCRDs**
 **Required**: `false`<br>
-**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
+**Description**: Check if zalando pg operator CRDs are already present, if yes stop the installation. If disable the installation will continue to be performed even if the CRDs are present.
 **Options**:<br>
-**Default**: `https://slack.com/api/oauth.v2.access` <br>
+**Default**: `true`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  slack:
-    client: 
-      oauth:
-        endpoint: https://slack.com/api/oauth.v2.access
+  postgresql:
+    ha:
+      checkCRD: true
 ```
 
-## **sysdig.inactivitySettings.trackerEnabled**
+## **sysdig.postgresql.ha.enableExporter**
 **Required**: `false`<br>
-**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Docker image tag of the prometheus exporter for postgreSQL in HA mode.
+**Options**:<br>
+**Default**: `true`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerEnabled: true
+  postgresql:
+    ha:
+      enableExporter: true
 ```
 
-## **sysdig.inactivitySettings.trackerTimeout**
+## **sysdig.postgresql.ha.migrate.retryCount**
 **Required**: `false`<br>
-**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
-**Options**: `60-1209600`<br>
-**Default**: `1800`<br>
+**Description**: If true a sidecar prometheus exporter for postgres in HA mode is created.
+**Options**: `true|false`<br>
+**Default**: `3600`<br>
 
 **Example**:
+
 ```yaml
 sysdig:
-  inactivitySettings:
-    trackerTimeout: 900
+  postgresql:
+    ha:
+      migrate:
+        retryCount: 3600
 ```
 
-
-## **sysdig.secure.anchore.customCerts**
+## **sysdig.postgresql.ha.migrate.retrySleepSeconds**
 **Required**: `false`<br>
-**Description**:
-To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+**Description**: Wait time between checks for the migration job from postgreSQL in single mode to HA mode.
+**Options**:<br>
+**Default**: `10`<br>
 
-This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
-**Options**: `true|false`<br>
-**Default**: false<br>
 **Example**:
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/anchore-custom-certs
-certs/anchore-custom-certs/certificate1.crt
-certs/anchore-custom-certs/certificate2.crt
-values.yaml
-```
-
 ```yaml
 sysdig:
-  secure:
-    anchore:
-      customCerts: true
+  postgresql:
+    ha:
+      migrate:
+        retrySleepSeconds: 10
 ```
 
-## **sysdig.redisVersion**
+## **sysdig.postgresql.ha.migrate.retainBackup**
 **Required**: `false`<br>
-**Description**: Docker image tag of Redis.<br>
-**Options**:<br>
-**Default**: 4.0.12.7<br>
+**Description**: If true the statefulset and pvc of the postgreSQL in single node mode is not deleted after the migration to HA mode.
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisVersion: 4.0.12.7
+  postgresql:
+    ha:
+      migrate:
+        retainBackup: true
 ```
 
-## **sysdig.redisHaVersion**
+## **sysdig.postgresql.ha.migrate.migrationJobImageVersion**
 **Required**: `false`<br>
-**Description**: Docker image tag of HA Redis, relevant when configured
-`sysdig.redisHa` is `true`.<br>
+**Description**: Docker image tag of the migration job from postgres single node to HA mode.
 **Options**:<br>
-**Default**: 4.0.12-1.0.1<br>
+**Default**: `postgres-to-postgres-ha-0.0.4`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisHaVersion: 4.0.12-1.0.1
+  postgresql:
+    ha:
+      migrate:
+        migrationJobImageVersion: v0.1
 ```
 
-## **sysdig.redisHa**
+## **sysdig.postgresql.ha.customTls.enabled**
 **Required**: `false`<br>
-**Description**: Determines if redis should run in HA mode<br>
+**Description**: If set to true will pass to the target pg crd the option to add
+custom certificates and CA
 **Options**: `true|false`<br>
 **Default**: `false`<br>
+
 **Example**:
 
 ```yaml
 sysdig:
-  redisHa: false
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
 ```
 
-## **sysdig.resources.cassandra.limits.cpu**
+## **sysdig.postgresql.ha.customTls.crtSecretName**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container certificate and key that will be used in postgres HA for ssl
+NOTE: the certficate and key files must be called `tls.crt` and `tls.key`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        cpu: 2
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
 ```
 
-## **sysdig.resources.cassandra.limits.memory**
+## **sysdig.postgresql.ha.customTls.caSecretName**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+**Description**: in case of customtls enabled it's the name of the k8s secret
+that container the CA certificate that will be used in postgres HA for ssl
+NOTE: the CA certificate file must be called `ca.crt`
+**Options**: `secret-name`<br>
+**Default**: `nil`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      limits:
-        memory: 8Gi
+  postgresql:
+    ha:
+      customTls:
+       enabled: true
+       crtSecretName: sysdigcloud-postgres-tls-crt
+       caSecretName: sysdigcloud-postgres-tls-ca
+
 ```
 
-## **sysdig.resources.cassandra.requests.cpu**
+## **sysdig.postgresDatabases.useNonAdminUsers**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule cassandra pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: If set, the services will connect to `anchore` and `profiling` databases in non-root mode: this also means that `anchore` and `profiling` connection details and credentials will be fetched from `sysdigcloud-postgres-config` configmap and `sysdigcloud-postgres-secret` secret, instead of `sysdigcloud-config` configmap and `sysdigcloud-anchore` secret. It only works if `sysdig.postgresql.external` is set.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+    profiling:
+      host: my-profiling-db-external.com
 ```
 
-## **sysdig.resources.cassandra.requests.memory**
+## **sysdig.postgresDatabases.anchore**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule cassandra pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `anchore` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    anchore:
+      host: my-anchore-db-external.com
+      port: 5432
+      db: anchore_db
+      username: anchore_user
+      password: my_anchore_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.profiling**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `profiling` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresDatabases.useNonAdminUsers` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    cassandra:
-      requests:
-        memory: 2Gi
+  postgresql:
+    external: true
+  postgresDatabases:
+    useNonAdminUsers: true
+    profiling:
+      host: my-profiling-db-external.com
+      port: 5432
+      db: anchore_db
+      username: profiling_user
+      password: my_profiling_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.limits.cpu**
+## **sysdig.postgresDatabases.policies**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to elasticsearch pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `policies` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    policies:
+      host: my-policies-db-external.com
+      port: 5432
+      db: policies_db
+      username: policies_user
+      password: my_policies_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.scanning**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `scanning` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        cpu: 2
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    scanning:
+      host: my-scanning-db-external.com
+      port: 5432
+      db: scanning_db
+      username: scanning_user
+      password: my_scanning_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.limits.memory**
+## **sysdig.postgresDatabases.reporting**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
-
+**Description**: A map containing database connection details for external postgresql instance used as `reporting` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      limits:
-        memory: 8Gi
+  postgresql:
+    external: true
+  postgresDatabases:
+    reporting:
+      host: my-reporting-db-external.com
+      port: 5432
+      db: reporting_db
+      username: reporting_user
+      password: my_reporting_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.requests.cpu**
+## **sysdig.postgresDatabases.padvisor**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
+**Description**: A map containing database connection details for external postgresql instance used as `padvisor` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        cpu: 2
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    padvisor:
+      host: my-padvisor-db-external.com
+      port: 5432
+      db: padvisor_db
+      username: padvisor_user
+      password: my_padvisor_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.elasticsearch.requests.memory**
+## **sysdig.postgresDatabases.sysdig**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule elasticsearch pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `sysdig` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 4Gi      |
-| medium       | 4Gi      |
-| large        | 4Gi      |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    sysdig:
+      host: my-sysdig-db-external.com
+      port: 5432
+      db: sysdig_db
+      username: sysdig_user
+      password: my_sysdig_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.serviceOwnerManagement**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `serviceOwnerManagement` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    elasticsearch:
-      requests:
-        memory: 2Gi
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    serviceOwnerManagement:
+      host: my-som-db-external.com
+      port: 5432
+      db: som_db
+      username: som_user
+      password: my_som_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.limits.cpu**
+## **sysdig.postgresDatabases.beacon**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `beacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Beacon for IBM PlatformMetrics is enabled.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 500m   |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    beacon:
+      host: my-beacon-db-external.com
+      port: 5432
+      db: beacon_db
+      username: beacon_user
+      password: my_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.promBeacon**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `promBeacon` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured and Generalized Beacon is enabled.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        cpu: 2
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    promBeacon:
+      host: my-prom-beacon-db-external.com
+      port: 5432
+      db: prom_beacon_db
+      username: prom_beacon_user
+      password: my_prom_beacon_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.limits.memory**
+## **sysdig.postgresDatabases.quartz**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `quartz` database. To use in conjunction with `sysdig.postgresql.external`. Only relevant if `sysdig.postgresql.primary` is configured.<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+```yaml
+sysdig:
+  postgresql:
+    primary: true
+    external: true
+  postgresDatabases:
+    quartz:
+      host: my-quartz-db-external.com
+      port: 5432
+      db: quartz_db
+      username: quartz_user
+      password: my_quartz_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.compliance**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `compliance` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      limits:
-        memory: 8Gi
+  postgresql:
+    external: true
+  postgresDatabases:
+    compliance:
+      host: my-compliance-db-external.com
+      port: 5432
+      db: compliance_db
+      username: compliance_user
+      password: my_compliance_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.requests.cpu**
+## **sysdig.postgresDatabases.admissionController**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql-router pods<br>
-**Options**:<br>
-**Default**:
+**Description**: A map containing database connection details for external postgresql instance used as `admissionController` database. To use in conjunction with `sysdig.postgresql.external`.<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    admissionController:
+      host: my-admission-controller-db-external.com
+      port: 5432
+      db: admission_controller_db
+      username: admission_controller_user
+      password: my_admission_controller_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
 
+## **sysdig.postgresDatabases.rapidResponse**
+**Required**: `false`<br>
+**Description**: A map containing database connection details for external postgresql instance used as `rapidResponse` database. To use in conjunction with `sysdig.postgresql.external`.<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        cpu: 2
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-rapid-response-db-external.com
+      port: 5432
+      db: rapid_response_db
+      username: rapid_response_user
+      password: my_rapid_response_user_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.mysql-router.requests.memory**
+## **sysdig.proxy.defaultNoProxy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql-router pods<br>
+**Description**: Default comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+should only be used if there is an intent to override the defaults provided by
+Installer otherwise consider [`sysdig.proxy.noProxy`](#sysdigproxynoproxy)
+instead.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql-router:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    defaultNoProxy: 127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api
 ```
 
-## **sysdig.resources.mysql.limits.cpu**
+## **sysdig.proxy.enable**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to mysql pods<br>
+**Description**: Determines if a [web
+proxy](https://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers) should be
+used by Anchore for fetching CVE feed from
+[https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds](https://api.sysdigcloud.com/api/scanning-feeds/v1/feeds) and by the events forwarder to forward to HTTP based targets.<br>
 **Options**:<br>
-**Default**:<br>
+**Default**: `false`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
 ```
 
-## **sysdig.resources.mysql.limits.memory**
+## **sysdig.proxy.host**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to mysql pods<br>
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.proxy.enable`](#sysdigproxyenable)
+is configured.<br>
 **Options**:<br>
 **Default**:<br>
 
@@ -2135,556 +2549,414 @@ sysdig:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
+    host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.mysql.requests.cpu**
+## **sysdig.proxy.noProxy**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule mysql pods<br>
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.proxy.enable`](#sysdigproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.resources.mysql.requests.memory**
+## **sysdig.proxy.password**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule mysql pods<br>
+**Description**: The password used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    mysql:
-      requests:
-        memory: 2Gi
+  proxy:
+    enable: true
+    password: F00B@r!
 ```
 
-## **sysdig.resources.postgresql.limits.cpu**
+## **sysdig.proxy.port**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to postgresql pods<br>
+**Description**: The port the configured
+[`sysdig.proxy.host`](#sysdigproxyhost) is listening on. If this is not
+configured it defaults to 80.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 4      |
+**Default**: `80`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        cpu: 2
+  proxy:
+    enable: true
+    port: 3128
 ```
 
-## **sysdig.resources.postgresql.limits.memory**
+## **sysdig.proxy.protocol**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to postgresql pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 8Gi    |
-
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
+**Options**: `http|https`<br>
+**Default**: `http`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      limits:
-        memory: 8Gi
+  proxy:
+    enable: true
+    protocol: https
 ```
 
-## **sysdig.resources.postgresql.requests.cpu**
+## **sysdig.proxy.user**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule postgresql pods<br>
+**Description**: The user used to access the configured
+[`sysdig.proxy.host`](#sysdigproxyhost).<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        cpu: 2
+  proxy:
+    enable: true
+    user: alice
 ```
-
-## **sysdig.resources.postgresql.requests.memory**
+## **sysdig.slack.client.id**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule postgresql pods<br>
+**Description**: Your Slack application client_id, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+**Default**: `awesomeclientid`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    postgresql:
-      requests:
-        memory: 2Gi
+  slack:
+    client:
+      id: 2255883163.123123123534
 ```
 
-## **sysdig.resources.redis.limits.cpu**
+## **sysdig.slack.client.secret**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis pods<br>
+**Description**: Your Slack application client_secret, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+**Default**: `awesomeclientsecret`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        cpu: 2
+  slack:
+    client:
+      secret: 8a8af18123128acd312d12d12da
 ```
 
-## **sysdig.resources.redis.limits.memory**
+## **sysdig.slack.client.scope**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis pods<br>
+**Description**: Your Slack application scope, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
+**Default**: `incoming-webhook`<br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      limits:
-        memory: 1Gi
+  slack:
+    client:
+      scope: incoming-webhook
 ```
 
-## **sysdig.resources.redis.requests.cpu**
+## **sysdig.slack.client.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis pods<br>
+**Description**: Your Slack application authorization endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+**Default**: `https://slack.com/oauth/v2/authorize` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        cpu: 2
+  slack:
+    client:
+      endpoint: https://slack.com/oauth/v2/authorize
 ```
 
-## **sysdig.resources.redis.requests.memory**
+## **sysdig.slack.client.oauth.endpoint**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis pods<br>
+**Description**: Your Slack application oauth endpoint, needed for Sysdig Platform to send Slack notifications <br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 100Mi    |
-| large        | 100Mi    |
+**Default**: `https://slack.com/api/oauth.v2.access` <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis:
-      requests:
-        memory: 2Gi
+  slack:
+    client:
+      oauth:
+        endpoint: https://slack.com/api/oauth.v2.access
 ```
-
-## **sysdig.resources.redis-sentinel.limits.cpu**
+## **sysdig.saml.certificate.name**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
+**Description**: The filename of the certificate that will be used for signing SAML requests.
+The certificate file needs to be passed via `sysdig.certificate.customCA` and the filename should match
+the certificate name used when creating the certificate.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        cpu: 2
+  saml:
+    certificate:
+      name: saml-cert.p12
 ```
-
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.saml.certificate.password**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
+**Description**: The password required to read the certificate that will be used for signing SAML requests.
+If `sysdig.saml.certificate.name` is set, this parameter needs to be set as well.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+**Default**:  <br>
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        memory: 10Mi
+  saml:
+    certificate:
+      name: saml-cert.p12
+      password: changeit
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.inactivitySettings.trackerEnabled**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
+**Description**: Enables inactivity tracker. If the user performed no actions, they will be logged out automatically.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        cpu: 2
+  inactivitySettings:
+    trackerEnabled: true
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.inactivitySettings.trackerTimeout**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
+**Description**: Sets the timeout value (in seconds) for inactivity tracker.<br>
+**Options**: `60-1209600`<br>
+**Default**: `1800`<br>
 
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        memory: 200Mi
+  inactivitySettings:
+    trackerTimeout: 900
 ```
 
-## **sysdig.resources.redis-sentinel.limits.cpu**
-**Required**: `false`<br>
-**Description**: The amount of cpu assigned to redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 300m   |
-| medium       | 300m   |
-| large        | 300m   |
+## **sysdig.secure.anchore.customCerts**
+**Required**: `false`<br>
+**Description**:
+To allow the Anchore to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
 
+This configuration when set expects certificates with .crt, .pem extension under certs/anchore-custom-certs/ in the same level as `values.yaml`<br>
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/anchore-custom-certs
+certs/anchore-custom-certs/certificate1.crt
+certs/anchore-custom-certs/certificate2.crt
+values.yaml
+```
+
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        cpu: 2
+  secure:
+    anchore:
+      customCerts: true
 ```
 
-## **sysdig.resources.redis-sentinel.limits.memory**
+## **sysdig.secure.anchore.enableMetrics**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to redis-sentinel pods<br>
-**Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 20Mi   |
-| medium       | 20Mi   |
-| large        | 20Mi   |
-
+**Description**:
+Allow Anchore to export prometheus metrics.
 
+**Options**: `true|false`<br>
+**Default**: false<br>
 **Example**:
-
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      limits:
-        memory: 10Mi
+  secure:
+    anchore:
+      enableMetrics: true
 ```
 
-## **sysdig.resources.redis-sentinel.requests.cpu**
+## **sysdig.redisVersion**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
+**Description**: Docker image tag of Redis.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50m      |
-| medium       | 50m      |
-| large        | 50m      |
-
+**Default**: 4.0.12.7<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        cpu: 2
+  redisVersion: 4.0.12.7
 ```
 
-## **sysdig.resources.redis-sentinel.requests.memory**
+## **sysdig.redisHaVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule redis-sentinel pods<br>
+**Description**: Docker image tag of HA Redis, relevant when configured
+`sysdig.redisHa` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 5Mi      |
-| medium       | 5Mi      |
-| large        | 5Mi      |
-
+**Default**: 4.0.12-1.0.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    redis-sentinel:
-      requests:
-        memory: 200Mi
+  redisHaVersion: 4.0.12-1.0.1
 ```
 
-## **sysdig.resources.timescale-adapter.limits.cpu**
+## **sysdig.redisHa**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to timescale-adapter containers<br>
-**Options**:<br>
-**Default**:
+**Description**: Determines if redis should run in HA mode<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+```yaml
+sysdig:
+  redisHa: false
+```
 
+## **sysdig.useRedis6**
+**Required**: `false`<br>
+**Description**: Determines if redis should be installed with version 6.x<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      limits:
-        cpu: 2
+  useRedis6: false
 ```
 
-## **sysdig.resources.timescale-adapter.limits.memory**
+## **sysdig.redis6Version**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to timescale-adapter containers<br>
+**Description**: Docker image tag of Redis 6, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
-
+**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      limits:
-        memory: 10Mi
+  redis6Version: 6.0.10.1
 ```
 
-## **sysdig.resources.timescale-adapter.requests.cpu**
+## **sysdig.redis6SentinelVersion**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
+**Description**: Docker image tag of Redis Sentinel, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
-
+**Default**: 6.0.10.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      requests:
-        cpu: 2
+  redis6SentinelVersion: 6.0.10.1
 ```
 
-## **sysdig.resources.timescale-adapter.requests.memory**
+## **sysdig.redis6ExporterVersion**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule timescale-adapter containers<br>
+**Description**: Docker image tag of Redis Metrics Exporter, relevant when configured
+`sysdig.useRedis6` is `true`.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
-
+**Default**: 1.15.1.1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    timescale-adapter:
-      requests:
-        memory: 200Mi
+  redis6ExporterVersion: 1.15.1.1
 ```
 
-## **sysdig.resources.api.limits.cpu**
+
+## **sysdig.resources.cassandra.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to api pods<br>
+**Description**: The amount of cpu assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
+| small        | 2      |
 | medium       | 4      |
-| large        | 16     |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.api.limits.memory**
+## **sysdig.resources.cassandra.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to api pods<br>
+**Description**: The amount of memory assigned to cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.api.requests.cpu**
+## **sysdig.resources.cassandra.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule api pods<br>
+**Description**: The amount of cpu required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
+| medium       | 2        |
 | large        | 4        |
 
 **Example**:
@@ -2692,81 +2964,80 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.api.requests.memory**
+## **sysdig.resources.cassandra.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule api pods<br>
+**Description**: The amount of memory required to schedule cassandra pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
+| small        | 8Gi      |
+| medium       | 8Gi      |
+| large        | 8Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    api:
+    cassandra:
       requests:
-        memory: 200Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.worker.limits.cpu**
+## **sysdig.resources.elasticsearch.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to worker pods<br>
+**Description**: The amount of cpu assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.limits.memory**
+## **sysdig.resources.elasticsearch.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to worker pods<br>
+**Description**: The amount of memory assigned to elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
+| small        | 8Gi    |
 | medium       | 8Gi    |
-| large        | 16Gi   |
-
+| large        | 8Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.worker.requests.cpu**
+## **sysdig.resources.elasticsearch.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule worker pods<br>
+**Description**: The amount of cpu required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2781,21 +3052,21 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.worker.requests.memory**
+## **sysdig.resources.elasticsearch.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule worker pods<br>
+**Description**: The amount of memory required to schedule elasticsearch pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
+| small        | 4Gi      |
+| medium       | 4Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -2803,170 +3074,156 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    worker:
+    elasticsearch:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.mysql-router.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to alerter pods<br>
+**Description**: The amount of cpu assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 500m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.mysql-router.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to alerter pods<br>
+**Description**: The amount of memory assigned to mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.mysql-router.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule alerter pods<br>
+**Description**: The amount of cpu required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.mysql-router.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule alerter pods<br>
+**Description**: The amount of memory required to schedule mysql-router pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    alerter:
+    mysql-router:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.mysql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to collector pods<br>
+**Description**: The amount of cpu assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.mysql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to collector pods<br>
+**Description**: The amount of memory assigned to mysql pods<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
+**Default**:<br>
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.mysql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule collector pods<br>
+**Description**: The amount of cpu required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.mysql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule collector pods<br>
+**Description**: The amount of memory required to schedule mysql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -2974,27 +3231,27 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 4Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    collector:
+    mysql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.postgresql.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-core pods<br>
+**Description**: The amount of cpu assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
+| small        | 2      |
 | medium       | 4      |
 | large        | 4      |
 
@@ -3003,14 +3260,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.limits.memory**
+## **sysdig.resources.postgresql.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-core pods<br>
+**Description**: The amount of memory assigned to postgresql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3018,7 +3275,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 8Gi    |
 
 
 **Example**:
@@ -3026,14 +3283,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       limits:
-        memory: 10Mi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.anchore-core.requests.cpu**
+## **sysdig.resources.postgresql.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-core pods<br>
+**Description**: The amount of cpu required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3041,73 +3298,73 @@ sysdig:
 | ------------ | -------- |
 | small        | 500m     |
 | medium       | 1        |
-| large        | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-core.requests.memory**
+## **sysdig.resources.postgresql.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-core pods<br>
+**Description**: The amount of memory required to schedule postgresql pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
+| small        | 500Mi    |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-core:
+    postgresql:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.anchore-worker.limits.cpu**
+## **sysdig.resources.redis.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to anchore-worker pods<br>
+**Description**: The amount of cpu assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.limits.memory**
+## **sysdig.resources.redis.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to anchore-worker pods<br>
+**Description**: The amount of memory assigned to redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
 
 
 **Example**:
@@ -3115,88 +3372,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.anchore-worker.requests.cpu**
+## **sysdig.resources.redis.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule anchore-worker pods<br>
+**Description**: The amount of cpu required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.anchore-worker.requests.memory**
+## **sysdig.resources.redis.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule anchore-worker pods<br>
+**Description**: The amount of memory required to schedule redis pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    anchore-worker:
+    redis:
       requests:
-        memory: 200Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanning-api.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-api pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-api pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3204,89 +3461,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-api.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-api pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-api.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-api pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-api:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-
-## **sysdig.resources.scanningalertmgr.limits.cpu**
+## **sysdig.resources.redis-sentinel.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
+**Description**: The amount of cpu assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 4      |
+| small        | 300m   |
+| medium       | 300m   |
+| large        | 300m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.limits.memory**
+## **sysdig.resources.redis-sentinel.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanningalertmgr pods<br>
+**Description**: The amount of memory assigned to redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 4Gi    |
+| small        | 20Mi   |
+| medium       | 20Mi   |
+| large        | 20Mi   |
 
 
 **Example**:
@@ -3294,58 +3550,58 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.cpu**
+## **sysdig.resources.redis-sentinel.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
+**Description**: The amount of cpu required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| small        | 50m      |
+| medium       | 50m      |
+| large        | 50m      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanningalertmgr.requests.memory**
+## **sysdig.resources.redis-sentinel.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
+**Description**: The amount of memory required to schedule redis-sentinel pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 5Mi      |
+| medium       | 5Mi      |
+| large        | 5Mi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningalertmgr:
+    redis-sentinel:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.cpu**
+## **sysdig.resources.timescale-adapter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
+**Description**: The amount of cpu assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3353,21 +3609,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.limits.memory**
+## **sysdig.resources.timescale-adapter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
+**Description**: The amount of memory assigned to timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3375,7 +3631,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3383,36 +3639,36 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.cpu**
+## **sysdig.resources.timescale-adapter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of cpu required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
+| small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-retention-mgr.requests.memory**
+## **sysdig.resources.timescale-adapter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
+**Description**: The amount of memory required to schedule timescale-adapter containers<br>
 **Options**:<br>
 **Default**:
 
@@ -3420,248 +3676,197 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-retention-mgr:
+    timescale-adapter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.cronjob**
-**Required**: `false`<br>
-**Description**: Retention manager Cronjob<br>
-**Options**:<br>
-**Default**: 0 3 * * *<br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        cronjob: 0 3 * * *
-```
-
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
+## **sysdig.resources.ingressControllerHaProxy.limits.cpu**
 **Required**: `false`<br>
-**Description**: Max execution duration for the retention policy<br>
+**Description**: The amount of cpu assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: 23h<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyMaxExecutionDuration: 23h
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
-**Required**: `false`<br>
-**Description**: Grace period for the retention policy<br>
-**Options**:<br>
-**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyGracePeriodDuration: 168h
+  resources:
+    ingressControllerHaProxy:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
+## **sysdig.resources.ingressControllerHaProxy.limits.memory**
 **Required**: `false`<br>
-**Description**: Artifical delay after each image deletion<br>
+**Description**: The amount of memory assigned to haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: 1s<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        retentionPolicyArtificialDelayAfterDelete: 1s
-```
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
-## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
-**Required**: `false`<br>
-**Description**: Scanning GRPC endpoint<br>
-**Options**:<br>
-**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
+  resources:
+    ingressControllerHaProxy:
+      limits:
+        memory: 2Gi
 ```
 
-## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
+## **sysdig.resources.ingressControllerHaProxy.requests.cpu**
 **Required**: `false`<br>
-**Description**: Scanning DB engine<br>
+**Description**: The amount of cpu required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: mysql<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        scanningDBEngine: mysql
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50m      |
+| medium       | 100m     |
+| large        | 100m     |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
-**Required**: `false`<br>
-**Description**: Default value for the date policy<br>
-**Options**:<br>
-**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          datePolicy: 90
+  resources:
+    ingressControllerHaProxy:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
+## **sysdig.resources.ingressControllerHaProxy.requests.memory**
 **Required**: `false`<br>
-**Description**: Default value for the tags policy<br>
+**Description**: The amount of memory required to schedule haproxy-ingress containers in haproxy-ingress daemon set<br>
 **Options**:<br>
-**Default**: 5<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          tagsPolicy: 5
-```
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
-## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
-**Required**: `false`<br>
-**Description**: Default value for the digests policy<br>
-**Options**:<br>
-**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanning:
-      retentionMgr:
-        defaultValues:
-          digestsPolicy: 5
+  resources:
+    ingressControllerHaProxy:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.cpu**
+## **sysdig.resources.ingressControllerRsyslog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 300m   |
-| medium       | 500m   |
-| large        | 1      |
+| small        | 125m   |
+| medium       | 250m   |
+| large        | 250m   |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.scanning-ve-janitor.limits.memory**
+## **sysdig.resources.ingressControllerRsyslog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory assigned to rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| small        | 50Mi   |
+| medium       | 100Mi  |
+| large        | 100Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       limits:
-        memory: 10Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.cpu**
+## **sysdig.resources.ingressControllerRsyslog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of cpu required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
+| small        | 50m     |
+| medium       | 50m     |
+| large        | 50m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       requests:
-        cpu: 2
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanning-ve-janitor.requests.memory**
+## **sysdig.resources.ingressControllerRsyslog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
+**Description**: The amount of memory required to schedule rsyslog-server containers in haproxy-ingress daemon set<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 256Mi    |
-| medium       | 256Mi    |
-| large        | 256Mi    |
+| small        | 20Mi     |
+| medium       | 20Mi     |
+| large        | 20Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanning-ve-janitor:
+    ingressControllerRsyslog:
       requests:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.policy-advisor.limits.cpu**
+## **sysdig.resources.api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to policy-advisor pods<br>
+**Description**: The amount of cpu assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3669,21 +3874,21 @@ sysdig:
 | ------------ | ------ |
 | small        | 4      |
 | medium       | 4      |
-| large        | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.limits.memory**
+## **sysdig.resources.api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Description**: The amount of memory assigned to api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3691,7 +3896,7 @@ sysdig:
 | ------------ | ------ |
 | small        | 4Gi    |
 | medium       | 4Gi    |
-| large        | 4Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3699,14 +3904,14 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.policy-advisor.requests.cpu**
+## **sysdig.resources.api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule policy-advisor pods<br>
+**Description**: The amount of cpu required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3714,21 +3919,21 @@ sysdig:
 | ------------ | -------- |
 | small        | 1        |
 | medium       | 1        |
-| large        | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.policy-advisor.requests.memory**
+## **sysdig.resources.api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule policy-advisor pods<br>
+**Description**: The amount of memory required to schedule api containers in api pods<br>
 **Options**:<br>
 **Default**:
 
@@ -3736,51 +3941,51 @@ sysdig:
 | ------------ | -------- |
 | small        | 1Gi      |
 | medium       | 1Gi      |
-| large        | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    policy-advisor:
+    api:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.netsec-api.limits.cpu**
+## **sysdig.resources.apiNginx.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-api pods<br>
+**Description**: The amount of cpu assigned to nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-api.limits.memory**
+## **sysdig.resources.apiNginx.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-api pods<br>
+**Description**: The amount of memory assigned to nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -3788,88 +3993,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.netsec-api.requests.cpu**
+## **sysdig.resources.apiNginx.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Description**: The amount of cpu required to schedule nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 300m     |
+| small        | 500m     |
 | medium       | 500m     |
-| large        | 1        |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       requests:
-        cpu: 300m
+        cpu: 500m
 ```
 
-## **sysdig.resources.netsec-api.requests.memory**
+## **sysdig.resources.apiNginx.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-api pods<br>
+**Description**: The amount of memory required to schedule nginx containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-api:
+    apiNginx:
       requests:
-        memory: 1Gi
+        memory: 100Mi
 ```
 
-## **sysdig.resources.netsec-ingest.limits.cpu**
+## **sysdig.resources.apiEmailRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-ingest pods<br>
+**Description**: The amount of cpu assigned to email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    apiEmailRenderer:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.netsec-ingest.limits.memory**
+## **sysdig.resources.apiEmailRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-ingest pods<br>
+**Description**: The amount of memory assigned to email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 6Gi    |
-| large        | 8Gi    |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 
 **Example**:
@@ -3877,89 +4082,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    apiEmailRenderer:
       limits:
-        memory: 4Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.netsec-ingest.requests.cpu**
+## **sysdig.resources.apiEmailRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Description**: The amount of cpu required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
+    apiEmailRenderer:
       requests:
         cpu: 500m
 ```
 
-## **sysdig.resources.netsec-ingest.requests.memory**
+## **sysdig.resources.apiEmailRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Description**: The amount of memory required to schedule email-renderer containers in api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 100Mi    |
+| large        | 100Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-ingest:
-      limits:
-        memory: 2Gi
+    apiEmailRenderer:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.resources.netsec-janitor.limits.cpu**
+## **sysdig.resources.worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Description**: The amount of cpu assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-janitor.limits.memory**
+## **sysdig.resources.worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Description**: The amount of memory assigned to worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -3967,88 +4171,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.netsec-janitor.requests.cpu**
+## **sysdig.resources.worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Description**: The amount of cpu required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 300m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       requests:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.netsec-janitor.requests.memory**
+## **sysdig.resources.worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Description**: The amount of memory required to schedule worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    netsec-janitor:
+    worker:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Description**: The amount of cpu assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Description**: The amount of memory assigned to alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
 
 
 **Example**:
@@ -4056,146 +4260,147 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       limits:
-        memory: 2Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Description**: The amount of cpu required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Description**: The amount of memory required to schedule alerter pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    alerter:
       requests:
-        memory: 1Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-api.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Description**: The amount of cpu assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Description**: The amount of memory assigned to collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-api.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Description**: The amount of cpu required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.activity-audit-api.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Description**: The amount of memory required to schedule collector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-api:
+    collector:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
@@ -4210,111 +4415,112 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-core:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-worker.limits.memory**
+## **sysdig.resources.anchore-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
+    anchore-api:
       limits:
-        memory: 500Mi
+        cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.cpu**
+## **sysdig.resources.anchore-catalog.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
-      requests:
-        cpu: 250m
+    anchore-catalog:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-worker.requests.memory**
+## **sysdig.resources.anchore-policy-engine.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Description**: The amount of cpu assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-worker:
-      requests:
-        memory: 50Mi
+    anchore-policy-engine:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.cpu**
+## **sysdig.resources.anchore-core.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 250m   |
-| medium       | 250m   |
-| large        | 250m   |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    anchore-core:
       limits:
-        cpu: 250m
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.limits.memory**
+
+## **sysdig.resources.anchore-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
 
 
 **Example**:
@@ -4322,265 +4528,268 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
+    anchore-api:
       limits:
-        memory: 200Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.cpu**
+
+## **sysdig.resources.anchore-catalog.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
-      requests:
-        cpu: 250m
+    anchore-catalog:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.activity-audit-janitor.requests.memory**
+
+## **sysdig.resources.anchore-policy-engine.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Description**: The amount of memory assigned to anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    activity-audit-janitor:
-      requests:
-        memory: 50Mi
+    anchore-policy-engine:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.resources.profiling-api.limits.cpu**
+## **sysdig.resources.anchore-core.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
-      limits:
+    anchore-core:
+      requests:
         cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.limits.memory**
+## **sysdig.resources.anchore-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
-      limits:
-        memory: 500Mi
+    anchore-api:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-api.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Description**: The amount of cpu required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-api:
+    anchore-policy-engine:
       requests:
-        memory: 50Mi
+        cpu: 2
 ```
 
-## **sysdig.resources.profiling-worker.limits.cpu**
+## **sysdig.resources.anchore-core.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-core pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
-      limits:
-        cpu: 1
+    anchore-core:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.limits.memory**
+## **sysdig.resources.anchore-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-api pods<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
-      limits:
-        memory: 500Mi
+    anchore-api:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.requests.cpu**
+## **sysdig.resources.anchore-catalog.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-catalog pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    anchore-catalog:
       requests:
-        cpu: 250m
+        memory: 200Mi
 ```
 
-## **sysdig.resources.profiling-worker.requests.memory**
+## **sysdig.resources.anchore-policy-engine.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Description**: The amount of memory required to schedule anchore-policy-engine pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    profiling-worker:
+    anchore-policy-engine:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-overview-api.limits.cpu**
+## **sysdig.resources.anchore-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Description**: The amount of cpu assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.secure-overview-api.limits.memory**
+## **sysdig.resources.anchore-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Description**: The amount of memory assigned to anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4588,88 +4797,88 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.secure-overview-api.requests.cpu**
+## **sysdig.resources.anchore-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Description**: The amount of cpu required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.secure-overview-api.requests.memory**
+## **sysdig.resources.anchore-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Description**: The amount of memory required to schedule anchore-worker pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 512Mi    |
-| medium       | 512Mi    |
-| large        | 512Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-overview-api:
+    anchore-worker:
       requests:
-        memory: 512Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.secure-prometheus.limits.cpu**
+## **sysdig.resources.scanning-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Description**: The amount of cpu assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.secure-prometheus.limits.memory**
+## **sysdig.resources.scanning-api.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Description**: The amount of memory assigned to scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8Gi    |
-| medium       | 8Gi    |
-| large        | 8Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
 
 
 **Example**:
@@ -4677,417 +4886,382 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       limits:
-        memory: 8Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.secure-prometheus.requests.cpu**
+## **sysdig.resources.scanning-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Description**: The amount of cpu required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 500m     |
-| medium       | 500m     |
-| large        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       requests:
-        cpu: 500m
+        cpu: 2
 ```
 
-## **sysdig.resources.secure-prometheus.requests.memory**
+## **sysdig.resources.scanning-api.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Description**: The amount of memory required to schedule scanning-api pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 2Gi      |
-| medium       | 2Gi      |
-| large        | 2Gi      |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    secure-prometheus:
+    scanning-api:
       requests:
-        memory: 2Gi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-api.limits.cpu**
+
+## **sysdig.resources.scanningalertmgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-api pods<br>
+**Description**: The amount of cpu assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.limits.memory**
+## **sysdig.resources.scanningalertmgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-api pods<br>
+**Description**: The amount of memory assigned to scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-api.requests.cpu**
+## **sysdig.resources.scanningalertmgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-api pods<br>
+**Description**: The amount of cpu required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-api.requests.memory**
+## **sysdig.resources.scanningalertmgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-api pods<br>
+**Description**: The amount of memory required to schedule scanningalertmgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-api:
+    scanningalertmgr:
       requests:
-        memory: 50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-gatherer.limits.cpu**
+## **sysdig.resources.scanning-retention-mgr.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Description**: The amount of cpu assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.events-gatherer.limits.memory**
+## **sysdig.resources.scanning-retention-mgr.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Description**: The amount of memory assigned to scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 1Gi    |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       limits:
-        memory: 1Gi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-gatherer.requests.cpu**
+## **sysdig.resources.scanning-retention-mgr.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Description**: The amount of cpu required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-gatherer.requests.memory**
+## **sysdig.resources.scanning-retention-mgr.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Description**: The amount of memory required to schedule scanning retention-mgr pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 250Mi    |
-| large        | 250Mi    |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-gatherer:
+    scanning-retention-mgr:
       requests:
-        memory: 250Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-dispatcher.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.cronjob**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Description**: Retention manager Cronjob<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**: 0 3 * * *<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        cpu: 1
+  secure:
+    scanning:
+      retentionMgr:
+        cronjob: 0 3 * * *
 ```
 
-## **sysdig.resources.events-dispatcher.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyMaxExecutionDuration**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Description**: Max execution duration for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 250Mi  |
-| medium       | 250Mi  |
-| large        | 250Mi  |
-
+**Default**: 23h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      limits:
-        memory: 250Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyMaxExecutionDuration: 23h
 ```
 
-## **sysdig.resources.events-dispatcher.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyGracePeriodDuration**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Description**: Grace period for the retention policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**: 168h<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        cpu: 250m
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyGracePeriodDuration: 168h
 ```
 
-## **sysdig.resources.events-dispatcher.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.retentionPolicyArtificialDelayAfterDelete**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Description**: Artifical delay after each image deletion<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
+**Default**: 1s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-dispatcher:
-      requests:
-        memory: 50Mi
+  secure:
+    scanning:
+      retentionMgr:
+        retentionPolicyArtificialDelayAfterDelete: 1s
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.cpu**
+## **sysdig.secure.scanning.retentionMgr.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        cpu: 1
+  secure:
+    scanning:
+      retentionMgr:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.resources.events-forwarder-api.limits.memory**
+## **sysdig.secure.scanning.retentionMgr.scanningDBEngine**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Description**: Scanning DB engine<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
-
+**Default**: mysql<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      limits:
-        memory: 500Mi
+  secure:
+    scanning:
+      retentionMgr:
+        scanningDBEngine: mysql
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.cpu**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Description**: Default value for the date policy<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
+**Default**: 90<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        cpu: 250m
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          datePolicy: 90
 ```
 
-## **sysdig.resources.events-forwarder-api.requests.memory**
+## **sysdig.secure.scanning.retentionMgr.defaultValues.tagsPolicy**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Description**: Default value for the tags policy<br>
 **Options**:<br>
-**Default**:
+**Default**: 5<br>
+**Example**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          tagsPolicy: 5
+```
 
+## **sysdig.secure.scanning.retentionMgr.defaultValues.digestsPolicy**
+**Required**: `false`<br>
+**Description**: Default value for the digests policy<br>
+**Options**:<br>
+**Default**: 5<br>
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    events-forwarder-api:
-      requests:
-        memory: 50Mi
+  secure:
+    scanning:
+      retentionMgr:
+        defaultValues:
+          digestsPolicy: 5
 ```
 
-## **sysdig.resources.events-forwarder.limits.cpu**
+## **sysdig.resources.scanning-ve-janitor.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Description**: The amount of cpu assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
+| small        | 300m   |
+| medium       | 500m   |
 | large        | 1      |
 
 **Example**:
@@ -5095,1852 +5269,4925 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       limits:
-        cpu: 1
+        cpu: 2
 ```
 
-## **sysdig.resources.events-forwarder.limits.memory**
+## **sysdig.resources.scanning-ve-janitor.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Description**: The amount of memory assigned to scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 500Mi  |
-| large        | 500Mi  |
+| small        | 256Mi  |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       limits:
-        memory: 500Mi
+        memory: 10Mi
 ```
 
-## **sysdig.resources.events-forwarder.requests.cpu**
+## **sysdig.resources.scanning-ve-janitor.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Description**: The amount of cpu required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.events-forwarder.requests.memory**
+## **sysdig.resources.scanning-ve-janitor.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Description**: The amount of memory required to schedule scanning-ve-janitor cronjob<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-forwarder:
+    scanning-ve-janitor:
       requests:
-        memory:  50Mi
+        memory: 200Mi
 ```
 
-## **sysdig.resources.events-janitor.limits.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Description**: The amount of cpu assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    scanningAdmissionControllerApi:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.events-janitor.limits.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.limits.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory assigned to events-janitor pods<br>
+**Description**: The amount of memory assigned to admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 200Mi  |
-| medium       | 200Mi  |
-| large        | 200Mi  |
-
+|cluster-size|limits  |
+|------------|--------|
+| small      | 500Mi  |
+| medium     | 500Mi  |
+| large      | 500Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    scanningAdmissionControllerApi:
       limits:
-        memory: 200Mi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.events-janitor.requests.cpu**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.cpu**
 **Required**: `false`<br>
-**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Description**: The amount of cpu required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  250m  |
+| medium     |  250m  |
+| large      |  250m  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    scanningAdmissionControllerApi:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.events-janitor.requests.memory**
+## **sysdig.resources.scanningAdmissionControllerApi.requests.memory**
 **Required**: `false`<br>
-**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Description**: The amount of memory required to schedule admission-controller-api containers<br>
 **Options**:<br>
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    events-janitor:
+    admission-controller-api:
       requests:
         memory: 50Mi
 ```
 
-## **sysdig.restrictPasswordLogin**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
 **Required**: `false`<br>
-**Description**: Restricts password login to only super admin user forcing all
-non-default users to login using the configured
-[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of cpu assigned to admission-controller-api PG
+migrate containers<br>
+**Options**:<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 1      |
+| medium     | 1      |
+| large      | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  restrictPasswordLogin: true
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.rsyslogVersion**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
 **Required**: `false`<br>
-**Description**: Docker image tag of rsyslog, relevant only when configured
-`deployment` is `kubernetes`.<br>
+**Description**: The amount of memory assigned to admission-controller-api PG
+migrate containers<br>
 **Options**:<br>
-**Default**: 8.34.0.7<br>
+**Default**:
+
+|cluster-size|limits  |
+|------------|--------|
+| small      | 256Mi  |
+| medium     | 256Mi  |
+| large      | 256Mi  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  rsyslogVersion: 8.34.0.7
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        memory: 256Mi
 ```
 
-## **sysdig.smtpFromAddress**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
 **Required**: `false`<br>
-**Description**: Email address to use for the FROM field of sent emails.<br>
+**Description**: The amount of cpu required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+|cluster-size|requests|
+|------------|--------|
+| small      |  100m  |
+| medium     |  100m  |
+| large      |  100m  |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpFromAddress: from-address@my-company.com
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      requests:
+        cpu: 100m
 ```
 
-## **sysdig.smtpPassword**
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
 **Required**: `false`<br>
-**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Description**: The amount of memory required to schedule admission-controller-api
+PG migrate containers<br>
 **Options**:<br>
-**Default**:<br>
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  smtpPassword: my-@w350m3-p@55w0rd
-```
+|cluster-size|requests|
+|------------|--------|
+| small      |  50Mi  |
+| medium     |  50Mi  |
+| large      |  50Mi  |
 
-## **sysdig.smtpProtocolSSL**
-**Required**: `false`<br>
-**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
-**Options**: `true|false` <br>
-**Default**:<br>
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolSSL: true
+  resources:
+    admission-controller-api-pg-migrate:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.smtpProtocolTLS**
+## **sysdig.resources.reporting-init.limits.cpu**
 **Required**: `false`<br>
-**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
-**Options**: `true|false` <br>
-**Default**:<br>
+**Description**: The amount of cpu assigned to reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpProtocolTLS: true
+  resources:
+    reporting-init:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.smtpServer**
+## **sysdig.resources.reporting-init.limits.memory**
 **Required**: `false`<br>
-**Description**: SMTP server to use to send emails<br>
-**Options**: <br>
-**Default**:<br>
+**Description**: The amount of memory assigned to reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServer: smtp.gmail.com
+  resources:
+    reporting-init:
+      limits:
+        memory: 256Mi
 ```
 
-## **sysdig.smtpServerPort**
+## **sysdig.resources.reporting-init.requests.cpu**
 **Required**: `false`<br>
-**Description**: Port of the configured `sysdig.smtpServer`<br>
-**Options**: `1-65535`<br>
-**Default**: `25`<br>
+**Description**: The amount of cpu required to schedule reporting-init pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpServerPort: 587<br>
+  resources:
+    reporting-init:
+      requests:
+        cpu: 100m
 ```
 
-## **sysdig.smtpUser**
+## **sysdig.resources.reporting-init.requests.memory**
 **Required**: `false`<br>
-**Description**: User for the configured `sysdig.smtpServer`<br>
+**Description**: The amount of memory required to schedule reporting-init pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
 **Example**:
 
 ```yaml
 sysdig:
-  smtpUser: bob+alice@gmail.com<br>
+  resources:
+    reporting-init:
+      requests:
+        memory: 50Mi
 ```
 
-## **sysdig.tolerations**
+## **sysdig.resources.reporting-api.limits.cpu**
 **Required**: `false`<br>
-**Description**:
-[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
-that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
-Platform pods run on particular nodes<br>
+**Description**: The amount of cpu assigned to reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1500m    |
+| medium       | 1500m    |
+| large        | 1500m    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  tolerations:
-    - key: "dedicated"
-      operator: "Equal"
-      value: sysdig
-      effect: "NoSchedule"
+  resources:
+    reporting-api:
+      limits:
+        cpu: 1500m
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.resources.reporting-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of memory assigned to reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1536Mi   |
+| medium       | 1536Mi   |
+| large        | 1536Mi   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 5
+  resources:
+    reporting-api:
+      limits:
+        memory: 1536Mi
 ```
 
-## **sysdig.anchoreWorkerReplicaCount**
+## **sysdig.resources.reporting-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Description**: The amount of cpu required to schedule reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreWorkerReplicaCount: 5
+  resources:
+    reporting-api:
+      requests:
+        cpu: 200m
 ```
 
-## **sysdig.apiReplicaCount**
+## **sysdig.resources.reporting-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig API replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of memory required to schedule reporting-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 256Mi    |
+| medium       | 256Mi    |
+| large        | 256Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  apiReplicaCount: 5
+  resources:
+    reporting-api:
+      requests:
+        memory: 256Mi
 ```
 
-## **sysdig.cassandraReplicaCount**
+## **sysdig.resources.reporting-worker.limits.cpu**
 **Required**: `false`<br>
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br>
+**Description**: The amount of cpu assigned to reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2        |
+| medium       | 2        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraReplicaCount: 20
+  resources:
+    reporting-worker:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.collectorReplicaCount**
+## **sysdig.resources.reporting-worker.limits.memory**
 **Required**: `false`<br>
-**Description**: Number of Sysdig collector replicas, this is a noop for
-clusters of `size` `small`.<br>
+**Description**: The amount of memory assigned to reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 16Gi     |
+| medium       | 16Gi     |
+| large        | 16Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  collectorReplicaCount: 7
+  resources:
+    reporting-worker:
+      limits:
+        memory: 16Gi
 ```
 
-## **sysdig.activityAuditWorkerReplicaCount**
+## **sysdig.resources.reporting-worker.requests.cpu**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit Worker replicas.<br>
+**Description**: The amount of cpu required to schedule reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 200m     |
+| medium       | 200m     |
+| large        | 200m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditWorkerReplicaCount: 20
+  resources:
+    reporting-worker:
+      requests:
+        cpu: 200m
 ```
 
-## **sysdig.activityAuditApiReplicaCount**
+## **sysdig.resources.reporting-worker.requests.memory**
 **Required**: `false`<br>
-**Description**: Number of Activity Audit API replicas.<br>
+**Description**: The amount of memory required to schedule reporting-worker pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 10Gi     |
+| medium       | 10Gi     |
+| large        | 10Gi     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  activityAuditApiReplicaCount: 20
+  resources:
+    reporting-worker:
+      requests:
+        memory: 10Gi
 ```
 
-## **sysdig.policyAdvisorReplicaCount**
+## **sysdig.secure.scanning.reporting.debug**
 **Required**: `false`<br>
-**Description**: Number of Policy Advisor replicas.<br>
+**Description**: Enable logging at debug level<br>
 **Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Default**: false<br>
 **Example**:
 
 ```yaml
 sysdig:
-  policyAdvisorReplicaCount: 20
+  secure:
+    scanning:
+      reporting:
+        debug: false
 ```
 
-## **sysdig.netsecApiReplicaCount**
+## **sysdig.secure.scanning.reporting.apiGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Number of Netsec API replicas.<br>
+**Description**: Reporting GRPC endpoint<br>
 **Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Default**: sysdigcloud-scanning-reporting-api-grpc:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  netsecApiReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        apiGRPCEndpoint: sysdigcloud-scanning-reporting-api-grpc:6000
 ```
 
-## **sysdig.netsecIngestReplicaCount**
+## **sysdig.secure.scanning.reporting.scanningGRPCEndpoint**
 **Required**: `false`<br>
-**Description**: Number of Netsec Ingest replicas.<br>
+**Description**: Scanning GRPC endpoint<br>
 **Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Default**: sysdigcloud-scanning-api:6000<br>
 **Example**:
 
 ```yaml
 sysdig:
-  netsecIngestReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        scanningGRPCEndpoint: sysdigcloud-scanning-api:6000
 ```
 
-## **sysdig.anchoreCoreReplicaCount**
+## **sysdig.secure.scanning.reporting.storageDriver**
 **Required**: `false`<br>
-**Description**: Number of Anchore Core replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: Storage kind for generated reports<br>
+**Options**: postgres, fs, s3<br>
+**Default**: postgres<br>
 **Example**:
 
 ```yaml
 sysdig:
-  anchoreCoreReplicaCount: 2
+  secure:
+    scanning:
+      reporting:
+        storageDriver: postgres
 ```
 
-## **sysdig.scanningApiReplicaCount**
+## **sysdig.secure.scanning.reporting.storageCompression**
 **Required**: `false`<br>
-**Description**: Number of Scanning API replicas.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: Compression format for generated reports<br>
+**Options**: zip, gzip, none<br>
+**Default**: zip<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningApiReplicaCount: 3
+  secure:
+    scanning:
+      reporting:
+        storageCompression: zip
 ```
 
-## **sysdig.elasticsearchReplicaCount**
+## **sysdig.secure.scanning.reporting.storageFsDir**
 **Required**: `false`<br>
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 6     |
-
+**Description**: The directory where reports will saved (required when using `fs` driver)<br>
+**Options**: <br>
+**Default**: .<br>
 **Example**:
 
 ```yaml
 sysdig:
-  elasticsearchReplicaCount: 20
+  secure:
+    scanning:
+      reporting:
+        storageFsDir: /reports
 ```
 
-## **sysdig.workerReplicaCount**
+## **sysdig.secure.scanning.reporting.storagePostgresRetentionDays**
 **Required**: `false`<br>
-**Description**: Number of Sysdig worker replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
+**Description**: The number of days the generated reports will be kept for download (available when using `postgres` driver)<br>
+**Options**: <br>
+**Default**: 1<br>
 **Example**:
 
 ```yaml
 sysdig:
-  workerReplicaCount: 7
+  secure:
+    scanning:
+      reporting:
+        storagePostgresRetentionDays: 1
 ```
 
-## **sysdig.alerterReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Bucket**
 **Required**: `false`<br>
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The bucket name where reports will be saved (required when using `s3` driver)<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
+```yaml
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        storageS3Bucket: secure-scanning-reporting
+```
 
+## **sysdig.secure.scanning.reporting.storageS3Prefix**
+**Required**: `false`<br>
+**Description**: The object name prefix (directory) used when saving reports in a S3 bucket<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  alerterReplicaCount: 7
+  secure:
+    scanning:
+      reporting:
+        storageS3Prefix: reports
 ```
 
-## **sysdig.eventsGathererReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Endpoint**
 **Required**: `false`<br>
-**Description**: Number of events gatherer replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 4     |
-
+**Description**: The service endpoint of a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsGathererReplicaCount: 2
+  secure:
+    scanning:
+      reporting:
+        storageS3Endpoint: s3.example.com
 ```
 
-## **sysdig.eventsAPIReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3Region**
 **Required**: `false`<br>
-**Description**: Number of events API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsAPIReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        storageS3Region: us-east-1
 ```
 
-## **sysdig.eventsDispatcherReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3AccessKeyID**
 **Required**: `false`<br>
-**Description**: Number of events dispatcher replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsDispatcherReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        storageS3AccessKeyID: AKIAIOSFODNN7EXAMPLE
 ```
 
-## **sysdig.eventsForwarderReplicaCount**
+## **sysdig.secure.scanning.reporting.storageS3SecretAccessKey**
 **Required**: `false`<br>
-**Description**: Number of events forwarder replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 2     |
-
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderReplicaCount: 2
+  secure:
+    scanning:
+      reporting:
+        storageS3SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.eventsForwarderAPIReplicaCount**
-**Required**: `false`<br>
-**Description**: Number of events forwarder API replicas, this is a noop for clusters
-of `size` `small`.<br>
-**Options**:<br>
-**Default**:<br>
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 1     |
-| large        | 1     |
-
+## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
+**Required**: `true`<br />
+**Description**: The flag to enable on-demand generation of reports globally<br />
+**Options**: false, true<br />
+**Default**: false<br />
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderAPIReplicaCount: 1
+  secure:
+    scanning:
+      reporting:
+        onDemandGenerationEnabled: true
 ```
 
-## **sysdig.admin.username**
-**Required**: `true`<br>
-**Description**: Sysdig Platform super admin user. This will be used for
-initial login to the web interface. Make sure this is a valid email address
-that you can receive emails at.<br>
-**Options**:<br>
-**Default**:<br>
+## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
+**Required**: `false`<br />
+**Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
+**Options**: <br />
+**Default**: <br />
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    username: my-awesome-email@my-awesome-domain-name.com
+  secure:
+    scanning:
+      reporting:
+        onDemandGenerationCustomers: "1,12,123"
 ```
 
-## **sysdig.admin.password**
+## **sysdig.secure.scanning.reporting.workerSleepTime**
 **Required**: `false`<br>
-**Description**: Sysdig Platform super admin password. This along with
-`sysdig.admin.username` will be used for initial login to the web interface.
-It is auto-generated when not explicitly configured.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: The sleep interval between two runs of the reporting worker<br>
+**Options**: <br>
+**Default**: 120s<br>
 **Example**:
 
 ```yaml
 sysdig:
-  admin:
-    password: my-@w350m3-p@55w0rd
+  secure:
+    scanning:
+      reporting:
+        workerSleepTime: 120s
 ```
 
-## **sysdig.api.jvmOptions**
+## **sysdig.resources.policy-advisor.limits.cpu**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig API jvm.<br>
+**Description**: The amount of cpu assigned to policy-advisor pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 4      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  api:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+  resources:
+    policy-advisor:
+      limits:
+        cpu: 2
 ```
 
-## **sysdig.certificate.generate**
+## **sysdig.resources.policy-advisor.limits.memory**
 **Required**: `false`<br>
-**Description**: Determines if Installer should generate self-signed
-certificates for the domain configured in `sysdig.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of memory assigned to policy-advisor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 4Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    generate: true
+  resources:
+    policy-advisor:
+      limits:
+        memory: 10Mi
 ```
 
-## **sysdig.certificate.crt**
+## **sysdig.resources.policy-advisor.requests.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
-`false` this has to be configured. The certificate common name or subject
-altername name must match configured `sysdig.dnsName`.<br>
+**Description**: The amount of cpu required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    crt: certs/server.crt
+  resources:
+    policy-advisor:
+      requests:
+        cpu: 2
 ```
 
-## **sysdig.certificate.key**
+## **sysdig.resources.policy-advisor.requests.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
-this has to be configured. The key must match the certificate in
-`sysdig.certificate.crt`.<br>
+**Description**: The amount of memory required to schedule policy-advisor pods<br>
 **Options**:<br>
-**Default**: `true`<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  certificate:
-    key: certs/server.key
+  resources:
+    policy-advisor:
+      requests:
+        memory: 200Mi
 ```
 
-## **sysdig.collector.dnsName**
+## **sysdig.resources.netsec-api.limits.cpu**
 **Required**: `false`<br>
-**Description**: Domain name the Sysdig collector will be served on, when not
-configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Description**: The amount of cpu assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    dnsName: collector.my-awesome-domain-name.com
+  resources:
+    netsec-api:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.collector.jvmOptions**
+## **sysdig.resources.netsec-api.limits.memory**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Description**: The amount of memory assigned to netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+  resources:
+    netsec-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.collector.certificate.generate**
+## **sysdig.resources.netsec-api.requests.cpu**
 **Required**: `false`<br>
-**Description**: This determines if Installer should generate self-signed<br>
-certificates for the domain configured in `sysdig.collector.dnsName`.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of cpu required to schedule netsec-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      generate: true
-```
-
-## **sysdig.collector.certificate.crt**
+  resources:
+    netsec-api:
+      requests:
+        cpu: 300m
+```
+
+## **sysdig.resources.netsec-api.requests.memory**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided certificate that will
-be used in serving the sysdig collector, if
-`sysdig.collector.certificate.generate` is set to `false` this has to be
-configured. The certificate common name or subject altername name must match
-configured `sysdig.collector.dnsName`.<br>
+**Description**: The amount of memory required to schedule netsec-api pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      crt: certs/collector.crt
+  resources:
+    netsec-api:
+      requests:
+        memory: 1Gi
 ```
 
-## **sysdig.collector.certificate.key**
+## **sysdig.resources.netsec-ingest.limits.cpu**
 **Required**: `false`<br>
-**Description**: Path(the path must be in same directory as `values.yaml` file
-and must be relative to `values.yaml`) to user provided key that will be used
-in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
-set to `false` this has to be configured. The key must match the certificate
-in `sysdig.collector.certificate.crt`.<br>
+**Description**: The amount of cpu assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  collector:
-    certificate:
-      key: certs/collector.key
+  resources:
+    netsec-ingest:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.worker.jvmOptions**
+## **sysdig.resources.netsec-ingest.limits.memory**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Description**: The amount of memory assigned to netsec-ingest pods<br>
 **Options**:<br>
-**Default**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 6Gi    |
+| large        | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 4Gi
+```
+
+## **sysdig.resources.netsec-ingest.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule netsec-ingest pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.netsec-ingest.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule to netsec-ingest pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-ingest:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.netsec-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.netsec-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.netsec-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 300m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      requests:
+        cpu: 1
+```
+
+## **sysdig.resources.netsec-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule netsec-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    netsec-janitor:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.resources.nats-streaming.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.nats-streaming.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.nats-streaming.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.nats-streaming.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule nats-streaming pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.resources.activity-audit-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.activity-audit-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.activity-audit-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.activity-audit-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250m   |
+| medium       | 250m   |
+| large        | 250m   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.activity-audit-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule activity-audit-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    activity-audit-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.profiling-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.profiling-worker.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.profiling-worker.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.profiling-worker.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.profiling-worker.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule profiling-worker pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    profiling-worker:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.secure-overview-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-overview-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.secure-overview-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-overview-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-overview-api containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512Mi    |
+| medium       | 512Mi    |
+| large        | 512Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-overview-api:
+      requests:
+        memory: 512Mi
+```
+
+## **sysdig.resources.secure-prometheus.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.secure-prometheus.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 8Gi    |
+| medium       | 8Gi    |
+| large        | 8Gi    |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      limits:
+        memory: 8Gi
+```
+
+## **sysdig.resources.secure-prometheus.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 500m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        cpu: 500m
+```
+
+## **sysdig.resources.secure-prometheus.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule secure-prometheus containers<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 2Gi      |
+| medium       | 2Gi      |
+| large        | 2Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    secure-prometheus:
+      requests:
+        memory: 2Gi
+```
+
+## **sysdig.resources.events-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-gatherer.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.events-gatherer.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 1Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.events-gatherer.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-gatherer.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-gatherer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 250Mi    |
+| large        | 250Mi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-gatherer:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-dispatcher.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 250Mi  |
+| medium       | 250Mi  |
+| large        | 250Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      limits:
+        memory: 250Mi
+```
+
+## **sysdig.resources.events-dispatcher.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-dispatcher.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-dispatcher pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-dispatcher:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder-api.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder-api.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder-api.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder-api.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder-api pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder-api:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.resources.events-forwarder.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-forwarder.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      limits:
+        memory: 500Mi
+```
+
+## **sysdig.resources.events-forwarder.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-forwarder.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-forwarder pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-forwarder:
+      requests:
+        memory:  50Mi
+```
+
+## **sysdig.resources.events-janitor.limits.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.events-janitor.limits.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory assigned to events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 200Mi  |
+| medium       | 200Mi  |
+| large        | 200Mi  |
+
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      limits:
+        memory: 200Mi
+```
+
+## **sysdig.resources.events-janitor.requests.cpu**
+**Required**: `false`<br>
+**Description**: The amount of cpu required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.events-janitor.requests.memory**
+**Required**: `false`<br>
+**Description**: The amount of memory required to schedule events-janitor pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    events-janitor:
+      requests:
+        memory: 50Mi
+```
+
+## **sysdig.restrictPasswordLogin**
+**Required**: `false`<br>
+**Description**: Restricts password login to only super admin user forcing all
+non-default users to login using the configured
+[IdP](https://en.wikipedia.org/wiki/Identity_provider).<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+sysdig:
+  restrictPasswordLogin: true
+```
+
+## **sysdig.rsyslogVersion**
+**Required**: `false`<br>
+**Description**: Docker image tag of rsyslog, relevant only when configured
+`deployment` is `kubernetes`.<br>
+**Options**:<br>
+**Default**: 8.34.0.7<br>
+**Example**:
+
+```yaml
+sysdig:
+  rsyslogVersion: 8.34.0.7
+```
+
+## **sysdig.smtpFromAddress**
+**Required**: `false`<br>
+**Description**: Email address to use for the FROM field of sent emails.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpFromAddress: from-address@my-company.com
+```
+
+## **sysdig.smtpPassword**
+**Required**: `false`<br>
+**Description**: Password for the configured `sysdig.smtpUser`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpPassword: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.smtpProtocolSSL**
+**Required**: `false`<br>
+**Description**: Specifies if SSL should be used when sending emails via SMTP.<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolSSL: true
+```
+
+## **sysdig.smtpProtocolTLS**
+**Required**: `false`<br>
+**Description**: Specifies if TLS should be used when sending emails via SMTP<br>
+**Options**: `true|false` <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpProtocolTLS: true
+```
+
+## **sysdig.smtpServer**
+**Required**: `false`<br>
+**Description**: SMTP server to use to send emails<br>
+**Options**: <br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServer: smtp.gmail.com
+```
+
+## **sysdig.smtpServerPort**
+**Required**: `false`<br>
+**Description**: Port of the configured `sysdig.smtpServer`<br>
+**Options**: `1-65535`<br>
+**Default**: `25`<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpServerPort: 587<br>
+```
+
+## **sysdig.smtpUser**
+**Required**: `false`<br>
+**Description**: User for the configured `sysdig.smtpServer`<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  smtpUser: bob+alice@gmail.com<br>
+```
+
+## **sysdig.tolerations**
+**Required**: `false`<br>
+**Description**:
+[Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
+that will be created on Sysdig platform pods, this can be combined with
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+Platform pods run on particular nodes<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  tolerations:
+    - key: "dedicated"
+      operator: "Equal"
+      value: sysdig
+      effect: "NoSchedule"
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Core replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 5
+```
+
+## **sysdig.anchoreAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore API replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreAPIReplicaCount: 4
+```
+
+## **sysdig.anchoreCatalogReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Catalog replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCatalogReplicaCount: 4
+```
+
+## **sysdig.anchorePolicyEngineReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Policy Engine replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchorePolicyEngineReplicaCount: 4
+```
+
+## **sysdig.anchoreWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig Anchore Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreWorkerReplicaCount: 5
+```
+
+## **sysdig.apiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig API replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  apiReplicaCount: 5
+```
+
+## **sysdig.cassandraReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  cassandraReplicaCount: 20
+```
+
+## **sysdig.collectorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig collector replicas, this is a noop for
+clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  collectorReplicaCount: 7
+```
+
+## **sysdig.activityAuditWorkerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit Worker replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditWorkerReplicaCount: 20
+```
+
+## **sysdig.activityAuditApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Activity Audit API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  activityAuditApiReplicaCount: 20
+```
+
+## **sysdig.policyAdvisorReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Policy Advisor replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  policyAdvisorReplicaCount: 20
+```
+
+## **sysdig.scanningAdmissionControllerAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of scanning Admission Controller API replicas, this is
+a noop for clusters of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+|cluster-size|count|
+|------------|-----|
+| small      |  1  |
+| medium     |  1  |
+| large      |  1  |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningAdmissionControllerAPIReplicaCount: 1
+```
+
+## **sysdig.netsecApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecApiReplicaCount: 1
+```
+
+## **sysdig.netsecIngestReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Netsec Ingest replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecIngestReplicaCount: 1
+```
+## **sysdig.netsecCommunicationShards**
+**Required**: `false`<br>
+**Description**: Number of Netsec communications index shards.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 3     |
+| medium       | 9     |
+| large        | 15    |
+
+**Example**:
+
+```yaml
+sysdig:
+  netsecCommunicationShards: 5
+```
+
+## **sysdig.anchoreCoreReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Anchore Core replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  anchoreCoreReplicaCount: 2
+```
+
+## **sysdig.scanningApiReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Scanning API replicas.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  scanningApiReplicaCount: 3
+```
+
+## **sysdig.elasticsearchReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 6     |
+
+**Example**:
+
+```yaml
+sysdig:
+  elasticsearchReplicaCount: 20
+```
+
+## **sysdig.workerReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig worker replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  workerReplicaCount: 7
+```
+
+## **sysdig.alerterReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
+## **sysdig.eventsGathererReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events gatherer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 4     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsGathererReplicaCount: 2
+```
+
+## **sysdig.eventsAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsAPIReplicaCount: 1
+```
+
+## **sysdig.eventsDispatcherReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events dispatcher replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsDispatcherReplicaCount: 1
+```
+
+## **sysdig.eventsForwarderReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 2     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderReplicaCount: 2
+```
+
+## **sysdig.eventsForwarderAPIReplicaCount**
+**Required**: `false`<br>
+**Description**: Number of events forwarder API replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
+
+**Example**:
+
+```yaml
+sysdig:
+  eventsForwarderAPIReplicaCount: 1
+```
+
+## **sysdig.admin.username**
+**Required**: `true`<br>
+**Description**: Sysdig Platform super admin user. This will be used for
+initial login to the web interface. Make sure this is a valid email address
+that you can receive emails at.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    username: my-awesome-email@my-awesome-domain-name.com
+```
+
+## **sysdig.admin.password**
+**Required**: `false`<br>
+**Description**: Sysdig Platform super admin password. This along with
+`sysdig.admin.username` will be used for initial login to the web interface.
+It is auto-generated when not explicitly configured.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  admin:
+    password: my-@w350m3-p@55w0rd
+```
+
+## **sysdig.api.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig API jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  api:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport -Ddraios.metrics-push.query.enabled=true
+```
+
+## **sysdig.certificate.generate**
+**Required**: `false`<br>
+**Description**: Determines if Installer should generate self-signed
+certificates for the domain configured in `sysdig.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    generate: true
+```
+
+## **sysdig.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the Sysdig api, if `sysdig.certificate.generate` is set to
+`false` this has to be configured. The certificate common name or subject
+altername name must match configured `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    crt: certs/server.crt
+```
+
+## **sysdig.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig api, if `sysdig.certificate.generate` is set to `false`
+this has to be configured. The key must match the certificate in
+`sysdig.certificate.crt`.<br>
+**Options**:<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  certificate:
+    key: certs/server.key
+```
+
+## **sysdig.collector.dnsName**
+**Required**: `false`<br>
+**Description**: Domain name the Sysdig collector will be served on, when not
+configured it defaults to whatever is configured for `sysdig.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    dnsName: collector.my-awesome-domain-name.com
+```
+
+## **sysdig.collector.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig collector jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.collector.certificate.generate**
+**Required**: `false`<br>
+**Description**: This determines if Installer should generate self-signed<br>
+certificates for the domain configured in `sysdig.collector.dnsName`.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      generate: true
+```
+
+## **sysdig.collector.certificate.crt**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided certificate that will
+be used in serving the sysdig collector, if
+`sysdig.collector.certificate.generate` is set to `false` this has to be
+configured. The certificate common name or subject altername name must match
+configured `sysdig.collector.dnsName`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      crt: certs/collector.crt
+```
+
+## **sysdig.collector.certificate.key**
+**Required**: `false`<br>
+**Description**: Path(the path must be in same directory as `values.yaml` file
+and must be relative to `values.yaml`) to user provided key that will be used
+in serving the sysdig collector, if `sysdig.collector.certificate.generate` is
+set to `false` this has to be configured. The key must match the certificate
+in `sysdig.collector.certificate.crt`.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  collector:
+    certificate:
+      key: certs/collector.key
+```
+## **sysdig.worker.enabled**
+**Required**: `false`<br>
+**Description**: Enables Sysdig Worker component<br>
+**Options**:`true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    enabled: true
+```
+
+## **sysdig.worker.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig worker jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  worker:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+**Required**: `false`<br>
+**Description**: Custom configuration for Sysdig Alerter jvm.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **agent.apiKey**
+**Required**: `false`<br>
+**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
+_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  apiKey: replace_with_your_monitor_access_key
+```
+
+## **agent.appChecks.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    settings:
+      limit: 1500
+```
+
+## **agent.collectorEndpoint**
+**Required**: `false`<br>
+**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
+**Options**:<br>
+**Default**:<br>
+**Example**:
+
+```yaml
+agent:
+  collectorEndpoint: my-awesome-collector-domain-name.com
+```
+
+## **agent.collectorPort**
+**Required**: `false`<br>
+**Description**: Sysdig Colletor TCP Port.<br>
+**Options**: `1024-65535`<br>
+**Default**: `6443`<br>
+**Example**:
+
+```yaml
+agent:
+  collectorPort: 6443
+```
+
+## **agent.namespace**
+**Required**: `false`<br>
+**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Options**: <br>
+**Default**: `agent`<br>
+**Example**:
+
+```yaml
+agent:
+  namespace: sysdig-agent
+```
+
+## **agent.useSlim**
+**Required**: `false`<br>
+**Description**: Whether to use the slim version of agent or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  useSlim: true
+```
+
+## **agent.version**
+**Required**: `false`<br>
+**Description**: Version of agent to install.<br>
+_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
+**Options**: <br>
+**Default**: `latest`<br>
+**Example**:
+
+```yaml
+agent:
+  version: 1.10.1
+```
+
+## **agent.useSSL**
+**Required**: `false`<br>
+**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  useSSL: false
+```
+
+## **agent.verifySSL**
+**Required**: `false`<br>
+**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
+_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  verifySSL: false
+```
+
+## **agent.clusterName**
+**Required**: `false`<br>
+**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
+**Options**: <br>
+**Default**: `production`<br>
+**Example**:
+
+```yaml
+agent:
+  clusterName: false
+```
+
+## **agent.tags**
+**Required**: `false`<br>
+**Description**: List of user-provided metadata at agent level.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  tags: environment:production linux:ubuntu
+```
+
+## **agent.capturesEnabled**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  capturesEnabled: false
+```
+
+## **agent.feature_mode**
+**Required**: `false`<br>
+**Description**: TBD.<br>
+**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
+**Default**: `monitor`<br>
+**Example**:
+
+```yaml
+agent:
+  feature_mode: troubleshooting
+```
+
+## **agent.timezone**
+**Required**: `false`<br>
+**Description**: Set daemonset timezone.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  timezone: America/New_York.
+```
+
+## **agent.proxy.httpProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpProxy: http://username:password@your-awesome-http-proxy.com
+```
+
+## **agent.proxy.httpsProxy**
+**Required**: `false`<br>
+**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    httpsProxy: https://username:password@your-awesome-https-proxy.com
+```
+
+## **agent.proxy.noProxy**
+**Required**: `false`<br>
+**Description**: A space-separated list of URLs for which no proxy should be used.<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  proxy:
+    noProxy: your-awesome-no-proxy.com
+```
+
+## **agent.snaplenPortRange.start**
+**Required**: `false`<br>
+**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.snaplenPortRange.end**
+**Required**: `false`<br>
+**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
+_**Note**: This should only be set if you push a lot of statsd metrics._<br>
+**Options**: <br>
+**Default**: `0`<br>
+**Example**:
+
+```yaml
+agent:
+  snaplenPortRange:
+    start: "8125"
+```
+
+## **agent.customKernelModules.enabled**
+**Required**: `false`<br>
+**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  customKernelModules:
+    enabled: true
+```
+
+## **agent.secure.enabled**
+**Required**: `false`<br>
+**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    enabled: true
+```
+
+## **agent.secure.commandLineCapturesEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Command Line Captures or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    commandLineCapturesEnabled: true
+```
+
+## **agent.secure.memoryDumpEnabled**
+**Required**: `false`<br>
+**Description**: Whether you want to enable Memory Dump or not.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    memoryDumpEnabled: true
+```
+
+## **agent.secure.settings.k8sAuditServerURL**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server URL.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: <br>
+**Default**: `0.0.0.0`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerURL: 127.0.0.1
+```
+
+## **agent.secure.settings.k8sAuditServerPort**
+**Required**: `false`<br>
+**Description**: Kubernetes Audit Server Port.<br>
+_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: `7765`<br>
+**Example**:
+
+```yaml
+agent:
+  secure:
+    settings:
+    k8sAuditServerPort: 7765
+```
+
+## **agent.prometheus.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    enabled: true
+```
+
+## **agent.prometheus.settings.interval**
+**Required**: `false`<br>
+**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `10`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      interval: 30
+```
+
+## **agent.prometheus.settings.logErrors**
+**Required**: `false`<br>
+**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      logErrors: true
+```
+
+## **agent.prometheus.settings.maxMetrics**
+**Required**: `false`<br>
+**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetrics: 1000
+```
+
+## **agent.prometheus.settings.maxMetricsPerProcess**
+**Required**: `false`<br>
+**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxMetricsPerProcess: 1000
+```
+
+## **agent.prometheus.settings.maxTagsPerMetric**
+**Required**: `false`<br>
+**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: <br>
+**Default**: `40`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      maxTagsPerMetric: 20
+```
+
+## **agent.prometheus.settings.histograms**
+**Required**: `false`<br>
+**Description**: Whether the Agent should scrape and report histogram metrics.<br>
+_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  prometheus:
+    settings:
+      histograms: 3000
+```
+
+## **agent.statsd.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of statsd metrics or not.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    enabled: true
+```
+
+## **agent.statsd.settings.limit**
+**Required**: `false`<br>
+**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
+**Options**: <br>
+**Default**: `100`<br>
+**Example**:
+
+```yaml
+agent:
+  statsd:
+    settings:
+      limit: 1000
+```
+
+## **agent.jmx.enabled**
+**Required**: `false`<br>
+**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    enabled: true
+```
+
+## **agent.jmx.settings.limit**
+**Required**: `false`<br>
+**Description**: The total number of JMX metrics polled per host.<br>
+**Options**: <br>
+**Default**: `3000`<br>
+**Example**:
+
+```yaml
+agent:
+  jmx:
+    settings:
+      limit: 1000
+```
+
+## **agent.ebpf.enabled**
+**Required**: `false`<br>
+**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
+_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    enabled: true
+```
+
+## **agent.ebpf.settings.mountEtcVolume**
+**Required**: `false`<br>
+**Description**: Needed to detect which kernel version are running in Google COS.<br>
+_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
+**Options**: `true|false`<br>
+**Default**: `true`<br>
+**Example**:
+
+```yaml
+agent:
+  ebpf:
+    settings:
+      mountEtcVolume: 1000
+```
+
+## **agent.appChecks.elasticsearch.authEnabled**
+**Required**: `false`<br>
+**Description**: Whether elasticsearch has auth enabled or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      authEnabled: true
+```
+
+## **agent.appChecks.elasticsearch.url**
+**Required**: `false`<br>
+**Description**: Elasticsearch Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      url: https://sysdigcloud-elasticsearch
+```
+
+## **agent.appChecks.elasticsearch.port**
+**Required**: `false`<br>
+**Description**: Elasticsearch Port.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      port: 9200
+```
+
+## **agent.appChecks.elasticsearch.username**
+**Required**: `false`<br>
+**Description**: Username to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
+**Example**:
+
+```yaml
+agent:
+  appChecks:
+    elasticsearch:
+      username: readonly
+```
+
+## **agent.appChecks.elasticsearch.password**
+**Required**: `false`<br>
+**Description**: Password to use for authentication to elasticsearch.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  worker:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  appChecks:
+    elasticsearch:
+      password: some_password
 ```
 
-## **sysdig.alerter.jvmOptions**
+## **agent.appChecks.elasticsearch.verifySSL**
 **Required**: `false`<br>
-**Description**: Custom configuration for Sysdig Alerter jvm.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
+_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
+**Options**: `true|false`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
+agent:
+  appChecks:
+    elasticsearch:
+      verifySSL: false
 ```
 
-## **agent.apiKey**
-**Required**: `false`<br>
-**Description**: Sysdig Agent api key for running agents. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).<br>
-_**Note**: Required for agent setup. If setting up Monitor and Agent at the same time, you can leave this as blank._<br>
-**Options**:<br>
-**Default**:<br>
+## **agent.appChecks.kafka.enabled**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  apiKey: replace_with_your_monitor_access_key
+  appChecks:
+    kafka:
+      enabled: true
 ```
 
-## **agent.appChecks.settings.limit**
-**Required**: `false`<br>
-**Description**: The maximum number of app checks metrics that will be reported to Sysdig Monitor.<br>
-**Options**:<br>
-**Default**:<br>
+## **agent.appChecks.kafka.arg**
+**Required**: `false`<br>enabled
+**Description**: Process arguments to match for Kafka<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
   appChecks:
-    settings:
-      limit: 1500
+    kafka:
+      arg: Kafka.kafka
 ```
 
-## **agent.collectorEndpoint**
+## **agent.appChecks.kafka.url**
 **Required**: `false`<br>
-**Description**: Sysdig Collector Address. Defaults to [`sysdig.collector.dnsName`](#sysdig.collector.dnsName) if monitor is included in apps.<br>
-**Options**:<br>
-**Default**:<br>
+**Description**: Kafka Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: <br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  collectorEndpoint: my-awesome-collector-domain-name.com
+agent:enabled
+  appChecks:
+    kafka:
+      url: localhost
 ```
 
-## **agent.collectorPort**
+## **agent.appChecks.kafka.port**
 **Required**: `false`<br>
-**Description**: Sysdig Colletor TCP Port.<br>
+**Description**: Kafka Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: `1024-65535`<br>
-**Default**: `6443`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  collectorPort: 6443
+  appChecks:
+    kafka:
+      port: 9200
 ```
 
-## **agent.namespace**
+## **agent.appChecks.kafka.zk.url**
 **Required**: `false`<br>
-**Description**: A kubernetes namespace for setting up the agent in.<br>
+**Description**: Kafka Zookeeper Endpoint.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
 **Options**: <br>
-**Default**: `agent`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
-agent:
-  namespace: sysdig-agent
+agent:enabled
+  appChecks:
+    kafka:
+      zk:
+        url: localhost
 ```
 
-## **agent.useSlim**
+## **agent.appChecks.kafka.zk.port**
 **Required**: `false`<br>
-**Description**: Whether to use the slim version of agent or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Kafka Zookeeper Port.<br>
+_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
+**Options**: `1024-65535`<br>
+**Default**: <br>
 **Example**:
 
 ```yaml
 agent:
-  useSlim: true
+  appChecks:
+    kafka:
+      zk:
+        port: 2181
 ```
 
-## **agent.version**
-**Required**: `false`<br>
-**Description**: Version of agent to install.<br>
-_**Note**: You can lookup all the available versions of agent [here](https://hub.docker.com/r/sysdig/agent/tags)_<br>
-**Options**: <br>
-**Default**: `latest`<br>
+## **agent.appChecks.kafka.enableConsumerOffsets**
+**Required**: `false`<br>enabled
+**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  version: 1.10.1
+  appChecks:
+    kafka:
+      enableConsumerOffsets: true
 ```
 
-## **agent.useSSL**
-**Required**: `false`<br>
-**Description**: Whether Sysdig Collector accepts SSL connections or not.<br>
+## **agent.appChecks.kafka.enableAggregationPartitions**
+**Required**: `false`<br>enabled
+**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  useSSL: false
+  appChecks:
+    kafka:
+      enableAggregationPartitions: true
 ```
 
-## **agent.verifySSL**
+## **agent.appChecks.mysql.enabled**
 **Required**: `false`<br>
-**Description**: Whether to validate Sysdig Collector SSL certificate or not.<br>
-_**Note**: This should be set to false if a self-signed certificate or private, CA-signed cert is used._<br>
+**Description**: Whether to enable mysql app check.<br>
 **Options**: `true|false`<br>
 **Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  verifySSL: false
+  appChecks:
+    mysql:
+      enabled: true
 ```
 
-## **agent.clusterName**
+## **agent.appChecks.mysql.hostname**
 **Required**: `false`<br>
-**Description**: Setting a cluster name here allows you to view, scope, and segment metrics in the Sysdig Monitor UI by Kubernetes cluster.<br>
-**Options**: <br>
-**Default**: `production`<br>
+**Description**: Name of the mySQL host that the agent should connect to.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  clusterName: false
+  appChecks:
+    mysql:
+      hostname: mysql-service-url
 ```
 
-## **agent.tags**
+## **agent.appChecks.mysql.user**
 **Required**: `false`<br>
-**Description**: List of user-provided metadata at agent level.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  tags: environment:production linux:ubuntu
+  appChecks:
+    mysql:
+      user: mysql-user
 ```
 
-## **agent.capturesEnabled**
+## **agent.appChecks.mysql.password**
 **Required**: `false`<br>
-**Description**: TBD.<br>
+**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
 **Options**: `true|false`<br>
-**Default**: `true`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
 agent:
-  capturesEnabled: false
+  appChecks:
+    mysql:
+      password: mysql-password
 ```
 
-## **agent.feature_mode**
+## **agent.resources.limits.cpu**
 **Required**: `false`<br>
-**Description**: TBD.<br>
-**Options**: `monitor|monitor_light|essentials|troubleshooting|secure`<br>
-**Default**: `monitor`<br>
+**Description**:  The amount of cpu assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3      |
+| medium       | 5      |
+| large        | 8      |
+
 **Example**:
 
 ```yaml
 agent:
-  feature_mode: troubleshooting
+  resources:
+    limits:
+      cpu: 2
 ```
 
-## **agent.timezone**
+## **agent.resources.limits.memory**
 **Required**: `false`<br>
-**Description**: Set daemonset timezone.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:  The amount of memory assigned to agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 3Gi    |
+| medium       | 6Gi    |
+| large        | 10Gi   |
+
 **Example**:
 
 ```yaml
 agent:
-  timezone: America/New_York.
+  resources:
+    limits:
+      memory: 2
 ```
 
-## **agent.proxy.httpProxy**
+## **agent.resources.requests.cpu**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for http requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 3        |
+| large        | 5        |
+
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpProxy: http://username:password@your-awesome-http-proxy.com
+  resources:
+    requests:
+      cpu: 2
 ```
 
-## **agent.proxy.httpsProxy**
+## **agent.resources.requests.memory**
 **Required**: `false`<br>
-**Description**: The URL to use as a proxy for https requests. If the proxy requires authentication, you need to specify this information as part of the URL.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:  The amount of memory required to schedule agent pods.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 3Gi      |
+| large        | 6Gi      |
+
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    httpsProxy: https://username:password@your-awesome-https-proxy.com
+  resources:
+    requests:
+      memory: 2
 ```
 
-## **agent.proxy.noProxy**
+## **agent.resources.watchdog.max_memory_usage_mb**
 **Required**: `false`<br>
-**Description**: A space-separated list of URLs for which no proxy should be used.<br>
-**Options**: <br>
-**Default**: <br>
+**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 1024     |
+| large        | 2048     |
+
 **Example**:
 
 ```yaml
 agent:
-  proxy:
-    noProxy: your-awesome-no-proxy.com
+  resources:
+    watchdog:
+      max_memory_usage_mb: 1024
 ```
 
-## **agent.snaplenPortRange.start**
+## **agent.resources.watchdog.cointerface**
 **Required**: `false`<br>
-**Description**: Starting port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
+**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 512      |
+| medium       | 2048     |
+| large        | 4096     |
+
 **Example**:
 
 ```yaml
 agent:
-  snaplenPortRange:
-    start: "8125"
+  resources:
+    watchdog:
+      cointerface: 1024
 ```
 
-## **agent.snaplenPortRange.end**
+## **sysdig.eventsForwarderEnabledIntegrations**
 **Required**: `false`<br>
-**Description**: Ending port in the range of ports to enable a larger snaplen on.<br>
-_**Note**: This should only be set if you push a lot of statsd metrics._<br>
-**Options**: <br>
-**Default**: `0`<br>
+**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Options**:<br>
+**Default**: ""<br>
 **Example**:
 
 ```yaml
-agent:
-  snaplenPortRange:
-    start: "8125"
+sysdig:
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
-## **agent.customKernelModules.enabled**
+## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
 **Required**: `false`<br>
-**Description**: Whether to pick up custom kernel modules from /root or not. This setting only applies to non-slim agent.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Max duration after the last ping from an AC before it is considered
+disconnected. It cannot be greater than 30m. See also pingTTLDuration<br>
+**Options**:<br>
+**Default**: 10m<br>
 **Example**:
 
 ```yaml
-agent:
-  customKernelModules:
-    enabled: true
+sysdig:
+  secure:
+    scanning:
+      admissionControllerAPI:
+        maxDurationBeforeDisconnection: 20m
 ```
 
-## **agent.secure.enabled**
+## **sysdig.secure.scanning.admissionControllerAPI.confTTLDuration**
 **Required**: `false`<br>
-**Description**: Whether your Sysdig platform has Sysdig Secure enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: TTL of the cache for the cluster configuration. It should be
+used by the AC as polling interval to retrieve the updated cluster configuration
+from the API. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    enabled: true
+    scanning:
+      admissionControllerAPI:
+        confTTLDuration: 10m
 ```
 
-## **agent.secure.commandLineCapturesEnabled**
+## **sysdig.secure.scanning.admissionControllerAPI.pingTTLDuration**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Command Line Captures or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: TTL of an AC ping. It should be used by the AC as polling
+interval to perform a HEAD on the ping endpoint to notify it's still alive and
+connected. It cannot be greater than 30m and it cannot be greater than
+maxDurationBeforeDisconnection<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    commandLineCapturesEnabled: true
+    scanning:
+      admissionControllerAPI:
+        pingTTLDuration: 8m
 ```
 
-## **agent.secure.memoryDumpEnabled**
+## **sysdig.secure.scanning.admissionControllerAPI.clusterConfCacheMaxDuration**
 **Required**: `false`<br>
-**Description**: Whether you want to enable Memory Dump or not.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Max duration of the cluster configuration cache. The API returns
+this value as max-age in seconds and the FE uses it for caching the cluster
+configuration. FE also asks for a new cluster configuration using this value
+as time interval. It cannot be greater than 30m<br>
+**Options**:<br>
+**Default**: 5m<br>
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   secure:
-    memoryDumpEnabled: true
+    scanning:
+      admissionControllerAPI:
+        clusterConfCacheMaxDuration: 9m
 ```
 
-## **agent.secure.settings.k8sAuditServerURL**
+## **sysdig.scanningAnalysiscollectorConcurrentUploads**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server URL.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: <br>
-**Default**: `0.0.0.0`<br>
+**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Options**:<br>
+**Default**: "5"<br>
 **Example**:
 
 ```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerURL: 127.0.0.1
+sysdig:
+  scanningAnalysiscollectorConcurrentUploads: 5
 ```
 
-## **agent.secure.settings.k8sAuditServerPort**
+## **sysdig.scanningAlertMgrForceAutoScan**
 **Required**: `false`<br>
-**Description**: Kubernetes Audit Server Port.<br>
-_**Note**: This setting is dependent on `agent.secure.enabled` being set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: `7765`<br>
+**Description**: Enable the runtime image autoscan feature. Note that for adopting a more distributed way of scanning runtime images, the Node Image Analyzer (NIA) is preferable.<br>
+**Options**:<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  secure:
-    settings:
-    k8sAuditServerPort: 7765
+sysdig:
+  scanningAlertMgrForceAutoScan: false
 ```
 
-## **agent.prometheus.enabled**
+## **sysdig.secure.scanning.veJanitor.cronjob**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of prometheus metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Cronjob schedule<br>
+**Options**:<br>
+**Default**: "0 0 * * *"<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    enabled: true
+sysdig:
+  secure:
+    veJanitor:
+      cronjob: "5 0 * * *"
 ```
 
-## **agent.prometheus.settings.interval**
+## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 **Required**: `false`<br>
-**Description**: How often (in seconds) the agent will scrape a port for prometheus metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `10`<br>
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Options**:<br>
+**Default**: "disable"<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      interval: 30
+sysdig:
+  secure:
+    veJanitor:
+      anchoreDBsslmode: "disable"
 ```
 
-## **agent.prometheus.settings.logErrors**
+## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
 **Required**: `false`<br>
-**Description**: Whether the Agent should log details on failed attempts to scrape eligible targets or not.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: which scanning database engine to use. <br>
+**Options**: mysql<br>
+**Default**: "mysql"<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      logErrors: true
+sysdig:
+  secure:
+    veJanitor:
+      scanningDbEngine: "mysql"
 ```
 
-## **agent.prometheus.settings.maxMetrics**
+
+## **sysdig.metadataService.enabled**
 **Required**: `false`<br>
-**Description**: The maximum number of total prometheus metrics that will be scraped across all targets. This value is the maximum per-Agent, and is a separate limit from other Custom Metrics (e.g. statsd, JMX, and other Application Checks).<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Whether to enable metadata-service or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetrics: 1000
+sysdig:
+  metadataService:
+    enabled: true
 ```
 
-## **agent.prometheus.settings.maxMetricsPerProcess**
+## **sysdig.resources.metadataService.limits.cpu**
 **Required**: `false`<br>
-**Description**: The maximum number of prometheus metrics that the agent will save from a single scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: The amount of cpu assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxMetricsPerProcess: 1000
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        cpu: 2
 ```
 
-## **agent.prometheus.settings.maxTagsPerMetric**
+## **sysdig.resources.metadataService.limits.memory**
 **Required**: `false`<br>
-**Description**: The maximum number of tags per prometheus metric that the Agent will save from a scraped target.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: <br>
-**Default**: `40`<br>
+**Description**: The amount of memory assigned to metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      maxTagsPerMetric: 20
+sysdig:
+  resources:
+    metadataService:
+      limits:
+        memory: 10Mi
 ```
 
-## **agent.prometheus.settings.histograms**
+## **sysdig.resources.metadataService.requests.cpu**
 **Required**: `false`<br>
-**Description**: Whether the Agent should scrape and report histogram metrics.<br>
-_**Note**: This setting is dependent on `agent.prometheus.enabled` being set to true._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of cpu required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
-agent:
-  prometheus:
-    settings:
-      histograms: 3000
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        cpu: 2
 ```
 
-## **agent.statsd.enabled**
+## **sysdig.resources.metadataService.requests.memory**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of statsd metrics or not.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of memory required to schedule metadataService pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
-agent:
-  statsd:
-    enabled: true
+sysdig:
+  resources:
+    metadataService:
+      requests:
+        memory: 200Mi
 ```
 
-## **agent.statsd.settings.limit**
+## **sysdig.metadataServiceReplicaCount**
 **Required**: `false`<br>
-**Description**: The maximum number of statsd metrics that will be reported to Sysdig Monitor.<br>
-**Options**: <br>
-**Default**: `100`<br>
+**Description**: Number of Sysdig metadataService replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
-agent:
-  statsd:
-    settings:
-      limit: 1000
+sysdig:
+  metadataServiceReplicaCount: 4
 ```
 
-## **agent.jmx.enabled**
+## **sysdig.metadataServiceVersion**
 **Required**: `false`<br>
-**Description**: Whether to enable ingestion of jvm metrics via jmx protocol or not. If enabled, the agent will discover java virtual machines and poll them for basic jvm metrics like heap and gc as well as a few application sepecific metrics.<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: Docker image tag of metadataService, relevant when `sysdig.metadataService.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 1.0.1.1<br>
 **Example**:
 
 ```yaml
-agent:
-  jmx:
-    enabled: true
+sysdig:
+  metadataServiceVersion: 1.0.1.12
 ```
 
-## **agent.jmx.settings.limit**
+## **sysdig.helmRenderer.enabled**
 **Required**: `false`<br>
-**Description**: The total number of JMX metrics polled per host.<br>
-**Options**: <br>
-**Default**: `3000`<br>
+**Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br>
+**Options**:`true|false`<br>
+**Default**: `false`<br>
 **Example**:
 
 ```yaml
-agent:
-  jmx:
-    settings:
-      limit: 1000
+sysdig:
+  helmRenderer:
+    enabled: true
 ```
 
-## **agent.ebpf.enabled**
+## **sysdig.resources.helmRenderer.limits.cpu**
 **Required**: `false`<br>
-**Description**: Enable eBPF support for Sysdig instead of sysdig-probe kernel module.<br>
-_**Note**: This should be enabled for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of cpu assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
 **Example**:
 
 ```yaml
-agent:
-  ebpf:
-    enabled: true
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        cpu: 2
 ```
 
-## **agent.ebpf.settings.mountEtcVolume**
+## **sysdig.resources.helmRenderer.limits.memory**
 **Required**: `false`<br>
-**Description**: Needed to detect which kernel version are running in Google COS.<br>
-_**Note**: This should be configured appropriately for GKE COS as the installation of sysdig-probe kernel is not allowed._<br>
-**Options**: `true|false`<br>
-**Default**: `true`<br>
+**Description**: The amount of memory assigned to helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+
 **Example**:
 
 ```yaml
-agent:
-  ebpf:
-    settings:
-      mountEtcVolume: 1000
+sysdig:
+  resources:
+    helmRenderer:
+      limits:
+        memory: 10Mi
 ```
 
-## **agent.appChecks.elasticsearch.authEnabled**
+## **sysdig.resources.helmRenderer.requests.cpu**
 **Required**: `false`<br>
-**Description**: Whether elasticsearch has auth enabled or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: The amount of cpu required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      authEnabled: true
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        cpu: 2
 ```
 
-## **agent.appChecks.elasticsearch.url**
+## **sysdig.resources.helmRenderer.requests.memory**
 **Required**: `false`<br>
-**Description**: Elasticsearch Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: The amount of memory required to schedule helmRenderer pods<br>
+**Options**:<br>
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      url: https://sysdigcloud-elasticsearch
+sysdig:
+  resources:
+    helmRenderer:
+      requests:
+        memory: 200Mi
 ```
 
-## **agent.appChecks.elasticsearch.port**
+## **sysdig.helmRendererReplicaCount**
 **Required**: `false`<br>
-**Description**: Elasticsearch Port.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Number of Sysdig helmRenderer replicas, this is a noop for clusters
+of `size` `small`.<br>
+**Options**:<br>
+**Default**:<br>
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 2     |
+| medium       | 6     |
+| large        | 10    |
+
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      port: 9200
+sysdig:
+  helmRendererReplicaCount: 4
 ```
 
-## **agent.appChecks.elasticsearch.username**
+## **sysdig.helmRendererVersion**
 **Required**: `false`<br>
-**Description**: Username to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Docker image tag of helmRenderer, relevant when `sysdig.helmRenderer.enabled` is `true`.<br>
+**Options**:<br>
+**Default**: 0.1.32<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      username: readonly
+sysdig:
+  helmRendererVersion: 0.1.32
 ```
 
-## **agent.appChecks.elasticsearch.password**
+## **sysdig.secure.activityAudit.enabled**
 **Required**: `false`<br>
-**Description**: Password to use for authentication to elasticsearch.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable activity audit for Sysdig secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      password: some_password
+sysdig:
+  secure:
+    activityAudit:
+      enabled: true
 ```
 
-## **agent.appChecks.elasticsearch.verifySSL**
+## **sysdig.secure.activityAudit.janitor.retentionDays**
 **Required**: `false`<br>
-**Description**: Whether to validate Elasticsearch SSL certificate or not.<br>
-_**Note**: This should be configured if `agent.appChecks.elasticsearch.authEnabled` is set to `true`._<br>
-**Options**: `true|false`<br>
-**Default**: <br>
+**Description**: Retention period for Activity Audit data.<br>
+**Options**:<br>
+**Default**: 90<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    elasticsearch:
-      verifySSL: false
+sysdig:
+  secure:
+    activityAudit:
+      janitor:
+        retentionDays: 90
 ```
 
-## **agent.appChecks.kafka.enabled**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable collection of metrics for kafka using JMX polling or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.anchore.enabled**
+**Required**: `false`<br>
+**Description**: Enable anchore for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
+sysdig:
+  secure:
+    anchore:
       enabled: true
 ```
 
-## **agent.appChecks.kafka.arg**
-**Required**: `false`<br>enabled
-**Description**: Process arguments to match for Kafka<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+## **sysdig.secure.compliance.enabled**
+**Required**: `false`<br>
+**Description**: Enable compliance for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      arg: Kafka.kafka
+sysdig:
+  secure:
+    compliance:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.url**
+## **sysdig.secure.netsec.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable netsec for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      url: localhost
+sysdig:
+  secure:
+    netsec:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.port**
+## **sysdig.secure.overview.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Enable overview for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      port: 9200
+sysdig:
+  secure:
+    overview:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.zk.url**
+## **sysdig.secure.padvisor.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Endpoint.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: <br>
-**Default**: <br>
+**Description**: Enable policy advisor for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:enabled
-  appChecks:
-    kafka:
-      zk:
-        url: localhost
+sysdig:
+  secure:
+    padvisor:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.zk.port**
+## **sysdig.secure.profiling.enabled**
 **Required**: `false`<br>
-**Description**: Kafka Zookeeper Port.<br>
-_**Note**: This should be configured if `agent.appChecks.kafka.enabled` is set to `true`._<br>
-**Options**: `1024-65535`<br>
-**Default**: <br>
+**Description**: Enable profiling for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      zk:
-        port: 2181
+sysdig:
+  secure:
+    profiling:
+      enabled: true
 ```
 
-## **agent.appChecks.kafka.enableConsumerOffsets**
-**Required**: `false`<br>enabled
-**Description**: Whether to store consumer group config info inside Kafka itself or not. Enabling this will provide better performance.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.scanning.reporting.enabled**
+**Required**: `false`<br>
+**Description**: Enable reporting for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableConsumerOffsets: true
+sysdig:
+  secure:
+    scanning:
+      reporting:
+        enabled: true
 ```
 
-## **agent.appChecks.kafka.enableAggregationPartitions**
-**Required**: `false`<br>enabled
-**Description**: Whether to enable aggregation of partitions at the topic level or not.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+## **sysdig.secure.scanning.enabled**
+**Required**: `false`<br>
+**Description**: Enable scanning for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    kafka:
-      enableAggregationPartitions: true
+sysdig:
+  secure:
+    scanning:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.enabled**
+## **sysdig.secure.events.enabled**
 **Required**: `false`<br>
-**Description**: Whether to enable mysql app check.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable events for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
+sysdig:
+  secure:
+    events:
       enabled: true
 ```
 
-## **agent.appChecks.mysql.hostname**
+## **sysdig.secure.eventsForwarder.enabled**
 **Required**: `false`<br>
-**Description**: Name of the mySQL host that the agent should connect to.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable events forwarder for Sysdig Secure.<br>
+**Options**:<br>
+**Default**: true<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      hostname: mysql-service-url
+sysdig:
+  secure:
+    eventsForwarder:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.user**
+## **sysdig.secure.falcoRulesUpdater.enabled**
 **Required**: `false`<br>
-**Description**: The username of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Enable the falcoRulesUpdater CronJob. It runs an automated update of the Falco rules. For airgap installs, it expects to find the image in the same registry used for all other services.<br>
+**Options**:<br>
+**Default**: false<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      user: mysql-user
+sysdig:
+  secure:
+    falcoRulesUpdater:
+      enabled: true
 ```
 
-## **agent.appChecks.mysql.password**
+## **sysdig.secure.falcoRulesUpdater.schedule**
 **Required**: `false`<br>
-**Description**: The password of the MySQL user that the agent will use in communicating with MySQL.<br>
-**Options**: `true|false`<br>
-**Default**: `false`<br>
+**Description**: Sets the `.spec.schedule` for the falcoRulesUpdater CronJob<br>
+**Options**:<br>
+**Default**: "0 1 * * *"<br>
 **Example**:
 
 ```yaml
-agent:
-  appChecks:
-    mysql:
-      password: mysql-password
+sysdig:
+  secure:
+    falcoRulesUpdater:
+      schedule: "*/10 * * * *"
 ```
 
-## **agent.resources.limits.cpu**
+## **sysdig.resources.rapid-response-connector.limits.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu assigned to agent pods.<br>
+**Description**: The amount of cpu assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3      |
-| medium       | 5      |
-| large        | 8      |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      cpu: 2
+    rapid-response-connector:
+      limits:
+        cpu: 1
 ```
 
-## **agent.resources.limits.memory**
+## **sysdig.resources.rapid-response-connector.limits.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory assigned to agent pods.<br>
+**Description**: The amount of memory assigned to rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 3Gi    |
-| medium       | 6Gi    |
-| large        | 10Gi   |
+| small        | 500Mi  |
+| medium       | 500Mi  |
+| large        | 500Mi  |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    limits:
-      memory: 2
+    rapid-response-connector:
+      limits:
+        memory: 500Mi
 ```
 
-## **agent.resources.requests.cpu**
+## **sysdig.resources.rapid-response-connector.requests.cpu**
 **Required**: `false`<br>
-**Description**:  The amount of cpu required to schedule agent pods.<br>
+**Description**: The amount of cpu required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1        |
-| medium       | 3        |
-| large        | 5        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      cpu: 2
+    rapid-response-connector:
+      requests:
+        cpu: 250m
 ```
 
-## **agent.resources.requests.memory**
+## **sysdig.resources.rapid-response-connector.requests.memory**
 **Required**: `false`<br>
-**Description**:  The amount of memory required to schedule agent pods.<br>
+**Description**: The amount of memory required to schedule rapid-response-connector pods<br>
 **Options**:<br>
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 3Gi      |
-| large        | 6Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
-agent:
+sysdig:
   resources:
-    requests:
-      memory: 2
+    rapid-response-connector:
+      requests:
+        memory: 50Mi
 ```
 
-## **agent.resources.watchdog.max_memory_usage_mb**
+## **sysdig.rapidResponseConnectorReplicaCount**
 **Required**: `false`<br>
-**Description**:  The max amount of memory the dragent process can take. Units for this value are Megabytes(mb)<br>
+**Description**: Number of Sysdig rapid-response-connector replicas.<br>
 **Options**:<br>
-**Default**:
+**Default**:<br>
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 1024     |
-| large        | 2048     |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 1     |
+| large        | 1     |
 
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      max_memory_usage_mb: 1024
+sysdig:
+  rapidResponseConnectorReplicaCount: 1
 ```
 
-## **agent.resources.watchdog.cointerface**
+## **sysdig.secure.rapidResponse.enabled**
 **Required**: `false`<br>
-**Description**:  The max amount of memory cointerface is allowed to consume. Units for this value are Megabytes(mb). Cointerface is responsible for fetching k8s events from api server and also builds the relationship graph for all k8s objects. This can take up a lot of memory during startup and in large clusters.<br>
+**Description**: Whether to deploy rapid response or not.<br>
 **Options**:<br>
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 512      |
-| medium       | 2048     |
-| large        | 4096     |
-
+**Default**: false<br>
 **Example**:
 
 ```yaml
-agent:
-  resources:
-    watchdog:
-      cointerface: 1024
+sysdig:
+  secure:
+    rapidResponse:
+      enabled: false
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **sysdig.secure.rapidResponse.validationCodeLength**
 **Required**: `false`<br>
-**Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br>
+**Description**: Length of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: ""<br>
+**Default**: 6<br>
 **Example**:
 
 ```yaml
 sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+  secure:
+    rapidResponse:
+      validationCodeLength: 8
 ```
 
-## **sysdig.scanningAnalysiscollectorConcurrentUploads**
+## **sysdig.secure.rapidResponse.validationCodeSecondsDuration**
 **Required**: `false`<br>
-**Description**: Number of concurrent uploads for Scanning Analysis Collector<br>
+**Description**: Duration in seconds of mfa validation code sent via e-mail.<br>
 **Options**:<br>
-**Default**: "5"<br>
+**Default**: 180<br>
 **Example**:
 
 ```yaml
 sysdig:
-  scanningAnalysiscollectorConcurrentUploads: 5
+  secure:
+    rapidResponse:
+      validationCodeSecondsDuration: 8
 ```
 
-## **sysdig.secure.scanning.veJanitor.cronjob**
+## **sysdig.secure.rapidResponse.sessionTotalSecondsTTL**
 **Required**: `false`<br>
-**Description**: Cronjob schedule<br>
+**Description**: Global duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "0 0 * * *"<br>
+**Default**: 7200<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      cronjob: "5 0 * * *"
+    rapidResponse:
+      sessionTotalSecondsTTL: 7200
 ```
 
-## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
+
+## **sysdig.secure.rapidResponse.sessionIdleSecondsTTL**
 **Required**: `false`<br>
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br>
+**Description**: Idle duration of session in seconds.<br>
 **Options**:<br>
-**Default**: "disable"<br>
+**Default**: 300<br>
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      anchoreDBsslmode: "disable"
+    rapidResponse:
+      sessionIdleSecondsTTL: 300
 ```
 
-## **sysdig.secure.scanning.veJanitor.scanningDbEngine**
+
+## **sysdig.secure.scanning.feedsEnabled**
 **Required**: `false`<br>
-**Description**: which scanning database engine to use. <br>
-**Options**: mysql<br>
-**Default**: "mysql"<br>
-**Example**:
+**Description**: Deploys a local Sysdig Secure feeds API and DB for airgapped installs that cannot reach out to one of Sysdig SaaS products<br>
+**Options**: `true|false`<br>
+**Default**: `false`<br>
 
+**Example**:
 ```yaml
 sysdig:
   secure:
-    veJanitor:
-      scanningDbEngine: "mysql"
+    scanning:
+      feedsEnabled: true
+```
+
+## **sysdig.feedsAPIVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds API version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsAPIVersion: 0.5.0
+```
+
+## **sysdig.feedsDBVersion**
+**Required**: `false`<br>
+**Description**: Sets feeds database version<br>
+**Options**:<br>
+**Default**: `latest`<br>
+
+**Example**:
+```yaml
+sysdig:
+  feedsDBVersion: 0.5.0-2020-03-11
 ```
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..41c0b5a2 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,4 +21,3 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
-  ingressClassName: haproxy

From d9ccc5ce71a17f5197998dfaff3d294f724b5e10 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 15 Sep 2023 23:15:11 +0000
Subject: [PATCH 131/156] updating installer docs

---
 installer/README.md                           |  83 ++---
 installer/docs/01-command_line_arguments.md   |  59 +++-
 installer/docs/02-configuration_parameters.md | 313 +++++++++++++++++-
 installer/docs/04-advanced_configuration.md   |  38 ++-
 installer/values.yaml                         |   1 +
 5 files changed, 425 insertions(+), 69 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..cd47ed96 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,8 +1,9 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
+
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
-Agent), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -40,29 +41,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -82,17 +83,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -123,29 +124,6 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -216,29 +194,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -250,17 +228,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -296,12 +274,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/configuration_parameters.md)
+[configuration_parameters.md](docs/02-configuration_parameters.md)
 
 # Permissions
 
@@ -330,7 +308,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/advanced.md)
+For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
 
 # Example values.yaml
 
@@ -349,4 +327,3 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 2e50d8aa..ab9a4eaf 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -189,4 +189,61 @@ quay.io/sysdig/secure-todo-janitor:6.0.0.12431
 quay.io/sysdig/sysdig-alert-manager:6.0.0.12431
 quay.io/sysdig/redis-exporter-1:1.0.9
 quay.io/sysdig/ui-inspect-nginx:6.0.0.12431
-```
\ No newline at end of file
+```
+
+## Command: `diff`
+
+Will perform a diff between the platform objects in a running k8s cluster, and the generated manifests based on some values.
+
+`--write-diff`
+
+- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout. 
+
+`--out-diff-dir`
+
+- Allows you to specify a custom path for the diff files being written on the filesystem. Will be used only if also `--write-diff` is provided. If not set will use a temporary directory.
+
+`--cleanup`
+
+- If set, will attempt to automatically delete any generated diff files on the filesystem if the directory used to store the diff files already exists. Requires both `--write-diff` and `--out-diff-dir` to be set.
+
+`--secure`
+
+- applies some filters to the produced diff in order to avoid printing sensitive informations. This is useful if you need to share diffs to user who shouldn't have access to credentials.
+
+`--summary`
+
+- Only prints a summary of the diff errors.
+
+Diff command also has options inherited from the generate command options. See **generate** command section.
+
+## Command: `generate`
+
+`--manifest-directory`
+
+- Set the location where the installer will write the genearted manifests.
+
+`--skip-generate`
+
+- Skips generating Kubernetes manifests and attempts to diff whatever is in the manifests directory. Manifest directory can be specified using `--manifest-directory <dir>` flag.
+
+`--skip-import`
+
+- Skips the import phase, which would try to import values from a running cluster.
+
+`--skip-validation`
+
+- Skips validation checks.
+
+`--ignore-kubeconfig-errors`
+
+- This will ignore all errors from trying to parse kubeconfig file.
+
+`--preserve-templates`
+
+- Preserve directory installer templates are extracted to, this should only be used for debugging purposes
+
+`--k8s-server-version`
+
+- Sets the `kubernetesServerVersion` within values.
+
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index df37b437..9c6d835c 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -1672,12 +1672,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br />
 **Options**:<br />
-**Default**: 0.9.0.1<br />
+**Default**: 0.1.5<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.9.0.1
+  natsExporterVersion: 0.1.5
 ```
 
 ## **sysdig.natsStreamingVersion**
@@ -1706,6 +1706,45 @@ sysdig:
   natsStreamingInitVersion: 0.22.0.7
 ```
 
+## **sysdig.natsServerVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS.<br />
+**Options**:<br />
+**Default**: 0.1.11<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.1.11
+```
+
+## **sysdig.natsReloaderVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS Reloader.<br />
+**Options**:<br />
+**Default**: 0.1.4<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.1.4
+```
+
+## **sysdig.natsBoxVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS Box.<br />
+**Options**:<br />
+**Default**: 0.0.13<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.0.13
+```
+
 ## **sysdig.nats.enabled**
 
 **Required**: `false`<br />
@@ -6716,6 +6755,245 @@ sysdig:
         memory: 1Gi
 ```
 
+## **sysdig.natsJs.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable nats js deploy<br />
+**Options**: true|false<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    enabled: true
+```
+
+## **sysdig.natsJs.nats.fullnameOverride**
+
+**Required**: `false`<br />
+**Description**: the name of the nats js deployment<br />
+**Options**:<br />
+**Default**: nats
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      fullnameOverride: nats
+```
+
+## **sysdig.natsJs.nats.natsbox.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable nats js box deploy<br />
+**Options**: true|false<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      natsbox:
+        enabled: true
+```
+
+## **sysdig.natsJs.natsTLSGenerator.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable the use of cert manager. Creates Issuer and Certficate resources<br />
+**Options**:<br />
+**Options**: true|false<br />
+**Default**: false
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    natsTLSGenerator: true
+```
+
+## **sysdig.natsJs.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: This feature ensures that there are multiple replicas of your NATS JetStream server running at any given time, providing data redundancy and mitigating the risk of server failure. It accomplishes this by utilizing cluster mode, where data is distributed across multiple nodes.
+
+If you disable High Availability, the number of JetStream replicas will be set to 1. In this scenario, there is no data redundancy since there is only a single instance of the server. Therefore, any issues with this single instance could lead to data loss or service disruption. Also, the cluster mode of NATS will be disabled, meaning that your data will no be distributed across multiple nodes, potentially leading to increased risk of data loss and less efficient use of resources.
+
+It is recommended to keep High Availability enabled for production use of NATS JetStream
+<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    ha:
+      enabled: false
+```
+
+## **sysdig.natsJs.nats.tolerations**
+
+**Required**: `false`<br />
+**Description**: If set add tolerations to NatsJs statefulset<br />
+**Options**: <br />
+**Default**: `[]`<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      tolerations:
+        key: dedicated
+        operator: Equal
+        value: cassandra
+        effect: NoSchedule
+```
+
+## **sysdig.natsJs.nats.affinity**
+
+**Required**: `false`<br />
+**Description**: If set add affinity to NatsJs statefulset<br />
+**Options**: <br />
+**Default**: ``<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: name
+                operator: In
+                values:
+                - blue
+```
+
+## **sysdig.resources.natsJs.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 3      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.natsJs.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.natsJs.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 1        |
+| large        | 2        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.natsJs.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 3Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.natsJs.nats.nats.gomemlimit**
+
+**Required**: `false`<br />
+**Description**: The amount of memory dedicated to go. Configure it to the 90% of memory limit<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 900MiB   |
+| medium       | 1800MiB  |
+| large        | 2600MiB  |
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      nats:
+        gomemlimit: 900MiB
+```
+
 ## **sysdig.resources.nats-streaming.limits.cpu**
 
 **Required**: `false`<br />
@@ -8987,11 +9265,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
@@ -9003,10 +9278,7 @@ sysdig:
 ## **sysdig.metadataService.operatorEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to enable metadata-service-operator or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
+**Description**: Whether to enable metadata-service-operator or not, this controls the HA capabilities of the Metadata Service but it requires several k8s permissions in the cluster.
 **Options**:`true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -9202,11 +9474,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
@@ -13922,3 +14191,19 @@ sysdig:
     scanningv2:
       customCerts: true
 ```
+
+## **sysdig.secure.scanningv2.airgappedFeeds**
+
+**Required**: `false`<br />
+**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      airgappedFeeds: true
+```
\ No newline at end of file
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 30bb4ec0..93e8012c 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -129,7 +129,43 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ## Airgapped installations
 
-### Updating the feeds database in airgapped environments
+### Updating the feeds database in airgapped environments [ScanningV2]
+
+This is a script that can be used to automatically update the vulnerability feeds used by the ScanningV2 engine.
+
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Calculate the tag of the last version.
+epoch=`date +%s`
+IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG}
+# Save image
+docker image save quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG} -o airgap-vuln-feeds-latest.tar
+# Optionally move image
+mv airgap-vuln-feeds-latest.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/airgap-vuln-feeds-latest.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag airgap-vuln-feeds:${IMAGE_TAG} airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+ssh -t user@airgapped-host "docker image push airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+
+# Update the image
+ssh -t user@airgapped-host "kubectl -n sysdigcloud set image deploy/sysdigcloud-scanningv2-airgap-vuln-feeds airgap-vuln-feeds=airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+```
+
+The above script could be scheduled using a cron job that run every day like
+
+```bash
+0 8 * * * airgap-vuln-feeds-image-update.sh >/dev/null 2>&1
+```
+
+### Updating the feeds database in airgapped environments [Legacy Scanning]
 
 This is a procedure that can be used to automatically update the feeds database:
 
diff --git a/installer/values.yaml b/installer/values.yaml
index 41c0b5a2..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,3 +21,4 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
+  ingressClassName: haproxy

From 3a71852090eacf14158f2d87c1460a3a90575acf Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 30 Oct 2023 22:36:49 +0000
Subject: [PATCH 132/156] updating installer docs

---
 installer/docs/01-command_line_arguments.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index ab9a4eaf..946a52e1 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -217,6 +217,11 @@ Will perform a diff between the platform objects in a running k8s cluster, and t
 
 Diff command also has options inherited from the generate command options. See **generate** command section.
 
+### Sub-Command: secure-diff [DEPRECATED]
+
+Performs a diff not showing sensitive information.
+This subcommand is DEPRECATED and will be removed starting from version 6.7.0, you can have the same effect with the diff command and the flag `--secure`.
+
 ## Command: `generate`
 
 `--manifest-directory`

From 724b33fb11a3d1342596b60af91e7d44d28af6f5 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 31 Oct 2023 11:36:15 +0000
Subject: [PATCH 133/156] updating installer docs

---
 installer/README.md   | 83 +++++++++++++++++++++++++++----------------
 installer/values.yaml |  1 -
 2 files changed, 53 insertions(+), 31 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cd47ed96..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,9 +1,8 @@
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
-
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
+Agent), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -41,29 +40,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -83,17 +82,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -124,6 +123,29 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -194,29 +216,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -228,17 +250,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -274,12 +296,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/02-configuration_parameters.md)
+[configuration_parameters.md](docs/configuration_parameters.md)
 
 # Permissions
 
@@ -308,7 +330,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
+For advanced configuration option see [advanced.md](docs/advanced.md)
 
 # Example values.yaml
 
@@ -327,3 +349,4 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..41c0b5a2 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,4 +21,3 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
-  ingressClassName: haproxy

From 14179f76b1711f01d6b09f92fd6ef74689bdfe5a Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 7 Nov 2023 15:25:40 +0000
Subject: [PATCH 134/156] updating installer docs

---
 installer/README.md                           | 83 +++++++------------
 installer/docs/01-command_line_arguments.md   |  9 +-
 installer/docs/02-configuration_parameters.md |  3 +-
 installer/values.yaml                         |  1 +
 4 files changed, 39 insertions(+), 57 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..cd47ed96 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,8 +1,9 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
+
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
-Agent), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -40,29 +41,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -82,17 +83,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -123,29 +124,6 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -216,29 +194,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -250,17 +228,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -296,12 +274,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/configuration_parameters.md)
+[configuration_parameters.md](docs/02-configuration_parameters.md)
 
 # Permissions
 
@@ -330,7 +308,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/advanced.md)
+For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
 
 # Example values.yaml
 
@@ -349,4 +327,3 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 946a52e1..185ec1bc 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -70,10 +70,16 @@ actual name of the STS in the cluster differs
 
 - Same as above for `cassandra`
 
+`--use-import-v2`
+
+- This flag will use the new import logic, which will import the values from the cluster and then generate the manifests based on the imported values. Defaults to `false`, which means the old import logic will be used, unless the `--use-import-v2` flag is provided. Import V2 is supported starting from version 6.6.0, and is expected to become the default in the future.
+
 ## Command: `update-license`
 
 Added November 2022, this is a new command.
 
+** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
+
 This command performs the minimal changes and restarts to apply a new license.
 Based on [this page](https://docs.sysdig.com/en/docs/administration/on-premises-deployments/upgrade-an-on-premises-license/)
 
@@ -197,7 +203,7 @@ Will perform a diff between the platform objects in a running k8s cluster, and t
 
 `--write-diff`
 
-- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout. 
+- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout.
 
 `--out-diff-dir`
 
@@ -251,4 +257,3 @@ This subcommand is DEPRECATED and will be removed starting from version 6.7.0, y
 `--k8s-server-version`
 
 - Sets the `kubernetesServerVersion` within values.
-
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 9c6d835c..9a4aa920 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -13949,7 +13949,6 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
-NOTE: Vulnerability Engine V2 is not yet supported for airgapped installation.<br />
 **Options**:<br />
 **Default**: true<br />
 **Example**:
@@ -14206,4 +14205,4 @@ sysdig:
   secure:
     scanningv2:
       airgappedFeeds: true
-```
\ No newline at end of file
+```
diff --git a/installer/values.yaml b/installer/values.yaml
index 41c0b5a2..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,3 +21,4 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
+  ingressClassName: haproxy

From f32fdff4cc789131b7b05a6f8005aa4d81085357 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 12 Dec 2023 21:14:29 +0000
Subject: [PATCH 135/156] updating installer docs

---
 installer/docs/01-command_line_arguments.md   |  21 ++-
 installer/docs/02-configuration_parameters.md | 155 ++++++++++++++++--
 2 files changed, 158 insertions(+), 18 deletions(-)

diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 185ec1bc..cacf8877 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -5,7 +5,7 @@
 
 # Command line arguments explained
 
-<br />
+<br/>
 
 ## Command: `deploy`
 
@@ -28,7 +28,7 @@
 
 - The user must provide SAs with the exact same name expected:
 
-```
+```text
 sysdig-serviceaccount.yaml:  name: sysdig
 sysdig-serviceaccount.yaml:  name: node-labels-to-files
 sysdig-serviceaccount.yaml:  name: sysdig-with-root
@@ -41,7 +41,7 @@ sysdig-serviceaccount.yaml:  name: sysdig-cassandra
   Another implication is that if SA(s) are missing, the user will have to `describe`
   the STS because Pods will not start at all:
 
-```
+```text
 Events:
   Type     Reason            Age                   From                    Message
   ----     ------            ----                  ----                    -------
@@ -111,7 +111,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Example
 
-```
+```log
 ./installer/out/installer-darwin-amd64 image-list
 I1118 18:48:44.643520   97065 main.go:64] Installer version
 I1118 18:48:44.646391   97065 values.go:122] using namespace sysdig from values.yaml
@@ -257,3 +257,16 @@ This subcommand is DEPRECATED and will be removed starting from version 6.7.0, y
 `--k8s-server-version`
 
 - Sets the `kubernetesServerVersion` within values.
+
+## Command: `list-resources`
+
+Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
+This command expects to have a `generated` folder. If one doesn't exist, it can be created within the scope of this command, using the `--generate-manifests` flag.
+
+`--generate-manifests`
+
+- Generate Kubernetes manifests before generating the list of resources. Defaults to `false`.
+
+`--node-count`
+
+- Number of nodes in the target cluster. This impacts the resource calculation, because DaemonSets get deployed on every (tolerated) node in the cluster. Defaults to `1`.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 9a4aa920..db21a73d 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -580,7 +580,23 @@ only when `storageClassProvisioner` is `hostPath`.<br />
 
 ```yaml
 hostPathCustomPaths:
-  postgresql: `/sysdig/stan`
+  nats: `/sysdig/stan`
+```
+
+## **hostPathCustomPaths.natsJs**
+
+**Required**: `false`<br />
+**Description**: The directory to bind mount nats js pod's
+`/var/lib/natsjs` to on the host. This parameter is relevant
+only when `storageClassProvisioner` is `hostPath`.<br />
+**Options**: <br />
+**Default**: `/var/lib/natsjs`<br />
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  natsJs: `/sysdig/natsjs`
+```
 
 ## **nodeaffinityLabel.key**
 
@@ -669,7 +685,7 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 100Gi<br />
+**Default**: 150Gi<br />
 **Example**:
 
 ```yaml
@@ -774,6 +790,22 @@ pvStorageSize:
     nats: 10Gi
 ```
 
+## **pvStorageSize.large.natsJs**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    natsJs: 50Gi
+```
+
 ## **pvStorageSize.medium.nats**
 
 **Required**: `false`<br />
@@ -781,13 +813,29 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    nats: 50Gi
+```
+
+## **pvStorageSize.medium.natsJs**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
 **Default**: 10Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   medium:
-    nats: 10Gi
+    natsJs: 10Gi
 ```
 
 ## **pvStorageSize.small.nats**
@@ -806,6 +854,22 @@ pvStorageSize:
     nats: 10Gi
 ```
 
+## **pvStorageSize.small.natsJs**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    natsJs: 50Gi
+```
+
 ## **sysdig.anchoreVersion**
 
 **Required**: `false`<br />
@@ -945,6 +1009,7 @@ sysdig:
 sysdig:
   cassandraExporterVersion: latest
 ```
+
 ## **sysdig.cassandra.snitch.extractCMD**
 
 **Required**: `false`<br />
@@ -1356,6 +1421,22 @@ sysdig:
   haproxyVersion: v0.7-beta.7.1
 ```
 
+---
+
+## **sysdig.skipIngressGeneration**
+
+**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
+**Required**: `false`</br>
+**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  skipIngressGeneration: true
+```
+
 ## **sysdig.ingressNetworking**
 
 **Required**: `false`<br />
@@ -1380,7 +1461,6 @@ sysdig:
   ingressNetworking: loadbalancer
 ```
 
-
 ## **sysdig.ingressClassName**
 
 **Required**: `false`<br />
@@ -1396,7 +1476,6 @@ sysdig:
   ingressClassName: haproxy
 ```
 
-
 ## **sysdig.ingressNetworkingInsecureApiNodePort**
 
 **Required**: `false`<br />
@@ -1457,6 +1536,19 @@ sysdig:
   ingressNetworkingCollectorNodePort: 30002
 ```
 
+## **haproxyIngress.watchAllNamespaces**
+
+**Required**: `false`<br />
+**Description**: When the 'watchAllNamespaces' setting is enabled, the HaProxy Ingress controller oversees Ingress resources throughout all namespaces within the cluster. By default, this setting is disabled, restricting monitoring to the namespace specifically configured for sysdig deployment. <br />
+**Options**: `true|false`<br />
+**Default**: `false` <br />
+**Example**:
+
+```yaml
+haproxyIngress:
+  watchAllNamespaces: true
+```
+
 ## **sysdig.license**
 
 **Required**: `true`<br />
@@ -3130,8 +3222,8 @@ sysdig:
   redis6ExporterVersion: 1.0.9
 ```
 
-
 ## **sysdig.redis6ImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis 6, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3145,6 +3237,7 @@ sysdig:
 ```
 
 ## **sysdig.redis6SentinelImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3158,6 +3251,7 @@ sysdig:
 ```
 
 ## **sysdig.redis6ExporterImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Metrics Exporter, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3195,7 +3289,9 @@ sysdig:
 redisTls:
   enabled: true
 ```
+
 ## **redisTls.deploy**
+
 **Required**: `false`<br />
 **Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
 **Options**: true|false<br />
@@ -3232,7 +3328,9 @@ redisTls:
 redisTls:
   ha: true
 ```
+
 ## **redisTls.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3244,6 +3342,7 @@ redisTls:
 redisTls:
   imageName: redis-6
 ```
+
 ## **redisTls.version**
 
 **Required**: `false`<br />
@@ -3259,6 +3358,7 @@ redisTls:
 ```
 
 ## **redisTls.sentinel.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3271,6 +3371,7 @@ redisTls:
   sentinel:
     imageName: redis-sentinel-6
 ```
+
 ## **redisTls.sentinel.version**
 
 **Required**: `false`<br />
@@ -3287,6 +3388,7 @@ redisTls:
 ```
 
 ## **redisTls.exporter.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3299,7 +3401,9 @@ redisTls:
   exporter:
     imageName: redis-exporter-1
 ```
+
 ## **redisTls.exporter.version**
+
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3312,6 +3416,7 @@ redisTls:
   exporter:
     version: 1.0.9
 ```
+
 ## **redisClientsMonitor**
 
 **Required**: `false`<br />
@@ -3342,7 +3447,6 @@ A Monitor service can have multiple [component connection](https://docs.google.c
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
 
-
 If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
 
 ```yaml
@@ -6342,6 +6446,7 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
+
 **Required**: `true`<br />
 **Description**: The flag to enable on-demand generation of reports globally<br />
 **Options**: false, true<br />
@@ -6357,6 +6462,7 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
+
 **Required**: `false`<br />
 **Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
 **Options**: <br />
@@ -6837,6 +6943,24 @@ sysdig:
       enabled: false
 ```
 
+## **sysdig.natsJs.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats js hostPath persistent volumes should be created on. The number of nodes must be 3. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
 ## **sysdig.natsJs.nats.tolerations**
 
 **Required**: `false`<br />
@@ -8316,8 +8440,8 @@ sysdig:
 **Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+[nodeaffinityLabel.key](#nodeaffinitylabelkey) and
+[nodeaffinityLabel.value](#nodeaffinitylabelvalue) to ensure only Sysdig
 Platform pods run on particular nodes<br />
 **Options**:<br />
 **Default**:<br />
@@ -9234,7 +9358,7 @@ sysdig:
 ## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 
 **Required**: `false`<br />
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br />
+**Description**: Anchore db ssl mode. More info: <https://www.postgresql.org/docs/9.1/libpq-ssl.html><br />
 **Options**:<br />
 **Default**: "disable"<br />
 **Example**:
@@ -10135,6 +10259,7 @@ sysdig:
 ```
 
 ## **networkPolicies**
+
 Please check the [dedicated page](05-networkPolicies.md)
 
 ## **pvStorageSize.small.kafka**
@@ -10144,7 +10269,7 @@ Please check the [dedicated page](05-networkPolicies.md)
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 20Gi<br />
+**Default**: 50Gi<br />
 **Example**:
 
 ```yaml
@@ -10234,6 +10359,7 @@ pvStorageSize:
 ```
 
 ## **sysdig.meerkat.enabled**
+
 **Required**: `false`<br />
 **Description**: Enables Meerkat. Meerkat represents collections of components that make up Sysdig's new, more computationally efficient, metrics store.<br />
 **Options**: `true|false`<br />
@@ -10649,7 +10775,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator Worker JVM.<br />
 **Options**:<br />
-**Default**: ` `
+**Default**: ``
 
 **Example**:
 
@@ -11704,6 +11830,7 @@ sysdig:
 ```
 
 ## **sysdig.prometheus.enabled**
+
 **Required**: `false`<br />
 **Description**: Enables Prometheus services.<br />
 **Options**: `true|false`<br />
@@ -13963,7 +14090,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
 **Example**:
 
@@ -13995,7 +14122,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
 **Example**:
 

From 0aede39decdbf803cd9458f796e454fd332b2882 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 14 Dec 2023 16:25:18 +0000
Subject: [PATCH 136/156] updating installer docs

---
 installer/docs/01-command_line_arguments.md   |  90 +---
 installer/docs/02-configuration_parameters.md | 469 ++----------------
 installer/docs/04-advanced_configuration.md   |  38 +-
 3 files changed, 35 insertions(+), 562 deletions(-)

diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index cacf8877..2e50d8aa 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -5,7 +5,7 @@
 
 # Command line arguments explained
 
-<br/>
+<br />
 
 ## Command: `deploy`
 
@@ -28,7 +28,7 @@
 
 - The user must provide SAs with the exact same name expected:
 
-```text
+```
 sysdig-serviceaccount.yaml:  name: sysdig
 sysdig-serviceaccount.yaml:  name: node-labels-to-files
 sysdig-serviceaccount.yaml:  name: sysdig-with-root
@@ -41,7 +41,7 @@ sysdig-serviceaccount.yaml:  name: sysdig-cassandra
   Another implication is that if SA(s) are missing, the user will have to `describe`
   the STS because Pods will not start at all:
 
-```text
+```
 Events:
   Type     Reason            Age                   From                    Message
   ----     ------            ----                  ----                    -------
@@ -70,16 +70,10 @@ actual name of the STS in the cluster differs
 
 - Same as above for `cassandra`
 
-`--use-import-v2`
-
-- This flag will use the new import logic, which will import the values from the cluster and then generate the manifests based on the imported values. Defaults to `false`, which means the old import logic will be used, unless the `--use-import-v2` flag is provided. Import V2 is supported starting from version 6.6.0, and is expected to become the default in the future.
-
 ## Command: `update-license`
 
 Added November 2022, this is a new command.
 
-** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
-
 This command performs the minimal changes and restarts to apply a new license.
 Based on [this page](https://docs.sysdig.com/en/docs/administration/on-premises-deployments/upgrade-an-on-premises-license/)
 
@@ -111,7 +105,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Example
 
-```log
+```
 ./installer/out/installer-darwin-amd64 image-list
 I1118 18:48:44.643520   97065 main.go:64] Installer version
 I1118 18:48:44.646391   97065 values.go:122] using namespace sysdig from values.yaml
@@ -195,78 +189,4 @@ quay.io/sysdig/secure-todo-janitor:6.0.0.12431
 quay.io/sysdig/sysdig-alert-manager:6.0.0.12431
 quay.io/sysdig/redis-exporter-1:1.0.9
 quay.io/sysdig/ui-inspect-nginx:6.0.0.12431
-```
-
-## Command: `diff`
-
-Will perform a diff between the platform objects in a running k8s cluster, and the generated manifests based on some values.
-
-`--write-diff`
-
-- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout.
-
-`--out-diff-dir`
-
-- Allows you to specify a custom path for the diff files being written on the filesystem. Will be used only if also `--write-diff` is provided. If not set will use a temporary directory.
-
-`--cleanup`
-
-- If set, will attempt to automatically delete any generated diff files on the filesystem if the directory used to store the diff files already exists. Requires both `--write-diff` and `--out-diff-dir` to be set.
-
-`--secure`
-
-- applies some filters to the produced diff in order to avoid printing sensitive informations. This is useful if you need to share diffs to user who shouldn't have access to credentials.
-
-`--summary`
-
-- Only prints a summary of the diff errors.
-
-Diff command also has options inherited from the generate command options. See **generate** command section.
-
-### Sub-Command: secure-diff [DEPRECATED]
-
-Performs a diff not showing sensitive information.
-This subcommand is DEPRECATED and will be removed starting from version 6.7.0, you can have the same effect with the diff command and the flag `--secure`.
-
-## Command: `generate`
-
-`--manifest-directory`
-
-- Set the location where the installer will write the genearted manifests.
-
-`--skip-generate`
-
-- Skips generating Kubernetes manifests and attempts to diff whatever is in the manifests directory. Manifest directory can be specified using `--manifest-directory <dir>` flag.
-
-`--skip-import`
-
-- Skips the import phase, which would try to import values from a running cluster.
-
-`--skip-validation`
-
-- Skips validation checks.
-
-`--ignore-kubeconfig-errors`
-
-- This will ignore all errors from trying to parse kubeconfig file.
-
-`--preserve-templates`
-
-- Preserve directory installer templates are extracted to, this should only be used for debugging purposes
-
-`--k8s-server-version`
-
-- Sets the `kubernetesServerVersion` within values.
-
-## Command: `list-resources`
-
-Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
-This command expects to have a `generated` folder. If one doesn't exist, it can be created within the scope of this command, using the `--generate-manifests` flag.
-
-`--generate-manifests`
-
-- Generate Kubernetes manifests before generating the list of resources. Defaults to `false`.
-
-`--node-count`
-
-- Number of nodes in the target cluster. This impacts the resource calculation, because DaemonSets get deployed on every (tolerated) node in the cluster. Defaults to `1`.
+```
\ No newline at end of file
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index db21a73d..df37b437 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -580,23 +580,7 @@ only when `storageClassProvisioner` is `hostPath`.<br />
 
 ```yaml
 hostPathCustomPaths:
-  nats: `/sysdig/stan`
-```
-
-## **hostPathCustomPaths.natsJs**
-
-**Required**: `false`<br />
-**Description**: The directory to bind mount nats js pod's
-`/var/lib/natsjs` to on the host. This parameter is relevant
-only when `storageClassProvisioner` is `hostPath`.<br />
-**Options**: <br />
-**Default**: `/var/lib/natsjs`<br />
-**Example**:
-
-```yaml
-hostPathCustomPaths:
-  natsJs: `/sysdig/natsjs`
-```
+  postgresql: `/sysdig/stan`
 
 ## **nodeaffinityLabel.key**
 
@@ -685,7 +669,7 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 150Gi<br />
+**Default**: 100Gi<br />
 **Example**:
 
 ```yaml
@@ -790,22 +774,6 @@ pvStorageSize:
     nats: 10Gi
 ```
 
-## **pvStorageSize.large.natsJs**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 50Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    natsJs: 50Gi
-```
-
 ## **pvStorageSize.medium.nats**
 
 **Required**: `false`<br />
@@ -813,29 +781,13 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 50Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  medium:
-    nats: 50Gi
-```
-
-## **pvStorageSize.medium.natsJs**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
 **Default**: 10Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   medium:
-    natsJs: 10Gi
+    nats: 10Gi
 ```
 
 ## **pvStorageSize.small.nats**
@@ -854,22 +806,6 @@ pvStorageSize:
     nats: 10Gi
 ```
 
-## **pvStorageSize.small.natsJs**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 50Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  small:
-    natsJs: 50Gi
-```
-
 ## **sysdig.anchoreVersion**
 
 **Required**: `false`<br />
@@ -1009,7 +945,6 @@ sysdig:
 sysdig:
   cassandraExporterVersion: latest
 ```
-
 ## **sysdig.cassandra.snitch.extractCMD**
 
 **Required**: `false`<br />
@@ -1421,22 +1356,6 @@ sysdig:
   haproxyVersion: v0.7-beta.7.1
 ```
 
----
-
-## **sysdig.skipIngressGeneration**
-
-**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
-**Required**: `false`</br>
-**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
-**Example**:
-
-```yaml
-sysdig:
-  skipIngressGeneration: true
-```
-
 ## **sysdig.ingressNetworking**
 
 **Required**: `false`<br />
@@ -1461,6 +1380,7 @@ sysdig:
   ingressNetworking: loadbalancer
 ```
 
+
 ## **sysdig.ingressClassName**
 
 **Required**: `false`<br />
@@ -1476,6 +1396,7 @@ sysdig:
   ingressClassName: haproxy
 ```
 
+
 ## **sysdig.ingressNetworkingInsecureApiNodePort**
 
 **Required**: `false`<br />
@@ -1536,19 +1457,6 @@ sysdig:
   ingressNetworkingCollectorNodePort: 30002
 ```
 
-## **haproxyIngress.watchAllNamespaces**
-
-**Required**: `false`<br />
-**Description**: When the 'watchAllNamespaces' setting is enabled, the HaProxy Ingress controller oversees Ingress resources throughout all namespaces within the cluster. By default, this setting is disabled, restricting monitoring to the namespace specifically configured for sysdig deployment. <br />
-**Options**: `true|false`<br />
-**Default**: `false` <br />
-**Example**:
-
-```yaml
-haproxyIngress:
-  watchAllNamespaces: true
-```
-
 ## **sysdig.license**
 
 **Required**: `true`<br />
@@ -1764,12 +1672,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br />
 **Options**:<br />
-**Default**: 0.1.5<br />
+**Default**: 0.9.0.1<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.1.5
+  natsExporterVersion: 0.9.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
@@ -1798,45 +1706,6 @@ sysdig:
   natsStreamingInitVersion: 0.22.0.7
 ```
 
-## **sysdig.natsServerVersion**
-
-**Required**: `false`<br />
-**Description**: Docker image tag of NATS.<br />
-**Options**:<br />
-**Default**: 0.1.11<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsExporterVersion: 0.1.11
-```
-
-## **sysdig.natsReloaderVersion**
-
-**Required**: `false`<br />
-**Description**: Docker image tag of NATS Reloader.<br />
-**Options**:<br />
-**Default**: 0.1.4<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsExporterVersion: 0.1.4
-```
-
-## **sysdig.natsBoxVersion**
-
-**Required**: `false`<br />
-**Description**: Docker image tag of NATS Box.<br />
-**Options**:<br />
-**Default**: 0.0.13<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsExporterVersion: 0.0.13
-```
-
 ## **sysdig.nats.enabled**
 
 **Required**: `false`<br />
@@ -3222,8 +3091,8 @@ sysdig:
   redis6ExporterVersion: 1.0.9
 ```
 
-## **sysdig.redis6ImageName**
 
+## **sysdig.redis6ImageName**
 **Required**: `false`<br />
 **Description**: Docker image name of Redis 6, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3237,7 +3106,6 @@ sysdig:
 ```
 
 ## **sysdig.redis6SentinelImageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3251,7 +3119,6 @@ sysdig:
 ```
 
 ## **sysdig.redis6ExporterImageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Metrics Exporter, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3289,9 +3156,7 @@ sysdig:
 redisTls:
   enabled: true
 ```
-
 ## **redisTls.deploy**
-
 **Required**: `false`<br />
 **Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
 **Options**: true|false<br />
@@ -3328,9 +3193,7 @@ redisTls:
 redisTls:
   ha: true
 ```
-
 ## **redisTls.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3342,7 +3205,6 @@ redisTls:
 redisTls:
   imageName: redis-6
 ```
-
 ## **redisTls.version**
 
 **Required**: `false`<br />
@@ -3358,7 +3220,6 @@ redisTls:
 ```
 
 ## **redisTls.sentinel.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3371,7 +3232,6 @@ redisTls:
   sentinel:
     imageName: redis-sentinel-6
 ```
-
 ## **redisTls.sentinel.version**
 
 **Required**: `false`<br />
@@ -3388,7 +3248,6 @@ redisTls:
 ```
 
 ## **redisTls.exporter.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3401,9 +3260,7 @@ redisTls:
   exporter:
     imageName: redis-exporter-1
 ```
-
 ## **redisTls.exporter.version**
-
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3416,7 +3273,6 @@ redisTls:
   exporter:
     version: 1.0.9
 ```
-
 ## **redisClientsMonitor**
 
 **Required**: `false`<br />
@@ -3447,6 +3303,7 @@ A Monitor service can have multiple [component connection](https://docs.google.c
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
 
+
 If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
 
 ```yaml
@@ -6446,7 +6303,6 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
-
 **Required**: `true`<br />
 **Description**: The flag to enable on-demand generation of reports globally<br />
 **Options**: false, true<br />
@@ -6462,7 +6318,6 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
-
 **Required**: `false`<br />
 **Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
 **Options**: <br />
@@ -6861,263 +6716,6 @@ sysdig:
         memory: 1Gi
 ```
 
-## **sysdig.natsJs.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable nats js deploy<br />
-**Options**: true|false<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    enabled: true
-```
-
-## **sysdig.natsJs.nats.fullnameOverride**
-
-**Required**: `false`<br />
-**Description**: the name of the nats js deployment<br />
-**Options**:<br />
-**Default**: nats
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      fullnameOverride: nats
-```
-
-## **sysdig.natsJs.nats.natsbox.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable nats js box deploy<br />
-**Options**: true|false<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      natsbox:
-        enabled: true
-```
-
-## **sysdig.natsJs.natsTLSGenerator.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable the use of cert manager. Creates Issuer and Certficate resources<br />
-**Options**:<br />
-**Options**: true|false<br />
-**Default**: false
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    natsTLSGenerator: true
-```
-
-## **sysdig.natsJs.ha.enabled**
-
-**Required**: `false`<br />
-**Description**: This feature ensures that there are multiple replicas of your NATS JetStream server running at any given time, providing data redundancy and mitigating the risk of server failure. It accomplishes this by utilizing cluster mode, where data is distributed across multiple nodes.
-
-If you disable High Availability, the number of JetStream replicas will be set to 1. In this scenario, there is no data redundancy since there is only a single instance of the server. Therefore, any issues with this single instance could lead to data loss or service disruption. Also, the cluster mode of NATS will be disabled, meaning that your data will no be distributed across multiple nodes, potentially leading to increased risk of data loss and less efficient use of resources.
-
-It is recommended to keep High Availability enabled for production use of NATS JetStream
-<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    ha:
-      enabled: false
-```
-
-## **sysdig.natsJs.hostPathNodes**
-
-**Required**: `false`<br />
-**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats js hostPath persistent volumes should be created on. The number of nodes must be 3. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br />
-**Options**:<br />
-**Default**: [] <br />
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    hostPathNodes:
-      - my-cool-host1.com
-```
-
-## **sysdig.natsJs.nats.tolerations**
-
-**Required**: `false`<br />
-**Description**: If set add tolerations to NatsJs statefulset<br />
-**Options**: <br />
-**Default**: `[]`<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      tolerations:
-        key: dedicated
-        operator: Equal
-        value: cassandra
-        effect: NoSchedule
-```
-
-## **sysdig.natsJs.nats.affinity**
-
-**Required**: `false`<br />
-**Description**: If set add affinity to NatsJs statefulset<br />
-**Options**: <br />
-**Default**: ``<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: name
-                operator: In
-                values:
-                - blue
-```
-
-## **sysdig.resources.natsJs.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to nats pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 3      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    natsJs:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.natsJs.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to nats pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    natsJs:
-      limits:
-        memory: 2Gi
-```
-
-## **sysdig.resources.natsJs.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule nats pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 1        |
-| large        | 2        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    natsJs:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.natsJs.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule nats pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 3Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    natsJs:
-      requests:
-        memory: 1Gi
-```
-
-## **sysdig.natsJs.nats.nats.gomemlimit**
-
-**Required**: `false`<br />
-**Description**: The amount of memory dedicated to go. Configure it to the 90% of memory limit<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 900MiB   |
-| medium       | 1800MiB  |
-| large        | 2600MiB  |
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      nats:
-        gomemlimit: 900MiB
-```
-
 ## **sysdig.resources.nats-streaming.limits.cpu**
 
 **Required**: `false`<br />
@@ -8440,8 +8038,8 @@ sysdig:
 **Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinitylabelkey) and
-[nodeaffinityLabel.value](#nodeaffinitylabelvalue) to ensure only Sysdig
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
 Platform pods run on particular nodes<br />
 **Options**:<br />
 **Default**:<br />
@@ -9358,7 +8956,7 @@ sysdig:
 ## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 
 **Required**: `false`<br />
-**Description**: Anchore db ssl mode. More info: <https://www.postgresql.org/docs/9.1/libpq-ssl.html><br />
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br />
 **Options**:<br />
 **Default**: "disable"<br />
 **Example**:
@@ -9389,8 +8987,11 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable metadata-service or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `true`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -9402,7 +9003,10 @@ sysdig:
 ## **sysdig.metadataService.operatorEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to enable metadata-service-operator or not, this controls the HA capabilities of the Metadata Service but it requires several k8s permissions in the cluster.
+**Description**: Whether to enable metadata-service-operator or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -9598,8 +9202,11 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `true`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -10259,7 +9866,6 @@ sysdig:
 ```
 
 ## **networkPolicies**
-
 Please check the [dedicated page](05-networkPolicies.md)
 
 ## **pvStorageSize.small.kafka**
@@ -10269,7 +9875,7 @@ Please check the [dedicated page](05-networkPolicies.md)
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 50Gi<br />
+**Default**: 20Gi<br />
 **Example**:
 
 ```yaml
@@ -10359,7 +9965,6 @@ pvStorageSize:
 ```
 
 ## **sysdig.meerkat.enabled**
-
 **Required**: `false`<br />
 **Description**: Enables Meerkat. Meerkat represents collections of components that make up Sysdig's new, more computationally efficient, metrics store.<br />
 **Options**: `true|false`<br />
@@ -10775,7 +10380,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator Worker JVM.<br />
 **Options**:<br />
-**Default**: ``
+**Default**: ` `
 
 **Example**:
 
@@ -11830,7 +11435,6 @@ sysdig:
 ```
 
 ## **sysdig.prometheus.enabled**
-
 **Required**: `false`<br />
 **Description**: Enables Prometheus services.<br />
 **Options**: `true|false`<br />
@@ -14076,6 +13680,7 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
+NOTE: Vulnerability Engine V2 is not yet supported for airgapped installation.<br />
 **Options**:<br />
 **Default**: true<br />
 **Example**:
@@ -14090,7 +13695,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
 
 **Example**:
 
@@ -14122,7 +13727,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
 
 **Example**:
 
@@ -14317,19 +13922,3 @@ sysdig:
     scanningv2:
       customCerts: true
 ```
-
-## **sysdig.secure.scanningv2.airgappedFeeds**
-
-**Required**: `false`<br />
-**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      airgappedFeeds: true
-```
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 93e8012c..30bb4ec0 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -129,43 +129,7 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ## Airgapped installations
 
-### Updating the feeds database in airgapped environments [ScanningV2]
-
-This is a script that can be used to automatically update the vulnerability feeds used by the ScanningV2 engine.
-
-```bash
-#!/bin/bash
-QUAY_USERNAME="<change_me>"
-QUAY_PASSWORD="<change_me>"
-
-# Calculate the tag of the last version.
-epoch=`date +%s`
-IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
-
-# Download image
-docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG}
-# Save image
-docker image save quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG} -o airgap-vuln-feeds-latest.tar
-# Optionally move image
-mv airgap-vuln-feeds-latest.tar /var/shared-folder
-# Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/airgap-vuln-feeds-latest.tar"
-# Push image remotely
-ssh -t user@airgapped-host "docker tag airgap-vuln-feeds:${IMAGE_TAG} airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-ssh -t user@airgapped-host "docker image push airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-
-# Update the image
-ssh -t user@airgapped-host "kubectl -n sysdigcloud set image deploy/sysdigcloud-scanningv2-airgap-vuln-feeds airgap-vuln-feeds=airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-```
-
-The above script could be scheduled using a cron job that run every day like
-
-```bash
-0 8 * * * airgap-vuln-feeds-image-update.sh >/dev/null 2>&1
-```
-
-### Updating the feeds database in airgapped environments [Legacy Scanning]
+### Updating the feeds database in airgapped environments
 
 This is a procedure that can be used to automatically update the feeds database:
 

From 2c3e94ab742c644256803e7356f0d744a443bc46 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 22 Jan 2024 22:24:23 +0000
Subject: [PATCH 137/156] updating installer docs

---
 installer/README.md                           |   2 -
 installer/docs/01-command_line_arguments.md   |  90 +++-
 installer/docs/02-configuration_parameters.md | 473 ++++++++++++++++--
 installer/docs/04-advanced_configuration.md   |  38 +-
 4 files changed, 564 insertions(+), 39 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cd47ed96..5de00277 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,5 +1,3 @@
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
-
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 2e50d8aa..cacf8877 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -5,7 +5,7 @@
 
 # Command line arguments explained
 
-<br />
+<br/>
 
 ## Command: `deploy`
 
@@ -28,7 +28,7 @@
 
 - The user must provide SAs with the exact same name expected:
 
-```
+```text
 sysdig-serviceaccount.yaml:  name: sysdig
 sysdig-serviceaccount.yaml:  name: node-labels-to-files
 sysdig-serviceaccount.yaml:  name: sysdig-with-root
@@ -41,7 +41,7 @@ sysdig-serviceaccount.yaml:  name: sysdig-cassandra
   Another implication is that if SA(s) are missing, the user will have to `describe`
   the STS because Pods will not start at all:
 
-```
+```text
 Events:
   Type     Reason            Age                   From                    Message
   ----     ------            ----                  ----                    -------
@@ -70,10 +70,16 @@ actual name of the STS in the cluster differs
 
 - Same as above for `cassandra`
 
+`--use-import-v2`
+
+- This flag will use the new import logic, which will import the values from the cluster and then generate the manifests based on the imported values. Defaults to `false`, which means the old import logic will be used, unless the `--use-import-v2` flag is provided. Import V2 is supported starting from version 6.6.0, and is expected to become the default in the future.
+
 ## Command: `update-license`
 
 Added November 2022, this is a new command.
 
+** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
+
 This command performs the minimal changes and restarts to apply a new license.
 Based on [this page](https://docs.sysdig.com/en/docs/administration/on-premises-deployments/upgrade-an-on-premises-license/)
 
@@ -105,7 +111,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Example
 
-```
+```log
 ./installer/out/installer-darwin-amd64 image-list
 I1118 18:48:44.643520   97065 main.go:64] Installer version
 I1118 18:48:44.646391   97065 values.go:122] using namespace sysdig from values.yaml
@@ -189,4 +195,78 @@ quay.io/sysdig/secure-todo-janitor:6.0.0.12431
 quay.io/sysdig/sysdig-alert-manager:6.0.0.12431
 quay.io/sysdig/redis-exporter-1:1.0.9
 quay.io/sysdig/ui-inspect-nginx:6.0.0.12431
-```
\ No newline at end of file
+```
+
+## Command: `diff`
+
+Will perform a diff between the platform objects in a running k8s cluster, and the generated manifests based on some values.
+
+`--write-diff`
+
+- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout.
+
+`--out-diff-dir`
+
+- Allows you to specify a custom path for the diff files being written on the filesystem. Will be used only if also `--write-diff` is provided. If not set will use a temporary directory.
+
+`--cleanup`
+
+- If set, will attempt to automatically delete any generated diff files on the filesystem if the directory used to store the diff files already exists. Requires both `--write-diff` and `--out-diff-dir` to be set.
+
+`--secure`
+
+- applies some filters to the produced diff in order to avoid printing sensitive informations. This is useful if you need to share diffs to user who shouldn't have access to credentials.
+
+`--summary`
+
+- Only prints a summary of the diff errors.
+
+Diff command also has options inherited from the generate command options. See **generate** command section.
+
+### Sub-Command: secure-diff [DEPRECATED]
+
+Performs a diff not showing sensitive information.
+This subcommand is DEPRECATED and will be removed starting from version 6.7.0, you can have the same effect with the diff command and the flag `--secure`.
+
+## Command: `generate`
+
+`--manifest-directory`
+
+- Set the location where the installer will write the genearted manifests.
+
+`--skip-generate`
+
+- Skips generating Kubernetes manifests and attempts to diff whatever is in the manifests directory. Manifest directory can be specified using `--manifest-directory <dir>` flag.
+
+`--skip-import`
+
+- Skips the import phase, which would try to import values from a running cluster.
+
+`--skip-validation`
+
+- Skips validation checks.
+
+`--ignore-kubeconfig-errors`
+
+- This will ignore all errors from trying to parse kubeconfig file.
+
+`--preserve-templates`
+
+- Preserve directory installer templates are extracted to, this should only be used for debugging purposes
+
+`--k8s-server-version`
+
+- Sets the `kubernetesServerVersion` within values.
+
+## Command: `list-resources`
+
+Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
+This command expects to have a `generated` folder. If one doesn't exist, it can be created within the scope of this command, using the `--generate-manifests` flag.
+
+`--generate-manifests`
+
+- Generate Kubernetes manifests before generating the list of resources. Defaults to `false`.
+
+`--node-count`
+
+- Number of nodes in the target cluster. This impacts the resource calculation, because DaemonSets get deployed on every (tolerated) node in the cluster. Defaults to `1`.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index df37b437..b7907b53 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.35<br />
+**Default**: 0.0.46<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.35
+    toolsImageVersion: 0.0.46
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -580,7 +580,23 @@ only when `storageClassProvisioner` is `hostPath`.<br />
 
 ```yaml
 hostPathCustomPaths:
-  postgresql: `/sysdig/stan`
+  nats: `/sysdig/stan`
+```
+
+## **hostPathCustomPaths.natsJs**
+
+**Required**: `false`<br />
+**Description**: The directory to bind mount nats js pod's
+`/var/lib/natsjs` to on the host. This parameter is relevant
+only when `storageClassProvisioner` is `hostPath`.<br />
+**Options**: <br />
+**Default**: `/var/lib/natsjs`<br />
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  natsJs: `/sysdig/natsjs`
+```
 
 ## **nodeaffinityLabel.key**
 
@@ -669,7 +685,7 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 100Gi<br />
+**Default**: 150Gi<br />
 **Example**:
 
 ```yaml
@@ -774,6 +790,22 @@ pvStorageSize:
     nats: 10Gi
 ```
 
+## **pvStorageSize.large.natsJs**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    natsJs: 50Gi
+```
+
 ## **pvStorageSize.medium.nats**
 
 **Required**: `false`<br />
@@ -781,13 +813,29 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    nats: 50Gi
+```
+
+## **pvStorageSize.medium.natsJs**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
 **Default**: 10Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   medium:
-    nats: 10Gi
+    natsJs: 10Gi
 ```
 
 ## **pvStorageSize.small.nats**
@@ -806,6 +854,22 @@ pvStorageSize:
     nats: 10Gi
 ```
 
+## **pvStorageSize.small.natsJs**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    natsJs: 50Gi
+```
+
 ## **sysdig.anchoreVersion**
 
 **Required**: `false`<br />
@@ -945,6 +1009,7 @@ sysdig:
 sysdig:
   cassandraExporterVersion: latest
 ```
+
 ## **sysdig.cassandra.snitch.extractCMD**
 
 **Required**: `false`<br />
@@ -1356,6 +1421,22 @@ sysdig:
   haproxyVersion: v0.7-beta.7.1
 ```
 
+---
+
+## **sysdig.skipIngressGeneration**
+
+**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
+**Required**: `false`</br>
+**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  skipIngressGeneration: true
+```
+
 ## **sysdig.ingressNetworking**
 
 **Required**: `false`<br />
@@ -1380,7 +1461,6 @@ sysdig:
   ingressNetworking: loadbalancer
 ```
 
-
 ## **sysdig.ingressClassName**
 
 **Required**: `false`<br />
@@ -1396,7 +1476,6 @@ sysdig:
   ingressClassName: haproxy
 ```
 
-
 ## **sysdig.ingressNetworkingInsecureApiNodePort**
 
 **Required**: `false`<br />
@@ -1457,6 +1536,19 @@ sysdig:
   ingressNetworkingCollectorNodePort: 30002
 ```
 
+## **haproxyIngress.watchAllNamespaces**
+
+**Required**: `false`<br />
+**Description**: When the 'watchAllNamespaces' setting is enabled, the HaProxy Ingress controller oversees Ingress resources throughout all namespaces within the cluster. By default, this setting is disabled, restricting monitoring to the namespace specifically configured for sysdig deployment. <br />
+**Options**: `true|false`<br />
+**Default**: `false` <br />
+**Example**:
+
+```yaml
+haproxyIngress:
+  watchAllNamespaces: true
+```
+
 ## **sysdig.license**
 
 **Required**: `true`<br />
@@ -1672,12 +1764,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br />
 **Options**:<br />
-**Default**: 0.9.0.1<br />
+**Default**: 0.1.5<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.9.0.1
+  natsExporterVersion: 0.1.5
 ```
 
 ## **sysdig.natsStreamingVersion**
@@ -1706,6 +1798,45 @@ sysdig:
   natsStreamingInitVersion: 0.22.0.7
 ```
 
+## **sysdig.natsServerVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS.<br />
+**Options**:<br />
+**Default**: 0.1.11<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.1.11
+```
+
+## **sysdig.natsReloaderVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS Reloader.<br />
+**Options**:<br />
+**Default**: 0.1.4<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.1.4
+```
+
+## **sysdig.natsBoxVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS Box.<br />
+**Options**:<br />
+**Default**: 0.0.13<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.0.13
+```
+
 ## **sysdig.nats.enabled**
 
 **Required**: `false`<br />
@@ -3091,8 +3222,8 @@ sysdig:
   redis6ExporterVersion: 1.0.9
 ```
 
-
 ## **sysdig.redis6ImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis 6, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3106,6 +3237,7 @@ sysdig:
 ```
 
 ## **sysdig.redis6SentinelImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3119,6 +3251,7 @@ sysdig:
 ```
 
 ## **sysdig.redis6ExporterImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Metrics Exporter, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3156,7 +3289,9 @@ sysdig:
 redisTls:
   enabled: true
 ```
+
 ## **redisTls.deploy**
+
 **Required**: `false`<br />
 **Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
 **Options**: true|false<br />
@@ -3193,7 +3328,9 @@ redisTls:
 redisTls:
   ha: true
 ```
+
 ## **redisTls.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3205,6 +3342,7 @@ redisTls:
 redisTls:
   imageName: redis-6
 ```
+
 ## **redisTls.version**
 
 **Required**: `false`<br />
@@ -3220,6 +3358,7 @@ redisTls:
 ```
 
 ## **redisTls.sentinel.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3232,6 +3371,7 @@ redisTls:
   sentinel:
     imageName: redis-sentinel-6
 ```
+
 ## **redisTls.sentinel.version**
 
 **Required**: `false`<br />
@@ -3248,6 +3388,7 @@ redisTls:
 ```
 
 ## **redisTls.exporter.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3260,7 +3401,9 @@ redisTls:
   exporter:
     imageName: redis-exporter-1
 ```
+
 ## **redisTls.exporter.version**
+
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3273,6 +3416,7 @@ redisTls:
   exporter:
     version: 1.0.9
 ```
+
 ## **redisClientsMonitor**
 
 **Required**: `false`<br />
@@ -3303,7 +3447,6 @@ A Monitor service can have multiple [component connection](https://docs.google.c
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
 
-
 If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
 
 ```yaml
@@ -6303,6 +6446,7 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
+
 **Required**: `true`<br />
 **Description**: The flag to enable on-demand generation of reports globally<br />
 **Options**: false, true<br />
@@ -6318,6 +6462,7 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
+
 **Required**: `false`<br />
 **Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
 **Options**: <br />
@@ -6716,6 +6861,263 @@ sysdig:
         memory: 1Gi
 ```
 
+## **sysdig.natsJs.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable nats js deploy<br />
+**Options**: true|false<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    enabled: true
+```
+
+## **sysdig.natsJs.nats.fullnameOverride**
+
+**Required**: `false`<br />
+**Description**: the name of the nats js deployment<br />
+**Options**:<br />
+**Default**: nats
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      fullnameOverride: nats
+```
+
+## **sysdig.natsJs.nats.natsbox.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable nats js box deploy<br />
+**Options**: true|false<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      natsbox:
+        enabled: true
+```
+
+## **sysdig.natsJs.natsTLSGenerator.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable the use of cert manager. Creates Issuer and Certficate resources<br />
+**Options**:<br />
+**Options**: true|false<br />
+**Default**: false
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    natsTLSGenerator: true
+```
+
+## **sysdig.natsJs.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: This feature ensures that there are multiple replicas of your NATS JetStream server running at any given time, providing data redundancy and mitigating the risk of server failure. It accomplishes this by utilizing cluster mode, where data is distributed across multiple nodes.
+
+If you disable High Availability, the number of JetStream replicas will be set to 1. In this scenario, there is no data redundancy since there is only a single instance of the server. Therefore, any issues with this single instance could lead to data loss or service disruption. Also, the cluster mode of NATS will be disabled, meaning that your data will no be distributed across multiple nodes, potentially leading to increased risk of data loss and less efficient use of resources.
+
+It is recommended to keep High Availability enabled for production use of NATS JetStream
+<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    ha:
+      enabled: false
+```
+
+## **sysdig.natsJs.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats js hostPath persistent volumes should be created on. The number of nodes must be 3. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
+## **sysdig.natsJs.nats.tolerations**
+
+**Required**: `false`<br />
+**Description**: If set add tolerations to NatsJs statefulset<br />
+**Options**: <br />
+**Default**: `[]`<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      tolerations:
+        key: dedicated
+        operator: Equal
+        value: cassandra
+        effect: NoSchedule
+```
+
+## **sysdig.natsJs.nats.affinity**
+
+**Required**: `false`<br />
+**Description**: If set add affinity to NatsJs statefulset<br />
+**Options**: <br />
+**Default**: ``<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: name
+                operator: In
+                values:
+                - blue
+```
+
+## **sysdig.resources.natsJs.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 3      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.natsJs.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.natsJs.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 1        |
+| large        | 2        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.natsJs.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 3Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.natsJs.nats.nats.gomemlimit**
+
+**Required**: `false`<br />
+**Description**: The amount of memory dedicated to go. Configure it to the 90% of memory limit<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 900MiB   |
+| medium       | 1800MiB  |
+| large        | 2600MiB  |
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      nats:
+        gomemlimit: 900MiB
+```
+
 ## **sysdig.resources.nats-streaming.limits.cpu**
 
 **Required**: `false`<br />
@@ -8038,8 +8440,8 @@ sysdig:
 **Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+[nodeaffinityLabel.key](#nodeaffinitylabelkey) and
+[nodeaffinityLabel.value](#nodeaffinitylabelvalue) to ensure only Sysdig
 Platform pods run on particular nodes<br />
 **Options**:<br />
 **Default**:<br />
@@ -8956,7 +9358,7 @@ sysdig:
 ## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 
 **Required**: `false`<br />
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br />
+**Description**: Anchore db ssl mode. More info: <https://www.postgresql.org/docs/9.1/libpq-ssl.html><br />
 **Options**:<br />
 **Default**: "disable"<br />
 **Example**:
@@ -8987,11 +9389,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
@@ -9003,10 +9402,7 @@ sysdig:
 ## **sysdig.metadataService.operatorEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to enable metadata-service-operator or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
+**Description**: Whether to enable metadata-service-operator or not, this controls the HA capabilities of the Metadata Service but it requires several k8s permissions in the cluster.
 **Options**:`true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -9202,11 +9598,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
@@ -9866,6 +10259,7 @@ sysdig:
 ```
 
 ## **networkPolicies**
+
 Please check the [dedicated page](05-networkPolicies.md)
 
 ## **pvStorageSize.small.kafka**
@@ -9875,7 +10269,7 @@ Please check the [dedicated page](05-networkPolicies.md)
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 20Gi<br />
+**Default**: 50Gi<br />
 **Example**:
 
 ```yaml
@@ -9965,6 +10359,7 @@ pvStorageSize:
 ```
 
 ## **sysdig.meerkat.enabled**
+
 **Required**: `false`<br />
 **Description**: Enables Meerkat. Meerkat represents collections of components that make up Sysdig's new, more computationally efficient, metrics store.<br />
 **Options**: `true|false`<br />
@@ -10380,7 +10775,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator Worker JVM.<br />
 **Options**:<br />
-**Default**: ` `
+**Default**: ``
 
 **Example**:
 
@@ -11435,6 +11830,7 @@ sysdig:
 ```
 
 ## **sysdig.prometheus.enabled**
+
 **Required**: `false`<br />
 **Description**: Enables Prometheus services.<br />
 **Options**: `true|false`<br />
@@ -13680,7 +14076,6 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
-NOTE: Vulnerability Engine V2 is not yet supported for airgapped installation.<br />
 **Options**:<br />
 **Default**: true<br />
 **Example**:
@@ -13695,7 +14090,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
 **Example**:
 
@@ -13727,7 +14122,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
 **Example**:
 
@@ -13922,3 +14317,19 @@ sysdig:
     scanningv2:
       customCerts: true
 ```
+
+## **sysdig.secure.scanningv2.airgappedFeeds**
+
+**Required**: `false`<br />
+**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      airgappedFeeds: true
+```
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 30bb4ec0..93e8012c 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -129,7 +129,43 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ## Airgapped installations
 
-### Updating the feeds database in airgapped environments
+### Updating the feeds database in airgapped environments [ScanningV2]
+
+This is a script that can be used to automatically update the vulnerability feeds used by the ScanningV2 engine.
+
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Calculate the tag of the last version.
+epoch=`date +%s`
+IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG}
+# Save image
+docker image save quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG} -o airgap-vuln-feeds-latest.tar
+# Optionally move image
+mv airgap-vuln-feeds-latest.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/airgap-vuln-feeds-latest.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag airgap-vuln-feeds:${IMAGE_TAG} airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+ssh -t user@airgapped-host "docker image push airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+
+# Update the image
+ssh -t user@airgapped-host "kubectl -n sysdigcloud set image deploy/sysdigcloud-scanningv2-airgap-vuln-feeds airgap-vuln-feeds=airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+```
+
+The above script could be scheduled using a cron job that run every day like
+
+```bash
+0 8 * * * airgap-vuln-feeds-image-update.sh >/dev/null 2>&1
+```
+
+### Updating the feeds database in airgapped environments [Legacy Scanning]
 
 This is a procedure that can be used to automatically update the feeds database:
 

From 8343794cd0f749bae3aa4a05bcbe5848e7f7b6b8 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 25 Jan 2024 20:04:18 +0000
Subject: [PATCH 138/156] updating installer docs

---
 installer/README.md   | 81 ++++++++++++++++++++++++++++---------------
 installer/values.yaml |  1 -
 2 files changed, 53 insertions(+), 29 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 5de00277..3383bdea 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,7 +1,8 @@
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
+Agent), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -39,29 +40,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -81,17 +82,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -122,6 +123,29 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
+# Agent Install
+
+The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
+
+This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
+
+In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
+
+- Copy the current version sysdig-chart/values.yaml to your working directory.
+
+  ```bash
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  ```
+
+- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
+
+  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
+    large.
+  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
+  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
+
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -192,29 +216,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -226,17 +250,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -272,12 +296,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/02-configuration_parameters.md)
+[configuration_parameters.md](docs/configuration_parameters.md)
 
 # Permissions
 
@@ -306,7 +330,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
+For advanced configuration option see [advanced.md](docs/advanced.md)
 
 # Example values.yaml
 
@@ -325,3 +349,4 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..41c0b5a2 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,4 +21,3 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
-  ingressClassName: haproxy

From 41213387681515ac65edd76ab93302eb883b9052 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 31 Jan 2024 22:05:12 +0000
Subject: [PATCH 139/156] updating installer docs

---
 installer/README.md   | 81 +++++++++++++++----------------------------
 installer/values.yaml |  1 +
 2 files changed, 29 insertions(+), 53 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 3383bdea..5de00277 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,8 +1,7 @@
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
-on-premises deployment of the Sysdig platform (Sysdig Monitor, Secure and
-Agent), for environments using Kubernetes or OpenShift. Use the Installer to
+on-premises deployment of the Sysdig platform (Sysdig Monitor and Secure), for environments using Kubernetes or OpenShift. Use the Installer to
 install or upgrade your Sysdig platform. It is recommended as a replacement
 for the earlier manual install/upgrade procedures.
 
@@ -40,29 +39,29 @@ This install assumes the Kubernetes cluster has network access to pull images fr
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large.
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail.
-  - [`storageClassProvisioner`](docs/configuration_parameters.md#storageClassProvisioner):
+  - [`storageClassProvisioner`](docs/02-configuration_parameters.md#storageClassProvisioner):
     The name of the storage class provisioner to use when creating the
     configured storageClassName parameter. If you do not use one of those two
     dynamic storage provisioners, then enter: hostPath and refer to the Advanced
     examples for how to configure static storage provisioning with this option.
     Valid options: aws, gke, hostPath
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
 
@@ -82,17 +81,17 @@ This install assumes the Kubernetes cluster has network access to pull images fr
   **NOTE**: If doing an airgapped install (see Airgapped Installation Options), you
   would also edit the following values:
 
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
     This defines custom repository prefix for airgapped_registry.
     Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -123,29 +122,6 @@ Kubernetes configuration yaml files which were applied by Installer against
 your cluster. It is not necessary to keep the generated directory, as the
 Installer can regenerate is consistently with the same values.yaml file.
 
-# Agent Install
-
-The sysdig agent can be installed along with Sysdig Monitor and/or Sysdig Secure or just by itself. This is determined by the value `apps` in `values.yaml` file.
-
-This section assumes you will run the agent container as a Kubernetes pod, which then enables the Sysdig agent automatically to detect and monitor your Kubernetes environment. For setting up Sysdig Agent, you will need the api key for agent from you Sysdig Monitor. Instructions for retrieving the api key can be found [here](https://docs.sysdig.com/en/agent-installation--overview-and-key.html).
-
-In case, you are setting up both Monitor and Agent together, you can provide a blank value for the `agent.apiKey`. The agent will be launched with the appropriate api key and the value updated in the `values.yaml` file.
-
-- Copy the current version sysdig-chart/values.yaml to your working directory.
-
-  ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
-  ```
-
-- The following values are necessary for setting up Sysdig Agent. Edit the values.yaml to contain the following values:
-
-  - [`apps`](docs/configuration_parameters.md#apps): Specifies the Sysdig Platform components to be installed. Make sure `agent` is one of the values here.
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
-    defines CPU and Memory limits for the Agent Pods. Valid options are: small, medium and
-    large.
-  - [`agent.apiKey`](docs/configuration_parameters.md#agentapikey): Sysdig Agent api key for running agents.
-  - [`agent.collectorEndpoint`](docs/configuration_parameters.md#agentcollectorendpoint): Sysdig Collector Address
-
 # Airgapped Installation Options
 
 The Installer can be used to install in airgapped environments, either with
@@ -216,29 +192,29 @@ the installation machine.
 
 - Copy the current version sysdig-chart/values.yaml to your working directory.
   ```bash
-  wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
+  wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
   ```
 - Edit the following values:
 
-  - [`size`](docs/configuration_parameters.md#size): Specifies the size of the cluster. Size
+  - [`size`](docs/02-configuration_parameters.md#size): Specifies the size of the cluster. Size
     defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and
     large
-  - [`quaypullsecret`](docs/configuration_parameters.md#quaypullsecret): quay.io provided with
+  - [`quaypullsecret`](docs/02-configuration_parameters.md#quaypullsecret): quay.io provided with
     your Sysdig purchase confirmation mail
-  - [`storageClassProvider`](docs/configuration_parameters.md#storageClassProvider): The
+  - [`storageClassProvider`](docs/02-configuration_parameters.md#storageClassProvider): The
     name of the storage class provisioner to use when creating the configured
     storageClassName parameter. Use hostPath or local in clusters that do not have
     a provisioner. For setups where Persistent Volumes and Persistent Volume Claims
     are created manually this should be configured as none. Valid options are:
     aws,gke,hostPath,local,none
-  - [`sysdig.license`](docs/configuration_parameters.md#sysdiglicense): Sysdig license key
+  - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.dnsName`](docs/configuration_parameters.md#sysdigdnsName): The domain name
+  - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
-  - [`sysdig.collector.dnsName`](docs/configuration_parameters.md#sysdigcollectordnsName):
+  - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
     (OpenShift installs only) Domain name the Sysdig collector will be served on.
     When not configured it defaults to whatever is configured for sysdig.dnsName.
-  - [`sysdig.ingressNetworking`](docs/configuration_parameters.md#sysdigingressnetworking):
+  - [`sysdig.ingressNetworking`](docs/02-configuration_parameters.md#sysdigingressnetworking):
     The networking construct used to expose the Sysdig API and collector. Options
     are:
     - hostnetwork: sets the hostnetworking in the ingress daemonset and opens
@@ -250,17 +226,17 @@ the installation machine.
       - sysdig.ingressNetworkingInsecureApiNodePort
       - sysdig.ingressNetworkingApiNodePort
       - sysdig.ingressNetworkingCollectorNodePort
-  - [`airgapped_registry_name`](docs/configuration_parameters.md#airgapped_registry_name):
+  - [`airgapped_registry_name`](docs/02-configuration_parameters.md#airgapped_registry_name):
     The URL of the airgapped (internal) docker registry. This URL is used for
     installations where the Kubernetes cluster can not pull images directly from
     Quay.
-  - [`airgapped_repository_prefix`](docs/configuration_parameters.md#airgapped_repository_prefix):
+  - [`airgapped_repository_prefix`](docs/02-configuration_parameters.md#airgapped_repository_prefix):
       This defines custom repository prefix for airgapped_registry.
       Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/image_name:tag
-  - [`airgapped_registry_password`](docs/configuration_parameters.md#airgapped_registry_password):
+  - [`airgapped_registry_password`](docs/02-configuration_parameters.md#airgapped_registry_password):
     The password for the configured airgapped_registry_username. Ignore this
     parameter if the registry does not require authentication.
-  - [`airgapped_registry_username`](docs/configuration_parameters.md#airgapped_registry_username):
+  - [`airgapped_registry_username`](docs/02-configuration_parameters.md#airgapped_registry_username):
     The username for the configured airgapped_registry_name. Ignore this
     parameter if the registry does not require authentication.
 
@@ -296,12 +272,12 @@ Installer can regenerate is consistently with the same values.yaml file.
 
 # Upgrades
 
-See [upgrade.md](docs/upgrade.md) for upgrades documentation.
+See [upgrade.md](docs/03-upgrade.md) for upgrades documentation.
 
 # Configuration Parameters and Examples
 
 For the full dictionary of configuration parameters, see:
-[configuration_parameters.md](docs/configuration_parameters.md)
+[configuration_parameters.md](docs/02-configuration_parameters.md)
 
 # Permissions
 
@@ -330,7 +306,7 @@ For the full dictionary of configuration parameters, see:
 
 # Advanced Configuration
 
-For advanced configuration option see [advanced.md](docs/advanced.md)
+For advanced configuration option see [advanced.md](docs/04-advanced_configuration.md)
 
 # Example values.yaml
 
@@ -349,4 +325,3 @@ of resources required if `redisHa: true` is configured.
 | Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
 | Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
 | Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
-| Agent       | 1            | 3          | 1               | 3             |         |     | 3            | 5          | 3               | 6             |         |     |       | 5            | 8          | 6               | 10            |         |
diff --git a/installer/values.yaml b/installer/values.yaml
index 41c0b5a2..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -21,3 +21,4 @@ sysdig:
   dnsName: <change-me>
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
+  ingressClassName: haproxy

From d84b6e1e3460981683af57e9ed3e58a9b295d041 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 2 Feb 2024 15:55:44 +0000
Subject: [PATCH 140/156] updating installer docs

---
 installer/README.md                           |   2 +
 installer/docs/01-command_line_arguments.md   |  90 +---
 installer/docs/02-configuration_parameters.md | 473 ++----------------
 installer/docs/04-advanced_configuration.md   |  38 +-
 4 files changed, 39 insertions(+), 564 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 5de00277..cd47ed96 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,3 +1,5 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
+
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index cacf8877..2e50d8aa 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -5,7 +5,7 @@
 
 # Command line arguments explained
 
-<br/>
+<br />
 
 ## Command: `deploy`
 
@@ -28,7 +28,7 @@
 
 - The user must provide SAs with the exact same name expected:
 
-```text
+```
 sysdig-serviceaccount.yaml:  name: sysdig
 sysdig-serviceaccount.yaml:  name: node-labels-to-files
 sysdig-serviceaccount.yaml:  name: sysdig-with-root
@@ -41,7 +41,7 @@ sysdig-serviceaccount.yaml:  name: sysdig-cassandra
   Another implication is that if SA(s) are missing, the user will have to `describe`
   the STS because Pods will not start at all:
 
-```text
+```
 Events:
   Type     Reason            Age                   From                    Message
   ----     ------            ----                  ----                    -------
@@ -70,16 +70,10 @@ actual name of the STS in the cluster differs
 
 - Same as above for `cassandra`
 
-`--use-import-v2`
-
-- This flag will use the new import logic, which will import the values from the cluster and then generate the manifests based on the imported values. Defaults to `false`, which means the old import logic will be used, unless the `--use-import-v2` flag is provided. Import V2 is supported starting from version 6.6.0, and is expected to become the default in the future.
-
 ## Command: `update-license`
 
 Added November 2022, this is a new command.
 
-** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
-
 This command performs the minimal changes and restarts to apply a new license.
 Based on [this page](https://docs.sysdig.com/en/docs/administration/on-premises-deployments/upgrade-an-on-premises-license/)
 
@@ -111,7 +105,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Example
 
-```log
+```
 ./installer/out/installer-darwin-amd64 image-list
 I1118 18:48:44.643520   97065 main.go:64] Installer version
 I1118 18:48:44.646391   97065 values.go:122] using namespace sysdig from values.yaml
@@ -195,78 +189,4 @@ quay.io/sysdig/secure-todo-janitor:6.0.0.12431
 quay.io/sysdig/sysdig-alert-manager:6.0.0.12431
 quay.io/sysdig/redis-exporter-1:1.0.9
 quay.io/sysdig/ui-inspect-nginx:6.0.0.12431
-```
-
-## Command: `diff`
-
-Will perform a diff between the platform objects in a running k8s cluster, and the generated manifests based on some values.
-
-`--write-diff`
-
-- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout.
-
-`--out-diff-dir`
-
-- Allows you to specify a custom path for the diff files being written on the filesystem. Will be used only if also `--write-diff` is provided. If not set will use a temporary directory.
-
-`--cleanup`
-
-- If set, will attempt to automatically delete any generated diff files on the filesystem if the directory used to store the diff files already exists. Requires both `--write-diff` and `--out-diff-dir` to be set.
-
-`--secure`
-
-- applies some filters to the produced diff in order to avoid printing sensitive informations. This is useful if you need to share diffs to user who shouldn't have access to credentials.
-
-`--summary`
-
-- Only prints a summary of the diff errors.
-
-Diff command also has options inherited from the generate command options. See **generate** command section.
-
-### Sub-Command: secure-diff [DEPRECATED]
-
-Performs a diff not showing sensitive information.
-This subcommand is DEPRECATED and will be removed starting from version 6.7.0, you can have the same effect with the diff command and the flag `--secure`.
-
-## Command: `generate`
-
-`--manifest-directory`
-
-- Set the location where the installer will write the genearted manifests.
-
-`--skip-generate`
-
-- Skips generating Kubernetes manifests and attempts to diff whatever is in the manifests directory. Manifest directory can be specified using `--manifest-directory <dir>` flag.
-
-`--skip-import`
-
-- Skips the import phase, which would try to import values from a running cluster.
-
-`--skip-validation`
-
-- Skips validation checks.
-
-`--ignore-kubeconfig-errors`
-
-- This will ignore all errors from trying to parse kubeconfig file.
-
-`--preserve-templates`
-
-- Preserve directory installer templates are extracted to, this should only be used for debugging purposes
-
-`--k8s-server-version`
-
-- Sets the `kubernetesServerVersion` within values.
-
-## Command: `list-resources`
-
-Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
-This command expects to have a `generated` folder. If one doesn't exist, it can be created within the scope of this command, using the `--generate-manifests` flag.
-
-`--generate-manifests`
-
-- Generate Kubernetes manifests before generating the list of resources. Defaults to `false`.
-
-`--node-count`
-
-- Number of nodes in the target cluster. This impacts the resource calculation, because DaemonSets get deployed on every (tolerated) node in the cluster. Defaults to `1`.
+```
\ No newline at end of file
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index b7907b53..df37b437 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.46<br />
+**Default**: 0.0.35<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.46
+    toolsImageVersion: 0.0.35
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -580,23 +580,7 @@ only when `storageClassProvisioner` is `hostPath`.<br />
 
 ```yaml
 hostPathCustomPaths:
-  nats: `/sysdig/stan`
-```
-
-## **hostPathCustomPaths.natsJs**
-
-**Required**: `false`<br />
-**Description**: The directory to bind mount nats js pod's
-`/var/lib/natsjs` to on the host. This parameter is relevant
-only when `storageClassProvisioner` is `hostPath`.<br />
-**Options**: <br />
-**Default**: `/var/lib/natsjs`<br />
-**Example**:
-
-```yaml
-hostPathCustomPaths:
-  natsJs: `/sysdig/natsjs`
-```
+  postgresql: `/sysdig/stan`
 
 ## **nodeaffinityLabel.key**
 
@@ -685,7 +669,7 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 150Gi<br />
+**Default**: 100Gi<br />
 **Example**:
 
 ```yaml
@@ -790,22 +774,6 @@ pvStorageSize:
     nats: 10Gi
 ```
 
-## **pvStorageSize.large.natsJs**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 50Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    natsJs: 50Gi
-```
-
 ## **pvStorageSize.medium.nats**
 
 **Required**: `false`<br />
@@ -813,29 +781,13 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 50Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  medium:
-    nats: 50Gi
-```
-
-## **pvStorageSize.medium.natsJs**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
 **Default**: 10Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   medium:
-    natsJs: 10Gi
+    nats: 10Gi
 ```
 
 ## **pvStorageSize.small.nats**
@@ -854,22 +806,6 @@ pvStorageSize:
     nats: 10Gi
 ```
 
-## **pvStorageSize.small.natsJs**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 50Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  small:
-    natsJs: 50Gi
-```
-
 ## **sysdig.anchoreVersion**
 
 **Required**: `false`<br />
@@ -1009,7 +945,6 @@ sysdig:
 sysdig:
   cassandraExporterVersion: latest
 ```
-
 ## **sysdig.cassandra.snitch.extractCMD**
 
 **Required**: `false`<br />
@@ -1421,22 +1356,6 @@ sysdig:
   haproxyVersion: v0.7-beta.7.1
 ```
 
----
-
-## **sysdig.skipIngressGeneration**
-
-**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
-**Required**: `false`</br>
-**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
-**Example**:
-
-```yaml
-sysdig:
-  skipIngressGeneration: true
-```
-
 ## **sysdig.ingressNetworking**
 
 **Required**: `false`<br />
@@ -1461,6 +1380,7 @@ sysdig:
   ingressNetworking: loadbalancer
 ```
 
+
 ## **sysdig.ingressClassName**
 
 **Required**: `false`<br />
@@ -1476,6 +1396,7 @@ sysdig:
   ingressClassName: haproxy
 ```
 
+
 ## **sysdig.ingressNetworkingInsecureApiNodePort**
 
 **Required**: `false`<br />
@@ -1536,19 +1457,6 @@ sysdig:
   ingressNetworkingCollectorNodePort: 30002
 ```
 
-## **haproxyIngress.watchAllNamespaces**
-
-**Required**: `false`<br />
-**Description**: When the 'watchAllNamespaces' setting is enabled, the HaProxy Ingress controller oversees Ingress resources throughout all namespaces within the cluster. By default, this setting is disabled, restricting monitoring to the namespace specifically configured for sysdig deployment. <br />
-**Options**: `true|false`<br />
-**Default**: `false` <br />
-**Example**:
-
-```yaml
-haproxyIngress:
-  watchAllNamespaces: true
-```
-
 ## **sysdig.license**
 
 **Required**: `true`<br />
@@ -1764,12 +1672,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br />
 **Options**:<br />
-**Default**: 0.1.5<br />
+**Default**: 0.9.0.1<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.1.5
+  natsExporterVersion: 0.9.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
@@ -1798,45 +1706,6 @@ sysdig:
   natsStreamingInitVersion: 0.22.0.7
 ```
 
-## **sysdig.natsServerVersion**
-
-**Required**: `false`<br />
-**Description**: Docker image tag of NATS.<br />
-**Options**:<br />
-**Default**: 0.1.11<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsExporterVersion: 0.1.11
-```
-
-## **sysdig.natsReloaderVersion**
-
-**Required**: `false`<br />
-**Description**: Docker image tag of NATS Reloader.<br />
-**Options**:<br />
-**Default**: 0.1.4<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsExporterVersion: 0.1.4
-```
-
-## **sysdig.natsBoxVersion**
-
-**Required**: `false`<br />
-**Description**: Docker image tag of NATS Box.<br />
-**Options**:<br />
-**Default**: 0.0.13<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsExporterVersion: 0.0.13
-```
-
 ## **sysdig.nats.enabled**
 
 **Required**: `false`<br />
@@ -3222,8 +3091,8 @@ sysdig:
   redis6ExporterVersion: 1.0.9
 ```
 
-## **sysdig.redis6ImageName**
 
+## **sysdig.redis6ImageName**
 **Required**: `false`<br />
 **Description**: Docker image name of Redis 6, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3237,7 +3106,6 @@ sysdig:
 ```
 
 ## **sysdig.redis6SentinelImageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3251,7 +3119,6 @@ sysdig:
 ```
 
 ## **sysdig.redis6ExporterImageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Metrics Exporter, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3289,9 +3156,7 @@ sysdig:
 redisTls:
   enabled: true
 ```
-
 ## **redisTls.deploy**
-
 **Required**: `false`<br />
 **Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
 **Options**: true|false<br />
@@ -3328,9 +3193,7 @@ redisTls:
 redisTls:
   ha: true
 ```
-
 ## **redisTls.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3342,7 +3205,6 @@ redisTls:
 redisTls:
   imageName: redis-6
 ```
-
 ## **redisTls.version**
 
 **Required**: `false`<br />
@@ -3358,7 +3220,6 @@ redisTls:
 ```
 
 ## **redisTls.sentinel.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3371,7 +3232,6 @@ redisTls:
   sentinel:
     imageName: redis-sentinel-6
 ```
-
 ## **redisTls.sentinel.version**
 
 **Required**: `false`<br />
@@ -3388,7 +3248,6 @@ redisTls:
 ```
 
 ## **redisTls.exporter.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3401,9 +3260,7 @@ redisTls:
   exporter:
     imageName: redis-exporter-1
 ```
-
 ## **redisTls.exporter.version**
-
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3416,7 +3273,6 @@ redisTls:
   exporter:
     version: 1.0.9
 ```
-
 ## **redisClientsMonitor**
 
 **Required**: `false`<br />
@@ -3447,6 +3303,7 @@ A Monitor service can have multiple [component connection](https://docs.google.c
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
 
+
 If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
 
 ```yaml
@@ -6446,7 +6303,6 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
-
 **Required**: `true`<br />
 **Description**: The flag to enable on-demand generation of reports globally<br />
 **Options**: false, true<br />
@@ -6462,7 +6318,6 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
-
 **Required**: `false`<br />
 **Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
 **Options**: <br />
@@ -6861,263 +6716,6 @@ sysdig:
         memory: 1Gi
 ```
 
-## **sysdig.natsJs.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable nats js deploy<br />
-**Options**: true|false<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    enabled: true
-```
-
-## **sysdig.natsJs.nats.fullnameOverride**
-
-**Required**: `false`<br />
-**Description**: the name of the nats js deployment<br />
-**Options**:<br />
-**Default**: nats
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      fullnameOverride: nats
-```
-
-## **sysdig.natsJs.nats.natsbox.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable nats js box deploy<br />
-**Options**: true|false<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      natsbox:
-        enabled: true
-```
-
-## **sysdig.natsJs.natsTLSGenerator.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable the use of cert manager. Creates Issuer and Certficate resources<br />
-**Options**:<br />
-**Options**: true|false<br />
-**Default**: false
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    natsTLSGenerator: true
-```
-
-## **sysdig.natsJs.ha.enabled**
-
-**Required**: `false`<br />
-**Description**: This feature ensures that there are multiple replicas of your NATS JetStream server running at any given time, providing data redundancy and mitigating the risk of server failure. It accomplishes this by utilizing cluster mode, where data is distributed across multiple nodes.
-
-If you disable High Availability, the number of JetStream replicas will be set to 1. In this scenario, there is no data redundancy since there is only a single instance of the server. Therefore, any issues with this single instance could lead to data loss or service disruption. Also, the cluster mode of NATS will be disabled, meaning that your data will no be distributed across multiple nodes, potentially leading to increased risk of data loss and less efficient use of resources.
-
-It is recommended to keep High Availability enabled for production use of NATS JetStream
-<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    ha:
-      enabled: false
-```
-
-## **sysdig.natsJs.hostPathNodes**
-
-**Required**: `false`<br />
-**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats js hostPath persistent volumes should be created on. The number of nodes must be 3. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br />
-**Options**:<br />
-**Default**: [] <br />
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    hostPathNodes:
-      - my-cool-host1.com
-```
-
-## **sysdig.natsJs.nats.tolerations**
-
-**Required**: `false`<br />
-**Description**: If set add tolerations to NatsJs statefulset<br />
-**Options**: <br />
-**Default**: `[]`<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      tolerations:
-        key: dedicated
-        operator: Equal
-        value: cassandra
-        effect: NoSchedule
-```
-
-## **sysdig.natsJs.nats.affinity**
-
-**Required**: `false`<br />
-**Description**: If set add affinity to NatsJs statefulset<br />
-**Options**: <br />
-**Default**: ``<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: name
-                operator: In
-                values:
-                - blue
-```
-
-## **sysdig.resources.natsJs.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to nats pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 2      |
-| large        | 3      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    natsJs:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.natsJs.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to nats pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 3Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    natsJs:
-      limits:
-        memory: 2Gi
-```
-
-## **sysdig.resources.natsJs.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule nats pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 1        |
-| large        | 2        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    natsJs:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.natsJs.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule nats pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 3Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    natsJs:
-      requests:
-        memory: 1Gi
-```
-
-## **sysdig.natsJs.nats.nats.gomemlimit**
-
-**Required**: `false`<br />
-**Description**: The amount of memory dedicated to go. Configure it to the 90% of memory limit<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 900MiB   |
-| medium       | 1800MiB  |
-| large        | 2600MiB  |
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      nats:
-        gomemlimit: 900MiB
-```
-
 ## **sysdig.resources.nats-streaming.limits.cpu**
 
 **Required**: `false`<br />
@@ -8440,8 +8038,8 @@ sysdig:
 **Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinitylabelkey) and
-[nodeaffinityLabel.value](#nodeaffinitylabelvalue) to ensure only Sysdig
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
 Platform pods run on particular nodes<br />
 **Options**:<br />
 **Default**:<br />
@@ -9358,7 +8956,7 @@ sysdig:
 ## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 
 **Required**: `false`<br />
-**Description**: Anchore db ssl mode. More info: <https://www.postgresql.org/docs/9.1/libpq-ssl.html><br />
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br />
 **Options**:<br />
 **Default**: "disable"<br />
 **Example**:
@@ -9389,8 +8987,11 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable metadata-service or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `true`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -9402,7 +9003,10 @@ sysdig:
 ## **sysdig.metadataService.operatorEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to enable metadata-service-operator or not, this controls the HA capabilities of the Metadata Service but it requires several k8s permissions in the cluster.
+**Description**: Whether to enable metadata-service-operator or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -9598,8 +9202,11 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `true`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -10259,7 +9866,6 @@ sysdig:
 ```
 
 ## **networkPolicies**
-
 Please check the [dedicated page](05-networkPolicies.md)
 
 ## **pvStorageSize.small.kafka**
@@ -10269,7 +9875,7 @@ Please check the [dedicated page](05-networkPolicies.md)
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 50Gi<br />
+**Default**: 20Gi<br />
 **Example**:
 
 ```yaml
@@ -10359,7 +9965,6 @@ pvStorageSize:
 ```
 
 ## **sysdig.meerkat.enabled**
-
 **Required**: `false`<br />
 **Description**: Enables Meerkat. Meerkat represents collections of components that make up Sysdig's new, more computationally efficient, metrics store.<br />
 **Options**: `true|false`<br />
@@ -10775,7 +10380,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator Worker JVM.<br />
 **Options**:<br />
-**Default**: ``
+**Default**: ` `
 
 **Example**:
 
@@ -11830,7 +11435,6 @@ sysdig:
 ```
 
 ## **sysdig.prometheus.enabled**
-
 **Required**: `false`<br />
 **Description**: Enables Prometheus services.<br />
 **Options**: `true|false`<br />
@@ -14076,6 +13680,7 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
+NOTE: Vulnerability Engine V2 is not yet supported for airgapped installation.<br />
 **Options**:<br />
 **Default**: true<br />
 **Example**:
@@ -14090,7 +13695,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
 
 **Example**:
 
@@ -14122,7 +13727,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
 
 **Example**:
 
@@ -14317,19 +13922,3 @@ sysdig:
     scanningv2:
       customCerts: true
 ```
-
-## **sysdig.secure.scanningv2.airgappedFeeds**
-
-**Required**: `false`<br />
-**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      airgappedFeeds: true
-```
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 93e8012c..30bb4ec0 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -129,43 +129,7 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ## Airgapped installations
 
-### Updating the feeds database in airgapped environments [ScanningV2]
-
-This is a script that can be used to automatically update the vulnerability feeds used by the ScanningV2 engine.
-
-```bash
-#!/bin/bash
-QUAY_USERNAME="<change_me>"
-QUAY_PASSWORD="<change_me>"
-
-# Calculate the tag of the last version.
-epoch=`date +%s`
-IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
-
-# Download image
-docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG}
-# Save image
-docker image save quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG} -o airgap-vuln-feeds-latest.tar
-# Optionally move image
-mv airgap-vuln-feeds-latest.tar /var/shared-folder
-# Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/airgap-vuln-feeds-latest.tar"
-# Push image remotely
-ssh -t user@airgapped-host "docker tag airgap-vuln-feeds:${IMAGE_TAG} airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-ssh -t user@airgapped-host "docker image push airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-
-# Update the image
-ssh -t user@airgapped-host "kubectl -n sysdigcloud set image deploy/sysdigcloud-scanningv2-airgap-vuln-feeds airgap-vuln-feeds=airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-```
-
-The above script could be scheduled using a cron job that run every day like
-
-```bash
-0 8 * * * airgap-vuln-feeds-image-update.sh >/dev/null 2>&1
-```
-
-### Updating the feeds database in airgapped environments [Legacy Scanning]
+### Updating the feeds database in airgapped environments
 
 This is a procedure that can be used to automatically update the feeds database:
 

From 3db556fd985f17b56e9abaf3d11fee685284d9ef Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 27 Feb 2024 16:41:47 +0000
Subject: [PATCH 141/156] updating installer docs

---
 installer/README.md                           |   4 +-
 installer/docs/01-command_line_arguments.md   | 156 +++-
 installer/docs/02-configuration_parameters.md | 708 +++++++++---------
 installer/docs/04-advanced_configuration.md   |  38 +-
 installer/docs/05-networkPolicies.md          |   4 +-
 installer/values.yaml                         |   3 +
 6 files changed, 526 insertions(+), 387 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cd47ed96..6ade8103 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,5 +1,3 @@
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
-
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
@@ -58,6 +56,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
+  - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
+    Set this parameter to `true` if you would like to use Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 2e50d8aa..a99a9948 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -5,7 +5,7 @@
 
 # Command line arguments explained
 
-<br />
+<br/>
 
 ## Command: `deploy`
 
@@ -28,7 +28,7 @@
 
 - The user must provide SAs with the exact same name expected:
 
-```
+```text
 sysdig-serviceaccount.yaml:  name: sysdig
 sysdig-serviceaccount.yaml:  name: node-labels-to-files
 sysdig-serviceaccount.yaml:  name: sysdig-with-root
@@ -41,7 +41,7 @@ sysdig-serviceaccount.yaml:  name: sysdig-cassandra
   Another implication is that if SA(s) are missing, the user will have to `describe`
   the STS because Pods will not start at all:
 
-```
+```text
 Events:
   Type     Reason            Age                   From                    Message
   ----     ------            ----                  ----                    -------
@@ -70,10 +70,16 @@ actual name of the STS in the cluster differs
 
 - Same as above for `cassandra`
 
+`--use-import-v2`
+
+- This flag will use the new import logic, which will import the values from the cluster and then generate the manifests based on the imported values. Defaults to `false`, which means the old import logic will be used, unless the `--use-import-v2` flag is provided. Import V2 is supported starting from version 6.6.0, and is expected to become the default in the future.
+
 ## Command: `update-license`
 
 Added November 2022, this is a new command.
 
+** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
+
 This command performs the minimal changes and restarts to apply a new license.
 Based on [this page](https://docs.sysdig.com/en/docs/administration/on-premises-deployments/upgrade-an-on-premises-license/)
 
@@ -105,7 +111,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Example
 
-```
+```log
 ./installer/out/installer-darwin-amd64 image-list
 I1118 18:48:44.643520   97065 main.go:64] Installer version
 I1118 18:48:44.646391   97065 values.go:122] using namespace sysdig from values.yaml
@@ -126,7 +132,6 @@ quay.io/sysdig/postgres:12.10.0.0
 quay.io/sysdig/cp-kafka-6:0.2.1
 quay.io/sysdig/kube-rbac-proxy:v0.8.0
 quay.io/sysdig/secure-onboarding-api:6.0.0.12431
-quay.io/sysdig/nats-streaming-init:0.22.0.8
 quay.io/sysdig/ui-monitor-nginx:6.0.0.12431
 quay.io/sysdig/sysdig-worker:6.0.0.12431
 quay.io/sysdig/profiling-api:6.0.0.12431
@@ -162,7 +167,6 @@ quay.io/sysdig/haproxy-ingress:1.1.5-v0.10
 quay.io/sysdig/sysdig-meerkat-api:6.0.0.12431
 quay.io/sysdig/metadata-service-operator:1.0.1.23
 quay.io/sysdig/netsec:6.0.0.12431
-quay.io/sysdig/nats-streaming:0.22.0.8
 quay.io/sysdig/nats-exporter:0.9.0.2
 quay.io/sysdig/secure-prometheus:2.17.2
 quay.io/sysdig/opensearch-1:0.0.16
@@ -175,7 +179,7 @@ quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
-quay.io/sysdig/cassandra-3:0.0.36
+quay.io/sysdig/cassandra:0.0.36
 quay.io/sysdig/metadata-service-server:1.10.63
 quay.io/sysdig/rapid-response-connector:6.0.0.12431
 quay.io/sysdig/secure-todo-api:6.0.0.12431
@@ -189,4 +193,140 @@ quay.io/sysdig/secure-todo-janitor:6.0.0.12431
 quay.io/sysdig/sysdig-alert-manager:6.0.0.12431
 quay.io/sysdig/redis-exporter-1:1.0.9
 quay.io/sysdig/ui-inspect-nginx:6.0.0.12431
-```
\ No newline at end of file
+```
+
+## Command: `diff`
+
+Will perform a diff between the platform objects in a running k8s cluster, and the generated manifests based on some values.
+
+`--write-diff`
+
+- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout.
+
+`--out-diff-dir`
+
+- Allows you to specify a custom path for the diff files being written on the filesystem. Will be used only if also `--write-diff` is provided. If not set will use a temporary directory.
+
+`--cleanup`
+
+- If set, will attempt to automatically delete any generated diff files on the filesystem if the directory used to store the diff files already exists. Requires both `--write-diff` and `--out-diff-dir` to be set.
+
+`--secure`
+
+- applies some filters to the produced diff in order to avoid printing sensitive informations. This is useful if you need to share diffs to user who shouldn't have access to credentials.
+
+`--summary`
+
+- Only prints a summary of the diff errors.
+
+Diff command also has options inherited from the generate command options. See **generate** command section.
+
+### Sub-Command: secure-diff [DEPRECATED]
+
+Performs a diff not showing sensitive information.
+This subcommand is DEPRECATED and will be removed starting from version 6.7.0, you can have the same effect with the diff command and the flag `--secure`.
+
+## Command: `generate`
+
+`--manifest-directory`
+
+- Set the location where the installer will write the genearted manifests.
+
+`--skip-generate`
+
+- Skips generating Kubernetes manifests and attempts to diff whatever is in the manifests directory. Manifest directory can be specified using `--manifest-directory <dir>` flag.
+
+`--skip-import`
+
+- Skips the import phase, which would try to import values from a running cluster.
+
+`--skip-validation`
+
+- Skips validation checks.
+
+`--ignore-kubeconfig-errors`
+
+- This will ignore all errors from trying to parse kubeconfig file.
+
+`--preserve-templates`
+
+- Preserve directory installer templates are extracted to, this should only be used for debugging purposes
+
+`--k8s-server-version`
+
+- Sets the `kubernetesServerVersion` within values.
+
+`--helm-install`
+
+- The installer will extract the necessary files for an installation using the `helm` command only. By default it will create a directory `helm-install` in the directory where the installer is being executed. Content of the directory:
+
+  - `values.hi.yaml`: the complete values generated by the `installer`
+  - `values.hi.nats.yaml` and `values.hi.nats.global.yaml`: values for the rendering of NATSJS
+  - `charts`: the Helm charts that make up the Sysdig onprem stack
+
+`--helm-install-out-dir`
+
+- To use a custom directory to output the files generated by `--helm-install` instead of the default.
+
+### ArgoCD Generation
+
+We have introduced a way to generate ArgoCD apps definitions so that the sysdig stack can be installed using ArgoCD.
+
+At the moment we only take care of the generation of the files, the actual deploy of these files in ArgoCD is left to the user.
+
+`--argocd (boolean)`
+
+Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated. NOTE: that using this flag will automatically also run the generation of charts that you would obtain with the `--helm-install` cli flag, this is because the argoCD generation is strictly tied with the helm-charts being produced in a certain way.
+
+`--argo-repo-url (string)`
+
+URL of repo that will contain ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. (default `git@github.com:ORGANIZATION/SAMPLE-REPO.git`). This will be replaced within the ArgoCD apps definition files.
+
+`--argo-repo-rev (string)`
+
+Name of the branch of the repo to use. (default "main"). This will be replaced within the ArgoCD apps definition files.
+
+example of hierarchy:
+```
+git@github.com:ORGANIZATION/SAMPLE-REPO.git
+    |
+    '- argocd-projects/
+    |        '- sysdig/
+    |        |    '- argocd/
+    |        |    |    '- sysdig-root/
+    |        |    |    '- sysdig-common-config/
+    |        |    |    '- sysdigcloud-infra/
+    |        |    |         [...]
+    |        |    '- helm-install/
+    |        |    |    '- charts/
+    |        |    |          '- chart-1/
+    |        |    |          '- chart-2/
+    |        |    |          [...]
+```
+
+`--argo-git-apps-dir (string)`
+
+Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
+If we look at the example above the correct value for this would be `argocd-projects/sysdig/argocd`.
+
+`--argo-git-charts-dir (string)`
+
+relative path from the repo root that will contain the folder with charts. (default "helm-install/charts"). This will be replaced within the ArgoCD apps definition files. If we look at the example above the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
+
+`--argo-out-dir (string)`
+
+actual output directory on file system where argocd files will be written. Default is `./argocd/`.
+
+
+## Command: `list-resources`
+
+Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
+This command expects to have a `generated` folder. If one doesn't exist, it can be created within the scope of this command, using the `--generate-manifests` flag.
+
+`--generate-manifests`
+
+- Generate Kubernetes manifests before generating the list of resources. Defaults to `false`.
+
+`--node-count`
+
+- Number of nodes in the target cluster. This impacts the resource calculation, because DaemonSets get deployed on every (tolerated) node in the cluster. Defaults to `1`.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index df37b437..7267e640 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -385,7 +385,7 @@ elasticsearch:
 ## **elasticsearch.jobs.rollNodes**
 
 **Required**: `false`<br />
-**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time.<br />
+**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time. WARNING: do not set this to true in a 5.x to 6.x upgrade scenario.<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.35<br />
+**Default**: 0.0.46<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.35
+    toolsImageVersion: 0.0.46
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -568,19 +568,20 @@ hostPathCustomPaths:
   postgresql: `/sysdig/pgdata`
 ```
 
-## **hostPathCustomPaths.nats**
+## **hostPathCustomPaths.natsJs**
 
 **Required**: `false`<br />
-**Description**: The directory to bind mount nats streaming (in HA mode) pod's
-`/var/lib/stan` to on the host. This parameter is relevant
+**Description**: The directory to bind mount nats js pod's
+`/var/lib/natsjs` to on the host. This parameter is relevant
 only when `storageClassProvisioner` is `hostPath`.<br />
 **Options**: <br />
-**Default**: `/var/lib/stan`<br />
+**Default**: `/var/lib/natsjs`<br />
 **Example**:
 
 ```yaml
 hostPathCustomPaths:
-  postgresql: `/sysdig/stan`
+  natsJs: `/sysdig/natsjs`
+```
 
 ## **nodeaffinityLabel.key**
 
@@ -669,7 +670,7 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 100Gi<br />
+**Default**: 150Gi<br />
 **Example**:
 
 ```yaml
@@ -758,27 +759,27 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
+## **pvStorageSize.large.natsJs**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 10Gi<br />
+**Default**: 50Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   large:
-    nats: 10Gi
+    natsJs: 50Gi
 ```
 
-## **pvStorageSize.medium.nats**
+## **pvStorageSize.medium.natsJs**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 10Gi<br />
@@ -787,23 +788,23 @@ cluster of [`size`](#size) medium. This option is ignored if
 ```yaml
 pvStorageSize:
   medium:
-    nats: 10Gi
+    natsJs: 10Gi
 ```
 
-## **pvStorageSize.small.nats**
+## **pvStorageSize.small.natsJs**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 10Gi<br />
+**Default**: 50Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   small:
-    nats: 10Gi
+    natsJs: 50Gi
 ```
 
 ## **sysdig.anchoreVersion**
@@ -925,12 +926,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker image tag of Cassandra.<br />
 **Options**: <br />
-**Default**: 2.1.22.5<br />
+**Default**: 4.1.3-0.0.14<br />
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.22.5
+  cassandraVersion: 4.1.3-0.0.14
 ```
 
 ## **sysdig.cassandraExporterVersion**
@@ -938,13 +939,14 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:v0.17.0-ubi` <br />
 **Options**: <br />
-**Default**: v0.17.0-ubi<br />
+**Default**: v0.20.0-ubi<br />
 **Example**:
 
 ```yaml
 sysdig:
   cassandraExporterVersion: latest
 ```
+
 ## **sysdig.cassandra.snitch.extractCMD**
 
 **Required**: `false`<br />
@@ -960,10 +962,10 @@ sysdig:
       extractCMD: "cat /node-labels/failure-domain.beta.kubernetes.io/zone || cat /node-labels/topology.kubernetes.io/zone"
 ```
 
-## **sysdig.cassandra.useCassandra3**
+## **sysdig.cassandra.useCassandra3** (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
+**Description**: Deprecated: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -974,10 +976,10 @@ sysdig:
     useCassandra3: false
 ```
 
-## **sysdig.Cassandra3Version**
+## **sysdig.Cassandra3Version** (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
+**Description**: Deprecated: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
 **Options**: <br />
 **Default**: `3.11.11.1`<br />
 **Example**:
@@ -1169,10 +1171,10 @@ documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/con
 sysdig:
   cassandra:
     customOverrides: |
-      hinted_handoff_enabled: false
-      concurrent_compactors: 8
-      read_request_timeout_in_ms: 10000
-      write_request_timeout_in_ms: 10000
+      concurrent_compactors: 6
+      read_request_timeout: 10000ms
+      write_request_timeout: 10000ms
+      request_timeout: 11000ms
 ```
 
 ## **sysdig.cassandra.datacenterName**
@@ -1316,6 +1318,21 @@ sysdig:
   elasticsearchVersion: 5.6.16.18
 ```
 
+## **sysdig.platformAuditTrail.enabled**
+
+**Required**: `false`<br />
+**Description**: Global flag to enable Sysdig Platform Audit in all services.
+**Required**: `false`</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  platformAuditTrail:
+    enabled: true
+```
+
 ## **sysdig.elasticsearch6Version**
 
 **Required**: `false`<br />
@@ -1356,6 +1373,22 @@ sysdig:
   haproxyVersion: v0.7-beta.7.1
 ```
 
+---
+
+## **sysdig.skipIngressGeneration**
+
+**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
+**Required**: `false`</br>
+**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  skipIngressGeneration: true
+```
+
 ## **sysdig.ingressNetworking**
 
 **Required**: `false`<br />
@@ -1380,7 +1413,6 @@ sysdig:
   ingressNetworking: loadbalancer
 ```
 
-
 ## **sysdig.ingressClassName**
 
 **Required**: `false`<br />
@@ -1396,7 +1428,6 @@ sysdig:
   ingressClassName: haproxy
 ```
 
-
 ## **sysdig.ingressNetworkingInsecureApiNodePort**
 
 **Required**: `false`<br />
@@ -1457,6 +1488,19 @@ sysdig:
   ingressNetworkingCollectorNodePort: 30002
 ```
 
+## **haproxyIngress.watchAllNamespaces**
+
+**Required**: `false`<br />
+**Description**: When the 'watchAllNamespaces' setting is enabled, the HaProxy Ingress controller oversees Ingress resources throughout all namespaces within the cluster. By default, this setting is disabled, restricting monitoring to the namespace specifically configured for sysdig deployment. <br />
+**Options**: `true|false`<br />
+**Default**: `false` <br />
+**Example**:
+
+```yaml
+haproxyIngress:
+  watchAllNamespaces: true
+```
+
 ## **sysdig.license**
 
 **Required**: `true`<br />
@@ -1549,22 +1593,6 @@ sysdig:
   sysdigWorkerVersion: 3.5.1.7018
 ```
 
-## **sysdig.enableAlerter**
-
-**Required**: `false`<br />
-**Description**: This creates a separate deployment for Alerters while
-disabling this functionality in workers. **Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  enableAlerter: true
-```
-
 ## **sysdig.alertingSystem.enabled**
 
 **Required**: `false`<br />
@@ -1672,12 +1700,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br />
 **Options**:<br />
-**Default**: 0.9.0.1<br />
+**Default**: 0.1.5<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.9.0.1
+  natsExporterVersion: 0.1.5
 ```
 
 ## **sysdig.natsStreamingVersion**
@@ -1706,154 +1734,43 @@ sysdig:
   natsStreamingInitVersion: 0.22.0.7
 ```
 
-## **sysdig.nats.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable NATS deployment for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    enabled: true
-```
-
-## **sysdig.nats.secure.enabled**
+## **sysdig.natsServerVersion**
 
 **Required**: `false`<br />
-**Description**: NATS Streaming TLS enabled.<br />
+**Description**: Docker image tag of NATS.<br />
 **Options**:<br />
-**Default**: true<br />
+**Default**: 0.1.11<br />
 **Example**:
 
 ```yaml
 sysdig:
-  nats:
-    secure:
-      enabled: true
+  natsExporterVersion: 0.1.11
 ```
 
-## **sysdig.nats.secure.username**
-
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
-**Description**: NATS username<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
-**Description**: NATS password<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
-## **sysdig.nats.ca**
-
-**Required**: `false`<br />
-**Description**: NATS CA<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    ca: <base64(ca.pem)>
-```
-
-## **sysdig.nats.cakey**
+## **sysdig.natsReloaderVersion**
 
 **Required**: `false`<br />
-**Description**: NATS CA KEY<br />
+**Description**: Docker image tag of NATS Reloader.<br />
 **Options**:<br />
-**Default**:<br />
+**Default**: 0.1.4<br />
 **Example**:
 
 ```yaml
 sysdig:
-  nats:
-    cakey: <base64(ca.pem)>
-```
-
-## **sysdig.nats.ha.enabled**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming HA (High Availability) enabled.<br />
-**Options**:<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    ha:
-      enabled: false
+  natsExporterVersion: 0.1.4
 ```
 
-## **sysdig.nats.urlha**
+## **sysdig.natsBoxVersion**
 
 **Required**: `false`<br />
-**Description**: NATS Streaming URL for HA deployment.<br />
+**Description**: Docker image tag of NATS Box.<br />
 **Options**:<br />
-**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br />
+**Default**: 0.0.13<br />
 **Example**:
 
 ```yaml
 sysdig:
-  nats:
-    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
-```
-
-## **sysdig.nats.urltls**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming URL for TLS enabled.<br />
-**Options**:<br />
-**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    urltls: nats://sysdigcloud-nats-streaming-tls:4222
-```
-
-## **sysdig.nats.hostPathNodes**
-
-**Required**: `false`<br />
-**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats streaming (in HA mode) hostPath persistent volumes should be created on. The number of nodes must be 3. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br />
-**Options**:<br />
-**Default**: [] <br />
-
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    hostPathNodes:
-      - my-cool-host1.com
+  natsExporterVersion: 0.0.13
 ```
 
 ## **sysdig.openshiftUrl**
@@ -1913,19 +1830,6 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
-
-**Required**: `false`<br />
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br />
-**Options**:<br />
-**Default**: 1.2.5-mysql-to-postgres<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
-```
-
 ## **sysdig.postgresql.rootUser**
 
 **Required**: `false`<br />
@@ -1971,7 +1875,7 @@ sysdig:
 ## **sysdig.postgresql.primary**
 
 **Required**: `false`<br />
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br />
+**Description**: Services will start in postgresql mode.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -3091,8 +2995,8 @@ sysdig:
   redis6ExporterVersion: 1.0.9
 ```
 
-
 ## **sysdig.redis6ImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis 6, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3106,6 +3010,7 @@ sysdig:
 ```
 
 ## **sysdig.redis6SentinelImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3119,6 +3024,7 @@ sysdig:
 ```
 
 ## **sysdig.redis6ExporterImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Metrics Exporter, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3156,7 +3062,9 @@ sysdig:
 redisTls:
   enabled: true
 ```
+
 ## **redisTls.deploy**
+
 **Required**: `false`<br />
 **Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
 **Options**: true|false<br />
@@ -3193,7 +3101,9 @@ redisTls:
 redisTls:
   ha: true
 ```
+
 ## **redisTls.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3205,6 +3115,7 @@ redisTls:
 redisTls:
   imageName: redis-6
 ```
+
 ## **redisTls.version**
 
 **Required**: `false`<br />
@@ -3220,6 +3131,7 @@ redisTls:
 ```
 
 ## **redisTls.sentinel.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3232,6 +3144,7 @@ redisTls:
   sentinel:
     imageName: redis-sentinel-6
 ```
+
 ## **redisTls.sentinel.version**
 
 **Required**: `false`<br />
@@ -3248,6 +3161,7 @@ redisTls:
 ```
 
 ## **redisTls.exporter.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3260,7 +3174,9 @@ redisTls:
   exporter:
     imageName: redis-exporter-1
 ```
+
 ## **redisTls.exporter.version**
+
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3273,6 +3189,7 @@ redisTls:
   exporter:
     version: 1.0.9
 ```
+
 ## **redisClientsMonitor**
 
 **Required**: `false`<br />
@@ -3303,7 +3220,6 @@ A Monitor service can have multiple [component connection](https://docs.google.c
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
 
-
 If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
 
 ```yaml
@@ -4454,98 +4370,6 @@ sysdig:
         memory: 200Mi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.alerter.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      limits:
-        memory: 10Mi
-```
-
-## **sysdig.resources.alerter.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.alerter.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      requests:
-        memory: 200Mi
-```
-
 ## **sysdig.resources.collector.limits.cpu**
 
 **Required**: `false`<br />
@@ -5458,8 +5282,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Scanning DB engine<br />
-**Options**:<br />
-**Default**: mysql<br />
+**Options**: postgres|inmem<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
@@ -5467,7 +5291,7 @@ sysdig:
   secure:
     scanning:
       retentionMgr:
-        scanningDBEngine: mysql
+        scanningDBEngine: postgres
 ```
 
 ## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
@@ -6303,6 +6127,7 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
+
 **Required**: `true`<br />
 **Description**: The flag to enable on-demand generation of reports globally<br />
 **Options**: false, true<br />
@@ -6318,6 +6143,7 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
+
 **Required**: `false`<br />
 **Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
 **Options**: <br />
@@ -6716,98 +6542,263 @@ sysdig:
         memory: 1Gi
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.natsJs.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable nats js deploy<br />
+**Options**: true|false<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    enabled: true
+```
+
+## **sysdig.natsJs.nats.fullnameOverride**
+
+**Required**: `false`<br />
+**Description**: the name of the nats js deployment<br />
+**Options**:<br />
+**Default**: nats
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      fullnameOverride: nats
+```
+
+## **sysdig.natsJs.nats.natsbox.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable nats js box deploy<br />
+**Options**: true|false<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      natsbox:
+        enabled: true
+```
+
+## **sysdig.natsJs.natsTLSGenerator.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable the use of cert manager. Creates Issuer and Certficate resources<br />
+**Options**:<br />
+**Options**: true|false<br />
+**Default**: false
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    natsTLSGenerator: true
+```
+
+## **sysdig.natsJs.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: This feature ensures that there are multiple replicas of your NATS JetStream server running at any given time, providing data redundancy and mitigating the risk of server failure. It accomplishes this by utilizing cluster mode, where data is distributed across multiple nodes.
+
+If you disable High Availability, the number of JetStream replicas will be set to 1. In this scenario, there is no data redundancy since there is only a single instance of the server. Therefore, any issues with this single instance could lead to data loss or service disruption. Also, the cluster mode of NATS will be disabled, meaning that your data will no be distributed across multiple nodes, potentially leading to increased risk of data loss and less efficient use of resources.
+
+It is recommended to keep High Availability enabled for production use of NATS JetStream
+<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    ha:
+      enabled: false
+```
+
+## **sysdig.natsJs.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats js hostPath persistent volumes should be created on. The number of nodes must be 3. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
+## **sysdig.natsJs.nats.tolerations**
+
+**Required**: `false`<br />
+**Description**: If set add tolerations to NatsJs statefulset<br />
+**Options**: <br />
+**Default**: `[]`<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      tolerations:
+        key: dedicated
+        operator: Equal
+        value: cassandra
+        effect: NoSchedule
+```
+
+## **sysdig.natsJs.nats.affinity**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to nats-streaming pods<br />
+**Description**: If set add affinity to NatsJs statefulset<br />
+**Options**: <br />
+**Default**: ``<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: name
+                operator: In
+                values:
+                - blue
+```
+
+## **sysdig.resources.natsJs.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to nats pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 1      |
 | medium       | 2      |
-| large        | 2      |
+| large        | 3      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    natsJs:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.resources.natsJs.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to nats-streaming pods<br />
+**Description**: The amount of memory assigned to nats pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
+| small        | 1Gi    |
 | medium       | 2Gi    |
-| large        | 2Gi    |
+| large        | 3Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    natsJs:
       limits:
         memory: 2Gi
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.resources.natsJs.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule nats-streaming pods<br />
+**Description**: The amount of cpu required to schedule nats pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    natsJs:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.resources.natsJs.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule nats-streaming pods<br />
+**Description**: The amount of memory required to schedule nats pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 3Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    natsJs:
       requests:
         memory: 1Gi
 ```
 
+## **sysdig.natsJs.nats.nats.gomemlimit**
+
+**Required**: `false`<br />
+**Description**: The amount of memory dedicated to go. Configure it to the 90% of memory limit<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 900MiB   |
+| medium       | 1800MiB  |
+| large        | 2600MiB  |
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      nats:
+        gomemlimit: 900MiB
+```
+
 ## **sysdig.resources.activity-audit-api.limits.cpu**
 
 **Required**: `false`<br />
@@ -8038,8 +8029,8 @@ sysdig:
 **Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+[nodeaffinityLabel.key](#nodeaffinitylabelkey) and
+[nodeaffinityLabel.value](#nodeaffinitylabelvalue) to ensure only Sysdig
 Platform pods run on particular nodes<br />
 **Options**:<br />
 **Default**:<br />
@@ -8182,14 +8173,13 @@ sysdig:
 ## **sysdig.cassandraReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br />
+**Description**: Number of Cassandra replicas<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 1     |
+| small        | 3     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8385,14 +8375,13 @@ sysdig:
 ## **sysdig.elasticsearchReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br />
+**Description**: Number of ElasticSearch replicas<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 1     |
+| small        | 3     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8445,27 +8434,6 @@ sysdig:
   workerReplicaCount: 7
 ```
 
-## **sysdig.alerterReplicaCount**
-
-**Required**: `false`<br />
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br />
-**Options**:<br />
-**Default**:<br />
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
 ## **sysdig.eventsGathererReplicaCount**
 
 **Required**: `false`<br />
@@ -8724,7 +8692,6 @@ sysdig:
 sysdig:
   collector:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.collector.certificate.generate**
@@ -8808,22 +8775,6 @@ sysdig:
 sysdig:
   worker:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-
-**Required**: `false`<br />
-**Description**: Custom configuration for Sysdig Alerter jvm.<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.eventsForwarderEnabledIntegrations**
@@ -8956,7 +8907,7 @@ sysdig:
 ## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 
 **Required**: `false`<br />
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br />
+**Description**: Anchore db ssl mode. More info: <https://www.postgresql.org/docs/9.1/libpq-ssl.html><br />
 **Options**:<br />
 **Default**: "disable"<br />
 **Example**:
@@ -8972,26 +8923,23 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: which scanning database engine to use. <br />
-**Options**: mysql<br />
-**Default**: "mysql"<br />
+**Options**: postgres<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
     veJanitor:
-      scanningDbEngine: "mysql"
+      scanningDbEngine: postgres
 ```
 
 ## **sysdig.metadataService.enabled**
 
 **Required**: `false`<br />
 **Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
@@ -9003,10 +8951,7 @@ sysdig:
 ## **sysdig.metadataService.operatorEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to enable metadata-service-operator or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
+**Description**: Whether to enable metadata-service-operator or not, this controls the HA capabilities of the Metadata Service but it requires several k8s permissions in the cluster.
 **Options**:`true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -9202,11 +9147,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
@@ -9866,6 +9808,7 @@ sysdig:
 ```
 
 ## **networkPolicies**
+
 Please check the [dedicated page](05-networkPolicies.md)
 
 ## **pvStorageSize.small.kafka**
@@ -9875,7 +9818,7 @@ Please check the [dedicated page](05-networkPolicies.md)
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 20Gi<br />
+**Default**: 50Gi<br />
 **Example**:
 
 ```yaml
@@ -9965,6 +9908,7 @@ pvStorageSize:
 ```
 
 ## **sysdig.meerkat.enabled**
+
 **Required**: `false`<br />
 **Description**: Enables Meerkat. Meerkat represents collections of components that make up Sysdig's new, more computationally efficient, metrics store.<br />
 **Options**: `true|false`<br />
@@ -10380,7 +10324,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator Worker JVM.<br />
 **Options**:<br />
-**Default**: ` `
+**Default**: ``
 
 **Example**:
 
@@ -11435,6 +11379,7 @@ sysdig:
 ```
 
 ## **sysdig.prometheus.enabled**
+
 **Required**: `false`<br />
 **Description**: Enables Prometheus services.<br />
 **Options**: `true|false`<br />
@@ -13680,7 +13625,6 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
-NOTE: Vulnerability Engine V2 is not yet supported for airgapped installation.<br />
 **Options**:<br />
 **Default**: true<br />
 **Example**:
@@ -13695,7 +13639,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
 **Example**:
 
@@ -13727,7 +13671,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
 **Example**:
 
@@ -13922,3 +13866,19 @@ sysdig:
     scanningv2:
       customCerts: true
 ```
+
+## **sysdig.secure.scanningv2.airgappedFeeds**
+
+**Required**: `false`<br />
+**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      airgappedFeeds: true
+```
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 30bb4ec0..93e8012c 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -129,7 +129,43 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ## Airgapped installations
 
-### Updating the feeds database in airgapped environments
+### Updating the feeds database in airgapped environments [ScanningV2]
+
+This is a script that can be used to automatically update the vulnerability feeds used by the ScanningV2 engine.
+
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Calculate the tag of the last version.
+epoch=`date +%s`
+IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG}
+# Save image
+docker image save quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG} -o airgap-vuln-feeds-latest.tar
+# Optionally move image
+mv airgap-vuln-feeds-latest.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/airgap-vuln-feeds-latest.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag airgap-vuln-feeds:${IMAGE_TAG} airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+ssh -t user@airgapped-host "docker image push airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+
+# Update the image
+ssh -t user@airgapped-host "kubectl -n sysdigcloud set image deploy/sysdigcloud-scanningv2-airgap-vuln-feeds airgap-vuln-feeds=airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+```
+
+The above script could be scheduled using a cron job that run every day like
+
+```bash
+0 8 * * * airgap-vuln-feeds-image-update.sh >/dev/null 2>&1
+```
+
+### Updating the feeds database in airgapped environments [Legacy Scanning]
 
 This is a procedure that can be used to automatically update the feeds database:
 
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index fe03c37c..4c69750b 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -27,7 +27,7 @@ A validation checks that the minimal requirements for each type of environment (
 
 - if `.deployment=kubernetes`, then the `.networkPolicies.ingress.haproxy.allowedNetworks` is required
 
-- if `.deployment=iks`, then the `.networkPolicies.ingress.alb
+- if `.deployment=iks`, then the `.networkPolicies.ingress.alb.selector` is required
 
 ## Parameters
 
@@ -49,7 +49,7 @@ networkPolicies:
 
 **Required**: `false` <br />
 **Description**: to render the NetworkPolicies this flag must be set to `deny`. It works together with flag `networkPolicies.enabled`.<br />
-**Options**: `deny`/`allow`<br />
+**Options**: `deny|allow`<br />
 **Default**: `false`<br />
 
 **Example**:
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..39dcb006 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -22,3 +22,6 @@ sysdig:
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
   ingressClassName: haproxy
+  # Uncomment the following two lines to enable Sysdig Platform Audit
+  #platformAuditTrail:
+  #  enabled: true

From d69c8ec66a51532f45a990c18d1e4f8fb0449d17 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Sat, 2 Mar 2024 00:35:28 +0000
Subject: [PATCH 142/156] updating installer docs

---
 installer/README.md                           |   4 +-
 installer/docs/01-command_line_arguments.md   | 156 +---
 installer/docs/02-configuration_parameters.md | 708 +++++++++---------
 installer/docs/04-advanced_configuration.md   |  38 +-
 installer/docs/05-networkPolicies.md          |   4 +-
 installer/values.yaml                         |   3 -
 6 files changed, 387 insertions(+), 526 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 6ade8103..cd47ed96 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,3 +1,5 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
+
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
@@ -56,8 +58,6 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
-    Set this parameter to `true` if you would like to use Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index a99a9948..2e50d8aa 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -5,7 +5,7 @@
 
 # Command line arguments explained
 
-<br/>
+<br />
 
 ## Command: `deploy`
 
@@ -28,7 +28,7 @@
 
 - The user must provide SAs with the exact same name expected:
 
-```text
+```
 sysdig-serviceaccount.yaml:  name: sysdig
 sysdig-serviceaccount.yaml:  name: node-labels-to-files
 sysdig-serviceaccount.yaml:  name: sysdig-with-root
@@ -41,7 +41,7 @@ sysdig-serviceaccount.yaml:  name: sysdig-cassandra
   Another implication is that if SA(s) are missing, the user will have to `describe`
   the STS because Pods will not start at all:
 
-```text
+```
 Events:
   Type     Reason            Age                   From                    Message
   ----     ------            ----                  ----                    -------
@@ -70,16 +70,10 @@ actual name of the STS in the cluster differs
 
 - Same as above for `cassandra`
 
-`--use-import-v2`
-
-- This flag will use the new import logic, which will import the values from the cluster and then generate the manifests based on the imported values. Defaults to `false`, which means the old import logic will be used, unless the `--use-import-v2` flag is provided. Import V2 is supported starting from version 6.6.0, and is expected to become the default in the future.
-
 ## Command: `update-license`
 
 Added November 2022, this is a new command.
 
-** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
-
 This command performs the minimal changes and restarts to apply a new license.
 Based on [this page](https://docs.sysdig.com/en/docs/administration/on-premises-deployments/upgrade-an-on-premises-license/)
 
@@ -111,7 +105,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Example
 
-```log
+```
 ./installer/out/installer-darwin-amd64 image-list
 I1118 18:48:44.643520   97065 main.go:64] Installer version
 I1118 18:48:44.646391   97065 values.go:122] using namespace sysdig from values.yaml
@@ -132,6 +126,7 @@ quay.io/sysdig/postgres:12.10.0.0
 quay.io/sysdig/cp-kafka-6:0.2.1
 quay.io/sysdig/kube-rbac-proxy:v0.8.0
 quay.io/sysdig/secure-onboarding-api:6.0.0.12431
+quay.io/sysdig/nats-streaming-init:0.22.0.8
 quay.io/sysdig/ui-monitor-nginx:6.0.0.12431
 quay.io/sysdig/sysdig-worker:6.0.0.12431
 quay.io/sysdig/profiling-api:6.0.0.12431
@@ -167,6 +162,7 @@ quay.io/sysdig/haproxy-ingress:1.1.5-v0.10
 quay.io/sysdig/sysdig-meerkat-api:6.0.0.12431
 quay.io/sysdig/metadata-service-operator:1.0.1.23
 quay.io/sysdig/netsec:6.0.0.12431
+quay.io/sysdig/nats-streaming:0.22.0.8
 quay.io/sysdig/nats-exporter:0.9.0.2
 quay.io/sysdig/secure-prometheus:2.17.2
 quay.io/sysdig/opensearch-1:0.0.16
@@ -179,7 +175,7 @@ quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
-quay.io/sysdig/cassandra:0.0.36
+quay.io/sysdig/cassandra-3:0.0.36
 quay.io/sysdig/metadata-service-server:1.10.63
 quay.io/sysdig/rapid-response-connector:6.0.0.12431
 quay.io/sysdig/secure-todo-api:6.0.0.12431
@@ -193,140 +189,4 @@ quay.io/sysdig/secure-todo-janitor:6.0.0.12431
 quay.io/sysdig/sysdig-alert-manager:6.0.0.12431
 quay.io/sysdig/redis-exporter-1:1.0.9
 quay.io/sysdig/ui-inspect-nginx:6.0.0.12431
-```
-
-## Command: `diff`
-
-Will perform a diff between the platform objects in a running k8s cluster, and the generated manifests based on some values.
-
-`--write-diff`
-
-- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout.
-
-`--out-diff-dir`
-
-- Allows you to specify a custom path for the diff files being written on the filesystem. Will be used only if also `--write-diff` is provided. If not set will use a temporary directory.
-
-`--cleanup`
-
-- If set, will attempt to automatically delete any generated diff files on the filesystem if the directory used to store the diff files already exists. Requires both `--write-diff` and `--out-diff-dir` to be set.
-
-`--secure`
-
-- applies some filters to the produced diff in order to avoid printing sensitive informations. This is useful if you need to share diffs to user who shouldn't have access to credentials.
-
-`--summary`
-
-- Only prints a summary of the diff errors.
-
-Diff command also has options inherited from the generate command options. See **generate** command section.
-
-### Sub-Command: secure-diff [DEPRECATED]
-
-Performs a diff not showing sensitive information.
-This subcommand is DEPRECATED and will be removed starting from version 6.7.0, you can have the same effect with the diff command and the flag `--secure`.
-
-## Command: `generate`
-
-`--manifest-directory`
-
-- Set the location where the installer will write the genearted manifests.
-
-`--skip-generate`
-
-- Skips generating Kubernetes manifests and attempts to diff whatever is in the manifests directory. Manifest directory can be specified using `--manifest-directory <dir>` flag.
-
-`--skip-import`
-
-- Skips the import phase, which would try to import values from a running cluster.
-
-`--skip-validation`
-
-- Skips validation checks.
-
-`--ignore-kubeconfig-errors`
-
-- This will ignore all errors from trying to parse kubeconfig file.
-
-`--preserve-templates`
-
-- Preserve directory installer templates are extracted to, this should only be used for debugging purposes
-
-`--k8s-server-version`
-
-- Sets the `kubernetesServerVersion` within values.
-
-`--helm-install`
-
-- The installer will extract the necessary files for an installation using the `helm` command only. By default it will create a directory `helm-install` in the directory where the installer is being executed. Content of the directory:
-
-  - `values.hi.yaml`: the complete values generated by the `installer`
-  - `values.hi.nats.yaml` and `values.hi.nats.global.yaml`: values for the rendering of NATSJS
-  - `charts`: the Helm charts that make up the Sysdig onprem stack
-
-`--helm-install-out-dir`
-
-- To use a custom directory to output the files generated by `--helm-install` instead of the default.
-
-### ArgoCD Generation
-
-We have introduced a way to generate ArgoCD apps definitions so that the sysdig stack can be installed using ArgoCD.
-
-At the moment we only take care of the generation of the files, the actual deploy of these files in ArgoCD is left to the user.
-
-`--argocd (boolean)`
-
-Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated. NOTE: that using this flag will automatically also run the generation of charts that you would obtain with the `--helm-install` cli flag, this is because the argoCD generation is strictly tied with the helm-charts being produced in a certain way.
-
-`--argo-repo-url (string)`
-
-URL of repo that will contain ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. (default `git@github.com:ORGANIZATION/SAMPLE-REPO.git`). This will be replaced within the ArgoCD apps definition files.
-
-`--argo-repo-rev (string)`
-
-Name of the branch of the repo to use. (default "main"). This will be replaced within the ArgoCD apps definition files.
-
-example of hierarchy:
-```
-git@github.com:ORGANIZATION/SAMPLE-REPO.git
-    |
-    '- argocd-projects/
-    |        '- sysdig/
-    |        |    '- argocd/
-    |        |    |    '- sysdig-root/
-    |        |    |    '- sysdig-common-config/
-    |        |    |    '- sysdigcloud-infra/
-    |        |    |         [...]
-    |        |    '- helm-install/
-    |        |    |    '- charts/
-    |        |    |          '- chart-1/
-    |        |    |          '- chart-2/
-    |        |    |          [...]
-```
-
-`--argo-git-apps-dir (string)`
-
-Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
-If we look at the example above the correct value for this would be `argocd-projects/sysdig/argocd`.
-
-`--argo-git-charts-dir (string)`
-
-relative path from the repo root that will contain the folder with charts. (default "helm-install/charts"). This will be replaced within the ArgoCD apps definition files. If we look at the example above the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
-
-`--argo-out-dir (string)`
-
-actual output directory on file system where argocd files will be written. Default is `./argocd/`.
-
-
-## Command: `list-resources`
-
-Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
-This command expects to have a `generated` folder. If one doesn't exist, it can be created within the scope of this command, using the `--generate-manifests` flag.
-
-`--generate-manifests`
-
-- Generate Kubernetes manifests before generating the list of resources. Defaults to `false`.
-
-`--node-count`
-
-- Number of nodes in the target cluster. This impacts the resource calculation, because DaemonSets get deployed on every (tolerated) node in the cluster. Defaults to `1`.
+```
\ No newline at end of file
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 7267e640..df37b437 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -385,7 +385,7 @@ elasticsearch:
 ## **elasticsearch.jobs.rollNodes**
 
 **Required**: `false`<br />
-**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time. WARNING: do not set this to true in a 5.x to 6.x upgrade scenario.<br />
+**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time.<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.46<br />
+**Default**: 0.0.35<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.46
+    toolsImageVersion: 0.0.35
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -568,20 +568,19 @@ hostPathCustomPaths:
   postgresql: `/sysdig/pgdata`
 ```
 
-## **hostPathCustomPaths.natsJs**
+## **hostPathCustomPaths.nats**
 
 **Required**: `false`<br />
-**Description**: The directory to bind mount nats js pod's
-`/var/lib/natsjs` to on the host. This parameter is relevant
+**Description**: The directory to bind mount nats streaming (in HA mode) pod's
+`/var/lib/stan` to on the host. This parameter is relevant
 only when `storageClassProvisioner` is `hostPath`.<br />
 **Options**: <br />
-**Default**: `/var/lib/natsjs`<br />
+**Default**: `/var/lib/stan`<br />
 **Example**:
 
 ```yaml
 hostPathCustomPaths:
-  natsJs: `/sysdig/natsjs`
-```
+  postgresql: `/sysdig/stan`
 
 ## **nodeaffinityLabel.key**
 
@@ -670,7 +669,7 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 150Gi<br />
+**Default**: 100Gi<br />
 **Example**:
 
 ```yaml
@@ -759,27 +758,27 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.natsJs**
+## **pvStorageSize.large.nats**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
-cluster of [`size`](#size) small. This option is ignored if
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 50Gi<br />
+**Default**: 10Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   large:
-    natsJs: 50Gi
+    nats: 10Gi
 ```
 
-## **pvStorageSize.medium.natsJs**
+## **pvStorageSize.medium.nats**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
-cluster of [`size`](#size) small. This option is ignored if
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 10Gi<br />
@@ -788,23 +787,23 @@ cluster of [`size`](#size) small. This option is ignored if
 ```yaml
 pvStorageSize:
   medium:
-    natsJs: 10Gi
+    nats: 10Gi
 ```
 
-## **pvStorageSize.small.natsJs**
+## **pvStorageSize.small.nats**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
+**Description**: The size of the persistent volume assigned to NATS HA in a
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 50Gi<br />
+**Default**: 10Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   small:
-    natsJs: 50Gi
+    nats: 10Gi
 ```
 
 ## **sysdig.anchoreVersion**
@@ -926,12 +925,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker image tag of Cassandra.<br />
 **Options**: <br />
-**Default**: 4.1.3-0.0.14<br />
+**Default**: 2.1.22.5<br />
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 4.1.3-0.0.14
+  cassandraVersion: 2.1.22.5
 ```
 
 ## **sysdig.cassandraExporterVersion**
@@ -939,14 +938,13 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:v0.17.0-ubi` <br />
 **Options**: <br />
-**Default**: v0.20.0-ubi<br />
+**Default**: v0.17.0-ubi<br />
 **Example**:
 
 ```yaml
 sysdig:
   cassandraExporterVersion: latest
 ```
-
 ## **sysdig.cassandra.snitch.extractCMD**
 
 **Required**: `false`<br />
@@ -962,10 +960,10 @@ sysdig:
       extractCMD: "cat /node-labels/failure-domain.beta.kubernetes.io/zone || cat /node-labels/topology.kubernetes.io/zone"
 ```
 
-## **sysdig.cassandra.useCassandra3** (**Deprecated**)
+## **sysdig.cassandra.useCassandra3**
 
 **Required**: `false`<br />
-**Description**: Deprecated: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -976,10 +974,10 @@ sysdig:
     useCassandra3: false
 ```
 
-## **sysdig.Cassandra3Version** (**Deprecated**)
+## **sysdig.Cassandra3Version**
 
 **Required**: `false`<br />
-**Description**: Deprecated: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
 **Options**: <br />
 **Default**: `3.11.11.1`<br />
 **Example**:
@@ -1171,10 +1169,10 @@ documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/con
 sysdig:
   cassandra:
     customOverrides: |
-      concurrent_compactors: 6
-      read_request_timeout: 10000ms
-      write_request_timeout: 10000ms
-      request_timeout: 11000ms
+      hinted_handoff_enabled: false
+      concurrent_compactors: 8
+      read_request_timeout_in_ms: 10000
+      write_request_timeout_in_ms: 10000
 ```
 
 ## **sysdig.cassandra.datacenterName**
@@ -1318,21 +1316,6 @@ sysdig:
   elasticsearchVersion: 5.6.16.18
 ```
 
-## **sysdig.platformAuditTrail.enabled**
-
-**Required**: `false`<br />
-**Description**: Global flag to enable Sysdig Platform Audit in all services.
-**Required**: `false`</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
-**Example**:
-
-```yaml
-sysdig:
-  platformAuditTrail:
-    enabled: true
-```
-
 ## **sysdig.elasticsearch6Version**
 
 **Required**: `false`<br />
@@ -1373,22 +1356,6 @@ sysdig:
   haproxyVersion: v0.7-beta.7.1
 ```
 
----
-
-## **sysdig.skipIngressGeneration**
-
-**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
-**Required**: `false`</br>
-**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
-**Example**:
-
-```yaml
-sysdig:
-  skipIngressGeneration: true
-```
-
 ## **sysdig.ingressNetworking**
 
 **Required**: `false`<br />
@@ -1413,6 +1380,7 @@ sysdig:
   ingressNetworking: loadbalancer
 ```
 
+
 ## **sysdig.ingressClassName**
 
 **Required**: `false`<br />
@@ -1428,6 +1396,7 @@ sysdig:
   ingressClassName: haproxy
 ```
 
+
 ## **sysdig.ingressNetworkingInsecureApiNodePort**
 
 **Required**: `false`<br />
@@ -1488,19 +1457,6 @@ sysdig:
   ingressNetworkingCollectorNodePort: 30002
 ```
 
-## **haproxyIngress.watchAllNamespaces**
-
-**Required**: `false`<br />
-**Description**: When the 'watchAllNamespaces' setting is enabled, the HaProxy Ingress controller oversees Ingress resources throughout all namespaces within the cluster. By default, this setting is disabled, restricting monitoring to the namespace specifically configured for sysdig deployment. <br />
-**Options**: `true|false`<br />
-**Default**: `false` <br />
-**Example**:
-
-```yaml
-haproxyIngress:
-  watchAllNamespaces: true
-```
-
 ## **sysdig.license**
 
 **Required**: `true`<br />
@@ -1593,6 +1549,22 @@ sysdig:
   sysdigWorkerVersion: 3.5.1.7018
 ```
 
+## **sysdig.enableAlerter**
+
+**Required**: `false`<br />
+**Description**: This creates a separate deployment for Alerters while
+disabling this functionality in workers. **Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  enableAlerter: true
+```
+
 ## **sysdig.alertingSystem.enabled**
 
 **Required**: `false`<br />
@@ -1700,12 +1672,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br />
 **Options**:<br />
-**Default**: 0.1.5<br />
+**Default**: 0.9.0.1<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.1.5
+  natsExporterVersion: 0.9.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
@@ -1734,43 +1706,154 @@ sysdig:
   natsStreamingInitVersion: 0.22.0.7
 ```
 
-## **sysdig.natsServerVersion**
+## **sysdig.nats.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable NATS deployment for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    enabled: true
+```
+
+## **sysdig.nats.secure.enabled**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of NATS.<br />
+**Description**: NATS Streaming TLS enabled.<br />
 **Options**:<br />
-**Default**: 0.1.11<br />
+**Default**: true<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.1.11
+  nats:
+    secure:
+      enabled: true
 ```
 
-## **sysdig.natsReloaderVersion**
+## **sysdig.nats.secure.username**
+
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
+**Description**: NATS username<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
+**Description**: NATS password<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
+## **sysdig.nats.ca**
+
+**Required**: `false`<br />
+**Description**: NATS CA<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ca: <base64(ca.pem)>
+```
+
+## **sysdig.nats.cakey**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of NATS Reloader.<br />
+**Description**: NATS CA KEY<br />
 **Options**:<br />
-**Default**: 0.1.4<br />
+**Default**:<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.1.4
+  nats:
+    cakey: <base64(ca.pem)>
+```
+
+## **sysdig.nats.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming HA (High Availability) enabled.<br />
+**Options**:<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ha:
+      enabled: false
 ```
 
-## **sysdig.natsBoxVersion**
+## **sysdig.nats.urlha**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of NATS Box.<br />
+**Description**: NATS Streaming URL for HA deployment.<br />
 **Options**:<br />
-**Default**: 0.0.13<br />
+**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.0.13
+  nats:
+    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
+```
+
+## **sysdig.nats.urltls**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming URL for TLS enabled.<br />
+**Options**:<br />
+**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    urltls: nats://sysdigcloud-nats-streaming-tls:4222
+```
+
+## **sysdig.nats.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats streaming (in HA mode) hostPath persistent volumes should be created on. The number of nodes must be 3. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
 ## **sysdig.openshiftUrl**
@@ -1830,6 +1913,19 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
+## **sysdig.mysqlToPostgresMigrationVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br />
+**Options**:<br />
+**Default**: 1.2.5-mysql-to-postgres<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+```
+
 ## **sysdig.postgresql.rootUser**
 
 **Required**: `false`<br />
@@ -1875,7 +1971,7 @@ sysdig:
 ## **sysdig.postgresql.primary**
 
 **Required**: `false`<br />
-**Description**: Services will start in postgresql mode.<br />
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -2995,8 +3091,8 @@ sysdig:
   redis6ExporterVersion: 1.0.9
 ```
 
-## **sysdig.redis6ImageName**
 
+## **sysdig.redis6ImageName**
 **Required**: `false`<br />
 **Description**: Docker image name of Redis 6, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3010,7 +3106,6 @@ sysdig:
 ```
 
 ## **sysdig.redis6SentinelImageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3024,7 +3119,6 @@ sysdig:
 ```
 
 ## **sysdig.redis6ExporterImageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Metrics Exporter, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3062,9 +3156,7 @@ sysdig:
 redisTls:
   enabled: true
 ```
-
 ## **redisTls.deploy**
-
 **Required**: `false`<br />
 **Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
 **Options**: true|false<br />
@@ -3101,9 +3193,7 @@ redisTls:
 redisTls:
   ha: true
 ```
-
 ## **redisTls.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3115,7 +3205,6 @@ redisTls:
 redisTls:
   imageName: redis-6
 ```
-
 ## **redisTls.version**
 
 **Required**: `false`<br />
@@ -3131,7 +3220,6 @@ redisTls:
 ```
 
 ## **redisTls.sentinel.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3144,7 +3232,6 @@ redisTls:
   sentinel:
     imageName: redis-sentinel-6
 ```
-
 ## **redisTls.sentinel.version**
 
 **Required**: `false`<br />
@@ -3161,7 +3248,6 @@ redisTls:
 ```
 
 ## **redisTls.exporter.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3174,9 +3260,7 @@ redisTls:
   exporter:
     imageName: redis-exporter-1
 ```
-
 ## **redisTls.exporter.version**
-
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3189,7 +3273,6 @@ redisTls:
   exporter:
     version: 1.0.9
 ```
-
 ## **redisClientsMonitor**
 
 **Required**: `false`<br />
@@ -3220,6 +3303,7 @@ A Monitor service can have multiple [component connection](https://docs.google.c
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
 
+
 If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
 
 ```yaml
@@ -4370,6 +4454,98 @@ sysdig:
         memory: 200Mi
 ```
 
+## **sysdig.resources.alerter.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.alerter.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.alerter.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.alerter.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      requests:
+        memory: 200Mi
+```
+
 ## **sysdig.resources.collector.limits.cpu**
 
 **Required**: `false`<br />
@@ -5282,8 +5458,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Scanning DB engine<br />
-**Options**: postgres|inmem<br />
-**Default**: postgres<br />
+**Options**:<br />
+**Default**: mysql<br />
 **Example**:
 
 ```yaml
@@ -5291,7 +5467,7 @@ sysdig:
   secure:
     scanning:
       retentionMgr:
-        scanningDBEngine: postgres
+        scanningDBEngine: mysql
 ```
 
 ## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
@@ -6127,7 +6303,6 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
-
 **Required**: `true`<br />
 **Description**: The flag to enable on-demand generation of reports globally<br />
 **Options**: false, true<br />
@@ -6143,7 +6318,6 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
-
 **Required**: `false`<br />
 **Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
 **Options**: <br />
@@ -6542,263 +6716,98 @@ sysdig:
         memory: 1Gi
 ```
 
-## **sysdig.natsJs.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable nats js deploy<br />
-**Options**: true|false<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    enabled: true
-```
-
-## **sysdig.natsJs.nats.fullnameOverride**
-
-**Required**: `false`<br />
-**Description**: the name of the nats js deployment<br />
-**Options**:<br />
-**Default**: nats
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      fullnameOverride: nats
-```
-
-## **sysdig.natsJs.nats.natsbox.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable nats js box deploy<br />
-**Options**: true|false<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      natsbox:
-        enabled: true
-```
-
-## **sysdig.natsJs.natsTLSGenerator.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable the use of cert manager. Creates Issuer and Certficate resources<br />
-**Options**:<br />
-**Options**: true|false<br />
-**Default**: false
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    natsTLSGenerator: true
-```
-
-## **sysdig.natsJs.ha.enabled**
-
-**Required**: `false`<br />
-**Description**: This feature ensures that there are multiple replicas of your NATS JetStream server running at any given time, providing data redundancy and mitigating the risk of server failure. It accomplishes this by utilizing cluster mode, where data is distributed across multiple nodes.
-
-If you disable High Availability, the number of JetStream replicas will be set to 1. In this scenario, there is no data redundancy since there is only a single instance of the server. Therefore, any issues with this single instance could lead to data loss or service disruption. Also, the cluster mode of NATS will be disabled, meaning that your data will no be distributed across multiple nodes, potentially leading to increased risk of data loss and less efficient use of resources.
-
-It is recommended to keep High Availability enabled for production use of NATS JetStream
-<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    ha:
-      enabled: false
-```
-
-## **sysdig.natsJs.hostPathNodes**
-
-**Required**: `false`<br />
-**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats js hostPath persistent volumes should be created on. The number of nodes must be 3. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br />
-**Options**:<br />
-**Default**: [] <br />
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    hostPathNodes:
-      - my-cool-host1.com
-```
-
-## **sysdig.natsJs.nats.tolerations**
-
-**Required**: `false`<br />
-**Description**: If set add tolerations to NatsJs statefulset<br />
-**Options**: <br />
-**Default**: `[]`<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      tolerations:
-        key: dedicated
-        operator: Equal
-        value: cassandra
-        effect: NoSchedule
-```
-
-## **sysdig.natsJs.nats.affinity**
+## **sysdig.resources.nats-streaming.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: If set add affinity to NatsJs statefulset<br />
-**Options**: <br />
-**Default**: ``<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: name
-                operator: In
-                values:
-                - blue
-```
-
-## **sysdig.resources.natsJs.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to nats pods<br />
+**Description**: The amount of cpu assigned to nats-streaming pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
+| small        | 2      |
 | medium       | 2      |
-| large        | 3      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    natsJs:
+    nats-streaming:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.natsJs.limits.memory**
+## **sysdig.resources.nats-streaming.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to nats pods<br />
+**Description**: The amount of memory assigned to nats-streaming pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
+| small        | 2Gi    |
 | medium       | 2Gi    |
-| large        | 3Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    natsJs:
+    nats-streaming:
       limits:
         memory: 2Gi
 ```
 
-## **sysdig.resources.natsJs.requests.cpu**
+## **sysdig.resources.nats-streaming.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule nats pods<br />
+**Description**: The amount of cpu required to schedule nats-streaming pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 1        |
-| large        | 2        |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    natsJs:
+    nats-streaming:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.natsJs.requests.memory**
+## **sysdig.resources.nats-streaming.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule nats pods<br />
+**Description**: The amount of memory required to schedule nats-streaming pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 3Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    natsJs:
+    nats-streaming:
       requests:
         memory: 1Gi
 ```
 
-## **sysdig.natsJs.nats.nats.gomemlimit**
-
-**Required**: `false`<br />
-**Description**: The amount of memory dedicated to go. Configure it to the 90% of memory limit<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 900MiB   |
-| medium       | 1800MiB  |
-| large        | 2600MiB  |
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      nats:
-        gomemlimit: 900MiB
-```
-
 ## **sysdig.resources.activity-audit-api.limits.cpu**
 
 **Required**: `false`<br />
@@ -8029,8 +8038,8 @@ sysdig:
 **Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinitylabelkey) and
-[nodeaffinityLabel.value](#nodeaffinitylabelvalue) to ensure only Sysdig
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
 Platform pods run on particular nodes<br />
 **Options**:<br />
 **Default**:<br />
@@ -8173,13 +8182,14 @@ sysdig:
 ## **sysdig.cassandraReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Cassandra replicas<br />
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 3     |
+| small        | 1     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8375,13 +8385,14 @@ sysdig:
 ## **sysdig.elasticsearchReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of ElasticSearch replicas<br />
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 3     |
+| small        | 1     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8434,6 +8445,27 @@ sysdig:
   workerReplicaCount: 7
 ```
 
+## **sysdig.alerterReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
 ## **sysdig.eventsGathererReplicaCount**
 
 **Required**: `false`<br />
@@ -8692,6 +8724,7 @@ sysdig:
 sysdig:
   collector:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.collector.certificate.generate**
@@ -8775,6 +8808,22 @@ sysdig:
 sysdig:
   worker:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Sysdig Alerter jvm.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.eventsForwarderEnabledIntegrations**
@@ -8907,7 +8956,7 @@ sysdig:
 ## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 
 **Required**: `false`<br />
-**Description**: Anchore db ssl mode. More info: <https://www.postgresql.org/docs/9.1/libpq-ssl.html><br />
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br />
 **Options**:<br />
 **Default**: "disable"<br />
 **Example**:
@@ -8923,23 +8972,26 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: which scanning database engine to use. <br />
-**Options**: postgres<br />
-**Default**: postgres<br />
+**Options**: mysql<br />
+**Default**: "mysql"<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
     veJanitor:
-      scanningDbEngine: postgres
+      scanningDbEngine: "mysql"
 ```
 
 ## **sysdig.metadataService.enabled**
 
 **Required**: `false`<br />
 **Description**: Whether to enable metadata-service or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `true`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -8951,7 +9003,10 @@ sysdig:
 ## **sysdig.metadataService.operatorEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to enable metadata-service-operator or not, this controls the HA capabilities of the Metadata Service but it requires several k8s permissions in the cluster.
+**Description**: Whether to enable metadata-service-operator or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -9147,8 +9202,11 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `true`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -9808,7 +9866,6 @@ sysdig:
 ```
 
 ## **networkPolicies**
-
 Please check the [dedicated page](05-networkPolicies.md)
 
 ## **pvStorageSize.small.kafka**
@@ -9818,7 +9875,7 @@ Please check the [dedicated page](05-networkPolicies.md)
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 50Gi<br />
+**Default**: 20Gi<br />
 **Example**:
 
 ```yaml
@@ -9908,7 +9965,6 @@ pvStorageSize:
 ```
 
 ## **sysdig.meerkat.enabled**
-
 **Required**: `false`<br />
 **Description**: Enables Meerkat. Meerkat represents collections of components that make up Sysdig's new, more computationally efficient, metrics store.<br />
 **Options**: `true|false`<br />
@@ -10324,7 +10380,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator Worker JVM.<br />
 **Options**:<br />
-**Default**: ``
+**Default**: ` `
 
 **Example**:
 
@@ -11379,7 +11435,6 @@ sysdig:
 ```
 
 ## **sysdig.prometheus.enabled**
-
 **Required**: `false`<br />
 **Description**: Enables Prometheus services.<br />
 **Options**: `true|false`<br />
@@ -13625,6 +13680,7 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
+NOTE: Vulnerability Engine V2 is not yet supported for airgapped installation.<br />
 **Options**:<br />
 **Default**: true<br />
 **Example**:
@@ -13639,7 +13695,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
 
 **Example**:
 
@@ -13671,7 +13727,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
 
 **Example**:
 
@@ -13866,19 +13922,3 @@ sysdig:
     scanningv2:
       customCerts: true
 ```
-
-## **sysdig.secure.scanningv2.airgappedFeeds**
-
-**Required**: `false`<br />
-**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      airgappedFeeds: true
-```
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 93e8012c..30bb4ec0 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -129,43 +129,7 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ## Airgapped installations
 
-### Updating the feeds database in airgapped environments [ScanningV2]
-
-This is a script that can be used to automatically update the vulnerability feeds used by the ScanningV2 engine.
-
-```bash
-#!/bin/bash
-QUAY_USERNAME="<change_me>"
-QUAY_PASSWORD="<change_me>"
-
-# Calculate the tag of the last version.
-epoch=`date +%s`
-IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
-
-# Download image
-docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG}
-# Save image
-docker image save quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG} -o airgap-vuln-feeds-latest.tar
-# Optionally move image
-mv airgap-vuln-feeds-latest.tar /var/shared-folder
-# Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/airgap-vuln-feeds-latest.tar"
-# Push image remotely
-ssh -t user@airgapped-host "docker tag airgap-vuln-feeds:${IMAGE_TAG} airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-ssh -t user@airgapped-host "docker image push airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-
-# Update the image
-ssh -t user@airgapped-host "kubectl -n sysdigcloud set image deploy/sysdigcloud-scanningv2-airgap-vuln-feeds airgap-vuln-feeds=airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-```
-
-The above script could be scheduled using a cron job that run every day like
-
-```bash
-0 8 * * * airgap-vuln-feeds-image-update.sh >/dev/null 2>&1
-```
-
-### Updating the feeds database in airgapped environments [Legacy Scanning]
+### Updating the feeds database in airgapped environments
 
 This is a procedure that can be used to automatically update the feeds database:
 
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index 4c69750b..fe03c37c 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -27,7 +27,7 @@ A validation checks that the minimal requirements for each type of environment (
 
 - if `.deployment=kubernetes`, then the `.networkPolicies.ingress.haproxy.allowedNetworks` is required
 
-- if `.deployment=iks`, then the `.networkPolicies.ingress.alb.selector` is required
+- if `.deployment=iks`, then the `.networkPolicies.ingress.alb
 
 ## Parameters
 
@@ -49,7 +49,7 @@ networkPolicies:
 
 **Required**: `false` <br />
 **Description**: to render the NetworkPolicies this flag must be set to `deny`. It works together with flag `networkPolicies.enabled`.<br />
-**Options**: `deny|allow`<br />
+**Options**: `deny`/`allow`<br />
 **Default**: `false`<br />
 
 **Example**:
diff --git a/installer/values.yaml b/installer/values.yaml
index 39dcb006..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -22,6 +22,3 @@ sysdig:
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
   ingressClassName: haproxy
-  # Uncomment the following two lines to enable Sysdig Platform Audit
-  #platformAuditTrail:
-  #  enabled: true

From 2164b86d4fd27bb15dc8ba6ef7e52405101814ec Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 12 Mar 2024 21:02:27 +0000
Subject: [PATCH 143/156] updating installer docs

---
 installer/docs/01-command_line_arguments.md   |  90 +++-
 installer/docs/02-configuration_parameters.md | 469 ++++++++++++++++--
 installer/docs/04-advanced_configuration.md   |  38 +-
 3 files changed, 562 insertions(+), 35 deletions(-)

diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 2e50d8aa..cacf8877 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -5,7 +5,7 @@
 
 # Command line arguments explained
 
-<br />
+<br/>
 
 ## Command: `deploy`
 
@@ -28,7 +28,7 @@
 
 - The user must provide SAs with the exact same name expected:
 
-```
+```text
 sysdig-serviceaccount.yaml:  name: sysdig
 sysdig-serviceaccount.yaml:  name: node-labels-to-files
 sysdig-serviceaccount.yaml:  name: sysdig-with-root
@@ -41,7 +41,7 @@ sysdig-serviceaccount.yaml:  name: sysdig-cassandra
   Another implication is that if SA(s) are missing, the user will have to `describe`
   the STS because Pods will not start at all:
 
-```
+```text
 Events:
   Type     Reason            Age                   From                    Message
   ----     ------            ----                  ----                    -------
@@ -70,10 +70,16 @@ actual name of the STS in the cluster differs
 
 - Same as above for `cassandra`
 
+`--use-import-v2`
+
+- This flag will use the new import logic, which will import the values from the cluster and then generate the manifests based on the imported values. Defaults to `false`, which means the old import logic will be used, unless the `--use-import-v2` flag is provided. Import V2 is supported starting from version 6.6.0, and is expected to become the default in the future.
+
 ## Command: `update-license`
 
 Added November 2022, this is a new command.
 
+** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
+
 This command performs the minimal changes and restarts to apply a new license.
 Based on [this page](https://docs.sysdig.com/en/docs/administration/on-premises-deployments/upgrade-an-on-premises-license/)
 
@@ -105,7 +111,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Example
 
-```
+```log
 ./installer/out/installer-darwin-amd64 image-list
 I1118 18:48:44.643520   97065 main.go:64] Installer version
 I1118 18:48:44.646391   97065 values.go:122] using namespace sysdig from values.yaml
@@ -189,4 +195,78 @@ quay.io/sysdig/secure-todo-janitor:6.0.0.12431
 quay.io/sysdig/sysdig-alert-manager:6.0.0.12431
 quay.io/sysdig/redis-exporter-1:1.0.9
 quay.io/sysdig/ui-inspect-nginx:6.0.0.12431
-```
\ No newline at end of file
+```
+
+## Command: `diff`
+
+Will perform a diff between the platform objects in a running k8s cluster, and the generated manifests based on some values.
+
+`--write-diff`
+
+- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout.
+
+`--out-diff-dir`
+
+- Allows you to specify a custom path for the diff files being written on the filesystem. Will be used only if also `--write-diff` is provided. If not set will use a temporary directory.
+
+`--cleanup`
+
+- If set, will attempt to automatically delete any generated diff files on the filesystem if the directory used to store the diff files already exists. Requires both `--write-diff` and `--out-diff-dir` to be set.
+
+`--secure`
+
+- applies some filters to the produced diff in order to avoid printing sensitive informations. This is useful if you need to share diffs to user who shouldn't have access to credentials.
+
+`--summary`
+
+- Only prints a summary of the diff errors.
+
+Diff command also has options inherited from the generate command options. See **generate** command section.
+
+### Sub-Command: secure-diff [DEPRECATED]
+
+Performs a diff not showing sensitive information.
+This subcommand is DEPRECATED and will be removed starting from version 6.7.0, you can have the same effect with the diff command and the flag `--secure`.
+
+## Command: `generate`
+
+`--manifest-directory`
+
+- Set the location where the installer will write the genearted manifests.
+
+`--skip-generate`
+
+- Skips generating Kubernetes manifests and attempts to diff whatever is in the manifests directory. Manifest directory can be specified using `--manifest-directory <dir>` flag.
+
+`--skip-import`
+
+- Skips the import phase, which would try to import values from a running cluster.
+
+`--skip-validation`
+
+- Skips validation checks.
+
+`--ignore-kubeconfig-errors`
+
+- This will ignore all errors from trying to parse kubeconfig file.
+
+`--preserve-templates`
+
+- Preserve directory installer templates are extracted to, this should only be used for debugging purposes
+
+`--k8s-server-version`
+
+- Sets the `kubernetesServerVersion` within values.
+
+## Command: `list-resources`
+
+Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
+This command expects to have a `generated` folder. If one doesn't exist, it can be created within the scope of this command, using the `--generate-manifests` flag.
+
+`--generate-manifests`
+
+- Generate Kubernetes manifests before generating the list of resources. Defaults to `false`.
+
+`--node-count`
+
+- Number of nodes in the target cluster. This impacts the resource calculation, because DaemonSets get deployed on every (tolerated) node in the cluster. Defaults to `1`.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index df37b437..db21a73d 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -580,7 +580,23 @@ only when `storageClassProvisioner` is `hostPath`.<br />
 
 ```yaml
 hostPathCustomPaths:
-  postgresql: `/sysdig/stan`
+  nats: `/sysdig/stan`
+```
+
+## **hostPathCustomPaths.natsJs**
+
+**Required**: `false`<br />
+**Description**: The directory to bind mount nats js pod's
+`/var/lib/natsjs` to on the host. This parameter is relevant
+only when `storageClassProvisioner` is `hostPath`.<br />
+**Options**: <br />
+**Default**: `/var/lib/natsjs`<br />
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  natsJs: `/sysdig/natsjs`
+```
 
 ## **nodeaffinityLabel.key**
 
@@ -669,7 +685,7 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 100Gi<br />
+**Default**: 150Gi<br />
 **Example**:
 
 ```yaml
@@ -774,6 +790,22 @@ pvStorageSize:
     nats: 10Gi
 ```
 
+## **pvStorageSize.large.natsJs**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    natsJs: 50Gi
+```
+
 ## **pvStorageSize.medium.nats**
 
 **Required**: `false`<br />
@@ -781,13 +813,29 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    nats: 50Gi
+```
+
+## **pvStorageSize.medium.natsJs**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
 **Default**: 10Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   medium:
-    nats: 10Gi
+    natsJs: 10Gi
 ```
 
 ## **pvStorageSize.small.nats**
@@ -806,6 +854,22 @@ pvStorageSize:
     nats: 10Gi
 ```
 
+## **pvStorageSize.small.natsJs**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    natsJs: 50Gi
+```
+
 ## **sysdig.anchoreVersion**
 
 **Required**: `false`<br />
@@ -945,6 +1009,7 @@ sysdig:
 sysdig:
   cassandraExporterVersion: latest
 ```
+
 ## **sysdig.cassandra.snitch.extractCMD**
 
 **Required**: `false`<br />
@@ -1356,6 +1421,22 @@ sysdig:
   haproxyVersion: v0.7-beta.7.1
 ```
 
+---
+
+## **sysdig.skipIngressGeneration**
+
+**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
+**Required**: `false`</br>
+**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  skipIngressGeneration: true
+```
+
 ## **sysdig.ingressNetworking**
 
 **Required**: `false`<br />
@@ -1380,7 +1461,6 @@ sysdig:
   ingressNetworking: loadbalancer
 ```
 
-
 ## **sysdig.ingressClassName**
 
 **Required**: `false`<br />
@@ -1396,7 +1476,6 @@ sysdig:
   ingressClassName: haproxy
 ```
 
-
 ## **sysdig.ingressNetworkingInsecureApiNodePort**
 
 **Required**: `false`<br />
@@ -1457,6 +1536,19 @@ sysdig:
   ingressNetworkingCollectorNodePort: 30002
 ```
 
+## **haproxyIngress.watchAllNamespaces**
+
+**Required**: `false`<br />
+**Description**: When the 'watchAllNamespaces' setting is enabled, the HaProxy Ingress controller oversees Ingress resources throughout all namespaces within the cluster. By default, this setting is disabled, restricting monitoring to the namespace specifically configured for sysdig deployment. <br />
+**Options**: `true|false`<br />
+**Default**: `false` <br />
+**Example**:
+
+```yaml
+haproxyIngress:
+  watchAllNamespaces: true
+```
+
 ## **sysdig.license**
 
 **Required**: `true`<br />
@@ -1672,12 +1764,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br />
 **Options**:<br />
-**Default**: 0.9.0.1<br />
+**Default**: 0.1.5<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.9.0.1
+  natsExporterVersion: 0.1.5
 ```
 
 ## **sysdig.natsStreamingVersion**
@@ -1706,6 +1798,45 @@ sysdig:
   natsStreamingInitVersion: 0.22.0.7
 ```
 
+## **sysdig.natsServerVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS.<br />
+**Options**:<br />
+**Default**: 0.1.11<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.1.11
+```
+
+## **sysdig.natsReloaderVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS Reloader.<br />
+**Options**:<br />
+**Default**: 0.1.4<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.1.4
+```
+
+## **sysdig.natsBoxVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of NATS Box.<br />
+**Options**:<br />
+**Default**: 0.0.13<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsExporterVersion: 0.0.13
+```
+
 ## **sysdig.nats.enabled**
 
 **Required**: `false`<br />
@@ -3091,8 +3222,8 @@ sysdig:
   redis6ExporterVersion: 1.0.9
 ```
 
-
 ## **sysdig.redis6ImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis 6, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3106,6 +3237,7 @@ sysdig:
 ```
 
 ## **sysdig.redis6SentinelImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3119,6 +3251,7 @@ sysdig:
 ```
 
 ## **sysdig.redis6ExporterImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Metrics Exporter, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3156,7 +3289,9 @@ sysdig:
 redisTls:
   enabled: true
 ```
+
 ## **redisTls.deploy**
+
 **Required**: `false`<br />
 **Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
 **Options**: true|false<br />
@@ -3193,7 +3328,9 @@ redisTls:
 redisTls:
   ha: true
 ```
+
 ## **redisTls.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3205,6 +3342,7 @@ redisTls:
 redisTls:
   imageName: redis-6
 ```
+
 ## **redisTls.version**
 
 **Required**: `false`<br />
@@ -3220,6 +3358,7 @@ redisTls:
 ```
 
 ## **redisTls.sentinel.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3232,6 +3371,7 @@ redisTls:
   sentinel:
     imageName: redis-sentinel-6
 ```
+
 ## **redisTls.sentinel.version**
 
 **Required**: `false`<br />
@@ -3248,6 +3388,7 @@ redisTls:
 ```
 
 ## **redisTls.exporter.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3260,7 +3401,9 @@ redisTls:
   exporter:
     imageName: redis-exporter-1
 ```
+
 ## **redisTls.exporter.version**
+
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3273,6 +3416,7 @@ redisTls:
   exporter:
     version: 1.0.9
 ```
+
 ## **redisClientsMonitor**
 
 **Required**: `false`<br />
@@ -3303,7 +3447,6 @@ A Monitor service can have multiple [component connection](https://docs.google.c
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
 
-
 If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
 
 ```yaml
@@ -6303,6 +6446,7 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
+
 **Required**: `true`<br />
 **Description**: The flag to enable on-demand generation of reports globally<br />
 **Options**: false, true<br />
@@ -6318,6 +6462,7 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
+
 **Required**: `false`<br />
 **Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
 **Options**: <br />
@@ -6716,6 +6861,263 @@ sysdig:
         memory: 1Gi
 ```
 
+## **sysdig.natsJs.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable nats js deploy<br />
+**Options**: true|false<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    enabled: true
+```
+
+## **sysdig.natsJs.nats.fullnameOverride**
+
+**Required**: `false`<br />
+**Description**: the name of the nats js deployment<br />
+**Options**:<br />
+**Default**: nats
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      fullnameOverride: nats
+```
+
+## **sysdig.natsJs.nats.natsbox.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable nats js box deploy<br />
+**Options**: true|false<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      natsbox:
+        enabled: true
+```
+
+## **sysdig.natsJs.natsTLSGenerator.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable the use of cert manager. Creates Issuer and Certficate resources<br />
+**Options**:<br />
+**Options**: true|false<br />
+**Default**: false
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    natsTLSGenerator: true
+```
+
+## **sysdig.natsJs.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: This feature ensures that there are multiple replicas of your NATS JetStream server running at any given time, providing data redundancy and mitigating the risk of server failure. It accomplishes this by utilizing cluster mode, where data is distributed across multiple nodes.
+
+If you disable High Availability, the number of JetStream replicas will be set to 1. In this scenario, there is no data redundancy since there is only a single instance of the server. Therefore, any issues with this single instance could lead to data loss or service disruption. Also, the cluster mode of NATS will be disabled, meaning that your data will no be distributed across multiple nodes, potentially leading to increased risk of data loss and less efficient use of resources.
+
+It is recommended to keep High Availability enabled for production use of NATS JetStream
+<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    ha:
+      enabled: false
+```
+
+## **sysdig.natsJs.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats js hostPath persistent volumes should be created on. The number of nodes must be 3. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
+## **sysdig.natsJs.nats.tolerations**
+
+**Required**: `false`<br />
+**Description**: If set add tolerations to NatsJs statefulset<br />
+**Options**: <br />
+**Default**: `[]`<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      tolerations:
+        key: dedicated
+        operator: Equal
+        value: cassandra
+        effect: NoSchedule
+```
+
+## **sysdig.natsJs.nats.affinity**
+
+**Required**: `false`<br />
+**Description**: If set add affinity to NatsJs statefulset<br />
+**Options**: <br />
+**Default**: ``<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: name
+                operator: In
+                values:
+                - blue
+```
+
+## **sysdig.resources.natsJs.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 2      |
+| large        | 3      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.natsJs.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 3Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.natsJs.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 1        |
+| large        | 2        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.natsJs.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule nats pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 3Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    natsJs:
+      requests:
+        memory: 1Gi
+```
+
+## **sysdig.natsJs.nats.nats.gomemlimit**
+
+**Required**: `false`<br />
+**Description**: The amount of memory dedicated to go. Configure it to the 90% of memory limit<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 900MiB   |
+| medium       | 1800MiB  |
+| large        | 2600MiB  |
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      nats:
+        gomemlimit: 900MiB
+```
+
 ## **sysdig.resources.nats-streaming.limits.cpu**
 
 **Required**: `false`<br />
@@ -8038,8 +8440,8 @@ sysdig:
 **Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+[nodeaffinityLabel.key](#nodeaffinitylabelkey) and
+[nodeaffinityLabel.value](#nodeaffinitylabelvalue) to ensure only Sysdig
 Platform pods run on particular nodes<br />
 **Options**:<br />
 **Default**:<br />
@@ -8956,7 +9358,7 @@ sysdig:
 ## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 
 **Required**: `false`<br />
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br />
+**Description**: Anchore db ssl mode. More info: <https://www.postgresql.org/docs/9.1/libpq-ssl.html><br />
 **Options**:<br />
 **Default**: "disable"<br />
 **Example**:
@@ -8987,11 +9389,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
@@ -9003,10 +9402,7 @@ sysdig:
 ## **sysdig.metadataService.operatorEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to enable metadata-service-operator or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
+**Description**: Whether to enable metadata-service-operator or not, this controls the HA capabilities of the Metadata Service but it requires several k8s permissions in the cluster.
 **Options**:`true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -9202,11 +9598,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
@@ -9866,6 +10259,7 @@ sysdig:
 ```
 
 ## **networkPolicies**
+
 Please check the [dedicated page](05-networkPolicies.md)
 
 ## **pvStorageSize.small.kafka**
@@ -9875,7 +10269,7 @@ Please check the [dedicated page](05-networkPolicies.md)
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 20Gi<br />
+**Default**: 50Gi<br />
 **Example**:
 
 ```yaml
@@ -9965,6 +10359,7 @@ pvStorageSize:
 ```
 
 ## **sysdig.meerkat.enabled**
+
 **Required**: `false`<br />
 **Description**: Enables Meerkat. Meerkat represents collections of components that make up Sysdig's new, more computationally efficient, metrics store.<br />
 **Options**: `true|false`<br />
@@ -10380,7 +10775,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator Worker JVM.<br />
 **Options**:<br />
-**Default**: ` `
+**Default**: ``
 
 **Example**:
 
@@ -11435,6 +11830,7 @@ sysdig:
 ```
 
 ## **sysdig.prometheus.enabled**
+
 **Required**: `false`<br />
 **Description**: Enables Prometheus services.<br />
 **Options**: `true|false`<br />
@@ -13680,7 +14076,6 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
-NOTE: Vulnerability Engine V2 is not yet supported for airgapped installation.<br />
 **Options**:<br />
 **Default**: true<br />
 **Example**:
@@ -13695,7 +14090,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
 **Example**:
 
@@ -13727,7 +14122,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
 **Example**:
 
@@ -13922,3 +14317,19 @@ sysdig:
     scanningv2:
       customCerts: true
 ```
+
+## **sysdig.secure.scanningv2.airgappedFeeds**
+
+**Required**: `false`<br />
+**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      airgappedFeeds: true
+```
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 30bb4ec0..93e8012c 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -129,7 +129,43 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ## Airgapped installations
 
-### Updating the feeds database in airgapped environments
+### Updating the feeds database in airgapped environments [ScanningV2]
+
+This is a script that can be used to automatically update the vulnerability feeds used by the ScanningV2 engine.
+
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Calculate the tag of the last version.
+epoch=`date +%s`
+IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG}
+# Save image
+docker image save quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG} -o airgap-vuln-feeds-latest.tar
+# Optionally move image
+mv airgap-vuln-feeds-latest.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/airgap-vuln-feeds-latest.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag airgap-vuln-feeds:${IMAGE_TAG} airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+ssh -t user@airgapped-host "docker image push airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+
+# Update the image
+ssh -t user@airgapped-host "kubectl -n sysdigcloud set image deploy/sysdigcloud-scanningv2-airgap-vuln-feeds airgap-vuln-feeds=airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+```
+
+The above script could be scheduled using a cron job that run every day like
+
+```bash
+0 8 * * * airgap-vuln-feeds-image-update.sh >/dev/null 2>&1
+```
+
+### Updating the feeds database in airgapped environments [Legacy Scanning]
 
 This is a procedure that can be used to automatically update the feeds database:
 

From 5665e614c47eff3c56dfe0c858cdcb690e3204cf Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Mon, 18 Mar 2024 22:15:00 +0000
Subject: [PATCH 144/156] updating installer docs

---
 installer/README.md                           |   4 +-
 installer/docs/01-command_line_arguments.md   |  66 ++-
 installer/docs/02-configuration_parameters.md | 531 ++----------------
 installer/docs/05-networkPolicies.md          |   4 +-
 installer/values.yaml                         |   3 +
 5 files changed, 110 insertions(+), 498 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cd47ed96..6ade8103 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,5 +1,3 @@
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
-
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
@@ -58,6 +56,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
+  - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
+    Set this parameter to `true` if you would like to use Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index cacf8877..a99a9948 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -132,7 +132,6 @@ quay.io/sysdig/postgres:12.10.0.0
 quay.io/sysdig/cp-kafka-6:0.2.1
 quay.io/sysdig/kube-rbac-proxy:v0.8.0
 quay.io/sysdig/secure-onboarding-api:6.0.0.12431
-quay.io/sysdig/nats-streaming-init:0.22.0.8
 quay.io/sysdig/ui-monitor-nginx:6.0.0.12431
 quay.io/sysdig/sysdig-worker:6.0.0.12431
 quay.io/sysdig/profiling-api:6.0.0.12431
@@ -168,7 +167,6 @@ quay.io/sysdig/haproxy-ingress:1.1.5-v0.10
 quay.io/sysdig/sysdig-meerkat-api:6.0.0.12431
 quay.io/sysdig/metadata-service-operator:1.0.1.23
 quay.io/sysdig/netsec:6.0.0.12431
-quay.io/sysdig/nats-streaming:0.22.0.8
 quay.io/sysdig/nats-exporter:0.9.0.2
 quay.io/sysdig/secure-prometheus:2.17.2
 quay.io/sysdig/opensearch-1:0.0.16
@@ -181,7 +179,7 @@ quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
-quay.io/sysdig/cassandra-3:0.0.36
+quay.io/sysdig/cassandra:0.0.36
 quay.io/sysdig/metadata-service-server:1.10.63
 quay.io/sysdig/rapid-response-connector:6.0.0.12431
 quay.io/sysdig/secure-todo-api:6.0.0.12431
@@ -258,6 +256,68 @@ This subcommand is DEPRECATED and will be removed starting from version 6.7.0, y
 
 - Sets the `kubernetesServerVersion` within values.
 
+`--helm-install`
+
+- The installer will extract the necessary files for an installation using the `helm` command only. By default it will create a directory `helm-install` in the directory where the installer is being executed. Content of the directory:
+
+  - `values.hi.yaml`: the complete values generated by the `installer`
+  - `values.hi.nats.yaml` and `values.hi.nats.global.yaml`: values for the rendering of NATSJS
+  - `charts`: the Helm charts that make up the Sysdig onprem stack
+
+`--helm-install-out-dir`
+
+- To use a custom directory to output the files generated by `--helm-install` instead of the default.
+
+### ArgoCD Generation
+
+We have introduced a way to generate ArgoCD apps definitions so that the sysdig stack can be installed using ArgoCD.
+
+At the moment we only take care of the generation of the files, the actual deploy of these files in ArgoCD is left to the user.
+
+`--argocd (boolean)`
+
+Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated. NOTE: that using this flag will automatically also run the generation of charts that you would obtain with the `--helm-install` cli flag, this is because the argoCD generation is strictly tied with the helm-charts being produced in a certain way.
+
+`--argo-repo-url (string)`
+
+URL of repo that will contain ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. (default `git@github.com:ORGANIZATION/SAMPLE-REPO.git`). This will be replaced within the ArgoCD apps definition files.
+
+`--argo-repo-rev (string)`
+
+Name of the branch of the repo to use. (default "main"). This will be replaced within the ArgoCD apps definition files.
+
+example of hierarchy:
+```
+git@github.com:ORGANIZATION/SAMPLE-REPO.git
+    |
+    '- argocd-projects/
+    |        '- sysdig/
+    |        |    '- argocd/
+    |        |    |    '- sysdig-root/
+    |        |    |    '- sysdig-common-config/
+    |        |    |    '- sysdigcloud-infra/
+    |        |    |         [...]
+    |        |    '- helm-install/
+    |        |    |    '- charts/
+    |        |    |          '- chart-1/
+    |        |    |          '- chart-2/
+    |        |    |          [...]
+```
+
+`--argo-git-apps-dir (string)`
+
+Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
+If we look at the example above the correct value for this would be `argocd-projects/sysdig/argocd`.
+
+`--argo-git-charts-dir (string)`
+
+relative path from the repo root that will contain the folder with charts. (default "helm-install/charts"). This will be replaced within the ArgoCD apps definition files. If we look at the example above the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
+
+`--argo-out-dir (string)`
+
+actual output directory on file system where argocd files will be written. Default is `./argocd/`.
+
+
 ## Command: `list-resources`
 
 Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index db21a73d..7267e640 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -385,7 +385,7 @@ elasticsearch:
 ## **elasticsearch.jobs.rollNodes**
 
 **Required**: `false`<br />
-**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time.<br />
+**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time. WARNING: do not set this to true in a 5.x to 6.x upgrade scenario.<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.35<br />
+**Default**: 0.0.46<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.35
+    toolsImageVersion: 0.0.46
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -568,21 +568,6 @@ hostPathCustomPaths:
   postgresql: `/sysdig/pgdata`
 ```
 
-## **hostPathCustomPaths.nats**
-
-**Required**: `false`<br />
-**Description**: The directory to bind mount nats streaming (in HA mode) pod's
-`/var/lib/stan` to on the host. This parameter is relevant
-only when `storageClassProvisioner` is `hostPath`.<br />
-**Options**: <br />
-**Default**: `/var/lib/stan`<br />
-**Example**:
-
-```yaml
-hostPathCustomPaths:
-  nats: `/sysdig/stan`
-```
-
 ## **hostPathCustomPaths.natsJs**
 
 **Required**: `false`<br />
@@ -774,22 +759,6 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 10Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    nats: 10Gi
-```
-
 ## **pvStorageSize.large.natsJs**
 
 **Required**: `false`<br />
@@ -806,22 +775,6 @@ pvStorageSize:
     natsJs: 50Gi
 ```
 
-## **pvStorageSize.medium.nats**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 50Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  medium:
-    nats: 50Gi
-```
-
 ## **pvStorageSize.medium.natsJs**
 
 **Required**: `false`<br />
@@ -838,22 +791,6 @@ pvStorageSize:
     natsJs: 10Gi
 ```
 
-## **pvStorageSize.small.nats**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 10Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  small:
-    nats: 10Gi
-```
-
 ## **pvStorageSize.small.natsJs**
 
 **Required**: `false`<br />
@@ -989,12 +926,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker image tag of Cassandra.<br />
 **Options**: <br />
-**Default**: 2.1.22.5<br />
+**Default**: 4.1.3-0.0.14<br />
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.22.5
+  cassandraVersion: 4.1.3-0.0.14
 ```
 
 ## **sysdig.cassandraExporterVersion**
@@ -1002,7 +939,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:v0.17.0-ubi` <br />
 **Options**: <br />
-**Default**: v0.17.0-ubi<br />
+**Default**: v0.20.0-ubi<br />
 **Example**:
 
 ```yaml
@@ -1025,10 +962,10 @@ sysdig:
       extractCMD: "cat /node-labels/failure-domain.beta.kubernetes.io/zone || cat /node-labels/topology.kubernetes.io/zone"
 ```
 
-## **sysdig.cassandra.useCassandra3**
+## **sysdig.cassandra.useCassandra3** (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
+**Description**: Deprecated: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -1039,10 +976,10 @@ sysdig:
     useCassandra3: false
 ```
 
-## **sysdig.Cassandra3Version**
+## **sysdig.Cassandra3Version** (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
+**Description**: Deprecated: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
 **Options**: <br />
 **Default**: `3.11.11.1`<br />
 **Example**:
@@ -1234,10 +1171,10 @@ documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/con
 sysdig:
   cassandra:
     customOverrides: |
-      hinted_handoff_enabled: false
-      concurrent_compactors: 8
-      read_request_timeout_in_ms: 10000
-      write_request_timeout_in_ms: 10000
+      concurrent_compactors: 6
+      read_request_timeout: 10000ms
+      write_request_timeout: 10000ms
+      request_timeout: 11000ms
 ```
 
 ## **sysdig.cassandra.datacenterName**
@@ -1381,6 +1318,21 @@ sysdig:
   elasticsearchVersion: 5.6.16.18
 ```
 
+## **sysdig.platformAuditTrail.enabled**
+
+**Required**: `false`<br />
+**Description**: Global flag to enable Sysdig Platform Audit in all services.
+**Required**: `false`</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  platformAuditTrail:
+    enabled: true
+```
+
 ## **sysdig.elasticsearch6Version**
 
 **Required**: `false`<br />
@@ -1641,22 +1593,6 @@ sysdig:
   sysdigWorkerVersion: 3.5.1.7018
 ```
 
-## **sysdig.enableAlerter**
-
-**Required**: `false`<br />
-**Description**: This creates a separate deployment for Alerters while
-disabling this functionality in workers. **Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  enableAlerter: true
-```
-
 ## **sysdig.alertingSystem.enabled**
 
 **Required**: `false`<br />
@@ -1837,156 +1773,6 @@ sysdig:
   natsExporterVersion: 0.0.13
 ```
 
-## **sysdig.nats.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable NATS deployment for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    enabled: true
-```
-
-## **sysdig.nats.secure.enabled**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming TLS enabled.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-```
-
-## **sysdig.nats.secure.username**
-
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
-**Description**: NATS username<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
-**Description**: NATS password<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
-## **sysdig.nats.ca**
-
-**Required**: `false`<br />
-**Description**: NATS CA<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    ca: <base64(ca.pem)>
-```
-
-## **sysdig.nats.cakey**
-
-**Required**: `false`<br />
-**Description**: NATS CA KEY<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    cakey: <base64(ca.pem)>
-```
-
-## **sysdig.nats.ha.enabled**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming HA (High Availability) enabled.<br />
-**Options**:<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    ha:
-      enabled: false
-```
-
-## **sysdig.nats.urlha**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming URL for HA deployment.<br />
-**Options**:<br />
-**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
-```
-
-## **sysdig.nats.urltls**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming URL for TLS enabled.<br />
-**Options**:<br />
-**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    urltls: nats://sysdigcloud-nats-streaming-tls:4222
-```
-
-## **sysdig.nats.hostPathNodes**
-
-**Required**: `false`<br />
-**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats streaming (in HA mode) hostPath persistent volumes should be created on. The number of nodes must be 3. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br />
-**Options**:<br />
-**Default**: [] <br />
-
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    hostPathNodes:
-      - my-cool-host1.com
-```
-
 ## **sysdig.openshiftUrl**
 
 **Required**: `false`<br />
@@ -2044,19 +1830,6 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
-
-**Required**: `false`<br />
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br />
-**Options**:<br />
-**Default**: 1.2.5-mysql-to-postgres<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
-```
-
 ## **sysdig.postgresql.rootUser**
 
 **Required**: `false`<br />
@@ -2102,7 +1875,7 @@ sysdig:
 ## **sysdig.postgresql.primary**
 
 **Required**: `false`<br />
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br />
+**Description**: Services will start in postgresql mode.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -4597,98 +4370,6 @@ sysdig:
         memory: 200Mi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.alerter.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      limits:
-        memory: 10Mi
-```
-
-## **sysdig.resources.alerter.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.alerter.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      requests:
-        memory: 200Mi
-```
-
 ## **sysdig.resources.collector.limits.cpu**
 
 **Required**: `false`<br />
@@ -5601,8 +5282,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Scanning DB engine<br />
-**Options**:<br />
-**Default**: mysql<br />
+**Options**: postgres|inmem<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
@@ -5610,7 +5291,7 @@ sysdig:
   secure:
     scanning:
       retentionMgr:
-        scanningDBEngine: mysql
+        scanningDBEngine: postgres
 ```
 
 ## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
@@ -7118,98 +6799,6 @@ sysdig:
         gomemlimit: 900MiB
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.nats-streaming.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
-```
-
-## **sysdig.resources.nats-streaming.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.nats-streaming.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        memory: 1Gi
-```
-
 ## **sysdig.resources.activity-audit-api.limits.cpu**
 
 **Required**: `false`<br />
@@ -8584,14 +8173,13 @@ sysdig:
 ## **sysdig.cassandraReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br />
+**Description**: Number of Cassandra replicas<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 1     |
+| small        | 3     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8787,14 +8375,13 @@ sysdig:
 ## **sysdig.elasticsearchReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br />
+**Description**: Number of ElasticSearch replicas<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 1     |
+| small        | 3     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8847,27 +8434,6 @@ sysdig:
   workerReplicaCount: 7
 ```
 
-## **sysdig.alerterReplicaCount**
-
-**Required**: `false`<br />
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br />
-**Options**:<br />
-**Default**:<br />
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
 ## **sysdig.eventsGathererReplicaCount**
 
 **Required**: `false`<br />
@@ -9126,7 +8692,6 @@ sysdig:
 sysdig:
   collector:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.collector.certificate.generate**
@@ -9210,22 +8775,6 @@ sysdig:
 sysdig:
   worker:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-
-**Required**: `false`<br />
-**Description**: Custom configuration for Sysdig Alerter jvm.<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.eventsForwarderEnabledIntegrations**
@@ -9374,15 +8923,15 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: which scanning database engine to use. <br />
-**Options**: mysql<br />
-**Default**: "mysql"<br />
+**Options**: postgres<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
     veJanitor:
-      scanningDbEngine: "mysql"
+      scanningDbEngine: postgres
 ```
 
 ## **sysdig.metadataService.enabled**
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index fe03c37c..4c69750b 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -27,7 +27,7 @@ A validation checks that the minimal requirements for each type of environment (
 
 - if `.deployment=kubernetes`, then the `.networkPolicies.ingress.haproxy.allowedNetworks` is required
 
-- if `.deployment=iks`, then the `.networkPolicies.ingress.alb
+- if `.deployment=iks`, then the `.networkPolicies.ingress.alb.selector` is required
 
 ## Parameters
 
@@ -49,7 +49,7 @@ networkPolicies:
 
 **Required**: `false` <br />
 **Description**: to render the NetworkPolicies this flag must be set to `deny`. It works together with flag `networkPolicies.enabled`.<br />
-**Options**: `deny`/`allow`<br />
+**Options**: `deny|allow`<br />
 **Default**: `false`<br />
 
 **Example**:
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..39dcb006 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -22,3 +22,6 @@ sysdig:
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
   ingressClassName: haproxy
+  # Uncomment the following two lines to enable Sysdig Platform Audit
+  #platformAuditTrail:
+  #  enabled: true

From ced0cbe25d4f05008f33e26e62404913d7595141 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Sat, 30 Mar 2024 03:35:01 +0000
Subject: [PATCH 145/156] updating installer docs

---
 installer/README.md                           |   4 +-
 installer/docs/01-command_line_arguments.md   | 156 +---
 installer/docs/02-configuration_parameters.md | 708 +++++++++---------
 installer/docs/04-advanced_configuration.md   |  38 +-
 installer/docs/05-networkPolicies.md          |   4 +-
 installer/values.yaml                         |   3 -
 6 files changed, 387 insertions(+), 526 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 6ade8103..cd47ed96 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,3 +1,5 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
+
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
@@ -56,8 +58,6 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
-    Set this parameter to `true` if you would like to use Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index a99a9948..2e50d8aa 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -5,7 +5,7 @@
 
 # Command line arguments explained
 
-<br/>
+<br />
 
 ## Command: `deploy`
 
@@ -28,7 +28,7 @@
 
 - The user must provide SAs with the exact same name expected:
 
-```text
+```
 sysdig-serviceaccount.yaml:  name: sysdig
 sysdig-serviceaccount.yaml:  name: node-labels-to-files
 sysdig-serviceaccount.yaml:  name: sysdig-with-root
@@ -41,7 +41,7 @@ sysdig-serviceaccount.yaml:  name: sysdig-cassandra
   Another implication is that if SA(s) are missing, the user will have to `describe`
   the STS because Pods will not start at all:
 
-```text
+```
 Events:
   Type     Reason            Age                   From                    Message
   ----     ------            ----                  ----                    -------
@@ -70,16 +70,10 @@ actual name of the STS in the cluster differs
 
 - Same as above for `cassandra`
 
-`--use-import-v2`
-
-- This flag will use the new import logic, which will import the values from the cluster and then generate the manifests based on the imported values. Defaults to `false`, which means the old import logic will be used, unless the `--use-import-v2` flag is provided. Import V2 is supported starting from version 6.6.0, and is expected to become the default in the future.
-
 ## Command: `update-license`
 
 Added November 2022, this is a new command.
 
-** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
-
 This command performs the minimal changes and restarts to apply a new license.
 Based on [this page](https://docs.sysdig.com/en/docs/administration/on-premises-deployments/upgrade-an-on-premises-license/)
 
@@ -111,7 +105,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Example
 
-```log
+```
 ./installer/out/installer-darwin-amd64 image-list
 I1118 18:48:44.643520   97065 main.go:64] Installer version
 I1118 18:48:44.646391   97065 values.go:122] using namespace sysdig from values.yaml
@@ -132,6 +126,7 @@ quay.io/sysdig/postgres:12.10.0.0
 quay.io/sysdig/cp-kafka-6:0.2.1
 quay.io/sysdig/kube-rbac-proxy:v0.8.0
 quay.io/sysdig/secure-onboarding-api:6.0.0.12431
+quay.io/sysdig/nats-streaming-init:0.22.0.8
 quay.io/sysdig/ui-monitor-nginx:6.0.0.12431
 quay.io/sysdig/sysdig-worker:6.0.0.12431
 quay.io/sysdig/profiling-api:6.0.0.12431
@@ -167,6 +162,7 @@ quay.io/sysdig/haproxy-ingress:1.1.5-v0.10
 quay.io/sysdig/sysdig-meerkat-api:6.0.0.12431
 quay.io/sysdig/metadata-service-operator:1.0.1.23
 quay.io/sysdig/netsec:6.0.0.12431
+quay.io/sysdig/nats-streaming:0.22.0.8
 quay.io/sysdig/nats-exporter:0.9.0.2
 quay.io/sysdig/secure-prometheus:2.17.2
 quay.io/sysdig/opensearch-1:0.0.16
@@ -179,7 +175,7 @@ quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
-quay.io/sysdig/cassandra:0.0.36
+quay.io/sysdig/cassandra-3:0.0.36
 quay.io/sysdig/metadata-service-server:1.10.63
 quay.io/sysdig/rapid-response-connector:6.0.0.12431
 quay.io/sysdig/secure-todo-api:6.0.0.12431
@@ -193,140 +189,4 @@ quay.io/sysdig/secure-todo-janitor:6.0.0.12431
 quay.io/sysdig/sysdig-alert-manager:6.0.0.12431
 quay.io/sysdig/redis-exporter-1:1.0.9
 quay.io/sysdig/ui-inspect-nginx:6.0.0.12431
-```
-
-## Command: `diff`
-
-Will perform a diff between the platform objects in a running k8s cluster, and the generated manifests based on some values.
-
-`--write-diff`
-
-- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout.
-
-`--out-diff-dir`
-
-- Allows you to specify a custom path for the diff files being written on the filesystem. Will be used only if also `--write-diff` is provided. If not set will use a temporary directory.
-
-`--cleanup`
-
-- If set, will attempt to automatically delete any generated diff files on the filesystem if the directory used to store the diff files already exists. Requires both `--write-diff` and `--out-diff-dir` to be set.
-
-`--secure`
-
-- applies some filters to the produced diff in order to avoid printing sensitive informations. This is useful if you need to share diffs to user who shouldn't have access to credentials.
-
-`--summary`
-
-- Only prints a summary of the diff errors.
-
-Diff command also has options inherited from the generate command options. See **generate** command section.
-
-### Sub-Command: secure-diff [DEPRECATED]
-
-Performs a diff not showing sensitive information.
-This subcommand is DEPRECATED and will be removed starting from version 6.7.0, you can have the same effect with the diff command and the flag `--secure`.
-
-## Command: `generate`
-
-`--manifest-directory`
-
-- Set the location where the installer will write the genearted manifests.
-
-`--skip-generate`
-
-- Skips generating Kubernetes manifests and attempts to diff whatever is in the manifests directory. Manifest directory can be specified using `--manifest-directory <dir>` flag.
-
-`--skip-import`
-
-- Skips the import phase, which would try to import values from a running cluster.
-
-`--skip-validation`
-
-- Skips validation checks.
-
-`--ignore-kubeconfig-errors`
-
-- This will ignore all errors from trying to parse kubeconfig file.
-
-`--preserve-templates`
-
-- Preserve directory installer templates are extracted to, this should only be used for debugging purposes
-
-`--k8s-server-version`
-
-- Sets the `kubernetesServerVersion` within values.
-
-`--helm-install`
-
-- The installer will extract the necessary files for an installation using the `helm` command only. By default it will create a directory `helm-install` in the directory where the installer is being executed. Content of the directory:
-
-  - `values.hi.yaml`: the complete values generated by the `installer`
-  - `values.hi.nats.yaml` and `values.hi.nats.global.yaml`: values for the rendering of NATSJS
-  - `charts`: the Helm charts that make up the Sysdig onprem stack
-
-`--helm-install-out-dir`
-
-- To use a custom directory to output the files generated by `--helm-install` instead of the default.
-
-### ArgoCD Generation
-
-We have introduced a way to generate ArgoCD apps definitions so that the sysdig stack can be installed using ArgoCD.
-
-At the moment we only take care of the generation of the files, the actual deploy of these files in ArgoCD is left to the user.
-
-`--argocd (boolean)`
-
-Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated. NOTE: that using this flag will automatically also run the generation of charts that you would obtain with the `--helm-install` cli flag, this is because the argoCD generation is strictly tied with the helm-charts being produced in a certain way.
-
-`--argo-repo-url (string)`
-
-URL of repo that will contain ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. (default `git@github.com:ORGANIZATION/SAMPLE-REPO.git`). This will be replaced within the ArgoCD apps definition files.
-
-`--argo-repo-rev (string)`
-
-Name of the branch of the repo to use. (default "main"). This will be replaced within the ArgoCD apps definition files.
-
-example of hierarchy:
-```
-git@github.com:ORGANIZATION/SAMPLE-REPO.git
-    |
-    '- argocd-projects/
-    |        '- sysdig/
-    |        |    '- argocd/
-    |        |    |    '- sysdig-root/
-    |        |    |    '- sysdig-common-config/
-    |        |    |    '- sysdigcloud-infra/
-    |        |    |         [...]
-    |        |    '- helm-install/
-    |        |    |    '- charts/
-    |        |    |          '- chart-1/
-    |        |    |          '- chart-2/
-    |        |    |          [...]
-```
-
-`--argo-git-apps-dir (string)`
-
-Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
-If we look at the example above the correct value for this would be `argocd-projects/sysdig/argocd`.
-
-`--argo-git-charts-dir (string)`
-
-relative path from the repo root that will contain the folder with charts. (default "helm-install/charts"). This will be replaced within the ArgoCD apps definition files. If we look at the example above the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
-
-`--argo-out-dir (string)`
-
-actual output directory on file system where argocd files will be written. Default is `./argocd/`.
-
-
-## Command: `list-resources`
-
-Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
-This command expects to have a `generated` folder. If one doesn't exist, it can be created within the scope of this command, using the `--generate-manifests` flag.
-
-`--generate-manifests`
-
-- Generate Kubernetes manifests before generating the list of resources. Defaults to `false`.
-
-`--node-count`
-
-- Number of nodes in the target cluster. This impacts the resource calculation, because DaemonSets get deployed on every (tolerated) node in the cluster. Defaults to `1`.
+```
\ No newline at end of file
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 7267e640..df37b437 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -385,7 +385,7 @@ elasticsearch:
 ## **elasticsearch.jobs.rollNodes**
 
 **Required**: `false`<br />
-**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time. WARNING: do not set this to true in a 5.x to 6.x upgrade scenario.<br />
+**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time.<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.46<br />
+**Default**: 0.0.35<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.46
+    toolsImageVersion: 0.0.35
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -568,20 +568,19 @@ hostPathCustomPaths:
   postgresql: `/sysdig/pgdata`
 ```
 
-## **hostPathCustomPaths.natsJs**
+## **hostPathCustomPaths.nats**
 
 **Required**: `false`<br />
-**Description**: The directory to bind mount nats js pod's
-`/var/lib/natsjs` to on the host. This parameter is relevant
+**Description**: The directory to bind mount nats streaming (in HA mode) pod's
+`/var/lib/stan` to on the host. This parameter is relevant
 only when `storageClassProvisioner` is `hostPath`.<br />
 **Options**: <br />
-**Default**: `/var/lib/natsjs`<br />
+**Default**: `/var/lib/stan`<br />
 **Example**:
 
 ```yaml
 hostPathCustomPaths:
-  natsJs: `/sysdig/natsjs`
-```
+  postgresql: `/sysdig/stan`
 
 ## **nodeaffinityLabel.key**
 
@@ -670,7 +669,7 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 150Gi<br />
+**Default**: 100Gi<br />
 **Example**:
 
 ```yaml
@@ -759,27 +758,27 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.natsJs**
+## **pvStorageSize.large.nats**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
-cluster of [`size`](#size) small. This option is ignored if
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 50Gi<br />
+**Default**: 10Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   large:
-    natsJs: 50Gi
+    nats: 10Gi
 ```
 
-## **pvStorageSize.medium.natsJs**
+## **pvStorageSize.medium.nats**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
-cluster of [`size`](#size) small. This option is ignored if
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 10Gi<br />
@@ -788,23 +787,23 @@ cluster of [`size`](#size) small. This option is ignored if
 ```yaml
 pvStorageSize:
   medium:
-    natsJs: 10Gi
+    nats: 10Gi
 ```
 
-## **pvStorageSize.small.natsJs**
+## **pvStorageSize.small.nats**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS JS HA in a
+**Description**: The size of the persistent volume assigned to NATS HA in a
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 50Gi<br />
+**Default**: 10Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   small:
-    natsJs: 50Gi
+    nats: 10Gi
 ```
 
 ## **sysdig.anchoreVersion**
@@ -926,12 +925,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker image tag of Cassandra.<br />
 **Options**: <br />
-**Default**: 4.1.3-0.0.14<br />
+**Default**: 2.1.22.5<br />
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 4.1.3-0.0.14
+  cassandraVersion: 2.1.22.5
 ```
 
 ## **sysdig.cassandraExporterVersion**
@@ -939,14 +938,13 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:v0.17.0-ubi` <br />
 **Options**: <br />
-**Default**: v0.20.0-ubi<br />
+**Default**: v0.17.0-ubi<br />
 **Example**:
 
 ```yaml
 sysdig:
   cassandraExporterVersion: latest
 ```
-
 ## **sysdig.cassandra.snitch.extractCMD**
 
 **Required**: `false`<br />
@@ -962,10 +960,10 @@ sysdig:
       extractCMD: "cat /node-labels/failure-domain.beta.kubernetes.io/zone || cat /node-labels/topology.kubernetes.io/zone"
 ```
 
-## **sysdig.cassandra.useCassandra3** (**Deprecated**)
+## **sysdig.cassandra.useCassandra3**
 
 **Required**: `false`<br />
-**Description**: Deprecated: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -976,10 +974,10 @@ sysdig:
     useCassandra3: false
 ```
 
-## **sysdig.Cassandra3Version** (**Deprecated**)
+## **sysdig.Cassandra3Version**
 
 **Required**: `false`<br />
-**Description**: Deprecated: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
 **Options**: <br />
 **Default**: `3.11.11.1`<br />
 **Example**:
@@ -1171,10 +1169,10 @@ documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/con
 sysdig:
   cassandra:
     customOverrides: |
-      concurrent_compactors: 6
-      read_request_timeout: 10000ms
-      write_request_timeout: 10000ms
-      request_timeout: 11000ms
+      hinted_handoff_enabled: false
+      concurrent_compactors: 8
+      read_request_timeout_in_ms: 10000
+      write_request_timeout_in_ms: 10000
 ```
 
 ## **sysdig.cassandra.datacenterName**
@@ -1318,21 +1316,6 @@ sysdig:
   elasticsearchVersion: 5.6.16.18
 ```
 
-## **sysdig.platformAuditTrail.enabled**
-
-**Required**: `false`<br />
-**Description**: Global flag to enable Sysdig Platform Audit in all services.
-**Required**: `false`</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
-**Example**:
-
-```yaml
-sysdig:
-  platformAuditTrail:
-    enabled: true
-```
-
 ## **sysdig.elasticsearch6Version**
 
 **Required**: `false`<br />
@@ -1373,22 +1356,6 @@ sysdig:
   haproxyVersion: v0.7-beta.7.1
 ```
 
----
-
-## **sysdig.skipIngressGeneration**
-
-**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
-**Required**: `false`</br>
-**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
-**Example**:
-
-```yaml
-sysdig:
-  skipIngressGeneration: true
-```
-
 ## **sysdig.ingressNetworking**
 
 **Required**: `false`<br />
@@ -1413,6 +1380,7 @@ sysdig:
   ingressNetworking: loadbalancer
 ```
 
+
 ## **sysdig.ingressClassName**
 
 **Required**: `false`<br />
@@ -1428,6 +1396,7 @@ sysdig:
   ingressClassName: haproxy
 ```
 
+
 ## **sysdig.ingressNetworkingInsecureApiNodePort**
 
 **Required**: `false`<br />
@@ -1488,19 +1457,6 @@ sysdig:
   ingressNetworkingCollectorNodePort: 30002
 ```
 
-## **haproxyIngress.watchAllNamespaces**
-
-**Required**: `false`<br />
-**Description**: When the 'watchAllNamespaces' setting is enabled, the HaProxy Ingress controller oversees Ingress resources throughout all namespaces within the cluster. By default, this setting is disabled, restricting monitoring to the namespace specifically configured for sysdig deployment. <br />
-**Options**: `true|false`<br />
-**Default**: `false` <br />
-**Example**:
-
-```yaml
-haproxyIngress:
-  watchAllNamespaces: true
-```
-
 ## **sysdig.license**
 
 **Required**: `true`<br />
@@ -1593,6 +1549,22 @@ sysdig:
   sysdigWorkerVersion: 3.5.1.7018
 ```
 
+## **sysdig.enableAlerter**
+
+**Required**: `false`<br />
+**Description**: This creates a separate deployment for Alerters while
+disabling this functionality in workers. **Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  enableAlerter: true
+```
+
 ## **sysdig.alertingSystem.enabled**
 
 **Required**: `false`<br />
@@ -1700,12 +1672,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br />
 **Options**:<br />
-**Default**: 0.1.5<br />
+**Default**: 0.9.0.1<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.1.5
+  natsExporterVersion: 0.9.0.1
 ```
 
 ## **sysdig.natsStreamingVersion**
@@ -1734,43 +1706,154 @@ sysdig:
   natsStreamingInitVersion: 0.22.0.7
 ```
 
-## **sysdig.natsServerVersion**
+## **sysdig.nats.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable NATS deployment for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    enabled: true
+```
+
+## **sysdig.nats.secure.enabled**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of NATS.<br />
+**Description**: NATS Streaming TLS enabled.<br />
 **Options**:<br />
-**Default**: 0.1.11<br />
+**Default**: true<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.1.11
+  nats:
+    secure:
+      enabled: true
 ```
 
-## **sysdig.natsReloaderVersion**
+## **sysdig.nats.secure.username**
+
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
+**Description**: NATS username<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
+**Description**: NATS password<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
+## **sysdig.nats.ca**
+
+**Required**: `false`<br />
+**Description**: NATS CA<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ca: <base64(ca.pem)>
+```
+
+## **sysdig.nats.cakey**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of NATS Reloader.<br />
+**Description**: NATS CA KEY<br />
 **Options**:<br />
-**Default**: 0.1.4<br />
+**Default**:<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.1.4
+  nats:
+    cakey: <base64(ca.pem)>
+```
+
+## **sysdig.nats.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming HA (High Availability) enabled.<br />
+**Options**:<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ha:
+      enabled: false
 ```
 
-## **sysdig.natsBoxVersion**
+## **sysdig.nats.urlha**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of NATS Box.<br />
+**Description**: NATS Streaming URL for HA deployment.<br />
 **Options**:<br />
-**Default**: 0.0.13<br />
+**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.0.13
+  nats:
+    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
+```
+
+## **sysdig.nats.urltls**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming URL for TLS enabled.<br />
+**Options**:<br />
+**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    urltls: nats://sysdigcloud-nats-streaming-tls:4222
+```
+
+## **sysdig.nats.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats streaming (in HA mode) hostPath persistent volumes should be created on. The number of nodes must be 3. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    hostPathNodes:
+      - my-cool-host1.com
 ```
 
 ## **sysdig.openshiftUrl**
@@ -1830,6 +1913,19 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
+## **sysdig.mysqlToPostgresMigrationVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br />
+**Options**:<br />
+**Default**: 1.2.5-mysql-to-postgres<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+```
+
 ## **sysdig.postgresql.rootUser**
 
 **Required**: `false`<br />
@@ -1875,7 +1971,7 @@ sysdig:
 ## **sysdig.postgresql.primary**
 
 **Required**: `false`<br />
-**Description**: Services will start in postgresql mode.<br />
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -2995,8 +3091,8 @@ sysdig:
   redis6ExporterVersion: 1.0.9
 ```
 
-## **sysdig.redis6ImageName**
 
+## **sysdig.redis6ImageName**
 **Required**: `false`<br />
 **Description**: Docker image name of Redis 6, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3010,7 +3106,6 @@ sysdig:
 ```
 
 ## **sysdig.redis6SentinelImageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3024,7 +3119,6 @@ sysdig:
 ```
 
 ## **sysdig.redis6ExporterImageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Metrics Exporter, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3062,9 +3156,7 @@ sysdig:
 redisTls:
   enabled: true
 ```
-
 ## **redisTls.deploy**
-
 **Required**: `false`<br />
 **Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
 **Options**: true|false<br />
@@ -3101,9 +3193,7 @@ redisTls:
 redisTls:
   ha: true
 ```
-
 ## **redisTls.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3115,7 +3205,6 @@ redisTls:
 redisTls:
   imageName: redis-6
 ```
-
 ## **redisTls.version**
 
 **Required**: `false`<br />
@@ -3131,7 +3220,6 @@ redisTls:
 ```
 
 ## **redisTls.sentinel.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3144,7 +3232,6 @@ redisTls:
   sentinel:
     imageName: redis-sentinel-6
 ```
-
 ## **redisTls.sentinel.version**
 
 **Required**: `false`<br />
@@ -3161,7 +3248,6 @@ redisTls:
 ```
 
 ## **redisTls.exporter.imageName**
-
 **Required**: `false`<br />
 **Description**: Docker image name of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3174,9 +3260,7 @@ redisTls:
   exporter:
     imageName: redis-exporter-1
 ```
-
 ## **redisTls.exporter.version**
-
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3189,7 +3273,6 @@ redisTls:
   exporter:
     version: 1.0.9
 ```
-
 ## **redisClientsMonitor**
 
 **Required**: `false`<br />
@@ -3220,6 +3303,7 @@ A Monitor service can have multiple [component connection](https://docs.google.c
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
 
+
 If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
 
 ```yaml
@@ -4370,6 +4454,98 @@ sysdig:
         memory: 200Mi
 ```
 
+## **sysdig.resources.alerter.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.alerter.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.alerter.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.alerter.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      requests:
+        memory: 200Mi
+```
+
 ## **sysdig.resources.collector.limits.cpu**
 
 **Required**: `false`<br />
@@ -5282,8 +5458,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Scanning DB engine<br />
-**Options**: postgres|inmem<br />
-**Default**: postgres<br />
+**Options**:<br />
+**Default**: mysql<br />
 **Example**:
 
 ```yaml
@@ -5291,7 +5467,7 @@ sysdig:
   secure:
     scanning:
       retentionMgr:
-        scanningDBEngine: postgres
+        scanningDBEngine: mysql
 ```
 
 ## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
@@ -6127,7 +6303,6 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
-
 **Required**: `true`<br />
 **Description**: The flag to enable on-demand generation of reports globally<br />
 **Options**: false, true<br />
@@ -6143,7 +6318,6 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
-
 **Required**: `false`<br />
 **Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
 **Options**: <br />
@@ -6542,263 +6716,98 @@ sysdig:
         memory: 1Gi
 ```
 
-## **sysdig.natsJs.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable nats js deploy<br />
-**Options**: true|false<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    enabled: true
-```
-
-## **sysdig.natsJs.nats.fullnameOverride**
-
-**Required**: `false`<br />
-**Description**: the name of the nats js deployment<br />
-**Options**:<br />
-**Default**: nats
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      fullnameOverride: nats
-```
-
-## **sysdig.natsJs.nats.natsbox.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable nats js box deploy<br />
-**Options**: true|false<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      natsbox:
-        enabled: true
-```
-
-## **sysdig.natsJs.natsTLSGenerator.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable the use of cert manager. Creates Issuer and Certficate resources<br />
-**Options**:<br />
-**Options**: true|false<br />
-**Default**: false
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    natsTLSGenerator: true
-```
-
-## **sysdig.natsJs.ha.enabled**
-
-**Required**: `false`<br />
-**Description**: This feature ensures that there are multiple replicas of your NATS JetStream server running at any given time, providing data redundancy and mitigating the risk of server failure. It accomplishes this by utilizing cluster mode, where data is distributed across multiple nodes.
-
-If you disable High Availability, the number of JetStream replicas will be set to 1. In this scenario, there is no data redundancy since there is only a single instance of the server. Therefore, any issues with this single instance could lead to data loss or service disruption. Also, the cluster mode of NATS will be disabled, meaning that your data will no be distributed across multiple nodes, potentially leading to increased risk of data loss and less efficient use of resources.
-
-It is recommended to keep High Availability enabled for production use of NATS JetStream
-<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    ha:
-      enabled: false
-```
-
-## **sysdig.natsJs.hostPathNodes**
-
-**Required**: `false`<br />
-**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats js hostPath persistent volumes should be created on. The number of nodes must be 3. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br />
-**Options**:<br />
-**Default**: [] <br />
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    hostPathNodes:
-      - my-cool-host1.com
-```
-
-## **sysdig.natsJs.nats.tolerations**
-
-**Required**: `false`<br />
-**Description**: If set add tolerations to NatsJs statefulset<br />
-**Options**: <br />
-**Default**: `[]`<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      tolerations:
-        key: dedicated
-        operator: Equal
-        value: cassandra
-        effect: NoSchedule
-```
-
-## **sysdig.natsJs.nats.affinity**
+## **sysdig.resources.nats-streaming.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: If set add affinity to NatsJs statefulset<br />
-**Options**: <br />
-**Default**: ``<br />
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: name
-                operator: In
-                values:
-                - blue
-```
-
-## **sysdig.resources.natsJs.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to nats pods<br />
+**Description**: The amount of cpu assigned to nats-streaming pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
+| small        | 2      |
 | medium       | 2      |
-| large        | 3      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    natsJs:
+    nats-streaming:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.natsJs.limits.memory**
+## **sysdig.resources.nats-streaming.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to nats pods<br />
+**Description**: The amount of memory assigned to nats-streaming pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
+| small        | 2Gi    |
 | medium       | 2Gi    |
-| large        | 3Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    natsJs:
+    nats-streaming:
       limits:
         memory: 2Gi
 ```
 
-## **sysdig.resources.natsJs.requests.cpu**
+## **sysdig.resources.nats-streaming.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule nats pods<br />
+**Description**: The amount of cpu required to schedule nats-streaming pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 1        |
-| large        | 2        |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    natsJs:
+    nats-streaming:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.natsJs.requests.memory**
+## **sysdig.resources.nats-streaming.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule nats pods<br />
+**Description**: The amount of memory required to schedule nats-streaming pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 3Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    natsJs:
+    nats-streaming:
       requests:
         memory: 1Gi
 ```
 
-## **sysdig.natsJs.nats.nats.gomemlimit**
-
-**Required**: `false`<br />
-**Description**: The amount of memory dedicated to go. Configure it to the 90% of memory limit<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 900MiB   |
-| medium       | 1800MiB  |
-| large        | 2600MiB  |
-
-**Example**:
-
-```yaml
-sysdig:
-  natsJs:
-    nats:
-      nats:
-        gomemlimit: 900MiB
-```
-
 ## **sysdig.resources.activity-audit-api.limits.cpu**
 
 **Required**: `false`<br />
@@ -8029,8 +8038,8 @@ sysdig:
 **Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinitylabelkey) and
-[nodeaffinityLabel.value](#nodeaffinitylabelvalue) to ensure only Sysdig
+[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
+[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
 Platform pods run on particular nodes<br />
 **Options**:<br />
 **Default**:<br />
@@ -8173,13 +8182,14 @@ sysdig:
 ## **sysdig.cassandraReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Cassandra replicas<br />
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 3     |
+| small        | 1     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8375,13 +8385,14 @@ sysdig:
 ## **sysdig.elasticsearchReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of ElasticSearch replicas<br />
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 3     |
+| small        | 1     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8434,6 +8445,27 @@ sysdig:
   workerReplicaCount: 7
 ```
 
+## **sysdig.alerterReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
 ## **sysdig.eventsGathererReplicaCount**
 
 **Required**: `false`<br />
@@ -8692,6 +8724,7 @@ sysdig:
 sysdig:
   collector:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.collector.certificate.generate**
@@ -8775,6 +8808,22 @@ sysdig:
 sysdig:
   worker:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Sysdig Alerter jvm.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.eventsForwarderEnabledIntegrations**
@@ -8907,7 +8956,7 @@ sysdig:
 ## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 
 **Required**: `false`<br />
-**Description**: Anchore db ssl mode. More info: <https://www.postgresql.org/docs/9.1/libpq-ssl.html><br />
+**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br />
 **Options**:<br />
 **Default**: "disable"<br />
 **Example**:
@@ -8923,23 +8972,26 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: which scanning database engine to use. <br />
-**Options**: postgres<br />
-**Default**: postgres<br />
+**Options**: mysql<br />
+**Default**: "mysql"<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
     veJanitor:
-      scanningDbEngine: postgres
+      scanningDbEngine: "mysql"
 ```
 
 ## **sysdig.metadataService.enabled**
 
 **Required**: `false`<br />
 **Description**: Whether to enable metadata-service or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `true`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -8951,7 +9003,10 @@ sysdig:
 ## **sysdig.metadataService.operatorEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to enable metadata-service-operator or not, this controls the HA capabilities of the Metadata Service but it requires several k8s permissions in the cluster.
+**Description**: Whether to enable metadata-service-operator or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -9147,8 +9202,11 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable helm-renderer or not
+**Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `true`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -9808,7 +9866,6 @@ sysdig:
 ```
 
 ## **networkPolicies**
-
 Please check the [dedicated page](05-networkPolicies.md)
 
 ## **pvStorageSize.small.kafka**
@@ -9818,7 +9875,7 @@ Please check the [dedicated page](05-networkPolicies.md)
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 50Gi<br />
+**Default**: 20Gi<br />
 **Example**:
 
 ```yaml
@@ -9908,7 +9965,6 @@ pvStorageSize:
 ```
 
 ## **sysdig.meerkat.enabled**
-
 **Required**: `false`<br />
 **Description**: Enables Meerkat. Meerkat represents collections of components that make up Sysdig's new, more computationally efficient, metrics store.<br />
 **Options**: `true|false`<br />
@@ -10324,7 +10380,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator Worker JVM.<br />
 **Options**:<br />
-**Default**: ``
+**Default**: ` `
 
 **Example**:
 
@@ -11379,7 +11435,6 @@ sysdig:
 ```
 
 ## **sysdig.prometheus.enabled**
-
 **Required**: `false`<br />
 **Description**: Enables Prometheus services.<br />
 **Options**: `true|false`<br />
@@ -13625,6 +13680,7 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
+NOTE: Vulnerability Engine V2 is not yet supported for airgapped installation.<br />
 **Options**:<br />
 **Default**: true<br />
 **Example**:
@@ -13639,7 +13695,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
 
 **Example**:
 
@@ -13671,7 +13727,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
 
 **Example**:
 
@@ -13866,19 +13922,3 @@ sysdig:
     scanningv2:
       customCerts: true
 ```
-
-## **sysdig.secure.scanningv2.airgappedFeeds**
-
-**Required**: `false`<br />
-**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      airgappedFeeds: true
-```
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 93e8012c..30bb4ec0 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -129,43 +129,7 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ## Airgapped installations
 
-### Updating the feeds database in airgapped environments [ScanningV2]
-
-This is a script that can be used to automatically update the vulnerability feeds used by the ScanningV2 engine.
-
-```bash
-#!/bin/bash
-QUAY_USERNAME="<change_me>"
-QUAY_PASSWORD="<change_me>"
-
-# Calculate the tag of the last version.
-epoch=`date +%s`
-IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
-
-# Download image
-docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
-docker image pull quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG}
-# Save image
-docker image save quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG} -o airgap-vuln-feeds-latest.tar
-# Optionally move image
-mv airgap-vuln-feeds-latest.tar /var/shared-folder
-# Load image remotely
-ssh -t user@airgapped-host "docker image load -i /var/shared-folder/airgap-vuln-feeds-latest.tar"
-# Push image remotely
-ssh -t user@airgapped-host "docker tag airgap-vuln-feeds:${IMAGE_TAG} airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-ssh -t user@airgapped-host "docker image push airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-
-# Update the image
-ssh -t user@airgapped-host "kubectl -n sysdigcloud set image deploy/sysdigcloud-scanningv2-airgap-vuln-feeds airgap-vuln-feeds=airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
-```
-
-The above script could be scheduled using a cron job that run every day like
-
-```bash
-0 8 * * * airgap-vuln-feeds-image-update.sh >/dev/null 2>&1
-```
-
-### Updating the feeds database in airgapped environments [Legacy Scanning]
+### Updating the feeds database in airgapped environments
 
 This is a procedure that can be used to automatically update the feeds database:
 
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index 4c69750b..fe03c37c 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -27,7 +27,7 @@ A validation checks that the minimal requirements for each type of environment (
 
 - if `.deployment=kubernetes`, then the `.networkPolicies.ingress.haproxy.allowedNetworks` is required
 
-- if `.deployment=iks`, then the `.networkPolicies.ingress.alb.selector` is required
+- if `.deployment=iks`, then the `.networkPolicies.ingress.alb
 
 ## Parameters
 
@@ -49,7 +49,7 @@ networkPolicies:
 
 **Required**: `false` <br />
 **Description**: to render the NetworkPolicies this flag must be set to `deny`. It works together with flag `networkPolicies.enabled`.<br />
-**Options**: `deny|allow`<br />
+**Options**: `deny`/`allow`<br />
 **Default**: `false`<br />
 
 **Example**:
diff --git a/installer/values.yaml b/installer/values.yaml
index 39dcb006..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -22,6 +22,3 @@ sysdig:
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
   ingressClassName: haproxy
-  # Uncomment the following two lines to enable Sysdig Platform Audit
-  #platformAuditTrail:
-  #  enabled: true

From 6a7a64ad5623c9ebb97b3d3351266b3a9785ad6e Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 3 Apr 2024 22:11:47 +0000
Subject: [PATCH 146/156] updating installer docs

---
 installer/README.md                           |   4 +-
 installer/docs/01-command_line_arguments.md   | 156 +++-
 installer/docs/02-configuration_parameters.md | 708 +++++++++---------
 installer/docs/04-advanced_configuration.md   |  38 +-
 installer/docs/05-networkPolicies.md          |   4 +-
 installer/values.yaml                         |   3 +
 6 files changed, 526 insertions(+), 387 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cd47ed96..6ade8103 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,5 +1,3 @@
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
-
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
@@ -58,6 +56,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
+  - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
+    Set this parameter to `true` if you would like to use Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 2e50d8aa..a99a9948 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -5,7 +5,7 @@
 
 # Command line arguments explained
 
-<br />
+<br/>
 
 ## Command: `deploy`
 
@@ -28,7 +28,7 @@
 
 - The user must provide SAs with the exact same name expected:
 
-```
+```text
 sysdig-serviceaccount.yaml:  name: sysdig
 sysdig-serviceaccount.yaml:  name: node-labels-to-files
 sysdig-serviceaccount.yaml:  name: sysdig-with-root
@@ -41,7 +41,7 @@ sysdig-serviceaccount.yaml:  name: sysdig-cassandra
   Another implication is that if SA(s) are missing, the user will have to `describe`
   the STS because Pods will not start at all:
 
-```
+```text
 Events:
   Type     Reason            Age                   From                    Message
   ----     ------            ----                  ----                    -------
@@ -70,10 +70,16 @@ actual name of the STS in the cluster differs
 
 - Same as above for `cassandra`
 
+`--use-import-v2`
+
+- This flag will use the new import logic, which will import the values from the cluster and then generate the manifests based on the imported values. Defaults to `false`, which means the old import logic will be used, unless the `--use-import-v2` flag is provided. Import V2 is supported starting from version 6.6.0, and is expected to become the default in the future.
+
 ## Command: `update-license`
 
 Added November 2022, this is a new command.
 
+** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
+
 This command performs the minimal changes and restarts to apply a new license.
 Based on [this page](https://docs.sysdig.com/en/docs/administration/on-premises-deployments/upgrade-an-on-premises-license/)
 
@@ -105,7 +111,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Example
 
-```
+```log
 ./installer/out/installer-darwin-amd64 image-list
 I1118 18:48:44.643520   97065 main.go:64] Installer version
 I1118 18:48:44.646391   97065 values.go:122] using namespace sysdig from values.yaml
@@ -126,7 +132,6 @@ quay.io/sysdig/postgres:12.10.0.0
 quay.io/sysdig/cp-kafka-6:0.2.1
 quay.io/sysdig/kube-rbac-proxy:v0.8.0
 quay.io/sysdig/secure-onboarding-api:6.0.0.12431
-quay.io/sysdig/nats-streaming-init:0.22.0.8
 quay.io/sysdig/ui-monitor-nginx:6.0.0.12431
 quay.io/sysdig/sysdig-worker:6.0.0.12431
 quay.io/sysdig/profiling-api:6.0.0.12431
@@ -162,7 +167,6 @@ quay.io/sysdig/haproxy-ingress:1.1.5-v0.10
 quay.io/sysdig/sysdig-meerkat-api:6.0.0.12431
 quay.io/sysdig/metadata-service-operator:1.0.1.23
 quay.io/sysdig/netsec:6.0.0.12431
-quay.io/sysdig/nats-streaming:0.22.0.8
 quay.io/sysdig/nats-exporter:0.9.0.2
 quay.io/sysdig/secure-prometheus:2.17.2
 quay.io/sysdig/opensearch-1:0.0.16
@@ -175,7 +179,7 @@ quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
-quay.io/sysdig/cassandra-3:0.0.36
+quay.io/sysdig/cassandra:0.0.36
 quay.io/sysdig/metadata-service-server:1.10.63
 quay.io/sysdig/rapid-response-connector:6.0.0.12431
 quay.io/sysdig/secure-todo-api:6.0.0.12431
@@ -189,4 +193,140 @@ quay.io/sysdig/secure-todo-janitor:6.0.0.12431
 quay.io/sysdig/sysdig-alert-manager:6.0.0.12431
 quay.io/sysdig/redis-exporter-1:1.0.9
 quay.io/sysdig/ui-inspect-nginx:6.0.0.12431
-```
\ No newline at end of file
+```
+
+## Command: `diff`
+
+Will perform a diff between the platform objects in a running k8s cluster, and the generated manifests based on some values.
+
+`--write-diff`
+
+- Will write the diff on the filesystem organized in subfolders, rather than printing it to the stdout.
+
+`--out-diff-dir`
+
+- Allows you to specify a custom path for the diff files being written on the filesystem. Will be used only if also `--write-diff` is provided. If not set will use a temporary directory.
+
+`--cleanup`
+
+- If set, will attempt to automatically delete any generated diff files on the filesystem if the directory used to store the diff files already exists. Requires both `--write-diff` and `--out-diff-dir` to be set.
+
+`--secure`
+
+- applies some filters to the produced diff in order to avoid printing sensitive informations. This is useful if you need to share diffs to user who shouldn't have access to credentials.
+
+`--summary`
+
+- Only prints a summary of the diff errors.
+
+Diff command also has options inherited from the generate command options. See **generate** command section.
+
+### Sub-Command: secure-diff [DEPRECATED]
+
+Performs a diff not showing sensitive information.
+This subcommand is DEPRECATED and will be removed starting from version 6.7.0, you can have the same effect with the diff command and the flag `--secure`.
+
+## Command: `generate`
+
+`--manifest-directory`
+
+- Set the location where the installer will write the genearted manifests.
+
+`--skip-generate`
+
+- Skips generating Kubernetes manifests and attempts to diff whatever is in the manifests directory. Manifest directory can be specified using `--manifest-directory <dir>` flag.
+
+`--skip-import`
+
+- Skips the import phase, which would try to import values from a running cluster.
+
+`--skip-validation`
+
+- Skips validation checks.
+
+`--ignore-kubeconfig-errors`
+
+- This will ignore all errors from trying to parse kubeconfig file.
+
+`--preserve-templates`
+
+- Preserve directory installer templates are extracted to, this should only be used for debugging purposes
+
+`--k8s-server-version`
+
+- Sets the `kubernetesServerVersion` within values.
+
+`--helm-install`
+
+- The installer will extract the necessary files for an installation using the `helm` command only. By default it will create a directory `helm-install` in the directory where the installer is being executed. Content of the directory:
+
+  - `values.hi.yaml`: the complete values generated by the `installer`
+  - `values.hi.nats.yaml` and `values.hi.nats.global.yaml`: values for the rendering of NATSJS
+  - `charts`: the Helm charts that make up the Sysdig onprem stack
+
+`--helm-install-out-dir`
+
+- To use a custom directory to output the files generated by `--helm-install` instead of the default.
+
+### ArgoCD Generation
+
+We have introduced a way to generate ArgoCD apps definitions so that the sysdig stack can be installed using ArgoCD.
+
+At the moment we only take care of the generation of the files, the actual deploy of these files in ArgoCD is left to the user.
+
+`--argocd (boolean)`
+
+Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated. NOTE: that using this flag will automatically also run the generation of charts that you would obtain with the `--helm-install` cli flag, this is because the argoCD generation is strictly tied with the helm-charts being produced in a certain way.
+
+`--argo-repo-url (string)`
+
+URL of repo that will contain ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. (default `git@github.com:ORGANIZATION/SAMPLE-REPO.git`). This will be replaced within the ArgoCD apps definition files.
+
+`--argo-repo-rev (string)`
+
+Name of the branch of the repo to use. (default "main"). This will be replaced within the ArgoCD apps definition files.
+
+example of hierarchy:
+```
+git@github.com:ORGANIZATION/SAMPLE-REPO.git
+    |
+    '- argocd-projects/
+    |        '- sysdig/
+    |        |    '- argocd/
+    |        |    |    '- sysdig-root/
+    |        |    |    '- sysdig-common-config/
+    |        |    |    '- sysdigcloud-infra/
+    |        |    |         [...]
+    |        |    '- helm-install/
+    |        |    |    '- charts/
+    |        |    |          '- chart-1/
+    |        |    |          '- chart-2/
+    |        |    |          [...]
+```
+
+`--argo-git-apps-dir (string)`
+
+Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
+If we look at the example above the correct value for this would be `argocd-projects/sysdig/argocd`.
+
+`--argo-git-charts-dir (string)`
+
+relative path from the repo root that will contain the folder with charts. (default "helm-install/charts"). This will be replaced within the ArgoCD apps definition files. If we look at the example above the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
+
+`--argo-out-dir (string)`
+
+actual output directory on file system where argocd files will be written. Default is `./argocd/`.
+
+
+## Command: `list-resources`
+
+Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
+This command expects to have a `generated` folder. If one doesn't exist, it can be created within the scope of this command, using the `--generate-manifests` flag.
+
+`--generate-manifests`
+
+- Generate Kubernetes manifests before generating the list of resources. Defaults to `false`.
+
+`--node-count`
+
+- Number of nodes in the target cluster. This impacts the resource calculation, because DaemonSets get deployed on every (tolerated) node in the cluster. Defaults to `1`.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index df37b437..7267e640 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -385,7 +385,7 @@ elasticsearch:
 ## **elasticsearch.jobs.rollNodes**
 
 **Required**: `false`<br />
-**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time.<br />
+**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time. WARNING: do not set this to true in a 5.x to 6.x upgrade scenario.<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.35<br />
+**Default**: 0.0.46<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.35
+    toolsImageVersion: 0.0.46
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -568,19 +568,20 @@ hostPathCustomPaths:
   postgresql: `/sysdig/pgdata`
 ```
 
-## **hostPathCustomPaths.nats**
+## **hostPathCustomPaths.natsJs**
 
 **Required**: `false`<br />
-**Description**: The directory to bind mount nats streaming (in HA mode) pod's
-`/var/lib/stan` to on the host. This parameter is relevant
+**Description**: The directory to bind mount nats js pod's
+`/var/lib/natsjs` to on the host. This parameter is relevant
 only when `storageClassProvisioner` is `hostPath`.<br />
 **Options**: <br />
-**Default**: `/var/lib/stan`<br />
+**Default**: `/var/lib/natsjs`<br />
 **Example**:
 
 ```yaml
 hostPathCustomPaths:
-  postgresql: `/sysdig/stan`
+  natsJs: `/sysdig/natsjs`
+```
 
 ## **nodeaffinityLabel.key**
 
@@ -669,7 +670,7 @@ pvStorageSize:
 cluster of [`size`](#size) medium. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 100Gi<br />
+**Default**: 150Gi<br />
 **Example**:
 
 ```yaml
@@ -758,27 +759,27 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
+## **pvStorageSize.large.natsJs**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 10Gi<br />
+**Default**: 50Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   large:
-    nats: 10Gi
+    natsJs: 50Gi
 ```
 
-## **pvStorageSize.medium.nats**
+## **pvStorageSize.medium.natsJs**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
+cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 10Gi<br />
@@ -787,23 +788,23 @@ cluster of [`size`](#size) medium. This option is ignored if
 ```yaml
 pvStorageSize:
   medium:
-    nats: 10Gi
+    natsJs: 10Gi
 ```
 
-## **pvStorageSize.small.nats**
+## **pvStorageSize.small.natsJs**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
+**Description**: The size of the persistent volume assigned to NATS JS HA in a
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 10Gi<br />
+**Default**: 50Gi<br />
 **Example**:
 
 ```yaml
 pvStorageSize:
   small:
-    nats: 10Gi
+    natsJs: 50Gi
 ```
 
 ## **sysdig.anchoreVersion**
@@ -925,12 +926,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker image tag of Cassandra.<br />
 **Options**: <br />
-**Default**: 2.1.22.5<br />
+**Default**: 4.1.3-0.0.14<br />
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.22.5
+  cassandraVersion: 4.1.3-0.0.14
 ```
 
 ## **sysdig.cassandraExporterVersion**
@@ -938,13 +939,14 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:v0.17.0-ubi` <br />
 **Options**: <br />
-**Default**: v0.17.0-ubi<br />
+**Default**: v0.20.0-ubi<br />
 **Example**:
 
 ```yaml
 sysdig:
   cassandraExporterVersion: latest
 ```
+
 ## **sysdig.cassandra.snitch.extractCMD**
 
 **Required**: `false`<br />
@@ -960,10 +962,10 @@ sysdig:
       extractCMD: "cat /node-labels/failure-domain.beta.kubernetes.io/zone || cat /node-labels/topology.kubernetes.io/zone"
 ```
 
-## **sysdig.cassandra.useCassandra3**
+## **sysdig.cassandra.useCassandra3** (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
+**Description**: Deprecated: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -974,10 +976,10 @@ sysdig:
     useCassandra3: false
 ```
 
-## **sysdig.Cassandra3Version**
+## **sysdig.Cassandra3Version** (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
+**Description**: Deprecated: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
 **Options**: <br />
 **Default**: `3.11.11.1`<br />
 **Example**:
@@ -1169,10 +1171,10 @@ documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/con
 sysdig:
   cassandra:
     customOverrides: |
-      hinted_handoff_enabled: false
-      concurrent_compactors: 8
-      read_request_timeout_in_ms: 10000
-      write_request_timeout_in_ms: 10000
+      concurrent_compactors: 6
+      read_request_timeout: 10000ms
+      write_request_timeout: 10000ms
+      request_timeout: 11000ms
 ```
 
 ## **sysdig.cassandra.datacenterName**
@@ -1316,6 +1318,21 @@ sysdig:
   elasticsearchVersion: 5.6.16.18
 ```
 
+## **sysdig.platformAuditTrail.enabled**
+
+**Required**: `false`<br />
+**Description**: Global flag to enable Sysdig Platform Audit in all services.
+**Required**: `false`</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  platformAuditTrail:
+    enabled: true
+```
+
 ## **sysdig.elasticsearch6Version**
 
 **Required**: `false`<br />
@@ -1356,6 +1373,22 @@ sysdig:
   haproxyVersion: v0.7-beta.7.1
 ```
 
+---
+
+## **sysdig.skipIngressGeneration**
+
+**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
+**Required**: `false`</br>
+**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  skipIngressGeneration: true
+```
+
 ## **sysdig.ingressNetworking**
 
 **Required**: `false`<br />
@@ -1380,7 +1413,6 @@ sysdig:
   ingressNetworking: loadbalancer
 ```
 
-
 ## **sysdig.ingressClassName**
 
 **Required**: `false`<br />
@@ -1396,7 +1428,6 @@ sysdig:
   ingressClassName: haproxy
 ```
 
-
 ## **sysdig.ingressNetworkingInsecureApiNodePort**
 
 **Required**: `false`<br />
@@ -1457,6 +1488,19 @@ sysdig:
   ingressNetworkingCollectorNodePort: 30002
 ```
 
+## **haproxyIngress.watchAllNamespaces**
+
+**Required**: `false`<br />
+**Description**: When the 'watchAllNamespaces' setting is enabled, the HaProxy Ingress controller oversees Ingress resources throughout all namespaces within the cluster. By default, this setting is disabled, restricting monitoring to the namespace specifically configured for sysdig deployment. <br />
+**Options**: `true|false`<br />
+**Default**: `false` <br />
+**Example**:
+
+```yaml
+haproxyIngress:
+  watchAllNamespaces: true
+```
+
 ## **sysdig.license**
 
 **Required**: `true`<br />
@@ -1549,22 +1593,6 @@ sysdig:
   sysdigWorkerVersion: 3.5.1.7018
 ```
 
-## **sysdig.enableAlerter**
-
-**Required**: `false`<br />
-**Description**: This creates a separate deployment for Alerters while
-disabling this functionality in workers. **Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  enableAlerter: true
-```
-
 ## **sysdig.alertingSystem.enabled**
 
 **Required**: `false`<br />
@@ -1672,12 +1700,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Docker image tag of the Prometheus exporter for NATS.<br />
 **Options**:<br />
-**Default**: 0.9.0.1<br />
+**Default**: 0.1.5<br />
 **Example**:
 
 ```yaml
 sysdig:
-  natsExporterVersion: 0.9.0.1
+  natsExporterVersion: 0.1.5
 ```
 
 ## **sysdig.natsStreamingVersion**
@@ -1706,154 +1734,43 @@ sysdig:
   natsStreamingInitVersion: 0.22.0.7
 ```
 
-## **sysdig.nats.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable NATS deployment for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    enabled: true
-```
-
-## **sysdig.nats.secure.enabled**
+## **sysdig.natsServerVersion**
 
 **Required**: `false`<br />
-**Description**: NATS Streaming TLS enabled.<br />
+**Description**: Docker image tag of NATS.<br />
 **Options**:<br />
-**Default**: true<br />
+**Default**: 0.1.11<br />
 **Example**:
 
 ```yaml
 sysdig:
-  nats:
-    secure:
-      enabled: true
+  natsExporterVersion: 0.1.11
 ```
 
-## **sysdig.nats.secure.username**
-
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
-**Description**: NATS username<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
-**Description**: NATS password<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
-## **sysdig.nats.ca**
-
-**Required**: `false`<br />
-**Description**: NATS CA<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    ca: <base64(ca.pem)>
-```
-
-## **sysdig.nats.cakey**
+## **sysdig.natsReloaderVersion**
 
 **Required**: `false`<br />
-**Description**: NATS CA KEY<br />
+**Description**: Docker image tag of NATS Reloader.<br />
 **Options**:<br />
-**Default**:<br />
+**Default**: 0.1.4<br />
 **Example**:
 
 ```yaml
 sysdig:
-  nats:
-    cakey: <base64(ca.pem)>
-```
-
-## **sysdig.nats.ha.enabled**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming HA (High Availability) enabled.<br />
-**Options**:<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    ha:
-      enabled: false
+  natsExporterVersion: 0.1.4
 ```
 
-## **sysdig.nats.urlha**
+## **sysdig.natsBoxVersion**
 
 **Required**: `false`<br />
-**Description**: NATS Streaming URL for HA deployment.<br />
+**Description**: Docker image tag of NATS Box.<br />
 **Options**:<br />
-**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br />
+**Default**: 0.0.13<br />
 **Example**:
 
 ```yaml
 sysdig:
-  nats:
-    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
-```
-
-## **sysdig.nats.urltls**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming URL for TLS enabled.<br />
-**Options**:<br />
-**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    urltls: nats://sysdigcloud-nats-streaming-tls:4222
-```
-
-## **sysdig.nats.hostPathNodes**
-
-**Required**: `false`<br />
-**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats streaming (in HA mode) hostPath persistent volumes should be created on. The number of nodes must be 3. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br />
-**Options**:<br />
-**Default**: [] <br />
-
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    hostPathNodes:
-      - my-cool-host1.com
+  natsExporterVersion: 0.0.13
 ```
 
 ## **sysdig.openshiftUrl**
@@ -1913,19 +1830,6 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
-
-**Required**: `false`<br />
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br />
-**Options**:<br />
-**Default**: 1.2.5-mysql-to-postgres<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
-```
-
 ## **sysdig.postgresql.rootUser**
 
 **Required**: `false`<br />
@@ -1971,7 +1875,7 @@ sysdig:
 ## **sysdig.postgresql.primary**
 
 **Required**: `false`<br />
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br />
+**Description**: Services will start in postgresql mode.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -3091,8 +2995,8 @@ sysdig:
   redis6ExporterVersion: 1.0.9
 ```
 
-
 ## **sysdig.redis6ImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis 6, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3106,6 +3010,7 @@ sysdig:
 ```
 
 ## **sysdig.redis6SentinelImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3119,6 +3024,7 @@ sysdig:
 ```
 
 ## **sysdig.redis6ExporterImageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Metrics Exporter, relevant when configured
 `sysdig.useRedis6` is `true`.<br />
@@ -3156,7 +3062,9 @@ sysdig:
 redisTls:
   enabled: true
 ```
+
 ## **redisTls.deploy**
+
 **Required**: `false`<br />
 **Description**: When also `redisTls.enabled` is `true`, installs a _Redis with TLS_ and _Sentinel_ support<br />
 **Options**: true|false<br />
@@ -3193,7 +3101,9 @@ redisTls:
 redisTls:
   ha: true
 ```
+
 ## **redisTls.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3205,6 +3115,7 @@ redisTls:
 redisTls:
   imageName: redis-6
 ```
+
 ## **redisTls.version**
 
 **Required**: `false`<br />
@@ -3220,6 +3131,7 @@ redisTls:
 ```
 
 ## **redisTls.sentinel.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis Sentinel, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3232,6 +3144,7 @@ redisTls:
   sentinel:
     imageName: redis-sentinel-6
 ```
+
 ## **redisTls.sentinel.version**
 
 **Required**: `false`<br />
@@ -3248,6 +3161,7 @@ redisTls:
 ```
 
 ## **redisTls.exporter.imageName**
+
 **Required**: `false`<br />
 **Description**: Docker image name of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3260,7 +3174,9 @@ redisTls:
   exporter:
     imageName: redis-exporter-1
 ```
+
 ## **redisTls.exporter.version**
+
 **Required**: `false`<br />
 **Description**: Docker image tag of Redis exporter, relevant when configured
 `redisTls.enabled` and `redisTls.deploy` are  `true`.<br />
@@ -3273,6 +3189,7 @@ redisTls:
   exporter:
     version: 1.0.9
 ```
+
 ## **redisClientsMonitor**
 
 **Required**: `false`<br />
@@ -3303,7 +3220,6 @@ A Monitor service can have multiple [component connection](https://docs.google.c
 **Default**: _Redis standalone/Redis HA_<br />
 **Example**:
 
-
 If `tls` is `true` the component `ibmCache` will use the TLS solution (`redisTls.enabled` to `true` is required)
 
 ```yaml
@@ -4454,98 +4370,6 @@ sysdig:
         memory: 200Mi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 8      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.alerter.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 8Gi    |
-| large        | 16Gi   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      limits:
-        memory: 10Mi
-```
-
-## **sysdig.resources.alerter.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 2        |
-| large        | 4        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.alerter.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule alerter pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 2Gi      |
-| large        | 4Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    alerter:
-      requests:
-        memory: 200Mi
-```
-
 ## **sysdig.resources.collector.limits.cpu**
 
 **Required**: `false`<br />
@@ -5458,8 +5282,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Scanning DB engine<br />
-**Options**:<br />
-**Default**: mysql<br />
+**Options**: postgres|inmem<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
@@ -5467,7 +5291,7 @@ sysdig:
   secure:
     scanning:
       retentionMgr:
-        scanningDBEngine: mysql
+        scanningDBEngine: postgres
 ```
 
 ## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
@@ -6303,6 +6127,7 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationEnabled**
+
 **Required**: `true`<br />
 **Description**: The flag to enable on-demand generation of reports globally<br />
 **Options**: false, true<br />
@@ -6318,6 +6143,7 @@ sysdig:
 ```
 
 ## **sysdig.secure.scanning.reporting.onDemandGenerationCustomers**
+
 **Required**: `false`<br />
 **Description**: The list of customers where on-demand generation of reports has to be enabled, if on-demand generation wasn't enabled globally<br />
 **Options**: <br />
@@ -6716,98 +6542,263 @@ sysdig:
         memory: 1Gi
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
+## **sysdig.natsJs.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable nats js deploy<br />
+**Options**: true|false<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    enabled: true
+```
+
+## **sysdig.natsJs.nats.fullnameOverride**
+
+**Required**: `false`<br />
+**Description**: the name of the nats js deployment<br />
+**Options**:<br />
+**Default**: nats
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      fullnameOverride: nats
+```
+
+## **sysdig.natsJs.nats.natsbox.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable nats js box deploy<br />
+**Options**: true|false<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      natsbox:
+        enabled: true
+```
+
+## **sysdig.natsJs.natsTLSGenerator.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable the use of cert manager. Creates Issuer and Certficate resources<br />
+**Options**:<br />
+**Options**: true|false<br />
+**Default**: false
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    natsTLSGenerator: true
+```
+
+## **sysdig.natsJs.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: This feature ensures that there are multiple replicas of your NATS JetStream server running at any given time, providing data redundancy and mitigating the risk of server failure. It accomplishes this by utilizing cluster mode, where data is distributed across multiple nodes.
+
+If you disable High Availability, the number of JetStream replicas will be set to 1. In this scenario, there is no data redundancy since there is only a single instance of the server. Therefore, any issues with this single instance could lead to data loss or service disruption. Also, the cluster mode of NATS will be disabled, meaning that your data will no be distributed across multiple nodes, potentially leading to increased risk of data loss and less efficient use of resources.
+
+It is recommended to keep High Availability enabled for production use of NATS JetStream
+<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    ha:
+      enabled: false
+```
+
+## **sysdig.natsJs.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats js hostPath persistent volumes should be created on. The number of nodes must be 3. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
+## **sysdig.natsJs.nats.tolerations**
+
+**Required**: `false`<br />
+**Description**: If set add tolerations to NatsJs statefulset<br />
+**Options**: <br />
+**Default**: `[]`<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      tolerations:
+        key: dedicated
+        operator: Equal
+        value: cassandra
+        effect: NoSchedule
+```
+
+## **sysdig.natsJs.nats.affinity**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to nats-streaming pods<br />
+**Description**: If set add affinity to NatsJs statefulset<br />
+**Options**: <br />
+**Default**: ``<br />
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: name
+                operator: In
+                values:
+                - blue
+```
+
+## **sysdig.resources.natsJs.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to nats pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
+| small        | 1      |
 | medium       | 2      |
-| large        | 2      |
+| large        | 3      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    natsJs:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.nats-streaming.limits.memory**
+## **sysdig.resources.natsJs.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to nats-streaming pods<br />
+**Description**: The amount of memory assigned to nats pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2Gi    |
+| small        | 1Gi    |
 | medium       | 2Gi    |
-| large        | 2Gi    |
+| large        | 3Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    natsJs:
       limits:
         memory: 2Gi
 ```
 
-## **sysdig.resources.nats-streaming.requests.cpu**
+## **sysdig.resources.natsJs.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule nats-streaming pods<br />
+**Description**: The amount of cpu required to schedule nats pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    natsJs:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.nats-streaming.requests.memory**
+## **sysdig.resources.natsJs.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule nats-streaming pods<br />
+**Description**: The amount of memory required to schedule nats pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 3Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    nats-streaming:
+    natsJs:
       requests:
         memory: 1Gi
 ```
 
+## **sysdig.natsJs.nats.nats.gomemlimit**
+
+**Required**: `false`<br />
+**Description**: The amount of memory dedicated to go. Configure it to the 90% of memory limit<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 900MiB   |
+| medium       | 1800MiB  |
+| large        | 2600MiB  |
+
+**Example**:
+
+```yaml
+sysdig:
+  natsJs:
+    nats:
+      nats:
+        gomemlimit: 900MiB
+```
+
 ## **sysdig.resources.activity-audit-api.limits.cpu**
 
 **Required**: `false`<br />
@@ -8038,8 +8029,8 @@ sysdig:
 **Description**:
 [Toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
 that will be created on Sysdig platform pods, this can be combined with
-[nodeaffinityLabel.key](#nodeaffinityLabelkey) and
-[nodeaffinityLabel.value](#nodeaffinityLabelvalue) to ensure only Sysdig
+[nodeaffinityLabel.key](#nodeaffinitylabelkey) and
+[nodeaffinityLabel.value](#nodeaffinitylabelvalue) to ensure only Sysdig
 Platform pods run on particular nodes<br />
 **Options**:<br />
 **Default**:<br />
@@ -8182,14 +8173,13 @@ sysdig:
 ## **sysdig.cassandraReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br />
+**Description**: Number of Cassandra replicas<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 1     |
+| small        | 3     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8385,14 +8375,13 @@ sysdig:
 ## **sysdig.elasticsearchReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br />
+**Description**: Number of ElasticSearch replicas<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 1     |
+| small        | 3     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8445,27 +8434,6 @@ sysdig:
   workerReplicaCount: 7
 ```
 
-## **sysdig.alerterReplicaCount**
-
-**Required**: `false`<br />
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br />
-**Options**:<br />
-**Default**:<br />
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
 ## **sysdig.eventsGathererReplicaCount**
 
 **Required**: `false`<br />
@@ -8724,7 +8692,6 @@ sysdig:
 sysdig:
   collector:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.collector.certificate.generate**
@@ -8808,22 +8775,6 @@ sysdig:
 sysdig:
   worker:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-
-**Required**: `false`<br />
-**Description**: Custom configuration for Sysdig Alerter jvm.<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.eventsForwarderEnabledIntegrations**
@@ -8956,7 +8907,7 @@ sysdig:
 ## **sysdig.secure.scanning.veJanitor.anchoreDBsslmode**
 
 **Required**: `false`<br />
-**Description**: Anchore db ssl mode. More info: https://www.postgresql.org/docs/9.1/libpq-ssl.html<br />
+**Description**: Anchore db ssl mode. More info: <https://www.postgresql.org/docs/9.1/libpq-ssl.html><br />
 **Options**:<br />
 **Default**: "disable"<br />
 **Example**:
@@ -8972,26 +8923,23 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: which scanning database engine to use. <br />
-**Options**: mysql<br />
-**Default**: "mysql"<br />
+**Options**: postgres<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
     veJanitor:
-      scanningDbEngine: "mysql"
+      scanningDbEngine: postgres
 ```
 
 ## **sysdig.metadataService.enabled**
 
 **Required**: `false`<br />
 **Description**: Whether to enable metadata-service or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
@@ -9003,10 +8951,7 @@ sysdig:
 ## **sysdig.metadataService.operatorEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to enable metadata-service-operator or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
+**Description**: Whether to enable metadata-service-operator or not, this controls the HA capabilities of the Metadata Service but it requires several k8s permissions in the cluster.
 **Options**:`true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -9202,11 +9147,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Whether to enable helm-renderer or not
-**Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
 **Options**:`true|false`<br />
-**Default**: `false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
@@ -9866,6 +9808,7 @@ sysdig:
 ```
 
 ## **networkPolicies**
+
 Please check the [dedicated page](05-networkPolicies.md)
 
 ## **pvStorageSize.small.kafka**
@@ -9875,7 +9818,7 @@ Please check the [dedicated page](05-networkPolicies.md)
 cluster of [`size`](#size) small. This option is ignored if
 [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
-**Default**: 20Gi<br />
+**Default**: 50Gi<br />
 **Example**:
 
 ```yaml
@@ -9965,6 +9908,7 @@ pvStorageSize:
 ```
 
 ## **sysdig.meerkat.enabled**
+
 **Required**: `false`<br />
 **Description**: Enables Meerkat. Meerkat represents collections of components that make up Sysdig's new, more computationally efficient, metrics store.<br />
 **Options**: `true|false`<br />
@@ -10380,7 +10324,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator Worker JVM.<br />
 **Options**:<br />
-**Default**: ` `
+**Default**: ``
 
 **Example**:
 
@@ -11435,6 +11379,7 @@ sysdig:
 ```
 
 ## **sysdig.prometheus.enabled**
+
 **Required**: `false`<br />
 **Description**: Enables Prometheus services.<br />
 **Options**: `true|false`<br />
@@ -13680,7 +13625,6 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
-NOTE: Vulnerability Engine V2 is not yet supported for airgapped installation.<br />
 **Options**:<br />
 **Default**: true<br />
 **Example**:
@@ -13695,7 +13639,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
 **Example**:
 
@@ -13727,7 +13671,7 @@ sysdig:
 ## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/.<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
 **Example**:
 
@@ -13922,3 +13866,19 @@ sysdig:
     scanningv2:
       customCerts: true
 ```
+
+## **sysdig.secure.scanningv2.airgappedFeeds**
+
+**Required**: `false`<br />
+**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      airgappedFeeds: true
+```
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 30bb4ec0..93e8012c 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -129,7 +129,43 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ## Airgapped installations
 
-### Updating the feeds database in airgapped environments
+### Updating the feeds database in airgapped environments [ScanningV2]
+
+This is a script that can be used to automatically update the vulnerability feeds used by the ScanningV2 engine.
+
+```bash
+#!/bin/bash
+QUAY_USERNAME="<change_me>"
+QUAY_PASSWORD="<change_me>"
+
+# Calculate the tag of the last version.
+epoch=`date +%s`
+IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
+
+# Download image
+docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
+docker image pull quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG}
+# Save image
+docker image save quay.io/sysdig/airgap-vuln-feeds:${IMAGE_TAG} -o airgap-vuln-feeds-latest.tar
+# Optionally move image
+mv airgap-vuln-feeds-latest.tar /var/shared-folder
+# Load image remotely
+ssh -t user@airgapped-host "docker image load -i /var/shared-folder/airgap-vuln-feeds-latest.tar"
+# Push image remotely
+ssh -t user@airgapped-host "docker tag airgap-vuln-feeds:${IMAGE_TAG} airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+ssh -t user@airgapped-host "docker image push airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+
+# Update the image
+ssh -t user@airgapped-host "kubectl -n sysdigcloud set image deploy/sysdigcloud-scanningv2-airgap-vuln-feeds airgap-vuln-feeds=airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+```
+
+The above script could be scheduled using a cron job that run every day like
+
+```bash
+0 8 * * * airgap-vuln-feeds-image-update.sh >/dev/null 2>&1
+```
+
+### Updating the feeds database in airgapped environments [Legacy Scanning]
 
 This is a procedure that can be used to automatically update the feeds database:
 
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index fe03c37c..4c69750b 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -27,7 +27,7 @@ A validation checks that the minimal requirements for each type of environment (
 
 - if `.deployment=kubernetes`, then the `.networkPolicies.ingress.haproxy.allowedNetworks` is required
 
-- if `.deployment=iks`, then the `.networkPolicies.ingress.alb
+- if `.deployment=iks`, then the `.networkPolicies.ingress.alb.selector` is required
 
 ## Parameters
 
@@ -49,7 +49,7 @@ networkPolicies:
 
 **Required**: `false` <br />
 **Description**: to render the NetworkPolicies this flag must be set to `deny`. It works together with flag `networkPolicies.enabled`.<br />
-**Options**: `deny`/`allow`<br />
+**Options**: `deny|allow`<br />
 **Default**: `false`<br />
 
 **Example**:
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..39dcb006 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -22,3 +22,6 @@ sysdig:
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
   ingressClassName: haproxy
+  # Uncomment the following two lines to enable Sysdig Platform Audit
+  #platformAuditTrail:
+  #  enabled: true

From 6b00fcc34a946ae6be4da65d8ab4c6c89cc9b990 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 30 Apr 2024 21:31:46 +0000
Subject: [PATCH 147/156] updating installer docs

---
 installer/README.md                           |   2 +
 installer/docs/02-configuration_parameters.md | 142 +++++-------------
 installer/values.yaml                         |   8 +
 3 files changed, 46 insertions(+), 106 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index 6ade8103..ff743055 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -58,6 +58,8 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     provided with your Sysdig purchase confirmation mail
   - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
     Set this parameter to `true` if you would like to use Sysdig Platform Audit.
+  - [`sysdig.secure.events.audit.config.store.ip.enabled`](docs/02-configuration_parameters.md#sysdigsecureeventsauditconfigstoreipenabled):
+  	Set this parameter to `true` if you would like to see the origin IP address in Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 7267e640..b9f45cfa 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -1333,6 +1333,26 @@ sysdig:
     enabled: true
 ```
 
+## **sysdig.secure.events.audit.config.store.ip.enabled**
+
+**Required**: `false`<br />
+**Description**: Global flag to enable storing of origin IP in Sysdig Platform Audit in all services.
+**Required**: `false`</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      audit:
+        config:
+          store:
+            ip:
+              enabled: true
+```
+
 ## **sysdig.elasticsearch6Version**
 
 **Required**: `false`<br />
@@ -8777,7 +8797,7 @@ sysdig:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **sysdig.secure.eventsForwarder.enabledIntegrations**
 
 **Required**: `false`<br />
 **Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br />
@@ -8787,7 +8807,9 @@ sysdig:
 
 ```yaml
 sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+  secure:
+    eventsForwarder:
+      enabledIntegrations: "MCM,QRADAR"
 ```
 
 ## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
@@ -12866,102 +12888,10 @@ sysdig:
         memory: 100Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-host.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker-host pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.scanningv2-reporting-worker-host.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker-host pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.scanningv2-reporting-worker-host.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-host pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.scanningv2-reporting-worker-host.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker-host pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      requests:
-        memory: 250Mi
-```
-
-## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker-k8s pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12976,15 +12906,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker-k8s:
+    scanningv2-reporting-worker:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.memory**
+## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker-k8s pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12999,15 +12929,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker-k8s:
+    scanningv2-reporting-worker:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-k8s pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13022,15 +12952,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker-k8s:
+    scanningv2-reporting-worker:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.memory**
+## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker-k8s pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13045,7 +12975,7 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker-k8s:
+    scanningv2-reporting-worker:
       requests:
         memory: 250Mi
 ```
diff --git a/installer/values.yaml b/installer/values.yaml
index 39dcb006..61466c00 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -25,3 +25,11 @@ sysdig:
   # Uncomment the following two lines to enable Sysdig Platform Audit
   #platformAuditTrail:
   #  enabled: true
+  # Uncomment the following lines to enable origin IP in Sysdig Platform Audit
+  #secure:
+  #  events:
+  #    audit:
+  #      config:
+  #        store:
+  #          ip:
+  #            enabled: true

From cb8bb47061a8b871ed3d4eea0154fb18daef1a79 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Wed, 22 May 2024 18:09:14 +0000
Subject: [PATCH 148/156] updating installer docs

---
 installer/README.md                           |   6 +-
 installer/docs/01-command_line_arguments.md   |  66 +-
 installer/docs/02-configuration_parameters.md | 673 ++++++++++++++++--
 installer/docs/05-networkPolicies.md          |   4 +-
 installer/values.yaml                         |  11 -
 5 files changed, 604 insertions(+), 156 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index ff743055..cd47ed96 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,3 +1,5 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
+
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
@@ -56,10 +58,6 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
-    Set this parameter to `true` if you would like to use Sysdig Platform Audit.
-  - [`sysdig.secure.events.audit.config.store.ip.enabled`](docs/02-configuration_parameters.md#sysdigsecureeventsauditconfigstoreipenabled):
-  	Set this parameter to `true` if you would like to see the origin IP address in Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index a99a9948..cacf8877 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -132,6 +132,7 @@ quay.io/sysdig/postgres:12.10.0.0
 quay.io/sysdig/cp-kafka-6:0.2.1
 quay.io/sysdig/kube-rbac-proxy:v0.8.0
 quay.io/sysdig/secure-onboarding-api:6.0.0.12431
+quay.io/sysdig/nats-streaming-init:0.22.0.8
 quay.io/sysdig/ui-monitor-nginx:6.0.0.12431
 quay.io/sysdig/sysdig-worker:6.0.0.12431
 quay.io/sysdig/profiling-api:6.0.0.12431
@@ -167,6 +168,7 @@ quay.io/sysdig/haproxy-ingress:1.1.5-v0.10
 quay.io/sysdig/sysdig-meerkat-api:6.0.0.12431
 quay.io/sysdig/metadata-service-operator:1.0.1.23
 quay.io/sysdig/netsec:6.0.0.12431
+quay.io/sysdig/nats-streaming:0.22.0.8
 quay.io/sysdig/nats-exporter:0.9.0.2
 quay.io/sysdig/secure-prometheus:2.17.2
 quay.io/sysdig/opensearch-1:0.0.16
@@ -179,7 +181,7 @@ quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
-quay.io/sysdig/cassandra:0.0.36
+quay.io/sysdig/cassandra-3:0.0.36
 quay.io/sysdig/metadata-service-server:1.10.63
 quay.io/sysdig/rapid-response-connector:6.0.0.12431
 quay.io/sysdig/secure-todo-api:6.0.0.12431
@@ -256,68 +258,6 @@ This subcommand is DEPRECATED and will be removed starting from version 6.7.0, y
 
 - Sets the `kubernetesServerVersion` within values.
 
-`--helm-install`
-
-- The installer will extract the necessary files for an installation using the `helm` command only. By default it will create a directory `helm-install` in the directory where the installer is being executed. Content of the directory:
-
-  - `values.hi.yaml`: the complete values generated by the `installer`
-  - `values.hi.nats.yaml` and `values.hi.nats.global.yaml`: values for the rendering of NATSJS
-  - `charts`: the Helm charts that make up the Sysdig onprem stack
-
-`--helm-install-out-dir`
-
-- To use a custom directory to output the files generated by `--helm-install` instead of the default.
-
-### ArgoCD Generation
-
-We have introduced a way to generate ArgoCD apps definitions so that the sysdig stack can be installed using ArgoCD.
-
-At the moment we only take care of the generation of the files, the actual deploy of these files in ArgoCD is left to the user.
-
-`--argocd (boolean)`
-
-Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated. NOTE: that using this flag will automatically also run the generation of charts that you would obtain with the `--helm-install` cli flag, this is because the argoCD generation is strictly tied with the helm-charts being produced in a certain way.
-
-`--argo-repo-url (string)`
-
-URL of repo that will contain ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. (default `git@github.com:ORGANIZATION/SAMPLE-REPO.git`). This will be replaced within the ArgoCD apps definition files.
-
-`--argo-repo-rev (string)`
-
-Name of the branch of the repo to use. (default "main"). This will be replaced within the ArgoCD apps definition files.
-
-example of hierarchy:
-```
-git@github.com:ORGANIZATION/SAMPLE-REPO.git
-    |
-    '- argocd-projects/
-    |        '- sysdig/
-    |        |    '- argocd/
-    |        |    |    '- sysdig-root/
-    |        |    |    '- sysdig-common-config/
-    |        |    |    '- sysdigcloud-infra/
-    |        |    |         [...]
-    |        |    '- helm-install/
-    |        |    |    '- charts/
-    |        |    |          '- chart-1/
-    |        |    |          '- chart-2/
-    |        |    |          [...]
-```
-
-`--argo-git-apps-dir (string)`
-
-Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
-If we look at the example above the correct value for this would be `argocd-projects/sysdig/argocd`.
-
-`--argo-git-charts-dir (string)`
-
-relative path from the repo root that will contain the folder with charts. (default "helm-install/charts"). This will be replaced within the ArgoCD apps definition files. If we look at the example above the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
-
-`--argo-out-dir (string)`
-
-actual output directory on file system where argocd files will be written. Default is `./argocd/`.
-
-
 ## Command: `list-resources`
 
 Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index b9f45cfa..db21a73d 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -385,7 +385,7 @@ elasticsearch:
 ## **elasticsearch.jobs.rollNodes**
 
 **Required**: `false`<br />
-**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time. WARNING: do not set this to true in a 5.x to 6.x upgrade scenario.<br />
+**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time.<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.46<br />
+**Default**: 0.0.35<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.46
+    toolsImageVersion: 0.0.35
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -568,6 +568,21 @@ hostPathCustomPaths:
   postgresql: `/sysdig/pgdata`
 ```
 
+## **hostPathCustomPaths.nats**
+
+**Required**: `false`<br />
+**Description**: The directory to bind mount nats streaming (in HA mode) pod's
+`/var/lib/stan` to on the host. This parameter is relevant
+only when `storageClassProvisioner` is `hostPath`.<br />
+**Options**: <br />
+**Default**: `/var/lib/stan`<br />
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  nats: `/sysdig/stan`
+```
+
 ## **hostPathCustomPaths.natsJs**
 
 **Required**: `false`<br />
@@ -759,6 +774,22 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
+## **pvStorageSize.large.nats**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 10Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    nats: 10Gi
+```
+
 ## **pvStorageSize.large.natsJs**
 
 **Required**: `false`<br />
@@ -775,6 +806,22 @@ pvStorageSize:
     natsJs: 50Gi
 ```
 
+## **pvStorageSize.medium.nats**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    nats: 50Gi
+```
+
 ## **pvStorageSize.medium.natsJs**
 
 **Required**: `false`<br />
@@ -791,6 +838,22 @@ pvStorageSize:
     natsJs: 10Gi
 ```
 
+## **pvStorageSize.small.nats**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 10Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    nats: 10Gi
+```
+
 ## **pvStorageSize.small.natsJs**
 
 **Required**: `false`<br />
@@ -926,12 +989,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker image tag of Cassandra.<br />
 **Options**: <br />
-**Default**: 4.1.3-0.0.14<br />
+**Default**: 2.1.22.5<br />
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 4.1.3-0.0.14
+  cassandraVersion: 2.1.22.5
 ```
 
 ## **sysdig.cassandraExporterVersion**
@@ -939,7 +1002,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:v0.17.0-ubi` <br />
 **Options**: <br />
-**Default**: v0.20.0-ubi<br />
+**Default**: v0.17.0-ubi<br />
 **Example**:
 
 ```yaml
@@ -962,10 +1025,10 @@ sysdig:
       extractCMD: "cat /node-labels/failure-domain.beta.kubernetes.io/zone || cat /node-labels/topology.kubernetes.io/zone"
 ```
 
-## **sysdig.cassandra.useCassandra3** (**Deprecated**)
+## **sysdig.cassandra.useCassandra3**
 
 **Required**: `false`<br />
-**Description**: Deprecated: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -976,10 +1039,10 @@ sysdig:
     useCassandra3: false
 ```
 
-## **sysdig.Cassandra3Version** (**Deprecated**)
+## **sysdig.Cassandra3Version**
 
 **Required**: `false`<br />
-**Description**: Deprecated: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
 **Options**: <br />
 **Default**: `3.11.11.1`<br />
 **Example**:
@@ -1171,10 +1234,10 @@ documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/con
 sysdig:
   cassandra:
     customOverrides: |
-      concurrent_compactors: 6
-      read_request_timeout: 10000ms
-      write_request_timeout: 10000ms
-      request_timeout: 11000ms
+      hinted_handoff_enabled: false
+      concurrent_compactors: 8
+      read_request_timeout_in_ms: 10000
+      write_request_timeout_in_ms: 10000
 ```
 
 ## **sysdig.cassandra.datacenterName**
@@ -1318,41 +1381,6 @@ sysdig:
   elasticsearchVersion: 5.6.16.18
 ```
 
-## **sysdig.platformAuditTrail.enabled**
-
-**Required**: `false`<br />
-**Description**: Global flag to enable Sysdig Platform Audit in all services.
-**Required**: `false`</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
-**Example**:
-
-```yaml
-sysdig:
-  platformAuditTrail:
-    enabled: true
-```
-
-## **sysdig.secure.events.audit.config.store.ip.enabled**
-
-**Required**: `false`<br />
-**Description**: Global flag to enable storing of origin IP in Sysdig Platform Audit in all services.
-**Required**: `false`</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    events:
-      audit:
-        config:
-          store:
-            ip:
-              enabled: true
-```
-
 ## **sysdig.elasticsearch6Version**
 
 **Required**: `false`<br />
@@ -1613,6 +1641,22 @@ sysdig:
   sysdigWorkerVersion: 3.5.1.7018
 ```
 
+## **sysdig.enableAlerter**
+
+**Required**: `false`<br />
+**Description**: This creates a separate deployment for Alerters while
+disabling this functionality in workers. **Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  enableAlerter: true
+```
+
 ## **sysdig.alertingSystem.enabled**
 
 **Required**: `false`<br />
@@ -1793,6 +1837,156 @@ sysdig:
   natsExporterVersion: 0.0.13
 ```
 
+## **sysdig.nats.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable NATS deployment for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    enabled: true
+```
+
+## **sysdig.nats.secure.enabled**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming TLS enabled.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+```
+
+## **sysdig.nats.secure.username**
+
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
+**Description**: NATS username<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
+**Description**: NATS password<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
+## **sysdig.nats.ca**
+
+**Required**: `false`<br />
+**Description**: NATS CA<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ca: <base64(ca.pem)>
+```
+
+## **sysdig.nats.cakey**
+
+**Required**: `false`<br />
+**Description**: NATS CA KEY<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    cakey: <base64(ca.pem)>
+```
+
+## **sysdig.nats.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming HA (High Availability) enabled.<br />
+**Options**:<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ha:
+      enabled: false
+```
+
+## **sysdig.nats.urlha**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming URL for HA deployment.<br />
+**Options**:<br />
+**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
+```
+
+## **sysdig.nats.urltls**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming URL for TLS enabled.<br />
+**Options**:<br />
+**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    urltls: nats://sysdigcloud-nats-streaming-tls:4222
+```
+
+## **sysdig.nats.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats streaming (in HA mode) hostPath persistent volumes should be created on. The number of nodes must be 3. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
 ## **sysdig.openshiftUrl**
 
 **Required**: `false`<br />
@@ -1850,6 +2044,19 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
+## **sysdig.mysqlToPostgresMigrationVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br />
+**Options**:<br />
+**Default**: 1.2.5-mysql-to-postgres<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+```
+
 ## **sysdig.postgresql.rootUser**
 
 **Required**: `false`<br />
@@ -1895,7 +2102,7 @@ sysdig:
 ## **sysdig.postgresql.primary**
 
 **Required**: `false`<br />
-**Description**: Services will start in postgresql mode.<br />
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -4390,6 +4597,98 @@ sysdig:
         memory: 200Mi
 ```
 
+## **sysdig.resources.alerter.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 8      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.alerter.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 8Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.alerter.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 2        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.alerter.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule alerter pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 2Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    alerter:
+      requests:
+        memory: 200Mi
+```
+
 ## **sysdig.resources.collector.limits.cpu**
 
 **Required**: `false`<br />
@@ -5302,8 +5601,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Scanning DB engine<br />
-**Options**: postgres|inmem<br />
-**Default**: postgres<br />
+**Options**:<br />
+**Default**: mysql<br />
 **Example**:
 
 ```yaml
@@ -5311,7 +5610,7 @@ sysdig:
   secure:
     scanning:
       retentionMgr:
-        scanningDBEngine: postgres
+        scanningDBEngine: mysql
 ```
 
 ## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
@@ -6819,6 +7118,98 @@ sysdig:
         gomemlimit: 900MiB
 ```
 
+## **sysdig.resources.nats-streaming.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.nats-streaming.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.nats-streaming.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.nats-streaming.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
+```
+
 ## **sysdig.resources.activity-audit-api.limits.cpu**
 
 **Required**: `false`<br />
@@ -8193,13 +8584,14 @@ sysdig:
 ## **sysdig.cassandraReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Cassandra replicas<br />
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 3     |
+| small        | 1     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8395,13 +8787,14 @@ sysdig:
 ## **sysdig.elasticsearchReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of ElasticSearch replicas<br />
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 3     |
+| small        | 1     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8454,6 +8847,27 @@ sysdig:
   workerReplicaCount: 7
 ```
 
+## **sysdig.alerterReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
 ## **sysdig.eventsGathererReplicaCount**
 
 **Required**: `false`<br />
@@ -8712,6 +9126,7 @@ sysdig:
 sysdig:
   collector:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.collector.certificate.generate**
@@ -8795,9 +9210,25 @@ sysdig:
 sysdig:
   worker:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **sysdig.secure.eventsForwarder.enabledIntegrations**
+## **sysdig.alerter.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Sysdig Alerter jvm.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.eventsForwarderEnabledIntegrations**
 
 **Required**: `false`<br />
 **Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br />
@@ -8807,9 +9238,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      enabledIntegrations: "MCM,QRADAR"
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
 ## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
@@ -8945,15 +9374,15 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: which scanning database engine to use. <br />
-**Options**: postgres<br />
-**Default**: postgres<br />
+**Options**: mysql<br />
+**Default**: "mysql"<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
     veJanitor:
-      scanningDbEngine: postgres
+      scanningDbEngine: "mysql"
 ```
 
 ## **sysdig.metadataService.enabled**
@@ -12888,10 +13317,102 @@ sysdig:
         memory: 100Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-worker-host.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker-host pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-host:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-host.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker-host pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-host:
+      limits:
+        memory: 1Gi
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-host.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-host pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-host:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-host.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker-host pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningv2-reporting-worker-host:
+      requests:
+        memory: 250Mi
+```
+
+## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker-k8s pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12906,15 +13427,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-reporting-worker-k8s:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
+## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker-k8s pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12929,15 +13450,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-reporting-worker-k8s:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-k8s pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12952,15 +13473,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-reporting-worker-k8s:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
+## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker-k8s pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12975,7 +13496,7 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-reporting-worker-k8s:
       requests:
         memory: 250Mi
 ```
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index 4c69750b..fe03c37c 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -27,7 +27,7 @@ A validation checks that the minimal requirements for each type of environment (
 
 - if `.deployment=kubernetes`, then the `.networkPolicies.ingress.haproxy.allowedNetworks` is required
 
-- if `.deployment=iks`, then the `.networkPolicies.ingress.alb.selector` is required
+- if `.deployment=iks`, then the `.networkPolicies.ingress.alb
 
 ## Parameters
 
@@ -49,7 +49,7 @@ networkPolicies:
 
 **Required**: `false` <br />
 **Description**: to render the NetworkPolicies this flag must be set to `deny`. It works together with flag `networkPolicies.enabled`.<br />
-**Options**: `deny|allow`<br />
+**Options**: `deny`/`allow`<br />
 **Default**: `false`<br />
 
 **Example**:
diff --git a/installer/values.yaml b/installer/values.yaml
index 61466c00..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -22,14 +22,3 @@ sysdig:
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
   ingressClassName: haproxy
-  # Uncomment the following two lines to enable Sysdig Platform Audit
-  #platformAuditTrail:
-  #  enabled: true
-  # Uncomment the following lines to enable origin IP in Sysdig Platform Audit
-  #secure:
-  #  events:
-  #    audit:
-  #      config:
-  #        store:
-  #          ip:
-  #            enabled: true

From b3928d477d5c7af8f3a0a53d5720b39140f3c3c1 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 21 Jun 2024 22:23:36 +0000
Subject: [PATCH 149/156] updating installer docs

---
 installer/README.md                           |    6 +-
 installer/docs/01-command_line_arguments.md   |  100 +-
 installer/docs/02-configuration_parameters.md | 1561 +++++++++--------
 installer/docs/03-upgrade.md                  |   10 +-
 installer/docs/04-advanced_configuration.md   |    2 +-
 installer/docs/05-networkPolicies.md          |    8 +-
 installer/values.yaml                         |   11 +
 7 files changed, 937 insertions(+), 761 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cd47ed96..ff743055 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,5 +1,3 @@
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
-
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
@@ -58,6 +56,10 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
+  - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
+    Set this parameter to `true` if you would like to use Sysdig Platform Audit.
+  - [`sysdig.secure.events.audit.config.store.ip.enabled`](docs/02-configuration_parameters.md#sysdigsecureeventsauditconfigstoreipenabled):
+  	Set this parameter to `true` if you would like to see the origin IP address in Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index cacf8877..99c9efd2 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -3,7 +3,7 @@
 <!-- Title: Command Line Arguments -->
 <!-- Layout: plain -->
 
-# Command line arguments explained
+# Command Line Arguments
 
 <br/>
 
@@ -13,12 +13,12 @@
 
 - installer does not deploy the `namespace.yaml` manifest.
   It expects the Namespace to exist and to match the value in `values.yaml`
-  There is no validation, in case of mismatch the installer will fail
+  If there is a mismatch, the installer will fail as no validation is in place.
 
 `--skip-pull-secret`
 
-- the services expect the pull secret to exist,
-  to have the expected name (`sysdigcloud-pull-secret`) and to allow access to the registry.
+- The services require the pull secret to exist with the expected name (`sysdigcloud-pull-secret`) and to have access to the registry.
+
 - if the pull secret is missing, the behaviour could be unpredictable:
   some Pods could start if they can find the image locally and if their `imagePullPolicy`
   is not `Always`
@@ -26,7 +26,7 @@
 
 `--skip-serviceaccount`
 
-- The user must provide SAs with the exact same name expected:
+- The user must provide service accounts with the exact same name expected:
 
 ```text
 sysdig-serviceaccount.yaml:  name: sysdig
@@ -36,10 +36,10 @@ sysdig-serviceaccount.yaml:  name: sysdig-elasticsearch
 sysdig-serviceaccount.yaml:  name: sysdig-cassandra
 ```
 
-- One implication of this is that unless the `node-to-labels` SA is added,
-  rack awareness will not work neither in Cassandra nor in ES (to be verified)
-  Another implication is that if SA(s) are missing, the user will have to `describe`
-  the STS because Pods will not start at all:
+- One implication of this is that unless the `node-to-labels` ServiceAccount is added,
+  rack awareness will not be available for any datastore.
+  Another implication is that if the  ServiceAccount(s) are missing, the user will have to `describe`
+  the StatefulSet because Pods will not start at all:
 
 ```text
 Events:
@@ -54,13 +54,19 @@ Events:
 - installer does not apply the StorageClass manifest.
   It expects the storageClassName specified in values.yaml to exist.
 
+`--disable-proxy`
+
+- This flag allows disabling an existing configuration for proxy. Several services can be configured to use a proxy to go out to the Internet. For example `scanningv2-pkgmeta`, `certmanager`, `eventsForwarder` etc.
+- If it becomes necessary to remove such configuration, this flag can be used to remove the proxy configuration.
+- This flag also applies to `generate`, `diff` and `import`.
+
 ## Command: `import`
 
 `--zookeeper-workloadname <string value>`
 
 - This is the value that will be used for the `zookeeper` StatefulSet.
 The default value is `zookeeper`, this argument must be used when the
-actual name of the STS in the cluster differs
+actual name of the StatefulSet in the cluster differs
 
 `--kafka-workloadname <value>`
 
@@ -76,8 +82,6 @@ actual name of the STS in the cluster differs
 
 ## Command: `update-license`
 
-Added November 2022, this is a new command.
-
 ** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
 
 This command performs the minimal changes and restarts to apply a new license.
@@ -97,8 +101,6 @@ This command performs the following:
 
 ## Command: `image-list`
 
-Added November 2022
-
 This command prints to `stdout` (and optionally to a file) a list of all images in a generated stack.
 
 It requires a `values.yaml` and it produces a list of images based on that `values.yaml`.
@@ -107,7 +109,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Flags
 
-`-f <filename>` - write the list to a file. **If the file exists, it is overwritten**
+`-f <filename>` - write the list to a file. If the file already exists, it will be overwritten.
 
 ### Example
 
@@ -132,7 +134,6 @@ quay.io/sysdig/postgres:12.10.0.0
 quay.io/sysdig/cp-kafka-6:0.2.1
 quay.io/sysdig/kube-rbac-proxy:v0.8.0
 quay.io/sysdig/secure-onboarding-api:6.0.0.12431
-quay.io/sysdig/nats-streaming-init:0.22.0.8
 quay.io/sysdig/ui-monitor-nginx:6.0.0.12431
 quay.io/sysdig/sysdig-worker:6.0.0.12431
 quay.io/sysdig/profiling-api:6.0.0.12431
@@ -168,7 +169,6 @@ quay.io/sysdig/haproxy-ingress:1.1.5-v0.10
 quay.io/sysdig/sysdig-meerkat-api:6.0.0.12431
 quay.io/sysdig/metadata-service-operator:1.0.1.23
 quay.io/sysdig/netsec:6.0.0.12431
-quay.io/sysdig/nats-streaming:0.22.0.8
 quay.io/sysdig/nats-exporter:0.9.0.2
 quay.io/sysdig/secure-prometheus:2.17.2
 quay.io/sysdig/opensearch-1:0.0.16
@@ -177,11 +177,10 @@ quay.io/sysdig/reporting-api:6.0.0.12431
 quay.io/sysdig/promchap:0.99.0-master.2022-11-18T13-46-40Z.d6b3d10f83
 quay.io/sysdig/redis-6:1.0.1
 quay.io/sysdig/ui-admin-nginx:6.0.0.12431
-quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
-quay.io/sysdig/cassandra-3:0.0.36
+quay.io/sysdig/cassandra:0.0.36
 quay.io/sysdig/metadata-service-server:1.10.63
 quay.io/sysdig/rapid-response-connector:6.0.0.12431
 quay.io/sysdig/secure-todo-api:6.0.0.12431
@@ -258,6 +257,69 @@ This subcommand is DEPRECATED and will be removed starting from version 6.7.0, y
 
 - Sets the `kubernetesServerVersion` within values.
 
+`--helm-install`
+
+- The installer will extract the necessary files for an installation using the `helm` command only. By default it will create a directory `helm-install` in the directory where the installer is being executed. Content of the directory:
+
+  - `values.hi.yaml`: the complete values generated by the `installer`
+  - `values.hi.nats.yaml` and `values.hi.nats.global.yaml`: values for the rendering of NATSJS
+  - `charts`: the Helm charts that make up the Sysdig onprem stack
+
+`--helm-install-out-dir`
+
+- To use a custom directory to output the files generated by `--helm-install` instead of the default.
+
+### ArgoCD Generation
+
+We have introduced a way to generate ArgoCD apps definitions so that the sysdig stack can be installed using ArgoCD.
+
+At the moment we only take care of the generation of the files, the actual deploy of these files in ArgoCD is left to the user.
+
+`--argocd (boolean)`
+
+Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated.
+NOTE: Using this flag will automatically generate the charts that you would obtain with the --helm-install CLI flag. This happens because the argoCD generation is closely linked to the specific production method of the helm-charts.
+
+`--argo-repo-url (string)`
+
+The URL of the repository that will contain the ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. The default is `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. This will be replaced within the ArgoCD apps definition files.
+
+`--argo-repo-rev (string)`
+
+The name of the branch of the repo to use. The default is `main`. This will be replaced within the ArgoCD apps definition files.
+
+example of hierarchy:
+```
+git@github.com:ORGANIZATION/SAMPLE-REPO.git
+    |
+    '- argocd-projects/
+    |        '- sysdig/
+    |        |    '- argocd/
+    |        |    |    '- sysdig-root/
+    |        |    |    '- sysdig-common-config/
+    |        |    |    '- sysdigcloud-infra/
+    |        |    |         [...]
+    |        |    '- helm-install/
+    |        |    |    '- charts/
+    |        |    |          '- chart-1/
+    |        |    |          '- chart-2/
+    |        |    |          [...]
+```
+
+`--argo-git-apps-dir (string)`
+
+Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
+If you consider the example above, the correct value for this would be `argocd-projects/sysdig/argocd`.
+
+`--argo-git-charts-dir (string)`
+
+The relative path from the repo root that will contain the folder with charts. The default is `helm-install/charts`. This will be replaced within the ArgoCD apps definition files. If you consider the example above, the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
+
+`--argo-out-dir (string)`
+
+actual output directory on file system where argocd files will be written. Default is `./argocd/`.
+
+
 ## Command: `list-resources`
 
 Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index db21a73d..b73ba426 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -385,7 +385,7 @@ elasticsearch:
 ## **elasticsearch.jobs.rollNodes**
 
 **Required**: `false`<br />
-**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time.<br />
+**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time. WARNING: do not set this to true in a 5.x to 6.x upgrade scenario.<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.35<br />
+**Default**: 0.0.48<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.35
+    toolsImageVersion: 0.0.48
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -568,21 +568,6 @@ hostPathCustomPaths:
   postgresql: `/sysdig/pgdata`
 ```
 
-## **hostPathCustomPaths.nats**
-
-**Required**: `false`<br />
-**Description**: The directory to bind mount nats streaming (in HA mode) pod's
-`/var/lib/stan` to on the host. This parameter is relevant
-only when `storageClassProvisioner` is `hostPath`.<br />
-**Options**: <br />
-**Default**: `/var/lib/stan`<br />
-**Example**:
-
-```yaml
-hostPathCustomPaths:
-  nats: `/sysdig/stan`
-```
-
 ## **hostPathCustomPaths.natsJs**
 
 **Required**: `false`<br />
@@ -630,12 +615,23 @@ nodeaffinityLabel:
   value: sysdig
 ```
 
+## **pvStorageSize.cassandra**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Cassandra, regardless of the cluster `size` used. This option *does not* apply when [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 30Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+    cassandra: 500Gi
+```
+
 ## **pvStorageSize.large.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) large. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 300Gi<br />
 **Example**:
@@ -681,9 +677,7 @@ pvStorageSize:
 ## **pvStorageSize.medium.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) medium. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 150Gi<br />
 **Example**:
@@ -729,9 +723,7 @@ pvStorageSize:
 ## **pvStorageSize.small.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) small. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 30Gi<br />
 **Example**:
@@ -774,22 +766,6 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 10Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    nats: 10Gi
-```
-
 ## **pvStorageSize.large.natsJs**
 
 **Required**: `false`<br />
@@ -806,22 +782,6 @@ pvStorageSize:
     natsJs: 50Gi
 ```
 
-## **pvStorageSize.medium.nats**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 50Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  medium:
-    nats: 50Gi
-```
-
 ## **pvStorageSize.medium.natsJs**
 
 **Required**: `false`<br />
@@ -838,22 +798,6 @@ pvStorageSize:
     natsJs: 10Gi
 ```
 
-## **pvStorageSize.small.nats**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 10Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  small:
-    nats: 10Gi
-```
-
 ## **pvStorageSize.small.natsJs**
 
 **Required**: `false`<br />
@@ -989,12 +933,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker image tag of Cassandra.<br />
 **Options**: <br />
-**Default**: 2.1.22.5<br />
+**Default**: 4.1.3-0.0.14<br />
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.22.5
+  cassandraVersion: 4.1.3-0.0.14
 ```
 
 ## **sysdig.cassandraExporterVersion**
@@ -1002,7 +946,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:v0.17.0-ubi` <br />
 **Options**: <br />
-**Default**: v0.17.0-ubi<br />
+**Default**: v0.20.0-ubi<br />
 **Example**:
 
 ```yaml
@@ -1025,10 +969,10 @@ sysdig:
       extractCMD: "cat /node-labels/failure-domain.beta.kubernetes.io/zone || cat /node-labels/topology.kubernetes.io/zone"
 ```
 
-## **sysdig.cassandra.useCassandra3**
+## **sysdig.cassandra.useCassandra3** (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
+**Description**: Deprecated: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -1039,10 +983,10 @@ sysdig:
     useCassandra3: false
 ```
 
-## **sysdig.Cassandra3Version**
+## **sysdig.Cassandra3Version** (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
+**Description**: Deprecated: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
 **Options**: <br />
 **Default**: `3.11.11.1`<br />
 **Example**:
@@ -1234,10 +1178,10 @@ documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/con
 sysdig:
   cassandra:
     customOverrides: |
-      hinted_handoff_enabled: false
-      concurrent_compactors: 8
-      read_request_timeout_in_ms: 10000
-      write_request_timeout_in_ms: 10000
+      concurrent_compactors: 6
+      read_request_timeout: 10000ms
+      write_request_timeout: 10000ms
+      request_timeout: 11000ms
 ```
 
 ## **sysdig.cassandra.datacenterName**
@@ -1381,6 +1325,41 @@ sysdig:
   elasticsearchVersion: 5.6.16.18
 ```
 
+## **sysdig.platformAuditTrail.enabled**
+
+**Required**: `false`<br />
+**Description**: Global flag to enable Sysdig Platform Audit in all services.
+**Required**: `false`</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  platformAuditTrail:
+    enabled: true
+```
+
+## **sysdig.secure.events.audit.config.store.ip.enabled**
+
+**Required**: `false`<br />
+**Description**: Global flag to enable storing of origin IP in Sysdig Platform Audit in all services.
+**Required**: `false`</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      audit:
+        config:
+          store:
+            ip:
+              enabled: true
+```
+
 ## **sysdig.elasticsearch6Version**
 
 **Required**: `false`<br />
@@ -1394,17 +1373,30 @@ sysdig:
   elasticsearch6Version: 6.8.6.12
 ```
 
+## **sysdig.opensearchImageName**
+
+**Required**: `false`<br />
+**Description**: Docker Image name for Opensearch. Eg, for Opensearch 2: "opensearch-2".<br />
+**Options**:<br />
+**Default**: opensearch-2<br />
+**Example**:
+
+```yaml
+sysdig:
+  opensearchImageName: "opensearch-2"
+```
+
 ## **sysdig.opensearchVersion**
 
 **Required**: `false`<br />
 **Description**: The docker image tag of Opensearch.<br />
 **Options**:<br />
-**Default**: 0.0.16<br />
+**Default**: 0.0.6<br />
 **Example**:
 
 ```yaml
 sysdig:
-  opensearchVersion: 0.0.16
+  opensearchVersion: 0.0.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1641,22 +1633,6 @@ sysdig:
   sysdigWorkerVersion: 3.5.1.7018
 ```
 
-## **sysdig.enableAlerter**
-
-**Required**: `false`<br />
-**Description**: This creates a separate deployment for Alerters while
-disabling this functionality in workers. **Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  enableAlerter: true
-```
-
 ## **sysdig.alertingSystem.enabled**
 
 **Required**: `false`<br />
@@ -1837,156 +1813,6 @@ sysdig:
   natsExporterVersion: 0.0.13
 ```
 
-## **sysdig.nats.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable NATS deployment for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    enabled: true
-```
-
-## **sysdig.nats.secure.enabled**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming TLS enabled.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-```
-
-## **sysdig.nats.secure.username**
-
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
-**Description**: NATS username<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
-**Description**: NATS password<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
-## **sysdig.nats.ca**
-
-**Required**: `false`<br />
-**Description**: NATS CA<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    ca: <base64(ca.pem)>
-```
-
-## **sysdig.nats.cakey**
-
-**Required**: `false`<br />
-**Description**: NATS CA KEY<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    cakey: <base64(ca.pem)>
-```
-
-## **sysdig.nats.ha.enabled**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming HA (High Availability) enabled.<br />
-**Options**:<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    ha:
-      enabled: false
-```
-
-## **sysdig.nats.urlha**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming URL for HA deployment.<br />
-**Options**:<br />
-**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
-```
-
-## **sysdig.nats.urltls**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming URL for TLS enabled.<br />
-**Options**:<br />
-**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    urltls: nats://sysdigcloud-nats-streaming-tls:4222
-```
-
-## **sysdig.nats.hostPathNodes**
-
-**Required**: `false`<br />
-**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats streaming (in HA mode) hostPath persistent volumes should be created on. The number of nodes must be 3. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br />
-**Options**:<br />
-**Default**: [] <br />
-
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    hostPathNodes:
-      - my-cool-host1.com
-```
-
 ## **sysdig.openshiftUrl**
 
 **Required**: `false`<br />
@@ -2044,19 +1870,6 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
-
-**Required**: `false`<br />
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br />
-**Options**:<br />
-**Default**: 1.2.5-mysql-to-postgres<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
-```
-
 ## **sysdig.postgresql.rootUser**
 
 **Required**: `false`<br />
@@ -2102,7 +1915,7 @@ sysdig:
 ## **sysdig.postgresql.primary**
 
 **Required**: `false`<br />
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br />
+**Description**: Services will start in postgresql mode.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -3436,12 +3249,12 @@ redisTls:
 
 A Monitor service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
 
-| Instance  | Component |
-| --------- | --------- |
-| agent     | agent     |
-| common    | common    |
+| Instance  | Component                                                 |
+| --------- | --------------------------------------------------------- |
+| agent     | agent                                                     |
+| common    | common                                                    |
 | monitor-1 | cache, distributedJobs, ibmCache, promchap, policiesCache |
-| monitor-2 | alerting, meerkat, metering, prws |
+| monitor-2 | alerting, meerkat, metering, prws                         |
 
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
 **Default**: _Redis standalone/Redis HA_<br />
@@ -3500,9 +3313,9 @@ redisClientsMonitor:
 
 A Secure service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
 
-| Instance  | Component |
-| --------- | --------- |
-| profiling | profiling |
+| Instance  | Component                                                                                             |
+| --------- | ----------------------------------------------------------------------------------------------------- |
+| profiling | profiling                                                                                             |
 | secure-1  | scanning, forensic, events, rapidResponse, overview, compliance, cloudsec, policies, netsec, padvisor |
 
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
@@ -4597,17 +4410,17 @@ sysdig:
         memory: 200Mi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to alerter pods<br />
+**Description**: The amount of cpu assigned to collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 8      |
+| medium       | 4      |
 | large        | 16     |
 
 **Example**:
@@ -4615,22 +4428,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to alerter pods<br />
+**Description**: The amount of memory assigned to collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
+| medium       | 4Gi    |
 | large        | 16Gi   |
 
 **Example**:
@@ -4638,22 +4451,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    collector:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule alerter pods<br />
+**Description**: The amount of cpu required to schedule collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
+| medium       | 1        |
 | large        | 4        |
 
 **Example**:
@@ -4661,22 +4474,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    collector:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule alerter pods<br />
+**Description**: The amount of memory required to schedule collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
+| medium       | 1Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -4684,107 +4497,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    collector:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.anchore-core.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to collector pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    collector:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.collector.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to collector pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    collector:
-      limits:
-        memory: 10Mi
-```
-
-## **sysdig.resources.collector.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule collector pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    collector:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.collector.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule collector pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    collector:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.resources.anchore-core.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to anchore-core pods<br />
+**Description**: The amount of cpu assigned to anchore-core pods<br />
 **Options**:<br />
 **Default**:
 
@@ -5601,8 +5322,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Scanning DB engine<br />
-**Options**:<br />
-**Default**: mysql<br />
+**Options**: postgres|inmem<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
@@ -5610,7 +5331,7 @@ sysdig:
   secure:
     scanning:
       retentionMgr:
-        scanningDBEngine: mysql
+        scanningDBEngine: postgres
 ```
 
 ## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
@@ -5865,102 +5586,6 @@ sysdig:
         memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to admission-controller-api PG
-migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningAdmissionControllerApiPgMigrate:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to admission-controller-api PG
-migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 256Mi  |
-| large        | 256Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningAdmissionControllerApiPgMigrate:
-      limits:
-        memory: 256Mi
-```
-
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule admission-controller-api
-PG migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningAdmissionControllerApiPgMigrate:
-      requests:
-        cpu: 100m
-```
-
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule admission-controller-api
-PG migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    admission-controller-api-pg-migrate:
-      requests:
-        memory: 50Mi
-```
-
 ## **sysdig.resources.reporting-init.limits.cpu**
 
 **Required**: `false`<br />
@@ -7118,98 +6743,6 @@ sysdig:
         gomemlimit: 900MiB
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.nats-streaming.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
-```
-
-## **sysdig.resources.nats-streaming.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.nats-streaming.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        memory: 1Gi
-```
-
 ## **sysdig.resources.activity-audit-api.limits.cpu**
 
 **Required**: `false`<br />
@@ -8584,14 +8117,13 @@ sysdig:
 ## **sysdig.cassandraReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br />
+**Description**: Number of Cassandra replicas<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 1     |
+| small        | 3     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8787,14 +8319,13 @@ sysdig:
 ## **sysdig.elasticsearchReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br />
+**Description**: Number of ElasticSearch replicas<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 1     |
+| small        | 3     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8847,27 +8378,6 @@ sysdig:
   workerReplicaCount: 7
 ```
 
-## **sysdig.alerterReplicaCount**
-
-**Required**: `false`<br />
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br />
-**Options**:<br />
-**Default**:<br />
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
 ## **sysdig.eventsGathererReplicaCount**
 
 **Required**: `false`<br />
@@ -9126,7 +8636,6 @@ sysdig:
 sysdig:
   collector:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.collector.certificate.generate**
@@ -9210,25 +8719,9 @@ sysdig:
 sysdig:
   worker:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-
-**Required**: `false`<br />
-**Description**: Custom configuration for Sysdig Alerter jvm.<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **sysdig.secure.eventsForwarder.enabledIntegrations**
 
 **Required**: `false`<br />
 **Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br />
@@ -9238,7 +8731,9 @@ sysdig:
 
 ```yaml
 sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+  secure:
+    eventsForwarder:
+      enabledIntegrations: "MCM,QRADAR"
 ```
 
 ## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
@@ -9374,15 +8869,15 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: which scanning database engine to use. <br />
-**Options**: mysql<br />
-**Default**: "mysql"<br />
+**Options**: postgres<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
     veJanitor:
-      scanningDbEngine: "mysql"
+      scanningDbEngine: postgres
 ```
 
 ## **sysdig.metadataService.enabled**
@@ -13317,102 +12812,10 @@ sysdig:
         memory: 100Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-host.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker-host pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.scanningv2-reporting-worker-host.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker-host pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      limits:
-        memory: 1Gi
-```
-
-## **sysdig.resources.scanningv2-reporting-worker-host.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-host pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.scanningv2-reporting-worker-host.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker-host pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      requests:
-        memory: 250Mi
-```
-
-## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker-k8s pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13427,15 +12830,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker-k8s:
+    scanningv2-reporting-worker:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.memory**
+## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker-k8s pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13450,15 +12853,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker-k8s:
+    scanningv2-reporting-worker:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-k8s pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13473,15 +12876,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker-k8s:
+    scanningv2-reporting-worker:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.memory**
+## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker-k8s pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13496,7 +12899,7 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker-k8s:
+    scanningv2-reporting-worker:
       requests:
         memory: 250Mi
 ```
@@ -13927,6 +13330,142 @@ sysdig:
         user: alice
 ```
 
+## **sysdig.secure.certman.proxy.enable**
+
+**Required**: `false`<br />
+**Description**: Set proxy settings for secure certman (overrides global settings)<br />
+**Options**: `true|false`<br />
+**Default**:
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: false
+```
+
+## **sysdig.secure.certman.proxy.host**
+
+**Required**: `false`<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable)
+is configured.<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
+```
+
+## **sysdig.secure.certman.proxy.noProxy**
+
+**Required**: `false`<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Options**:<br />
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
+```
+
+## **sysdig.secure.certman.proxy.password**
+
+**Required**: `false`<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        password: F00B@r!
+```
+
+## **sysdig.secure.certman.proxy.port**
+
+**Required**: `false`<br />
+**Description**: The port the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
+**Options**:<br />
+**Default**: `80`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        port: 3128
+```
+
+## **sysdig.secure.certman.proxy.protocol**
+
+**Required**: `false`<br />
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        protocol: https
+```
+
+## **sysdig.secure.certman.proxy.user**
+
+**Required**: `false`<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        user: alice
+```
+
 ## **sysdig.postgresDatabases.PRWSInternalIngestion**
 
 **Required**: `false`<br />
@@ -14087,6 +13626,39 @@ sysdig:
       enabled: true
 ```
 
+## **sysdig.secure.scanningv2.proxy**
+
+**Required**: `false`<br />
+**Description**: Enables use of a proxy for two ScanningV2 services: PkgMeta and VulnAPI.<br />
+**Options**:<br />
+**Default**: `false`<br />
+**Example**:
+
+```
+  secure:
+    scanningv2:
+      proxy:
+        defaultNoProxy: "https://foo.bar"
+        user: "user01"
+        password: "password"
+        noProxy: "localhost"
+        enable: true
+        host: "myproxy.example.com"
+        port: 3128
+        protocol: "http"
+```
+ **Related parameters**:
+
+``` 
+sysdig.secure.scanningv2.proxy.enable
+sysdig.secure.scanningv2.proxy.defaultNoProxy
+sysdig.secure.scanningv2.proxy.user
+sysdig.secure.scanningv2.proxy.noProxy
+sysdig.secure.scanningv2.proxy.host
+sysdig.secure.scanningv2.proxy.port
+sysdig.secure.scanningv2.proxy.protocol
+```
+
 ## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
 
 **Required**: `true`<br />
@@ -14333,3 +13905,532 @@ sysdig:
     scanningv2:
       airgappedFeeds: true
 ```
+
+## **sysdig.secure.scanningV2.scanRequestor.enabled**
+**Required**: `false`<br />
+**Description**: Enables the ScanRequestor BE component. By default it is set at true; setting it at false disables the ScanRequestor. If this flag is set at false also the **sysdig.secure.scanningv2.agentsConf.isBackendScanningEnabled** must be set at `false`<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        enabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.deploymentType**
+**Required**: `false`<br />
+**Description**: Defines whether the ScanRequestor should exploit MinIO as S3 storage. Setting the value at `onprem` enables the initialization job required for the ScanRequestor to set-up required buckets on MinIO and triggers the deployment of MinIO in on-prem. If set at `saas` the storage type for the SR will be s3, if not set or empty SR will use cassandra. <br/>
+**Options**: `onprem|saas|empty`<br />
+**Default**: `empty`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        deploymentType: saas
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.loggingLevel**
+**Required**: `false`<br />
+**Description**: Sets the log level for the scan requestor component<br/>
+**Options**: `TRACE|DEBUG|INFO|WARN|ERROR`<br />
+**Default**: `INFO`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        loggingLevel: INFO
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.serviceAccount**
+**Required**: `false`<br />
+**Description**: Sets the service account (name) used to access the (S3) storage in case the selected storage type is S3.<br/>
+**Default**: `sysdig`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        serviceAccount: sysdig
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.type**
+**Required**: `false`<br />
+**Description**: Sets the type of storage is used by the ScanRequestor to persist its state.<br/>
+**Options**: `S3|cassandra`<br />
+**Default**: `cassandra`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          type: cassandra
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.bucketName**
+**Required**: `false`<br />
+**Description**: Sets the name of the bucket on which the ScanRequestor will store state and staging information, if the selected storage type is `S3`.<br/>
+**Default**: `scan-requestor`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          bucketName: "scan-requestor"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.endpoint**
+**Required**: `false`<br />
+**Description**: Sets the URl of the S3 service to use as storage, if the selected storage type is S3<br/>
+**Default**: `https://sysdigcloud-minio-hl.<namespace>.svc.cluster.local:9000`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          endpoint: https://sysdigcloud-minio-hl.sysdigloud.svc.cluster.local:9000
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.region**
+**Required**: `false`<br />
+**Description**: Sets the region S3 service to use as storage, if the selected storage type is S3. Set to `auto` for MinIO deployments.<br/>
+**Default**: `auto`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          region: auto
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.retentionTime**
+**Required**: `false`<br />
+**Description**: Sets the bucket retention time, if the selected storage type is S3 and the deployment is onprem (i.e., MinIO is used).<br/>
+**Default**: `2`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          retentionTime: 2
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.caCrt**
+**Required**: `false`<br />
+**Description**: Sets the certificate of the S3 service to use as storage, if the selected storage type is S3<br/>
+**Default**: `/opt/certs/minio-tls-ca/public.crt`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          caCrt: "/opt/certs/minio-tls-ca/public.crt"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.enabled**
+**Required**: `false`<br />
+**Description**: Enables the (PostgreSQL) Request Store used by the SR to store the ScanNow and ACValidation queue of requests.<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            enabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestMaxAge**
+**Required**: `false`<br />
+**Description**: The maximum age for requests to be considered still valid/pending<br/>
+**Default**: `1h`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            requestMaxAge: "1h"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestReplyTimeout**
+**Required**: `false`<br />
+**Description**: The period of time after which a scan request (in the ScanNow flow) is considered failed if no response is received.<br/>
+**Default**: `30s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            requestReplyTimeout: 30s
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.hosts**
+**Required**: `false`<br />
+**Description**: The URL of cassandra server(s).<br/>
+**Default**: `sysdigcloud-cassandra:9042`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            hosts: "sysdigcloud-cassandra:9042"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.keyspace**
+**Required**: `false`<br />
+**Description**: The cassandra key space to use for storing ScanRequestor tables.<br/>
+**Default**: `sysdig_scanning`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            keyspace: "sysdig_scanning"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.protocolVersion**
+**Required**: `false`<br />
+**Description**: The protocol version used to communicate with Cassandra<br/>
+**Default**: `3`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            protocolVersion: "3"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.replicationFactor**
+**Required**: `false`<br />
+**Description**: The replication factor to use for ScanRequestor tables.<br/>
+**Default**: `3`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            replicationFactor: "3"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.datacenter**
+**Required**: `false`<br />
+**Description**: The datacenter identifier to be used for cassandra communication.<br/>
+**Default**: `datacenter1`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            datacenter: "datacenter1"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.requestTimeout**
+**Required**: `false`<br />
+**Description**: The timeout for cassandra requests.<br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            requestTimeout: "3s"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxReadRequests**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            maxReadRequests: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxWriteRequests**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            maxWriteRequests: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionEnabled**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            compressionEnabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionThreshold**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            compressionThreshold: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.Metadata**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              metadata: "86400"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.state**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              state: "86400"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.events**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              events: "86400"
+```
+
+## **sysdig.s3.scanRequestor.accessKeyId**
+**Required**: `false`<br />
+**Description**: The S3 access-key id to be used when the storage type is set at S3.<br/>
+**Default**: `scanningv2_scanrequestor`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    scanRequestor:
+      accessKeyId: "a-key"
+```
+## **sysdig.s3.scanRequestor.secretAccessKey**
+**Required**: `false`<br />
+**Description**: The S3 secret access-key id to be used when the storage type is set at S3.<br/>
+**Default**: `random`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    scanRequestor:
+      secretAccessKey: "DLGJdgoiefebefhbhdfuhvbEAFBVAUGWUEghdwbYUWREG"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.interval**
+**Required**: `false`<br />
+**Description**: The interval between two subsequent processing of messages in the ScanRequestor staging area. Should be no lower than `5m`<br/>
+**Default**: `5m`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          interval: "5m"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.startDelay**
+**Required**: `false`<br />
+**Description**: The initial delay in staging area scheduled processing.<br/>
+**Default**: `10s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          startDelay: "10s"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.timeout**
+**Required**: `false`<br />
+**Description**: The timeout for getting partition processing requests from NATS.<br/>
+**Default**: `30s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          timeout: "30s"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.partitionProcessing.deleteObjectsAfter**
+**Required**: `false`<br />
+**Description**: A flag requiring to delete events from the staging area, as soon as they are processed. Must be `true` when using the S3 MinIO backend to avoid incurring into premature end of available inodes.<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        partitionProcessing:
+          deleteObjectsAfter: true
+```
\ No newline at end of file
diff --git a/installer/docs/03-upgrade.md b/installer/docs/03-upgrade.md
index 1d62842b..4c02d03e 100644
--- a/installer/docs/03-upgrade.md
+++ b/installer/docs/03-upgrade.md
@@ -28,9 +28,9 @@ Options](../README.md#quickstart-install) for more context.
 
 <br />
 
-### Step 1
+### Step 1 - Download the latest `values.yaml` template
 
-Copy the current version sysdig-chart/values.yaml to your working directory.
+Copy the current version `sysdig-chart/values.yaml` to your working directory.
 
 ```bash
 wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
@@ -38,7 +38,7 @@ wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/ins
 
 <br />
 
-### Step 2
+### Step 2 - Configure `values.yaml` according to your environment
 
 Edit the following values:
 
@@ -95,7 +95,7 @@ would also edit the following values:
 
 <br />
 
-### Step 3
+### Step 3 - Check differences with the old Sysdig environment
 
 Run the Installer (if you are in airgapped environment make sure you follow
 instructions from installation on how to get the images to your airgapped
@@ -107,7 +107,7 @@ registry)
 
 <br />
 
-### Step 4
+### Step 4 - Deploy Sysdig version
 
 If you are fine with the differences displayed, then run:
 
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 93e8012c..4c106467 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -3,7 +3,7 @@
 <!-- Title: Advanced Configuration -->
 <!-- Layout: plain -->
 
-# Advanced configuration
+# Advanced Configuration
 
 <br />
 
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index fe03c37c..ffd1b918 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -3,7 +3,7 @@
 <!-- Title: Network policies v2 in the installer -->
 <!-- Layout: plain -->
 
-# Network policies
+# Network Policies
 
 <br />
 
@@ -11,7 +11,7 @@
 
 <br />
 
-## Introduction
+## Overview
 
 The current version of Sysdig Network policies v2 supports Sysdig HAProxy Ingress and IBM Cloud IKS ALBs.
 
@@ -27,7 +27,7 @@ A validation checks that the minimal requirements for each type of environment (
 
 - if `.deployment=kubernetes`, then the `.networkPolicies.ingress.haproxy.allowedNetworks` is required
 
-- if `.deployment=iks`, then the `.networkPolicies.ingress.alb
+- if `.deployment=iks`, then the `.networkPolicies.ingress.alb.selector` is required
 
 ## Parameters
 
@@ -49,7 +49,7 @@ networkPolicies:
 
 **Required**: `false` <br />
 **Description**: to render the NetworkPolicies this flag must be set to `deny`. It works together with flag `networkPolicies.enabled`.<br />
-**Options**: `deny`/`allow`<br />
+**Options**: `deny|allow`<br />
 **Default**: `false`<br />
 
 **Example**:
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..61466c00 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -22,3 +22,14 @@ sysdig:
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
   ingressClassName: haproxy
+  # Uncomment the following two lines to enable Sysdig Platform Audit
+  #platformAuditTrail:
+  #  enabled: true
+  # Uncomment the following lines to enable origin IP in Sysdig Platform Audit
+  #secure:
+  #  events:
+  #    audit:
+  #      config:
+  #        store:
+  #          ip:
+  #            enabled: true

From 7eb566f91654db5c44e2bd13e55ff697d24178a8 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 30 Jul 2024 02:26:03 +0000
Subject: [PATCH 150/156] updating installer docs

---
 installer/docs/01-command_line_arguments.md   |    3 +-
 installer/docs/02-configuration_parameters.md | 3301 ++++++++++-------
 installer/docs/03-upgrade.md                  |    3 +-
 installer/docs/04-advanced_configuration.md   |    3 +-
 installer/docs/05-networkPolicies.md          |    3 +-
 5 files changed, 1956 insertions(+), 1357 deletions(-)

diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 99c9efd2..10ded1f4 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -1,5 +1,6 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Command Line Arguments -->
 <!-- Layout: plain -->
 
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index b73ba426..8cb50643 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -1,5 +1,6 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Configuration Parameters -->
 <!-- Layout: plain -->
 
@@ -10,9 +11,8 @@
 ## **quaypullsecret**
 
 **Required**: `true`<br />
-**Description**: quay.io credentials provided with your Sysdig purchase confirmation
-mail.<br />
-**Options**:<br />
+**Description**: quay.io credentials provided with your Sysdig purchase confirmation mail.<br />
+**Options**: <br />
 **Default**: <br />
 **Example**:
 
@@ -120,7 +120,7 @@ Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/im
 **Example**:
 
 ```yaml
-#tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
+# tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
 airgapped_repository_prefix: foo/bar
 ```
 
@@ -1329,9 +1329,9 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Global flag to enable Sysdig Platform Audit in all services.
-**Required**: `false`</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
+**Required**: `false`<br />
+**Options**: `true|false` <br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -1344,9 +1344,9 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Global flag to enable storing of origin IP in Sysdig Platform Audit in all services.
-**Required**: `false`</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
+**Required**: `false`<br />
+**Options**: `true|false` <br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -1417,11 +1417,11 @@ sysdig:
 
 ## **sysdig.skipIngressGeneration**
 
-**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
-**Required**: `false`</br>
-**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
+**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources<br />
+**Required**: `false`<br />
+**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.<br />
+**Options**: `true|false` <br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -6527,9 +6527,8 @@ sysdig:
 ```yaml
 sysdig:
   natsJs:
-    nats:
-      natsbox:
-        enabled: true
+    natsbox:
+      enabled: true
 ```
 
 ## **sysdig.natsJs.natsTLSGenerator.enabled**
@@ -10042,16 +10041,15 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat API JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
+**Default**: <br />
+<span>
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
 -Dlogging.level.com.sysdig.meerkat.api.server.adapter.TimeSeriesGAdapter=DEBUG
 -Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.RealTimeQueryServiceImpl=DEBUG
 -Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.MeerkatClientDNSGrpcResolver=DEBUG
 -Dsysdig.meerkat.cassandra.features.queryAllMetricDescriptorsEnabled=true
-```
+</span>
 
 **Example**:
 
@@ -10158,12 +10156,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
+**Default**: <br/>
+<span>
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
-```
+</span>
+
 
 **Example**:
 
@@ -10377,9 +10375,8 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Collector JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
+**Default**: <br/>
+<span>
 -Dsysdig.cassandra.auto-schema=true
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
@@ -10388,7 +10385,7 @@ sysdig:
 -Dlogging.level.com.sysdig.meerkat.collector.service.MeerkatIndexer=DEBUG
 -Dlogging.level.com.sysdig.meerkat.collector.kafka.MeerkatWorker=DEBUG
 -Dlogging.level.com.sysdig.meerkat.collector.grpc.GPartsQueryServiceGrpcImpl=DEBUG
-```
+</span>
 
 **Example**:
 
@@ -10509,11 +10506,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Datastream JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
--Xms1g -Xmx1g
-```
+**Default**: -Xms1g -Xmx1g
 
 **Example**:
 
@@ -10541,7 +10534,7 @@ sysdig:
 ## **sysdig.kafkaVersion**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true`.<br />
 **Options**:<br />
 **Default**: 1.0.0<br />
 **Example**:
@@ -10717,7 +10710,7 @@ sysdig:
 ## **sysdig.zookeeperVersion**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true`.<br />
 **Options**:<br />
 **Default**: 1.0.0<br />
 **Example**:
@@ -10922,7 +10915,7 @@ sysdigcloud-collector                                HostAlreadyClaimed
 
 Use this overlay to avoid the error:
 
-```
+```yaml
 apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
@@ -11364,32 +11357,6 @@ sysdig:
   promqlatorVersion: 0.99.0-2022-07-12T09-19-16Z.93c0642b55
 ```
 
-## **sysdig.streamsnapVersion**
-
-**Required**: `false`<br />
-**Description**: Docker image tag of Sysdig Streamsnap service, relevant when `sysdig.streamsnap.enabled` is `true`.<br />
-**Options**:<br />
-**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
-**Example**:
-
-```yaml
-sysdig:
-  streamsnapVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
-```
-
-## ~~**sysdig.fastpathAggregatorVersion**~~ (**Deprecated**)
-
-**Required**: `false`<br />
-**Description**: Docker image tag of Sysdig Fastpath Aggregator service, relevant when `sysdig.fastpathAggregator.enabled` is `true`.<br />
-**Options**:<br />
-**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
-**Example**:
-
-```yaml
-sysdig:
-  fastpathAggregatorVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
-```
-
 ## **sysdig.promqlatorReplicaCount**
 
 **Required**: `false`<br />
@@ -11612,566 +11579,562 @@ sysdig:
         memory: 300Mi
 ```
 
-## **sysdig.streamsnapReplicaCount**
+## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of Streamsnap replicas.<br />
+**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 3     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnapReplicaCount: 2
+  resources:
+    scanningv2-agents-conf:
+      limits:
+        cpu: 500m
 ```
 
-## ~~**sysdig.fastpathAggregatorReplicaCount**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-agents-conf.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Number of Fastpath Aggregator replicas.<br />
+**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 3     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregatorReplicaCount: 2
+  resources:
+    scanningv2-agents-conf:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.streamsnap.enabled**
+## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Whether to enable Streamsnap or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    enabled: true
+  resources:
+    scanningv2-agents-conf:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.streamsnap.jvmOptions**
+## **sysdig.resources.scanningv2-agents-conf.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Custom configuration for Streamsnap jvm.<br />
-**Options**: <br />
+**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | jvmOptions |
-| ------------ | ---------- |
-| small        | -Xmx=4g    |
-| medium       | -Xmx=12g   |
-| large        | -Xmx=18g   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    jvmOptions: "-Xmx=4g"
+  resources:
+    scanningv2-agents-conf:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval60**
+## **sysdig.resources.scanningv2-collector.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 1-minute snapshots.<br />
-**Options**: <br />
+**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval60 |
-| ------------ | ----------------------- |
-| small        | 2                       |
-| medium       | 4                       |
-| large        | 6                       |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval60: 4
+  resources:
+    scanningv2-collector:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval600**
+## **sysdig.resources.scanningv2-collector.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 10-minutes snapshots.<br />
-**Options**: <br />
+**Description**: The amount of memory assigned to scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval600 |
-| ------------ | ------------------------ |
-| small        | 1                        |
-| medium       | 2                        |
-| large        | 6                        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval600: 2
+  resources:
+    scanningv2-collector:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval3600**
+## **sysdig.resources.scanningv2-collector.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 1-hour snapshots.<br />
-**Options**: <br />
+**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval3600 |
-| ------------ | ------------------------- |
-| small        | 1                         |
-| medium       | 2                         |
-| large        | 6                         |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval3600: 2
+  resources:
+    scanningv2-collector:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval86400**
+## **sysdig.resources.scanningv2-collector.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 1-day snapshots.<br />
-**Options**: <br />
+**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval86400 |
-| ------------ | -------------------------- |
-| small        | 1                          |
-| medium       | 2                          |
-| large        | 6                          |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval86400: 2
+  resources:
+    scanningv2-collector:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.resources.streamsnap.limits.cpu**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to Streamsnap containers<br />
+**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       limits:
-        cpu: 8
+        cpu: 500m
 ```
 
-## **sysdig.resources.streamsnap.limits.memory**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to Streamsnap containers<br />
+**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8g     |
-| medium       | 16g    |
-| large        | 24g    |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       limits:
-        memory: 8Gi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.streamsnap.requests.cpu**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule Streamsnap containers<br />
+**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 2        |
-| medium       | 4        |
-| large        | 8        |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.streamsnap.requests.memory**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule Streamsnap containers<br />
+**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8g       |
-| medium       | 16g      |
-| large        | 24g      |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       requests:
-        memory: 2Gi
+        memory: 250Mi
 ```
 
-## ~~**sysdig.fastpathAggregator.enabled**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Whether to enable Fastpath Aggregator or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    enabled: true
+  resources:
+    scanningv2-policies-api:
+      limits:
+        cpu: 500m
 ```
 
-## ~~**sysdig.fastpathAggregator.jvmOptions**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Custom configuration for the Fastpath Aggregator jvm.<br />
-**Options**: <br />
+**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | jvmOptions |
-| ------------ | ---------- |
-| small        | -Xmx=4g    |
-| medium       | -Xmx=12g   |
-| large        | -Xmx=16g   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    jvmOptions: "-Xmx=4g"
+  resources:
+    scanningv2-policies-api:
+      limits:
+        memory: 1Gi
 ```
 
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval60**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 1-minute snapshots.<br />
-**Options**: <br />
+**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval60 |
-| ------------ | ----------------------- |
-| small        | 2                       |
-| medium       | 4                       |
-| large        | 4                       |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    numThreadsForInterval60: 4
+  resources:
+    scanningv2-policies-api:
+      requests:
+        cpu: 250m
 ```
 
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval600**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 10-minutes snapshots.<br />
-**Options**: <br />
+**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval600 |
-| ------------ | ------------------------ |
-| small        | 1                        |
-| medium       | 2                        |
-| large        | 2                        |
-
-**Example**:
-
-```yaml
-sysdig:
-  fastpathAggregator:
-    numThreadsForInterval600: 2
-```
-
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval3600**~~ (**Deprecated**)
-
-**Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 1-hour snapshots.<br />
-**Options**: <br />
-**Default**:
-
-| cluster-size | numThreadsForInterval3600 |
-| ------------ | ------------------------- |
-| small        | 1                         |
-| medium       | 2                         |
-| large        | 2                         |
-
-**Example**:
-
-```yaml
-sysdig:
-  fastpathAggregator:
-    numThreadsForInterval3600: 2
-```
-
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval86400**~~ (**Deprecated**)
-
-**Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 1-day snapshots.<br />
-**Options**: <br />
-**Default**:
-
-| cluster-size | numThreadsForInterval86400 |
-| ------------ | -------------------------- |
-| small        | 1                          |
-| medium       | 2                          |
-| large        | 2                          |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    numThreadsForInterval86400: 2
+  resources:
+    scanningv2-policies-api:
+      requests:
+        memory: 250Mi
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.limits.cpu**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to Fastpath Aggregator containers<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       limits:
-        cpu: 8
+        cpu: 500m
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.limits.memory**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to Fastpath Aggregator containers<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8g     |
-| medium       | 16g    |
-| large        | 24g    |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       limits:
-        memory: 8Gi
+        memory: 1Gi
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.requests.cpu**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule Fastpath Aggregator containers<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 2        |
-| medium       | 4        |
-| large        | 8        |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.requests.memory**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule Fastpath Aggregator containers<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8g       |
-| medium       | 16g      |
-| large        | 24g      |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       requests:
-        memory: 2Gi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 500m   |
-| medium       | 500m   |
-| large        | 1      |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.limits.memory**
+## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 500m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       requests:
-        cpu: 250m
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.requests.memory**
+## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 250Mi    |
-| large        | 500Mi    |
+| small        | 250Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       requests:
-        memory: 100Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-collector.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12179,22 +12142,22 @@ sysdig:
 | ------------ | ------ |
 | small        | 1      |
 | medium       | 1      |
-| large        | 2      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-collector.limits.memory**
+## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-collector pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12202,97 +12165,97 @@ sysdig:
 | ------------ | ------ |
 | small        | 1Gi    |
 | medium       | 1Gi    |
-| large        | 2Gi    |
+| large        | 1Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-collector.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       requests:
-        cpu: 500m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-collector.requests.memory**
+## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       requests:
-        memory: 250Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 500m   |
-| medium       | 1      |
-| large        | 2      |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
+| small        | 500Mi  |
 | medium       | 1Gi    |
 | large        | 2Gi    |
 
@@ -12301,67 +12264,67 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       requests:
-        memory: 250Mi
+        memory: 100Mi
 ```
 
-## **sysdig.resources.scanningv2-policies-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
+| small        | 1      |
 | medium       | 1      |
 | large        | 1      |
 
@@ -12370,15 +12333,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       limits:
-        cpu: 500m
+        cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-policies-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12393,15 +12356,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-policies-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12416,15 +12379,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-policies-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12439,15 +12402,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
+## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12462,15 +12425,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.limits.memory**
+## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12485,15 +12448,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
+## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12508,15 +12471,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.requests.memory**
+## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12531,15 +12494,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
+## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
+**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12547,45 +12510,45 @@ sysdig:
 | ------------ | ------ |
 | small        | 500m   |
 | medium       | 1      |
-| large        | 2      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
+## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
+**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
+## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12593,68 +12556,68 @@ sysdig:
 | ------------ | -------- |
 | small        | 500m     |
 | medium       | 1        |
-| large        | 2        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       requests:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
+## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
+**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+| medium       | 500Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
+## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
+**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
+| small        | 500m   |
 | medium       | 1      |
-| large        | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       limits:
-        cpu: 1
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
+## **sysdig.resources.scanningv2-vulns-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
+**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12662,1775 +12625,2407 @@ sysdig:
 | ------------ | ------ |
 | small        | 1Gi    |
 | medium       | 1Gi    |
-| large        | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
+## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
+## **sysdig.resources.scanningv2-vulns-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
+**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       requests:
-        memory: 50Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
+## **sysdig.secureOnly**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 1      |
+**Description**: Enable product optimizations for secure that break monitor.<br />
+**Options**: `true|false`<br />
+**Default**: `false`
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      limits:
-        cpu: 500m
+  secureOnly: true
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
+## **sysdig.secure.eventsForwarder.proxy.enable**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
-**Options**:<br />
+**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
+**Options**: `true|false`<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
-
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      limits:
-        memory: 500Mi
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: false
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
+## **sysdig.secure.eventsForwarder.proxy.host**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
+is configured.<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 500m     |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      requests:
-        cpu: 250m
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
+## **sysdig.secure.eventsForwarder.proxy.noProxy**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 250Mi    |
-| large        | 500Mi    |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      requests:
-        memory: 100Mi
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
+## **sysdig.secure.eventsForwarder.proxy.password**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker:
-      limits:
-        cpu: 1
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        password: F00B@r!
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
+## **sysdig.secure.eventsForwarder.proxy.port**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
+**Description**: The port the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+**Default**: `80`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker:
-      limits:
-        memory: 1Gi
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        port: 3128
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
+## **sysdig.secure.eventsForwarder.proxy.protocol**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker:
-      requests:
-        cpu: 250m
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        protocol: https
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
+## **sysdig.secure.eventsForwarder.proxy.user**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker:
-      requests:
-        memory: 250Mi
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        user: alice
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
+## **sysdig.secure.certman.proxy.enable**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
-**Options**:<br />
+**Description**: Set proxy settings for secure certman (overrides global settings)<br />
+**Options**: `true|false`<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
-
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      limits:
-        cpu: 500m
+  secure:
+    certman:
+      proxy:
+        enable: false
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
+## **sysdig.secure.certman.proxy.host**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable)
+is configured.<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      limits:
-        memory: 1Gi
+  secure:
+    certman:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
+## **sysdig.secure.certman.proxy.noProxy**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      requests:
-        cpu: 250m
+  secure:
+    certman:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
+## **sysdig.secure.certman.proxy.password**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      requests:
-        memory: 250Mi
+  secure:
+    certman:
+      proxy:
+        enable: true
+        password: F00B@r!
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
+## **sysdig.secure.certman.proxy.port**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
+**Description**: The port the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+**Default**: `80`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      limits:
-        cpu: 500m
+  secure:
+    certman:
+      proxy:
+        enable: true
+        port: 3128
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
+## **sysdig.secure.certman.proxy.protocol**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      limits:
-        memory: 500Mi
+  secure:
+    certman:
+      proxy:
+        enable: true
+        protocol: https
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
+## **sysdig.secure.certman.proxy.user**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      requests:
-        cpu: 500m
+  secure:
+    certman:
+      proxy:
+        enable: true
+        user: alice
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
+## **sysdig.postgresDatabases.PRWSInternalIngestion**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 500Mi    |
-
+**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      requests:
-        memory: 250Mi
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-prw-internal-ingestion-db-external.com
+      port: 5432
+      db: prws_internal_ingestion
+      username: prws_internal_ingestion_user
+      password: my_prws_internal_ingestion_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
+## **sysdig.beacon.prwsInternalIngestionEnabled**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
+**Description**: Enable Prom Remote Write Internal Ingestion<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 2      |
-
+**Default**:`false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      limits:
-        cpu: 500m
+  beacon:
+    prwsInternalIngestionEnabled: true
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.limits.memory**
+## **sysdig.prwsInternalIngestionReplicaCount**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
+**Description**: Number of PRWS Internal Ingestion replicas<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      limits:
-        memory: 1Gi
+  prwsInternalIngestionReplicaCount: 5
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
+## **sysdig.prwsInternalIngestion.jvmOptions**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
+**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      requests:
-        cpu: 250m
+  prwsInternalIngestion:
+    jvmOptions: |-
+      -Xms12g -Xmx12g
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.requests.memory**
+## **sysdig.prwsInternalIngestion.ingress**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
+**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      requests:
-        memory: 250Mi
+  prwsInternalIngestion:
+    ingress:
+      - name: my-prws-internal-ingestion
+        omitBaseAnnotations: true
+        annotations:
+          haproxy-ingress.github.io/timeout-server: 20s
+          haproxy-ingress.github.io/config-backend: |
+            retries 2
+        labels:
+          app.kubernetes.io/managed-by: ingress-config
+          app.kubernetes.io/name: ingress-config
+          app.kubernetes.io/part-of: sysdigcloud
+          role: ingress-config
+          tier: infra
+        hosts:
+          - host: my-app.my-domain.com
+            sslSecretName: ssl-secret
+            paths:
+              - path: /api
+                serviceName: my-service-name
+                servicePort: 9510
 ```
 
-## **sysdig.secureOnly**
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
 
 **Required**: `false`<br />
-**Description**: Enable product optimizations for secure that break monitor.<br />
+**Description**: Enable private endpoint communication for PRWS Internal Ingestion
 **Options**: `true|false`<br />
-**Default**: `false`
-
+**Default**: <br />
 **Example**:
 
 ```yaml
 sysdig:
-  secureOnly: true
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.enable**
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
 
 **Required**: `false`<br />
-**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
-**Options**: `true|false`<br />
-**Default**:
+**Description**: Comma separated list of addresses or domain names that can
+override the `privateEndpointCommunicationEnforcement`.
+**Options**:<br />
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: false
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
+    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.host**
+## **sysdig.secure.netsec.rateLimit**
 
 **Required**: `false`<br />
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
-is configured.<br />
+**Description**: Netsec api rate limit.<br />
 **Options**:<br />
 **Default**:<br />
 
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 200   |
+| medium       | 200   |
+| large        | 200   |
+
+## **sysdig.secure.scanningv2.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    eventsForwarder:
+    scanningv2:
+      enabled: true
+```
+
+## **sysdig.secure.scanningv2.proxy**
+
+**Required**: `false`<br />
+**Description**: Enables use of a proxy for two ScanningV2 services: PkgMeta and VulnAPI.<br />
+**Options**:<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+  secure:
+    scanningv2:
       proxy:
+        defaultNoProxy: "https://foo.bar"
+        user: "user01"
+        password: "password"
+        noProxy: "localhost"
         enable: true
-        host: my-awesome-proxy.my-awesome-domain.com
+        host: "myproxy.example.com"
+        port: 3128
+        protocol: "http"
 ```
+**Related parameters**: <br />
+<span>
+sysdig.secure.scanningv2.proxy.enable
+sysdig.secure.scanningv2.proxy.defaultNoProxy
+sysdig.secure.scanningv2.proxy.user
+sysdig.secure.scanningv2.proxy.noProxy
+sysdig.secure.scanningv2.proxy.host
+sysdig.secure.scanningv2.proxy.port
+sysdig.secure.scanningv2.proxy.protocol
+</span>
 
-## **sysdig.secure.eventsForwarder.proxy.noProxy**
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      vulnsApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+```
+
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
 **Options**:<br />
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+**Default**: `false`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        noProxy: my-awesome.domain.com, 192.168.0.0/16
+    scanningv2:
+      vulnsApi:
+        remoteSaaSTlsSkip: true
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.password**
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+```
+
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
 
 **Required**: `false`<br />
-**Description**: The password used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
 **Options**:<br />
-**Default**:<br />
+**Default**: `false`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        password: F00B@r!
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSTlsSkip: true
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.port**
+## **sysdig.secure.scanningv2.reporting.enabled**
 
 **Required**: `false`<br />
-**Description**: The port the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
-configured it defaults to 80.<br />
+**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
 **Options**:<br />
-**Default**: `80`<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        enabled: true
+```
+
+## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
+
+**Required**: `false`<br />
+**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
+**Options**:<br />
+**Default**: "0 3 \* \* \*"<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        reportingJanitor:
+          schedule: "0 3 * * *"
+```
+
+## **sysdig.secure.scanningv2.reporting.storageDriver**
+
+**Required**: `false`<br />
+**Description**: Storage kind for the generated reports<br />
+**Options**: postgres, s3<br />
+**Default**: postgres<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        storageDriver: postgres
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.bucket**
+
+**Required**: `false`<br />
+**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          bucket: secure-scanningv2-reporting
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.endpoint**
+
+**Required**: `false`<br />
+**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          endpoint: s3.example.com
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.region**
+
+**Required**: `false`<br />
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          region: us-east-1
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
+
+**Required**: `false`<br />
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          accessKeyId: AKIAIOSFODNN7EXAMPLE
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+
+**Required**: `false`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+
+**Required**: `false`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+```
+
+## **sysdig.secure.scanningv2.customCerts**
+
+**Required**: `false`<br />
+**Description**:
+To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
+**Options**: `true|false`<br />
+**Default**: false<br />
+**Example**:
+
+```bash
+# In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/scanningv2-custom-certs
+certs/scanningv2-custom-certs/certificate1.pem
+certs/scanningv2-custom-certs/certificate2.pem
+values.yaml
+```
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      customCerts: true
+```
+
+## **sysdig.secure.scanningv2.airgappedFeeds**
+
+**Required**: `false`<br />
+**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      airgappedFeeds: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.enabled**
+**Required**: `false`<br />
+**Description**: Enables the ScanRequestor BE component. By default it is set at true; setting it at false disables the ScanRequestor. If this flag is set at false also the **sysdig.secure.scanningv2.agentsConf.isBackendScanningEnabled** must be set at `false`<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        enabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.deploymentType**
+**Required**: `false`<br />
+**Description**: Defines whether the ScanRequestor should exploit MinIO as S3 storage. Setting the value at `onprem` enables the initialization job required for the ScanRequestor to set-up required buckets on MinIO and triggers the deployment of MinIO in on-prem. If set at `saas` the storage type for the SR will be s3, if not set or empty SR will use cassandra. <br/>
+**Options**: `onprem|saas|empty`<br />
+**Default**: `empty`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        deploymentType: saas
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.loggingLevel**
+**Required**: `false`<br />
+**Description**: Sets the log level for the scan requestor component<br/>
+**Options**: `TRACE|DEBUG|INFO|WARN|ERROR`<br />
+**Default**: `INFO`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        loggingLevel: INFO
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.serviceAccount**
+**Required**: `false`<br />
+**Description**: Sets the service account (name) used to access the (S3) storage in case the selected storage type is S3.<br/>
+**Default**: `sysdig`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        serviceAccount: sysdig
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.type**
+**Required**: `false`<br />
+**Description**: Sets the type of storage is used by the ScanRequestor to persist its state.<br/>
+**Options**: `S3|cassandra`<br />
+**Default**: `cassandra`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          type: cassandra
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.bucketName**
+**Required**: `false`<br />
+**Description**: Sets the name of the bucket on which the ScanRequestor will store state and staging information, if the selected storage type is `S3`.<br/>
+**Default**: `scan-requestor`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          bucketName: "scan-requestor"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.endpoint**
+**Required**: `false`<br />
+**Description**: Sets the URl of the S3 service to use as storage, if the selected storage type is S3<br/>
+**Default**: `https://sysdigcloud-minio-hl.<namespace>.svc.cluster.local:9000`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          endpoint: https://sysdigcloud-minio-hl.sysdigloud.svc.cluster.local:9000
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.region**
+**Required**: `false`<br />
+**Description**: Sets the region S3 service to use as storage, if the selected storage type is S3. Set to `auto` for MinIO deployments.<br/>
+**Default**: `auto`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          region: auto
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.retentionTime**
+**Required**: `false`<br />
+**Description**: Sets the bucket retention time, if the selected storage type is S3 and the deployment is onprem (i.e., MinIO is used).<br/>
+**Default**: `2`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          retentionTime: 2
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.caCrt**
+**Required**: `false`<br />
+**Description**: Sets the certificate of the S3 service to use as storage, if the selected storage type is S3<br/>
+**Default**: `/opt/certs/minio-tls-ca/public.crt`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          caCrt: "/opt/certs/minio-tls-ca/public.crt"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.enabled**
+**Required**: `false`<br />
+**Description**: Enables the (PostgreSQL) Request Store used by the SR to store the ScanNow and ACValidation queue of requests.<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            enabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestMaxAge**
+**Required**: `false`<br />
+**Description**: The maximum age for requests to be considered still valid/pending<br/>
+**Default**: `1h`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            requestMaxAge: "1h"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestReplyTimeout**
+**Required**: `false`<br />
+**Description**: The period of time after which a scan request (in the ScanNow flow) is considered failed if no response is received.<br/>
+**Default**: `30s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            requestReplyTimeout: 30s
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.hosts**
+**Required**: `false`<br />
+**Description**: The URL of cassandra server(s).<br/>
+**Default**: `sysdigcloud-cassandra:9042`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            hosts: "sysdigcloud-cassandra:9042"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.keyspace**
+**Required**: `false`<br />
+**Description**: The cassandra key space to use for storing ScanRequestor tables.<br/>
+**Default**: `sysdig_scanning`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            keyspace: "sysdig_scanning"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.protocolVersion**
+**Required**: `false`<br />
+**Description**: The protocol version used to communicate with Cassandra<br/>
+**Default**: `3`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            protocolVersion: "3"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.replicationFactor**
+**Required**: `false`<br />
+**Description**: The replication factor to use for ScanRequestor tables.<br/>
+**Default**: `3`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            replicationFactor: "3"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.datacenter**
+**Required**: `false`<br />
+**Description**: The datacenter identifier to be used for cassandra communication.<br/>
+**Default**: `datacenter1`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            datacenter: "datacenter1"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.requestTimeout**
+**Required**: `false`<br />
+**Description**: The timeout for cassandra requests.<br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            requestTimeout: "3s"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxReadRequests**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            maxReadRequests: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxWriteRequests**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            maxWriteRequests: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionEnabled**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            compressionEnabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionThreshold**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            compressionThreshold: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.Metadata**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              metadata: "86400"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.state**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              state: "86400"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.events**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              events: "86400"
+```
+
+## **sysdig.s3.scanRequestor.accessKeyId**
+**Required**: `false`<br />
+**Description**: The S3 access-key id to be used when the storage type is set at S3.<br/>
+**Default**: `scanningv2_scanrequestor`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    scanRequestor:
+      accessKeyId: "a-key"
+```
+## **sysdig.s3.scanRequestor.secretAccessKey**
+**Required**: `false`<br />
+**Description**: The S3 secret access-key id to be used when the storage type is set at S3.<br/>
+**Default**: `random`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    scanRequestor:
+      secretAccessKey: "DLGJdgoiefebefhbhdfuhvbEAFBVAUGWUEghdwbYUWREG"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.interval**
+**Required**: `false`<br />
+**Description**: The interval between two subsequent processing of messages in the ScanRequestor staging area. Should be no lower than `5m`<br/>
+**Default**: `5m`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          interval: "5m"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.startDelay**
+**Required**: `false`<br />
+**Description**: The initial delay in staging area scheduled processing.<br/>
+**Default**: `10s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          startDelay: "10s"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.timeout**
+**Required**: `false`<br />
+**Description**: The timeout for getting partition processing requests from NATS.<br/>
+**Default**: `30s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          timeout: "30s"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.partitionProcessing.deleteObjectsAfter**
+**Required**: `false`<br />
+**Description**: A flag requiring to delete events from the staging area, as soon as they are processed. Must be `true` when using the S3 MinIO backend to avoid incurring into premature end of available inodes.<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        port: 3128
+    scanningv2:
+      scanRequestor:
+        partitionProcessing:
+          deleteObjectsAfter: true
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.protocol**
+## **sysdig.platformService.enabled**
 
 **Required**: `false`<br />
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
-**Options**: `http|https`<br />
-**Default**: `http`<br />
-
+**Description**: Enable or disable the platform-service deployment<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        protocol: https
+  platformService:
+    enabled: false
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.user**
+## **sysdig.platformService.audit.enabled**
 
 **Required**: `false`<br />
-**Description**: The user used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Enable or disable sending of audit data for platform-service<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        user: alice
+  platformService:
+    audit:
+      enabled: false
 ```
 
-## **sysdig.secure.certman.proxy.enable**
+## **sysdig.platformService.ingestion.endpoint**
 
 **Required**: `false`<br />
-**Description**: Set proxy settings for secure certman (overrides global settings)<br />
-**Options**: `true|false`<br />
-**Default**:
-
+**Description**: Endpoint where platform-service will send data for Sysdig Platform Audit<br/>
+**Default**: `sysdigcloud-events-ingestion:3000`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: false
+  platformService:
+    ingestion:
+      endpoint: sysdigcloud-events-ingestion:3000
 ```
 
-## **sysdig.secure.certman.proxy.host**
+## **sysdig.platformService.server.port.metric**
 
 **Required**: `false`<br />
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable)
-is configured.<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Server port that will be used to serve metrics data<br/>
+**Default**: `25000`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        host: my-awesome-proxy.my-awesome-domain.com
+  platformService:
+    server:
+      port:
+        metric: 25000
 ```
 
-## **sysdig.secure.certman.proxy.noProxy**
+## **sysdig.platformService.server.port.health**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
-**Options**:<br />
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
-
+**Description**: Server port that will be used to serve health checker endpoint<br/>
+**Default**: `8083`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        noProxy: my-awesome.domain.com, 192.168.0.0/16
+  platformService:
+    server:
+      port:
+        health: 8083
 ```
 
-## **sysdig.secure.certman.proxy.password**
+## **sysdig.platformService.pdf.server.port.rest**
 
 **Required**: `false`<br />
-**Description**: The password used to access the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: PDF service server port that will serve HTTP requests<br/>
+**Default**: `7000`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        password: F00B@r!
+  platformService:
+    pdf:
+      server:
+        port:
+          rest: 7000
 ```
 
-## **sysdig.secure.certman.proxy.port**
+## **sysdig.platformService.pdf.server.port.grpc**
 
 **Required**: `false`<br />
-**Description**: The port the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) is listening on. If this is not
-configured it defaults to 80.<br />
-**Options**:<br />
-**Default**: `80`<br />
-
+**Description**: PDF service server port that will serve GRPC requests<br/>
+**Default**: `5051`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        port: 3128
+  platformService:
+    pdf:
+      server:
+        port:
+          grpc: 5051
 ```
 
-## **sysdig.secure.certman.proxy.protocol**
+## **sysdig.platformService.alerts.enabled**
 
 **Required**: `false`<br />
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) .<br />
-**Options**: `http|https`<br />
-**Default**: `http`<br />
-
+**Description**: Enable or disable Platform Alerts service<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        protocol: https
+  platformService:
+    alerts:
+      enabled: false
 ```
 
-## **sysdig.secure.certman.proxy.user**
+## **sysdig.platformService.alerts.serviceToken**
 
 **Required**: `false`<br />
-**Description**: The user used to access the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Service token used to identify platform service for service calls to other services<br />
+**Default**: `change_me`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        user: alice
-```
+  platformService:
+    alerts:
+      serviceToken: change_me
 
-## **sysdig.postgresDatabases.PRWSInternalIngestion**
+
+## **sysdig.platformService.alerts.server.port.grpc**
 
 **Required**: `false`<br />
-**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Description**: Platform Alerts service server port that will serve GRPC requests<br/>
+**Default**: `5052`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-prw-internal-ingestion-db-external.com
-      port: 5432
-      db: prws_internal_ingestion
-      username: prws_internal_ingestion_user
-      password: my_prws_internal_ingestion_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  platformService:
+    alerts:
+      server:
+        port:
+          grpc: 5052
 ```
 
-## **sysdig.beacon.prwsInternalIngestionEnabled**
+## **sysdig.platformService.alerts.server.port.rest**
 
 **Required**: `false`<br />
-**Description**: Enable Prom Remote Write Internal Ingestion<br />
-**Options**:<br />
-**Default**:`false`<br />
+**Description**: Platform Alerts service server port that will serve HTTP requests<br/>
+**Default**: `7004`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  beacon:
-    prwsInternalIngestionEnabled: true
+  platformService:
+    alerts:
+      server:
+        port:
+          rest: 7004
 ```
 
-## **sysdig.prwsInternalIngestionReplicaCount**
+## **sysdig.platformService.alerts.server.enableEventsEndpoints**
 
 **Required**: `false`<br />
-**Description**: Number of PRWS Internal Ingestion replicas<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Enable or disable test endpoints that will send fake events<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestionReplicaCount: 5
+  platformService:
+    alerts:
+      server:
+        enableEventsEndpoints: false
 ```
 
-## **sysdig.prwsInternalIngestion.jvmOptions**
+## **sysdig.platformService.alerts.ticketing.url**
 
 **Required**: `false`<br />
-**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: URL of the ticketing service which platform alerts will call to create Jira tickets<br/>
+**Default**: `http://sysdigcloud-ticketing-api:7001`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    jvmOptions: |-
-      -Xms12g -Xmx12g
+  platformService:
+    alerts:
+      ticketing:
+        url: http://sysdigcloud-ticketing-api:7001
 ```
 
-## **sysdig.prwsInternalIngestion.ingress**
+## **sysdig.platformService.alerts.monitor.url**
 
 **Required**: `false`<br />
-**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Base URL for monitor API calls<br/>
+**Default**: `http://sysdigcloud-api:8080`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    ingress:
-      - name: my-prws-internal-ingestion
-        omitBaseAnnotations: true
-        annotations:
-          haproxy-ingress.github.io/timeout-server: 20s
-          haproxy-ingress.github.io/config-backend: |
-            retries 2
-        labels:
-          app.kubernetes.io/managed-by: ingress-config
-          app.kubernetes.io/name: ingress-config
-          app.kubernetes.io/part-of: sysdigcloud
-          role: ingress-config
-          tier: infra
-        hosts:
-          - host: my-app.my-domain.com
-            sslSecretName: ssl-secret
-            paths:
-              - path: /api
-                serviceName: my-service-name
-                servicePort: 9510
+  platformService:
+    alerts:
+      monitor:
+        url: http://sysdigcloud-api:8080
 ```
 
-## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
+## **sysdig.platformService.alerts.monitor.cache.expiration**
 
 **Required**: `false`<br />
-**Description**: Enable private endpoint communication for PRWS Internal Ingestion
-**Options**: `true|false`<br />
-**Default**: <br />
+**Description**: Expiration time of the cache for monitor API calls<br/>
+**Default**: `5m`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    privateEndpointCommunicationEnforcement: false
+  platformService:
+    alerts:
+      monitor:
+        cache:
+          expiration: 5m
 ```
 
-## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
+## **sysdig.platformService.alerts.monitor.cache.cleanup**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names that can
-override the `privateEndpointCommunicationEnforcement`.
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Time after which cache for monitor API calls will be cleanup<br/>
+**Default**: `10m`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    privateEndpointCommunicationEnforcement: false
-    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
+  platformService:
+    alerts:
+      monitor:
+        cache:
+          cleanup: 10m
 ```
 
-## **sysdig.secure.netsec.rateLimit**
-
-**Required**: `false`<br />
-**Description**: Netsec api rate limit.<br />
-**Options**:<br />
-**Default**:<br />
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 200   |
-| medium       | 200   |
-| large        | 200   |
-
-## **sysdig.secure.scanningv2.enabled**
+## **sysdig.platformService.alerts.nats.js.enabled**
 
 **Required**: `false`<br />
-**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
+**Description**: Enable or disable NATS for platform alerts service<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      enabled: true
+  platformService:
+    alerts:
+      nats:
+        js:
+          enabled: false
 ```
 
-## **sysdig.secure.scanningv2.proxy**
+## **sysdig.platformService.alerts.nats.js.url**
 
 **Required**: `false`<br />
-**Description**: Enables use of a proxy for two ScanningV2 services: PkgMeta and VulnAPI.<br />
-**Options**:<br />
-**Default**: `false`<br />
+**Description**: Url of the NATS server that platform alerts service will connect to<br/>
+**Default**: `nats`<br />
 **Example**:
 
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          url: nats
 ```
-  secure:
-    scanningv2:
-      proxy:
-        defaultNoProxy: "https://foo.bar"
-        user: "user01"
-        password: "password"
-        noProxy: "localhost"
-        enable: true
-        host: "myproxy.example.com"
-        port: 3128
-        protocol: "http"
-```
- **Related parameters**:
 
-``` 
-sysdig.secure.scanningv2.proxy.enable
-sysdig.secure.scanningv2.proxy.defaultNoProxy
-sysdig.secure.scanningv2.proxy.user
-sysdig.secure.scanningv2.proxy.noProxy
-sysdig.secure.scanningv2.proxy.host
-sysdig.secure.scanningv2.proxy.port
-sysdig.secure.scanningv2.proxy.protocol
-```
+## **sysdig.platformService.alerts.nats.js.clientName**
+
+**Required**: `false`<br />
+**Description**: Client name for platform alerts service<br/>
+**Default**: `sysdigcloud-platform-alerts-api`<br />
+**Example**:
 
-## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          clientName: sysdigcloud-platform-alerts-api
+```
 
-**Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+## **sysdig.platformService.alerts.nats.js.tls.enabled**
 
+**Required**: `false`<br />
+**Description**: Enable or disable TLS connection for NATS<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      vulnsApi:
-        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+  platformService:
+    alerts:
+      nats:
+        js:
+          tls:
+            enabled: true
 ```
 
-## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
+## **sysdig.platformService.alerts.nats.js.tls.cert**
 
 **Required**: `false`<br />
-**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
-**Options**:<br />
-**Default**: `false`<br />
-
+**Description**: TLS certificate for NATS connection<br/>
+**Default**: `/opt/certs/nats-js-tls-certs/ca.crt`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      vulnsApi:
-        remoteSaaSTlsSkip: true
+  platformService:
+    alerts:
+      nats:
+        js:
+          tls:
+            cert: /opt/certs/nats-js-tls-certs/ca.crt
 ```
 
-## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
-
-**Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+## **sysdig.platformService.alerts.nats.js.migrationFile**
 
+**Required**: `false`<br />
+**Description**: Location of the json migration file<br/>
+**Default**: `/nats/migrations/streams.json`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      pkgMetaApi:
-        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+  platformService:
+    alerts:
+      nats:
+        js:
+          migrationFile: /nats/migrations/streams.json
 ```
 
-## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
+## **sysdig.platformService.alerts.nats.js.risk.consumer.enabled**
 
 **Required**: `false`<br />
-**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
-**Options**:<br />
+**Description**: Enable or disable NATS consumer for Risk integration<br/>
+**Options**: `true|false`<br />
 **Default**: `false`<br />
-
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      pkgMetaApi:
-        remoteSaaSTlsSkip: true
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              enabled: false
 ```
 
-## **sysdig.secure.scanningv2.reporting.enabled**
+## **sysdig.platformService.alerts.nats.js.risk.consumer.name**
 
 **Required**: `false`<br />
-**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
+**Description**: Name of NATS consumer for Risk integration<br/>
+**Default**: `risk-consumer`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        enabled: true
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              name: risk-consumer
 ```
 
-## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
+## **sysdig.platformService.alerts.nats.js.risk.consumer.stream**
 
 **Required**: `false`<br />
-**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
-**Options**:<br />
-**Default**: "0 3 \* \* \*"<br />
+**Description**: NATS stream name of consumer for Risk integration<br/>
+**Default**: `risk-alerts`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        reportingJanitor:
-          schedule: "0 3 * * *"
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              stream: risk-alerts
 ```
 
-## **sysdig.secure.scanningv2.reporting.storageDriver**
+## **sysdig.platformService.alerts.nats.js.risk.consumer.subjects**
 
 **Required**: `false`<br />
-**Description**: Storage kind for the generated reports<br />
-**Options**: postgres, s3<br />
-**Default**: postgres<br />
+**Description**: NATS subjects name of consumer for Risk integration<br/>
+**Default**: `risk.>`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        storageDriver: postgres
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              subjects: risks-alerts.*
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.bucket**
+## **sysdig.platformService.alerts.nats.js.risk.consumer.timeoutRetryMaxWait**
 
 **Required**: `false`<br />
-**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
+**Description**: Max retry wait time for consumer for Risk integration<br/>
+**Default**: `10s`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          bucket: secure-scanningv2-reporting
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              timeoutRetryMaxWait: 10s
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.endpoint**
+## **sysdig.platformService.alerts.nats.js.risk.notifier.enabled**
 
 **Required**: `false`<br />
-**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: Enable or disable NATS notifier publishing for Risk integration<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          endpoint: s3.example.com
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            notifier:
+              enabled: false
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.region**
+## **sysdig.platformService.alerts.nats.js.risk.notifier.stream**
 
 **Required**: `false`<br />
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
+**Description**: Name of a NATS stream for publishing events to notifier for Risk integration<br/>
+**Default**: `notifier-notifications-1`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          region: us-east-1
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            notifier:
+              stream: notifier-notifications-1
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
+
+## **sysdig.platformService.alerts.nats.js.risk.notifier.subject**
 
 **Required**: `false`<br />
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: NATS subject for publishing events to notifier for Risk integration<br/>
+**Default**: `notifier.notifications.1.risk`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          accessKeyId: AKIAIOSFODNN7EXAMPLE
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            notifier:
+              subject: notifier.notifications.1.risk
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.enabled**
 
 **Required**: `false`<br />
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: Enable or disable NATS consumer for VM integration<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              enabled: false
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.name**
 
 **Required**: `false`<br />
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: Name of NATS consumer for VM integration<br/>
+**Default**: `vm-consumer`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              name: vm-consumer
 ```
 
-## **sysdig.secure.scanningv2.customCerts**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.stream**
 
 **Required**: `false`<br />
-**Description**:
-To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+**Description**: NATS stream name of consumer for VM integration<br/>
+**Default**: `secure-vm-notifier-integrations`<br />
+**Example**:
 
-This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
-**Options**: `true|false`<br />
-**Default**: false<br />
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              stream: secure-vm-notifier-integrations
+```
+
+## **sysdig.platformService.alerts.nats.js.vm.consumer.subjects**
+
+**Required**: `false`<br />
+**Description**: NATS subjects name of consumer for VM integration<br/>
+**Default**: `secure.vm.notifier.integrations.jira`<br />
 **Example**:
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/scanningv2-custom-certs
-certs/scanningv2-custom-certs/certificate1.pem
-certs/scanningv2-custom-certs/certificate2.pem
-values.yaml
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              subjects: secure.vm.notifier.integrations.jira
 ```
 
+## **sysdig.platformService.alerts.nats.js.vm.consumer.timeoutRetryMaxWait**
+
+**Required**: `false`<br />
+**Description**: Max retry wait time for consumer for VM integration<br/>
+**Default**: `10s`<br />
+**Example**:
+
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      customCerts: true
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              timeoutRetryMaxWait: 10s
 ```
 
-## **sysdig.secure.scanningv2.airgappedFeeds**
+## **sysdig.platformService.alerts.nats.js.vm.notifier.enabled**
 
 **Required**: `false`<br />
-**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Description**: Enable or disable NATS notifier publishing for VM integration<br/>
 **Options**: `true|false`<br />
 **Default**: `false`<br />
-
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      airgappedFeeds: true
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            notifier:
+              enabled: false
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.enabled**
-**Required**: `false`<br />
-**Description**: Enables the ScanRequestor BE component. By default it is set at true; setting it at false disables the ScanRequestor. If this flag is set at false also the **sysdig.secure.scanningv2.agentsConf.isBackendScanningEnabled** must be set at `false`<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+## **sysdig.platformService.alerts.nats.js.vm.notifier.stream**
 
+**Required**: `false`<br />
+**Description**: Name of a NATS stream for publishing events to notifier for VM integration<br/>
+**Default**: `notifier-notifications-1`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        enabled: true
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            notifier:
+              stream: notifier-notifications-1
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.deploymentType**
-**Required**: `false`<br />
-**Description**: Defines whether the ScanRequestor should exploit MinIO as S3 storage. Setting the value at `onprem` enables the initialization job required for the ScanRequestor to set-up required buckets on MinIO and triggers the deployment of MinIO in on-prem. If set at `saas` the storage type for the SR will be s3, if not set or empty SR will use cassandra. <br/>
-**Options**: `onprem|saas|empty`<br />
-**Default**: `empty`<br />
 
+## **sysdig.platformService.alerts.nats.js.vm.notifier.subject**
+
+**Required**: `false`<br />
+**Description**: NATS subject for publishing events to notifier for VM integration<br/>
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        deploymentType: saas
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            notifier:
+              subject: notifier.notifications.1.vm
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.loggingLevel**
-**Required**: `false`<br />
-**Description**: Sets the log level for the scan requestor component<br/>
-**Options**: `TRACE|DEBUG|INFO|WARN|ERROR`<br />
-**Default**: `INFO`<br />
+## **sysdig.platformService.alerts.workers.notification.enabled**
 
+**Required**: `false`<br />
+**Description**: Enables or disables workers for sending notifications in batches to alerts-notifier<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        loggingLevel: INFO
+  platformService:
+    alerts:
+      workers:
+        notification:
+          enabled: true
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.serviceAccount**
-**Required**: `false`<br />
-**Description**: Sets the service account (name) used to access the (S3) storage in case the selected storage type is S3.<br/>
-**Default**: `sysdig`<br />
+## **sysdig.platformService.alerts.workers.notification.pollInterval**
 
+**Required**: `false`<br />
+**Description**: Pooling time interval that will read unsend notifications<br/>
+**Default**: `500ms`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        serviceAccount: sysdig
+  platformService:
+    alerts:
+      workers:
+        notification:
+          pollInterval: 500ms
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.type**
-**Required**: `false`<br />
-**Description**: Sets the type of storage is used by the ScanRequestor to persist its state.<br/>
-**Options**: `S3|cassandra`<br />
-**Default**: `cassandra`<br />
+## **sysdig.platformService.alerts.workers.notification.batchSize**
 
+**Required**: `false`<br />
+**Description**: Number of events that will be sent from platform alerts to alert-notifier<br/>
+**Default**: `50`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          type: cassandra
+  platformService:
+    alerts:
+      workers:
+        notification:
+          batchSize: 50
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.bucketName**
-**Required**: `false`<br />
-**Description**: Sets the name of the bucket on which the ScanRequestor will store state and staging information, if the selected storage type is `S3`.<br/>
-**Default**: `scan-requestor`<br />
 
+## **sysdig.secure.ticketing.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable the ticketing service deployment<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          bucketName: "scan-requestor"
+    ticketing:
+      enabled: false
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.endpoint**
-**Required**: `false`<br />
-**Description**: Sets the URl of the S3 service to use as storage, if the selected storage type is S3<br/>
-**Default**: `https://sysdigcloud-minio-hl.<namespace>.svc.cluster.local:9000`<br />
+## **sysdig.secure.ticketing.audit.enabled**
 
+**Required**: `false`<br />
+**Description**: Enable or disable sending of audit data for ticketing service<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          endpoint: https://sysdigcloud-minio-hl.sysdigloud.svc.cluster.local:9000
+    ticketing:
+      audit:
+        enabled: false
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.region**
-**Required**: `false`<br />
-**Description**: Sets the region S3 service to use as storage, if the selected storage type is S3. Set to `auto` for MinIO deployments.<br/>
-**Default**: `auto`<br />
+## **sysdig.secure.ticketing.jiraClientMaxRetries**
 
+**Required**: `false`<br />
+**Description**: Number of max retries for Jira client<br/>
+**Default**: `5`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          region: auto
+    ticketing:
+      jiraClientMaxRetries: 5
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.retentionTime**
-**Required**: `false`<br />
-**Description**: Sets the bucket retention time, if the selected storage type is S3 and the deployment is onprem (i.e., MinIO is used).<br/>
-**Default**: `2`<br />
+## **sysdig.secure.ticketing.jiraClientBaseWait**
 
+**Required**: `false`<br />
+**Description**: Jira client base wait time<br/>
+**Default**: `1s`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          retentionTime: 2
+    ticketing:
+      jiraClientBaseWait: 1s
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.caCrt**
-**Required**: `false`<br />
-**Description**: Sets the certificate of the S3 service to use as storage, if the selected storage type is S3<br/>
-**Default**: `/opt/certs/minio-tls-ca/public.crt`<br />
+## **sysdig.secure.ticketing.jiraClientMaxWait**
 
+**Required**: `false`<br />
+**Description**: Max wait time for Jira client<br/>
+**Default**: `30s`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          caCrt: "/opt/certs/minio-tls-ca/public.crt"
+    ticketing:
+      jiraClientMaxWait: 30s
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.enabled**
-**Required**: `false`<br />
-**Description**: Enables the (PostgreSQL) Request Store used by the SR to store the ScanNow and ACValidation queue of requests.<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+## **sysdig.secure.ticketing.jiraClientJitterMaxMillis**
 
+**Required**: `false`<br />
+**Description**: Max number for Jira client jitter in milliseconds<br/>
+**Default**: `1000`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          requestStore: 
-            enabled: true
+    ticketing:
+      jiraClientJitterMaxMillis: 1000
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestMaxAge**
-**Required**: `false`<br />
-**Description**: The maximum age for requests to be considered still valid/pending<br/>
-**Default**: `1h`<br />
+## **sysdig.secure.ticketing.jiraCacheDefaultExpiration**
 
+**Required**: `false`<br />
+**Description**: Jira cache will expire after this period<br/>
+**Default**: `15m`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          requestStore: 
-            requestMaxAge: "1h"
+    ticketing:
+      jiraCacheDefaultExpiration: 15m
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestReplyTimeout**
-**Required**: `false`<br />
-**Description**: The period of time after which a scan request (in the ScanNow flow) is considered failed if no response is received.<br/>
-**Default**: `30s`<br />
+## **sysdig.secure.ticketing.jiraCacheCleanupInterval**
 
+**Required**: `false`<br />
+**Description**: Time interval for Jira cache cleanup<br/>
+**Default**: `1m`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          requestStore: 
-            requestReplyTimeout: 30s
+    ticketing:
+      jiraCacheCleanupInterval: 1m
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.hosts**
-**Required**: `false`<br />
-**Description**: The URL of cassandra server(s).<br/>
-**Default**: `sysdigcloud-cassandra:9042`<br />
+## **sysdig.secure.ticketing.jiraAssignableMaxResults**
 
+**Required**: `false`<br />
+**Description**: Number of max results that you can assign to<br/>
+**Default**: `2000`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            hosts: "sysdigcloud-cassandra:9042"
+    ticketing:
+      jiraAssignableMaxResults: 2000
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.keyspace**
-**Required**: `false`<br />
-**Description**: The cassandra key space to use for storing ScanRequestor tables.<br/>
-**Default**: `sysdig_scanning`<br />
+## **sysdig.secure.ticketing.jiraSyncIssuesCronExpr**
 
+**Required**: `false`<br />
+**Description**: Expression for cron job for Jira sync issues job<br/>
+**Default**: `0 0 * * * *`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            keyspace: "sysdig_scanning"
+    ticketing:
+      jiraSyncIssuesCronExpr: "0 0 * * * *"
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.protocolVersion**
-**Required**: `false`<br />
-**Description**: The protocol version used to communicate with Cassandra<br/>
-**Default**: `3`<br />
+## **sysdig.secure.ticketing.jiraCreateIssuesCronExpr**
 
+**Required**: `false`<br />
+**Description**: Expression for cron job for Jira create issues job<br/>
+**Default**: `0 0 * * * *`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            protocolVersion: "3"
+    ticketing:
+      jiraCreateIssuesCronExpr: "0 0 * * * *"
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.replicationFactor**
-**Required**: `false`<br />
-**Description**: The replication factor to use for ScanRequestor tables.<br/>
-**Default**: `3`<br />
+## **sysdig.secure.ticketing.jiraCreateIssuesOrchestratorInterval**
 
+**Required**: `false`<br />
+**Description**: Time interval for creating issues orchestrator<br/>
+**Default**: `5m`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            replicationFactor: "3"
+    ticketing:
+      jiraCreateIssuesOrchestratorInterval: 5m
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.datacenter**
-**Required**: `false`<br />
-**Description**: The datacenter identifier to be used for cassandra communication.<br/>
-**Default**: `datacenter1`<br />
+## **sysdig.secure.ticketing.jiraCreateIssuesWorkersMinWait**
 
+**Required**: `false`<br />
+**Description**: Min wait time for create issues from workers to compleate<br/>
+**Default**: `1s`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            datacenter: "datacenter1"
+    ticketing:
+      jiraCreateIssuesWorkersMinWait: 1s
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.requestTimeout**
-**Required**: `false`<br />
-**Description**: The timeout for cassandra requests.<br/>
-**Default**: ` `<br />
+## **sysdig.secure.ticketing.jiraCreateIssuesWorkersMaxWait**
 
+**Required**: `false`<br />
+**Description**: Max wait time for create issues from workers to compleate<br/>
+**Default**: `5s`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            requestTimeout: "3s"
+    ticketing:
+      jiraCreateIssuesWorkersMaxWait: 5s
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxReadRequests**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
+## **sysdig.secure.ticketing.jiraMaxAttachmentSize**
 
+**Required**: `false`<br />
+**Description**: Sets maximum size for jira attachment in bytes<br/>
+**Default**: `1048576`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            maxReadRequests: ""
+    ticketing:
+      jiraMaxAttachmentSize: 1048576
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxWriteRequests**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
+## **sysdig.secure.ticketing.hardDeleteIntegrationAPIEnabled**
 
+**Required**: `false`<br />
+**Description**: Enables or disables hard delete of integrations in ticketing service<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            maxWriteRequests: ""
+    ticketing:
+      hardDeleteIntegrationAPIEnabled: false
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionEnabled**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+## **sysdig.secure.ticketing.natsJS.migrationFile**
 
+**Required**: `false`<br />
+**Description**: Location of the json migration file<br/>
+**Default**: `/nats/migrations/streams.json`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            compressionEnabled: true
+    ticketing:
+      natsJS:
+        migrationFile: /nats/migrations/streams.json
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionThreshold**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
+## **sysdig.secure.ticketing.natsJS.url**
 
+**Required**: `false`<br />
+**Description**: Url of the NATS server that ticketing service will connect to<br/>
+**Default**: `nats`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            compressionThreshold: ""
+    ticketing:
+      natsJS:
+        url: nats
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.Metadata**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
+## **sysdig.secure.ticketing.natsJS.secure.enabled**
 
+**Required**: `false`<br />
+**Description**: Enables or disables NATS in ticketing service<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            ttlSec: 
-              metadata: "86400"
+    ticketing:
+      natsJS:
+        secure:
+          enabled: true
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.state**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.deliverPolicyAll**
 
+**Required**: `false`<br />
+**Description**: Enables or disables deliverPolicyAll for NATS attachments consumer in ticketing service<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            ttlSec: 
-              state: "86400"
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          deliverPolicyAll: true
 ```
 
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.events**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.durable**
 
+**Required**: `false`<br />
+**Description**: Name of NATS durable consumer for consuming attachments events for ticketing service<br/>
+**Default**: `add_attachment_to_issue_consumer`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            ttlSec: 
-              events: "86400"
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          durable: add_attachment_to_issue_consumer
 ```
 
-## **sysdig.s3.scanRequestor.accessKeyId**
-**Required**: `false`<br />
-**Description**: The S3 access-key id to be used when the storage type is set at S3.<br/>
-**Default**: `scanningv2_scanrequestor`<br />
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.name**
 
+**Required**: `false`<br />
+**Description**: Name of NATS consumer for consuming attachments events for ticketing service<br/>
+**Default**: `add_attachment_to_issue_consumer`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  s3:
-    scanRequestor:
-      accessKeyId: "a-key"
+  secure:
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          name: add_attachment_to_issue_consumer
 ```
-## **sysdig.s3.scanRequestor.secretAccessKey**
-**Required**: `false`<br />
-**Description**: The S3 secret access-key id to be used when the storage type is set at S3.<br/>
-**Default**: `random`<br />
 
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.pull**
+
+**Required**: `false`<br />
+**Description**: Enable or disable pulling events for attachments consumer for ticketing service<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  s3:
-    scanRequestor:
-      secretAccessKey: "DLGJdgoiefebefhbhdfuhvbEAFBVAUGWUEghdwbYUWREG"
+  secure:
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          pull: true
 ```
 
-## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.interval**
-**Required**: `false`<br />
-**Description**: The interval between two subsequent processing of messages in the ScanRequestor staging area. Should be no lower than `5m`<br/>
-**Default**: `5m`<br />
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.streamName**
 
+**Required**: `false`<br />
+**Description**: Name of a NATS stream for consuming attachment events for ticketing service<br/>
+**Default**: `jira_attachments`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor:
-        requestPartitionProcessingScheduler:
-          interval: "5m"
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          streamName: jira_attachments
 ```
 
-## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.startDelay**
-**Required**: `false`<br />
-**Description**: The initial delay in staging area scheduled processing.<br/>
-**Default**: `10s`<br />
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.subject**
 
+**Required**: `false`<br />
+**Description**: NATS subject for consuming attachments events for ticketing service<br/>
+**Default**: `jira_attachments.add_to_issue`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor:
-        requestPartitionProcessingScheduler:
-          startDelay: "10s"
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          subject: jira_attachments.add_to_issue
 ```
 
-## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.timeout**
-**Required**: `false`<br />
-**Description**: The timeout for getting partition processing requests from NATS.<br/>
-**Default**: `30s`<br />
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.maxDeliver**
 
+**Required**: `false`<br />
+**Description**: Number of max retries for delivering attachment<br/>
+**Default**: `3`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor:
-        requestPartitionProcessingScheduler:
-          timeout: "30s"
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          maxDeliver: 3
 ```
 
-## **sysdig.secure.scanningv2.scanRequestor.partitionProcessing.deleteObjectsAfter**
-**Required**: `false`<br />
-**Description**: A flag requiring to delete events from the staging area, as soon as they are processed. Must be `true` when using the S3 MinIO backend to avoid incurring into premature end of available inodes.<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.ackWait**
 
+**Required**: `false`<br />
+**Description**: Time to wait for receiving ACK signal for attachments<br/>
+**Default**: `5m`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      scanRequestor:
-        partitionProcessing:
-          deleteObjectsAfter: true
-```
\ No newline at end of file
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          ackWait: 5m
+```
diff --git a/installer/docs/03-upgrade.md b/installer/docs/03-upgrade.md
index 4c02d03e..8d280a10 100644
--- a/installer/docs/03-upgrade.md
+++ b/installer/docs/03-upgrade.md
@@ -1,5 +1,6 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Upgrade -->
 <!-- Layout: plain -->
 
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 4c106467..08dda5bb 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -1,5 +1,6 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Advanced Configuration -->
 <!-- Layout: plain -->
 
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index ffd1b918..11d63313 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -1,5 +1,6 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Network policies v2 in the installer -->
 <!-- Layout: plain -->
 

From e6483a79bdf03a971c0dea96e9dbc364748c4b86 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 30 Jul 2024 03:21:42 +0000
Subject: [PATCH 151/156] updating installer docs

---
 installer/README.md                           |    6 +-
 installer/docs/01-command_line_arguments.md   |  103 +-
 installer/docs/02-configuration_parameters.md | 3992 +++++++----------
 installer/docs/03-upgrade.md                  |   13 +-
 installer/docs/04-advanced_configuration.md   |    5 +-
 installer/docs/05-networkPolicies.md          |   11 +-
 installer/values.yaml                         |   11 -
 7 files changed, 1683 insertions(+), 2458 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index ff743055..cd47ed96 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,3 +1,5 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
+
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
@@ -56,10 +58,6 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
-  - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
-    Set this parameter to `true` if you would like to use Sysdig Platform Audit.
-  - [`sysdig.secure.events.audit.config.store.ip.enabled`](docs/02-configuration_parameters.md#sysdigsecureeventsauditconfigstoreipenabled):
-  	Set this parameter to `true` if you would like to see the origin IP address in Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 10ded1f4..cacf8877 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -1,10 +1,9 @@
-<!-- Space: IONP -->
+<!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Parent: Git Synced Docs -->
 <!-- Title: Command Line Arguments -->
 <!-- Layout: plain -->
 
-# Command Line Arguments
+# Command line arguments explained
 
 <br/>
 
@@ -14,12 +13,12 @@
 
 - installer does not deploy the `namespace.yaml` manifest.
   It expects the Namespace to exist and to match the value in `values.yaml`
-  If there is a mismatch, the installer will fail as no validation is in place.
+  There is no validation, in case of mismatch the installer will fail
 
 `--skip-pull-secret`
 
-- The services require the pull secret to exist with the expected name (`sysdigcloud-pull-secret`) and to have access to the registry.
-
+- the services expect the pull secret to exist,
+  to have the expected name (`sysdigcloud-pull-secret`) and to allow access to the registry.
 - if the pull secret is missing, the behaviour could be unpredictable:
   some Pods could start if they can find the image locally and if their `imagePullPolicy`
   is not `Always`
@@ -27,7 +26,7 @@
 
 `--skip-serviceaccount`
 
-- The user must provide service accounts with the exact same name expected:
+- The user must provide SAs with the exact same name expected:
 
 ```text
 sysdig-serviceaccount.yaml:  name: sysdig
@@ -37,10 +36,10 @@ sysdig-serviceaccount.yaml:  name: sysdig-elasticsearch
 sysdig-serviceaccount.yaml:  name: sysdig-cassandra
 ```
 
-- One implication of this is that unless the `node-to-labels` ServiceAccount is added,
-  rack awareness will not be available for any datastore.
-  Another implication is that if the  ServiceAccount(s) are missing, the user will have to `describe`
-  the StatefulSet because Pods will not start at all:
+- One implication of this is that unless the `node-to-labels` SA is added,
+  rack awareness will not work neither in Cassandra nor in ES (to be verified)
+  Another implication is that if SA(s) are missing, the user will have to `describe`
+  the STS because Pods will not start at all:
 
 ```text
 Events:
@@ -55,19 +54,13 @@ Events:
 - installer does not apply the StorageClass manifest.
   It expects the storageClassName specified in values.yaml to exist.
 
-`--disable-proxy`
-
-- This flag allows disabling an existing configuration for proxy. Several services can be configured to use a proxy to go out to the Internet. For example `scanningv2-pkgmeta`, `certmanager`, `eventsForwarder` etc.
-- If it becomes necessary to remove such configuration, this flag can be used to remove the proxy configuration.
-- This flag also applies to `generate`, `diff` and `import`.
-
 ## Command: `import`
 
 `--zookeeper-workloadname <string value>`
 
 - This is the value that will be used for the `zookeeper` StatefulSet.
 The default value is `zookeeper`, this argument must be used when the
-actual name of the StatefulSet in the cluster differs
+actual name of the STS in the cluster differs
 
 `--kafka-workloadname <value>`
 
@@ -83,6 +76,8 @@ actual name of the StatefulSet in the cluster differs
 
 ## Command: `update-license`
 
+Added November 2022, this is a new command.
+
 ** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
 
 This command performs the minimal changes and restarts to apply a new license.
@@ -102,6 +97,8 @@ This command performs the following:
 
 ## Command: `image-list`
 
+Added November 2022
+
 This command prints to `stdout` (and optionally to a file) a list of all images in a generated stack.
 
 It requires a `values.yaml` and it produces a list of images based on that `values.yaml`.
@@ -110,7 +107,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Flags
 
-`-f <filename>` - write the list to a file. If the file already exists, it will be overwritten.
+`-f <filename>` - write the list to a file. **If the file exists, it is overwritten**
 
 ### Example
 
@@ -135,6 +132,7 @@ quay.io/sysdig/postgres:12.10.0.0
 quay.io/sysdig/cp-kafka-6:0.2.1
 quay.io/sysdig/kube-rbac-proxy:v0.8.0
 quay.io/sysdig/secure-onboarding-api:6.0.0.12431
+quay.io/sysdig/nats-streaming-init:0.22.0.8
 quay.io/sysdig/ui-monitor-nginx:6.0.0.12431
 quay.io/sysdig/sysdig-worker:6.0.0.12431
 quay.io/sysdig/profiling-api:6.0.0.12431
@@ -170,6 +168,7 @@ quay.io/sysdig/haproxy-ingress:1.1.5-v0.10
 quay.io/sysdig/sysdig-meerkat-api:6.0.0.12431
 quay.io/sysdig/metadata-service-operator:1.0.1.23
 quay.io/sysdig/netsec:6.0.0.12431
+quay.io/sysdig/nats-streaming:0.22.0.8
 quay.io/sysdig/nats-exporter:0.9.0.2
 quay.io/sysdig/secure-prometheus:2.17.2
 quay.io/sysdig/opensearch-1:0.0.16
@@ -178,10 +177,11 @@ quay.io/sysdig/reporting-api:6.0.0.12431
 quay.io/sysdig/promchap:0.99.0-master.2022-11-18T13-46-40Z.d6b3d10f83
 quay.io/sysdig/redis-6:1.0.1
 quay.io/sysdig/ui-admin-nginx:6.0.0.12431
+quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
-quay.io/sysdig/cassandra:0.0.36
+quay.io/sysdig/cassandra-3:0.0.36
 quay.io/sysdig/metadata-service-server:1.10.63
 quay.io/sysdig/rapid-response-connector:6.0.0.12431
 quay.io/sysdig/secure-todo-api:6.0.0.12431
@@ -258,69 +258,6 @@ This subcommand is DEPRECATED and will be removed starting from version 6.7.0, y
 
 - Sets the `kubernetesServerVersion` within values.
 
-`--helm-install`
-
-- The installer will extract the necessary files for an installation using the `helm` command only. By default it will create a directory `helm-install` in the directory where the installer is being executed. Content of the directory:
-
-  - `values.hi.yaml`: the complete values generated by the `installer`
-  - `values.hi.nats.yaml` and `values.hi.nats.global.yaml`: values for the rendering of NATSJS
-  - `charts`: the Helm charts that make up the Sysdig onprem stack
-
-`--helm-install-out-dir`
-
-- To use a custom directory to output the files generated by `--helm-install` instead of the default.
-
-### ArgoCD Generation
-
-We have introduced a way to generate ArgoCD apps definitions so that the sysdig stack can be installed using ArgoCD.
-
-At the moment we only take care of the generation of the files, the actual deploy of these files in ArgoCD is left to the user.
-
-`--argocd (boolean)`
-
-Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated.
-NOTE: Using this flag will automatically generate the charts that you would obtain with the --helm-install CLI flag. This happens because the argoCD generation is closely linked to the specific production method of the helm-charts.
-
-`--argo-repo-url (string)`
-
-The URL of the repository that will contain the ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. The default is `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. This will be replaced within the ArgoCD apps definition files.
-
-`--argo-repo-rev (string)`
-
-The name of the branch of the repo to use. The default is `main`. This will be replaced within the ArgoCD apps definition files.
-
-example of hierarchy:
-```
-git@github.com:ORGANIZATION/SAMPLE-REPO.git
-    |
-    '- argocd-projects/
-    |        '- sysdig/
-    |        |    '- argocd/
-    |        |    |    '- sysdig-root/
-    |        |    |    '- sysdig-common-config/
-    |        |    |    '- sysdigcloud-infra/
-    |        |    |         [...]
-    |        |    '- helm-install/
-    |        |    |    '- charts/
-    |        |    |          '- chart-1/
-    |        |    |          '- chart-2/
-    |        |    |          [...]
-```
-
-`--argo-git-apps-dir (string)`
-
-Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
-If you consider the example above, the correct value for this would be `argocd-projects/sysdig/argocd`.
-
-`--argo-git-charts-dir (string)`
-
-The relative path from the repo root that will contain the folder with charts. The default is `helm-install/charts`. This will be replaced within the ArgoCD apps definition files. If you consider the example above, the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
-
-`--argo-out-dir (string)`
-
-actual output directory on file system where argocd files will be written. Default is `./argocd/`.
-
-
 ## Command: `list-resources`
 
 Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 8cb50643..db21a73d 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -1,6 +1,5 @@
-<!-- Space: IONP -->
+<!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Parent: Git Synced Docs -->
 <!-- Title: Configuration Parameters -->
 <!-- Layout: plain -->
 
@@ -11,8 +10,9 @@
 ## **quaypullsecret**
 
 **Required**: `true`<br />
-**Description**: quay.io credentials provided with your Sysdig purchase confirmation mail.<br />
-**Options**: <br />
+**Description**: quay.io credentials provided with your Sysdig purchase confirmation
+mail.<br />
+**Options**:<br />
 **Default**: <br />
 **Example**:
 
@@ -120,7 +120,7 @@ Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/im
 **Example**:
 
 ```yaml
-# tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
+#tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
 airgapped_repository_prefix: foo/bar
 ```
 
@@ -385,7 +385,7 @@ elasticsearch:
 ## **elasticsearch.jobs.rollNodes**
 
 **Required**: `false`<br />
-**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time. WARNING: do not set this to true in a 5.x to 6.x upgrade scenario.<br />
+**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time.<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.48<br />
+**Default**: 0.0.35<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.48
+    toolsImageVersion: 0.0.35
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -568,6 +568,21 @@ hostPathCustomPaths:
   postgresql: `/sysdig/pgdata`
 ```
 
+## **hostPathCustomPaths.nats**
+
+**Required**: `false`<br />
+**Description**: The directory to bind mount nats streaming (in HA mode) pod's
+`/var/lib/stan` to on the host. This parameter is relevant
+only when `storageClassProvisioner` is `hostPath`.<br />
+**Options**: <br />
+**Default**: `/var/lib/stan`<br />
+**Example**:
+
+```yaml
+hostPathCustomPaths:
+  nats: `/sysdig/stan`
+```
+
 ## **hostPathCustomPaths.natsJs**
 
 **Required**: `false`<br />
@@ -615,23 +630,12 @@ nodeaffinityLabel:
   value: sysdig
 ```
 
-## **pvStorageSize.cassandra**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra, regardless of the cluster `size` used. This option *does not* apply when [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 30Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-    cassandra: 500Gi
-```
-
 ## **pvStorageSize.large.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) large. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 300Gi<br />
 **Example**:
@@ -677,7 +681,9 @@ pvStorageSize:
 ## **pvStorageSize.medium.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) medium. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 150Gi<br />
 **Example**:
@@ -723,7 +729,9 @@ pvStorageSize:
 ## **pvStorageSize.small.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) small. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 30Gi<br />
 **Example**:
@@ -766,6 +774,22 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
+## **pvStorageSize.large.nats**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 10Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    nats: 10Gi
+```
+
 ## **pvStorageSize.large.natsJs**
 
 **Required**: `false`<br />
@@ -782,6 +806,22 @@ pvStorageSize:
     natsJs: 50Gi
 ```
 
+## **pvStorageSize.medium.nats**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    nats: 50Gi
+```
+
 ## **pvStorageSize.medium.natsJs**
 
 **Required**: `false`<br />
@@ -798,6 +838,22 @@ pvStorageSize:
     natsJs: 10Gi
 ```
 
+## **pvStorageSize.small.nats**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to NATS HA in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 10Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  small:
+    nats: 10Gi
+```
+
 ## **pvStorageSize.small.natsJs**
 
 **Required**: `false`<br />
@@ -933,12 +989,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker image tag of Cassandra.<br />
 **Options**: <br />
-**Default**: 4.1.3-0.0.14<br />
+**Default**: 2.1.22.5<br />
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 4.1.3-0.0.14
+  cassandraVersion: 2.1.22.5
 ```
 
 ## **sysdig.cassandraExporterVersion**
@@ -946,7 +1002,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:v0.17.0-ubi` <br />
 **Options**: <br />
-**Default**: v0.20.0-ubi<br />
+**Default**: v0.17.0-ubi<br />
 **Example**:
 
 ```yaml
@@ -969,10 +1025,10 @@ sysdig:
       extractCMD: "cat /node-labels/failure-domain.beta.kubernetes.io/zone || cat /node-labels/topology.kubernetes.io/zone"
 ```
 
-## **sysdig.cassandra.useCassandra3** (**Deprecated**)
+## **sysdig.cassandra.useCassandra3**
 
 **Required**: `false`<br />
-**Description**: Deprecated: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
+**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -983,10 +1039,10 @@ sysdig:
     useCassandra3: false
 ```
 
-## **sysdig.Cassandra3Version** (**Deprecated**)
+## **sysdig.Cassandra3Version**
 
 **Required**: `false`<br />
-**Description**: Deprecated: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
+**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
 **Options**: <br />
 **Default**: `3.11.11.1`<br />
 **Example**:
@@ -1178,10 +1234,10 @@ documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/con
 sysdig:
   cassandra:
     customOverrides: |
-      concurrent_compactors: 6
-      read_request_timeout: 10000ms
-      write_request_timeout: 10000ms
-      request_timeout: 11000ms
+      hinted_handoff_enabled: false
+      concurrent_compactors: 8
+      read_request_timeout_in_ms: 10000
+      write_request_timeout_in_ms: 10000
 ```
 
 ## **sysdig.cassandra.datacenterName**
@@ -1325,41 +1381,6 @@ sysdig:
   elasticsearchVersion: 5.6.16.18
 ```
 
-## **sysdig.platformAuditTrail.enabled**
-
-**Required**: `false`<br />
-**Description**: Global flag to enable Sysdig Platform Audit in all services.
-**Required**: `false`<br />
-**Options**: `true|false` <br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformAuditTrail:
-    enabled: true
-```
-
-## **sysdig.secure.events.audit.config.store.ip.enabled**
-
-**Required**: `false`<br />
-**Description**: Global flag to enable storing of origin IP in Sysdig Platform Audit in all services.
-**Required**: `false`<br />
-**Options**: `true|false` <br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    events:
-      audit:
-        config:
-          store:
-            ip:
-              enabled: true
-```
-
 ## **sysdig.elasticsearch6Version**
 
 **Required**: `false`<br />
@@ -1373,30 +1394,17 @@ sysdig:
   elasticsearch6Version: 6.8.6.12
 ```
 
-## **sysdig.opensearchImageName**
-
-**Required**: `false`<br />
-**Description**: Docker Image name for Opensearch. Eg, for Opensearch 2: "opensearch-2".<br />
-**Options**:<br />
-**Default**: opensearch-2<br />
-**Example**:
-
-```yaml
-sysdig:
-  opensearchImageName: "opensearch-2"
-```
-
 ## **sysdig.opensearchVersion**
 
 **Required**: `false`<br />
 **Description**: The docker image tag of Opensearch.<br />
 **Options**:<br />
-**Default**: 0.0.6<br />
+**Default**: 0.0.16<br />
 **Example**:
 
 ```yaml
 sysdig:
-  opensearchVersion: 0.0.6
+  opensearchVersion: 0.0.16
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1417,11 +1425,11 @@ sysdig:
 
 ## **sysdig.skipIngressGeneration**
 
-**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources<br />
-**Required**: `false`<br />
-**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.<br />
-**Options**: `true|false` <br />
-**Default**: `false`<br />
+**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
+**Required**: `false`</br>
+**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
 **Example**:
 
 ```yaml
@@ -1633,6 +1641,22 @@ sysdig:
   sysdigWorkerVersion: 3.5.1.7018
 ```
 
+## **sysdig.enableAlerter**
+
+**Required**: `false`<br />
+**Description**: This creates a separate deployment for Alerters while
+disabling this functionality in workers. **Do not modify this unless you
+know what you are doing as modifying it could have unintended
+consequences**<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  enableAlerter: true
+```
+
 ## **sysdig.alertingSystem.enabled**
 
 **Required**: `false`<br />
@@ -1813,6 +1837,156 @@ sysdig:
   natsExporterVersion: 0.0.13
 ```
 
+## **sysdig.nats.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable NATS deployment for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    enabled: true
+```
+
+## **sysdig.nats.secure.enabled**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming TLS enabled.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+```
+
+## **sysdig.nats.secure.username**
+
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
+**Description**: NATS username<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      username: somevalue
+```
+
+## **sysdig.nats.secure.password**
+
+**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
+**Description**: NATS password<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    secure:
+      enabled: true
+      password: somevalue
+```
+
+## **sysdig.nats.ca**
+
+**Required**: `false`<br />
+**Description**: NATS CA<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ca: <base64(ca.pem)>
+```
+
+## **sysdig.nats.cakey**
+
+**Required**: `false`<br />
+**Description**: NATS CA KEY<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    cakey: <base64(ca.pem)>
+```
+
+## **sysdig.nats.ha.enabled**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming HA (High Availability) enabled.<br />
+**Options**:<br />
+**Default**: false<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    ha:
+      enabled: false
+```
+
+## **sysdig.nats.urlha**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming URL for HA deployment.<br />
+**Options**:<br />
+**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
+```
+
+## **sysdig.nats.urltls**
+
+**Required**: `false`<br />
+**Description**: NATS Streaming URL for TLS enabled.<br />
+**Options**:<br />
+**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br />
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    urltls: nats://sysdigcloud-nats-streaming-tls:4222
+```
+
+## **sysdig.nats.hostPathNodes**
+
+**Required**: `false`<br />
+**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats streaming (in HA mode) hostPath persistent volumes should be created on. The number of nodes must be 3. This is
+required if configured [`storageClassProvisioner`](#storageclassprovisioner)
+is `hostPath`.<br />
+**Options**:<br />
+**Default**: [] <br />
+
+**Example**:
+
+```yaml
+sysdig:
+  nats:
+    hostPathNodes:
+      - my-cool-host1.com
+```
+
 ## **sysdig.openshiftUrl**
 
 **Required**: `false`<br />
@@ -1870,6 +2044,19 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
+## **sysdig.mysqlToPostgresMigrationVersion**
+
+**Required**: `false`<br />
+**Description**: The docker image tag for MySQL to PostgreSQL migration.<br />
+**Options**:<br />
+**Default**: 1.2.5-mysql-to-postgres<br />
+**Example**:
+
+```yaml
+sysdig:
+  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
+```
+
 ## **sysdig.postgresql.rootUser**
 
 **Required**: `false`<br />
@@ -1915,7 +2102,7 @@ sysdig:
 ## **sysdig.postgresql.primary**
 
 **Required**: `false`<br />
-**Description**: Services will start in postgresql mode.<br />
+**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -3249,12 +3436,12 @@ redisTls:
 
 A Monitor service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
 
-| Instance  | Component                                                 |
-| --------- | --------------------------------------------------------- |
-| agent     | agent                                                     |
-| common    | common                                                    |
+| Instance  | Component |
+| --------- | --------- |
+| agent     | agent     |
+| common    | common    |
 | monitor-1 | cache, distributedJobs, ibmCache, promchap, policiesCache |
-| monitor-2 | alerting, meerkat, metering, prws                         |
+| monitor-2 | alerting, meerkat, metering, prws |
 
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
 **Default**: _Redis standalone/Redis HA_<br />
@@ -3313,9 +3500,9 @@ redisClientsMonitor:
 
 A Secure service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
 
-| Instance  | Component                                                                                             |
-| --------- | ----------------------------------------------------------------------------------------------------- |
-| profiling | profiling                                                                                             |
+| Instance  | Component |
+| --------- | --------- |
+| profiling | profiling |
 | secure-1  | scanning, forensic, events, rapidResponse, overview, compliance, cloudsec, policies, netsec, padvisor |
 
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
@@ -4410,17 +4597,17 @@ sysdig:
         memory: 200Mi
 ```
 
-## **sysdig.resources.collector.limits.cpu**
+## **sysdig.resources.alerter.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to collector pods<br />
+**Description**: The amount of cpu assigned to alerter pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 4      |
+| medium       | 8      |
 | large        | 16     |
 
 **Example**:
@@ -4428,22 +4615,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    alerter:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.limits.memory**
+## **sysdig.resources.alerter.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to collector pods<br />
+**Description**: The amount of memory assigned to alerter pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 4Gi    |
+| medium       | 8Gi    |
 | large        | 16Gi   |
 
 **Example**:
@@ -4451,22 +4638,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    alerter:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.collector.requests.cpu**
+## **sysdig.resources.alerter.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule collector pods<br />
+**Description**: The amount of cpu required to schedule alerter pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 1        |
+| medium       | 2        |
 | large        | 4        |
 
 **Example**:
@@ -4474,22 +4661,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    alerter:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.collector.requests.memory**
+## **sysdig.resources.alerter.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule collector pods<br />
+**Description**: The amount of memory required to schedule alerter pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 1Gi      |
+| medium       | 2Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -4497,12 +4684,104 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    collector:
+    alerter:
       requests:
         memory: 200Mi
 ```
 
-## **sysdig.resources.anchore-core.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to collector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4      |
+| medium       | 4      |
+| large        | 16     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.collector.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to collector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 4Gi    |
+| medium       | 4Gi    |
+| large        | 16Gi   |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      limits:
+        memory: 10Mi
+```
+
+## **sysdig.resources.collector.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule collector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1        |
+| medium       | 1        |
+| large        | 4        |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      requests:
+        cpu: 2
+```
+
+## **sysdig.resources.collector.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule collector pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 4Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    collector:
+      requests:
+        memory: 200Mi
+```
+
+## **sysdig.resources.anchore-core.limits.cpu**
 
 **Required**: `false`<br />
 **Description**: The amount of cpu assigned to anchore-core pods<br />
@@ -5322,8 +5601,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Scanning DB engine<br />
-**Options**: postgres|inmem<br />
-**Default**: postgres<br />
+**Options**:<br />
+**Default**: mysql<br />
 **Example**:
 
 ```yaml
@@ -5331,7 +5610,7 @@ sysdig:
   secure:
     scanning:
       retentionMgr:
-        scanningDBEngine: postgres
+        scanningDBEngine: mysql
 ```
 
 ## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
@@ -5586,6 +5865,102 @@ sysdig:
         memory: 50Mi
 ```
 
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to admission-controller-api PG
+migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to admission-controller-api PG
+migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 256Mi  |
+| medium       | 256Mi  |
+| large        | 256Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        memory: 256Mi
+```
+
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule admission-controller-api
+PG migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      requests:
+        cpu: 100m
+```
+
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule admission-controller-api
+PG migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    admission-controller-api-pg-migrate:
+      requests:
+        memory: 50Mi
+```
+
 ## **sysdig.resources.reporting-init.limits.cpu**
 
 **Required**: `false`<br />
@@ -6527,8 +6902,9 @@ sysdig:
 ```yaml
 sysdig:
   natsJs:
-    natsbox:
-      enabled: true
+    nats:
+      natsbox:
+        enabled: true
 ```
 
 ## **sysdig.natsJs.natsTLSGenerator.enabled**
@@ -6742,6 +7118,98 @@ sysdig:
         gomemlimit: 900MiB
 ```
 
+## **sysdig.resources.nats-streaming.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2      |
+| medium       | 2      |
+| large        | 2      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        cpu: 2
+```
+
+## **sysdig.resources.nats-streaming.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 2Gi    |
+| medium       | 2Gi    |
+| large        | 2Gi    |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      limits:
+        memory: 2Gi
+```
+
+## **sysdig.resources.nats-streaming.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        cpu: 250m
+```
+
+## **sysdig.resources.nats-streaming.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule nats-streaming pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 1Gi      |
+| medium       | 1Gi      |
+| large        | 1Gi      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    nats-streaming:
+      requests:
+        memory: 1Gi
+```
+
 ## **sysdig.resources.activity-audit-api.limits.cpu**
 
 **Required**: `false`<br />
@@ -8116,13 +8584,14 @@ sysdig:
 ## **sysdig.cassandraReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Cassandra replicas<br />
+**Description**: Number of Cassandra replicas, this is a noop for clusters of
+`size` `small`.<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 3     |
+| small        | 1     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8318,13 +8787,14 @@ sysdig:
 ## **sysdig.elasticsearchReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of ElasticSearch replicas<br />
+**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
+`size` `small`.<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 3     |
+| small        | 1     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8377,6 +8847,27 @@ sysdig:
   workerReplicaCount: 7
 ```
 
+## **sysdig.alerterReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
+of `size` `small`.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 3     |
+| large        | 5     |
+
+**Example**:
+
+```yaml
+sysdig:
+  alerterReplicaCount: 7
+```
+
 ## **sysdig.eventsGathererReplicaCount**
 
 **Required**: `false`<br />
@@ -8635,6 +9126,7 @@ sysdig:
 sysdig:
   collector:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.collector.certificate.generate**
@@ -8718,9 +9210,25 @@ sysdig:
 sysdig:
   worker:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
+```
+
+## **sysdig.alerter.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom configuration for Sysdig Alerter jvm.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+sysdig:
+  alerter:
+    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
+      -XX:-UseContainerSupport
 ```
 
-## **sysdig.secure.eventsForwarder.enabledIntegrations**
+## **sysdig.eventsForwarderEnabledIntegrations**
 
 **Required**: `false`<br />
 **Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br />
@@ -8730,9 +9238,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      enabledIntegrations: "MCM,QRADAR"
+  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
 ```
 
 ## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
@@ -8868,15 +9374,15 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: which scanning database engine to use. <br />
-**Options**: postgres<br />
-**Default**: postgres<br />
+**Options**: mysql<br />
+**Default**: "mysql"<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
     veJanitor:
-      scanningDbEngine: postgres
+      scanningDbEngine: "mysql"
 ```
 
 ## **sysdig.metadataService.enabled**
@@ -10041,15 +10547,16 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat API JVM.<br />
 **Options**:<br />
-**Default**: <br />
-<span>
+**Default**:
+
+```
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
 -Dlogging.level.com.sysdig.meerkat.api.server.adapter.TimeSeriesGAdapter=DEBUG
 -Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.RealTimeQueryServiceImpl=DEBUG
 -Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.MeerkatClientDNSGrpcResolver=DEBUG
 -Dsysdig.meerkat.cassandra.features.queryAllMetricDescriptorsEnabled=true
-</span>
+```
 
 **Example**:
 
@@ -10156,12 +10663,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator JVM.<br />
 **Options**:<br />
-**Default**: <br/>
-<span>
+**Default**:
+
+```
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
-</span>
-
+```
 
 **Example**:
 
@@ -10375,8 +10882,9 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Collector JVM.<br />
 **Options**:<br />
-**Default**: <br/>
-<span>
+**Default**:
+
+```
 -Dsysdig.cassandra.auto-schema=true
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
@@ -10385,7 +10893,7 @@ sysdig:
 -Dlogging.level.com.sysdig.meerkat.collector.service.MeerkatIndexer=DEBUG
 -Dlogging.level.com.sysdig.meerkat.collector.kafka.MeerkatWorker=DEBUG
 -Dlogging.level.com.sysdig.meerkat.collector.grpc.GPartsQueryServiceGrpcImpl=DEBUG
-</span>
+```
 
 **Example**:
 
@@ -10506,7 +11014,11 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Datastream JVM.<br />
 **Options**:<br />
-**Default**: -Xms1g -Xmx1g
+**Default**:
+
+```
+-Xms1g -Xmx1g
+```
 
 **Example**:
 
@@ -10534,7 +11046,7 @@ sysdig:
 ## **sysdig.kafkaVersion**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true`.<br />
+**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
 **Options**:<br />
 **Default**: 1.0.0<br />
 **Example**:
@@ -10710,7 +11222,7 @@ sysdig:
 ## **sysdig.zookeeperVersion**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true`.<br />
+**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
 **Options**:<br />
 **Default**: 1.0.0<br />
 **Example**:
@@ -10915,7 +11427,7 @@ sysdigcloud-collector                                HostAlreadyClaimed
 
 Use this overlay to avoid the error:
 
-```yaml
+```
 apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
@@ -11357,6 +11869,32 @@ sysdig:
   promqlatorVersion: 0.99.0-2022-07-12T09-19-16Z.93c0642b55
 ```
 
+## **sysdig.streamsnapVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Sysdig Streamsnap service, relevant when `sysdig.streamsnap.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
+**Example**:
+
+```yaml
+sysdig:
+  streamsnapVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
+```
+
+## ~~**sysdig.fastpathAggregatorVersion**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Sysdig Fastpath Aggregator service, relevant when `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregatorVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
+```
+
 ## **sysdig.promqlatorReplicaCount**
 
 **Required**: `false`<br />
@@ -11579,562 +12117,566 @@ sysdig:
         memory: 300Mi
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
+## **sysdig.streamsnapReplicaCount**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
+**Description**: Number of Streamsnap replicas.<br />
 **Options**:<br />
-**Default**:
+**Default**:<br />
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 1      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 3     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-agents-conf:
-      limits:
-        cpu: 500m
+  streamsnapReplicaCount: 2
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.limits.memory**
+## ~~**sysdig.fastpathAggregatorReplicaCount**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
+**Description**: Number of Fastpath Aggregator replicas.<br />
 **Options**:<br />
-**Default**:
+**Default**:<br />
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 3     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-agents-conf:
-      limits:
-        memory: 500Mi
+  fastpathAggregatorReplicaCount: 2
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
+## **sysdig.streamsnap.enabled**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 500m     |
+**Description**: Whether to enable Streamsnap or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-agents-conf:
-      requests:
-        cpu: 250m
+  streamsnap:
+    enabled: true
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.requests.memory**
+## **sysdig.streamsnap.jvmOptions**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
-**Options**:<br />
+**Description**: Custom configuration for Streamsnap jvm.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 250Mi    |
-| large        | 500Mi    |
+| cluster-size | jvmOptions |
+| ------------ | ---------- |
+| small        | -Xmx=4g    |
+| medium       | -Xmx=12g   |
+| large        | -Xmx=18g   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-agents-conf:
-      requests:
-        memory: 100Mi
+  streamsnap:
+    jvmOptions: "-Xmx=4g"
 ```
 
-## **sysdig.resources.scanningv2-collector.limits.cpu**
+## **sysdig.streamsnap.numThreadsForInterval60**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
-**Options**:<br />
+**Description**: Number of threads Streamsnap uses for the 1-minute snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 2      |
+| cluster-size | numThreadsForInterval60 |
+| ------------ | ----------------------- |
+| small        | 2                       |
+| medium       | 4                       |
+| large        | 6                       |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-collector:
-      limits:
-        cpu: 1
+  streamsnap:
+    numThreadsForInterval60: 4
 ```
 
-## **sysdig.resources.scanningv2-collector.limits.memory**
+## **sysdig.streamsnap.numThreadsForInterval600**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-collector pods<br />
-**Options**:<br />
+**Description**: Number of threads Streamsnap uses for the 10-minutes snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| cluster-size | numThreadsForInterval600 |
+| ------------ | ------------------------ |
+| small        | 1                        |
+| medium       | 2                        |
+| large        | 6                        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-collector:
-      limits:
-        memory: 1Gi
+  streamsnap:
+    numThreadsForInterval600: 2
 ```
 
-## **sysdig.resources.scanningv2-collector.requests.cpu**
+## **sysdig.streamsnap.numThreadsForInterval3600**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
-**Options**:<br />
+**Description**: Number of threads Streamsnap uses for the 1-hour snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | numThreadsForInterval3600 |
+| ------------ | ------------------------- |
+| small        | 1                         |
+| medium       | 2                         |
+| large        | 6                         |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-collector:
-      requests:
-        cpu: 500m
+  streamsnap:
+    numThreadsForInterval3600: 2
 ```
 
-## **sysdig.resources.scanningv2-collector.requests.memory**
+## **sysdig.streamsnap.numThreadsForInterval86400**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
-**Options**:<br />
+**Description**: Number of threads Streamsnap uses for the 1-day snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| cluster-size | numThreadsForInterval86400 |
+| ------------ | -------------------------- |
+| small        | 1                          |
+| medium       | 2                          |
+| large        | 6                          |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-collector:
-      requests:
-        memory: 250Mi
+  streamsnap:
+    numThreadsForInterval86400: 2
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
+## **sysdig.resources.streamsnap.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of cpu assigned to Streamsnap containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 2      |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    streamsnap:
       limits:
-        cpu: 500m
+        cpu: 8
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
+## **sysdig.resources.streamsnap.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of memory assigned to Streamsnap containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| small        | 8g     |
+| medium       | 16g    |
+| large        | 24g    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    streamsnap:
       limits:
-        memory: 1Gi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
+## **sysdig.resources.streamsnap.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of cpu required to schedule Streamsnap containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 2        |
+| medium       | 4        |
+| large        | 8        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    streamsnap:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
+## **sysdig.resources.streamsnap.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of memory required to schedule Streamsnap containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 8g       |
+| medium       | 16g      |
+| large        | 24g      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    streamsnap:
       requests:
-        memory: 250Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanningv2-policies-api.limits.cpu**
+## ~~**sysdig.fastpathAggregator.enabled**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+**Description**: Whether to enable Fastpath Aggregator or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-policies-api:
-      limits:
-        cpu: 500m
+  fastpathAggregator:
+    enabled: true
 ```
 
-## **sysdig.resources.scanningv2-policies-api.limits.memory**
+## ~~**sysdig.fastpathAggregator.jvmOptions**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
-**Options**:<br />
+**Description**: Custom configuration for the Fastpath Aggregator jvm.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| cluster-size | jvmOptions |
+| ------------ | ---------- |
+| small        | -Xmx=4g    |
+| medium       | -Xmx=12g   |
+| large        | -Xmx=16g   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-policies-api:
-      limits:
-        memory: 1Gi
+  fastpathAggregator:
+    jvmOptions: "-Xmx=4g"
 ```
 
-## **sysdig.resources.scanningv2-policies-api.requests.cpu**
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval60**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
-**Options**:<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 1-minute snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | numThreadsForInterval60 |
+| ------------ | ----------------------- |
+| small        | 2                       |
+| medium       | 4                       |
+| large        | 4                       |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-policies-api:
-      requests:
-        cpu: 250m
+  fastpathAggregator:
+    numThreadsForInterval60: 4
 ```
 
-## **sysdig.resources.scanningv2-policies-api.requests.memory**
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval600**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
-**Options**:<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 10-minutes snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| cluster-size | numThreadsForInterval600 |
+| ------------ | ------------------------ |
+| small        | 1                        |
+| medium       | 2                        |
+| large        | 2                        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-policies-api:
-      requests:
-        memory: 250Mi
+  fastpathAggregator:
+    numThreadsForInterval600: 2
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval3600**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 1-hour snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval3600 |
+| ------------ | ------------------------- |
+| small        | 1                         |
+| medium       | 2                         |
+| large        | 2                         |
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregator:
+    numThreadsForInterval3600: 2
+```
+
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval86400**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 1-day snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval86400 |
+| ------------ | -------------------------- |
+| small        | 1                          |
+| medium       | 2                          |
+| large        | 2                          |
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregator:
+    numThreadsForInterval86400: 2
+```
+
+## ~~**sysdig.resources.fastpathAggregator.limits.cpu**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to Fastpath Aggregator containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    fastpathAggregator:
       limits:
-        cpu: 500m
+        cpu: 8
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.limits.memory**
+## ~~**sysdig.resources.fastpathAggregator.limits.memory**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
+**Description**: The amount of memory assigned to Fastpath Aggregator containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| small        | 8g     |
+| medium       | 16g    |
+| large        | 24g    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    fastpathAggregator:
       limits:
-        memory: 1Gi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
+## ~~**sysdig.resources.fastpathAggregator.requests.cpu**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
+**Description**: The amount of cpu required to schedule Fastpath Aggregator containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 2        |
+| medium       | 4        |
+| large        | 8        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    fastpathAggregator:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.requests.memory**
+## ~~**sysdig.resources.fastpathAggregator.requests.memory**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
+**Description**: The amount of memory required to schedule Fastpath Aggregator containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 8g       |
+| medium       | 16g      |
+| large        | 24g      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    fastpathAggregator:
       requests:
-        memory: 250Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
+## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
+**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 500m   |
-| medium       | 1      |
-| large        | 2      |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-agents-conf:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
+## **sysdig.resources.scanningv2-agents-conf.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
+**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-agents-conf:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
+## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-agents-conf:
       requests:
-        cpu: 500m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
+## **sysdig.resources.scanningv2-agents-conf.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
+**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-agents-conf:
       requests:
-        memory: 250Mi
+        memory: 100Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
+## **sysdig.resources.scanningv2-collector.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
+**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12142,22 +12684,22 @@ sysdig:
 | ------------ | ------ |
 | small        | 1      |
 | medium       | 1      |
-| large        | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-collector:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
+## **sysdig.resources.scanningv2-collector.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
+**Description**: The amount of memory assigned to scanningv2-collector pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12165,97 +12707,97 @@ sysdig:
 | ------------ | ------ |
 | small        | 1Gi    |
 | medium       | 1Gi    |
-| large        | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-collector:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
+## **sysdig.resources.scanningv2-collector.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-collector:
       requests:
-        cpu: 250m
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
+## **sysdig.resources.scanningv2-collector.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
+**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-collector:
       requests:
-        memory: 50Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
+**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 500m   |
-| medium       | 500m   |
-| large        | 1      |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-scheduler:
+    scanningv2-pkgmeta-api:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
+**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
+| small        | 1Gi    |
 | medium       | 1Gi    |
 | large        | 2Gi    |
 
@@ -12264,67 +12806,67 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-scheduler:
+    scanningv2-pkgmeta-api:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 250m     |
-| large        | 500m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-scheduler:
+    scanningv2-pkgmeta-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
+**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 250Mi    |
-| large        | 500Mi    |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-scheduler:
+    scanningv2-pkgmeta-api:
       requests:
-        memory: 100Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
+## **sysdig.resources.scanningv2-policies-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
+**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
+| small        | 500m   |
 | medium       | 1      |
 | large        | 1      |
 
@@ -12333,15 +12875,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-policies-api:
       limits:
-        cpu: 1
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
+## **sysdig.resources.scanningv2-policies-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
+**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12356,15 +12898,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-policies-api:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
+## **sysdig.resources.scanningv2-policies-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12379,15 +12921,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-policies-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
+## **sysdig.resources.scanningv2-policies-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
+**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12402,15 +12944,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-policies-api:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12425,15 +12967,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-riskmanager-api:
+    scanningv2-reporting-api:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12448,15 +12990,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-riskmanager-api:
+    scanningv2-reporting-api:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12471,15 +13013,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-riskmanager-api:
+    scanningv2-reporting-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12494,15 +13036,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-riskmanager-api:
+    scanningv2-reporting-api:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12510,45 +13052,45 @@ sysdig:
 | ------------ | ------ |
 | small        | 500m   |
 | medium       | 1      |
-| large        | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-scanresults-api:
+    scanningv2-reporting-generator:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-scanresults-api:
+    scanningv2-reporting-generator:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12556,68 +13098,68 @@ sysdig:
 | ------------ | -------- |
 | small        | 500m     |
 | medium       | 1        |
-| large        | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-scanresults-api:
+    scanningv2-reporting-generator:
       requests:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-scanresults-api:
+    scanningv2-reporting-generator:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
+| small        | 1      |
 | medium       | 1      |
-| large        | 2      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-vulns-api:
+    scanningv2-reporting-janitor:
       limits:
-        cpu: 500m
+        cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12625,2407 +13167,1169 @@ sysdig:
 | ------------ | ------ |
 | small        | 1Gi    |
 | medium       | 1Gi    |
-| large        | 2Gi    |
+| large        | 1Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-vulns-api:
+    scanningv2-reporting-janitor:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-vulns-api:
+    scanningv2-reporting-janitor:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-vulns-api:
+    scanningv2-reporting-janitor:
       requests:
-        memory: 250Mi
+        memory: 50Mi
 ```
 
-## **sysdig.secureOnly**
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Enable product optimizations for secure that break monitor.<br />
-**Options**: `true|false`<br />
-**Default**: `false`
+**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secureOnly: true
+  resources:
+    scanningv2-reporting-scheduler:
+      limits:
+        cpu: 500m
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.enable**
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
-**Options**: `true|false`<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
+**Options**:<br />
 **Default**:
 
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: false
+  resources:
+    scanningv2-reporting-scheduler:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.host**
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
-is configured.<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        host: my-awesome-proxy.my-awesome-domain.com
+  resources:
+    scanningv2-reporting-scheduler:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.noProxy**
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        noProxy: my-awesome.domain.com, 192.168.0.0/16
+  resources:
+    scanningv2-reporting-scheduler:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.password**
+## **sysdig.resources.scanningv2-reporting-worker-host.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The password used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker-host pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        password: F00B@r!
+  resources:
+    scanningv2-reporting-worker-host:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.port**
+## **sysdig.resources.scanningv2-reporting-worker-host.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The port the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
-configured it defaults to 80.<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker-host pods<br />
 **Options**:<br />
-**Default**: `80`<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        port: 3128
+  resources:
+    scanningv2-reporting-worker-host:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.protocol**
+## **sysdig.resources.scanningv2-reporting-worker-host.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
-**Options**: `http|https`<br />
-**Default**: `http`<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-host pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        protocol: https
+  resources:
+    scanningv2-reporting-worker-host:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.user**
+## **sysdig.resources.scanningv2-reporting-worker-host.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The user used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker-host pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        user: alice
-```
-
-## **sysdig.secure.certman.proxy.enable**
-
-**Required**: `false`<br />
-**Description**: Set proxy settings for secure certman (overrides global settings)<br />
-**Options**: `true|false`<br />
-**Default**:
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: false
-```
-
-## **sysdig.secure.certman.proxy.host**
-
-**Required**: `false`<br />
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable)
-is configured.<br />
-**Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        host: my-awesome-proxy.my-awesome-domain.com
-```
-
-## **sysdig.secure.certman.proxy.noProxy**
-
-**Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
-**Options**:<br />
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        noProxy: my-awesome.domain.com, 192.168.0.0/16
-```
-
-## **sysdig.secure.certman.proxy.password**
-
-**Required**: `false`<br />
-**Description**: The password used to access the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
-**Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        password: F00B@r!
+  resources:
+    scanningv2-reporting-worker-host:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.secure.certman.proxy.port**
+## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The port the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) is listening on. If this is not
-configured it defaults to 80.<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker-k8s pods<br />
 **Options**:<br />
-**Default**: `80`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        port: 3128
-```
-
-## **sysdig.secure.certman.proxy.protocol**
+**Default**:
 
-**Required**: `false`<br />
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) .<br />
-**Options**: `http|https`<br />
-**Default**: `http`<br />
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        protocol: https
+  resources:
+    scanningv2-reporting-worker-k8s:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.certman.proxy.user**
+## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The user used to access the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker-k8s pods<br />
 **Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        user: alice
-```
-
-## **sysdig.postgresDatabases.PRWSInternalIngestion**
-
-**Required**: `false`<br />
-**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-prw-internal-ingestion-db-external.com
-      port: 5432
-      db: prws_internal_ingestion
-      username: prws_internal_ingestion_user
-      password: my_prws_internal_ingestion_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+**Default**:
 
-## **sysdig.beacon.prwsInternalIngestionEnabled**
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
-**Required**: `false`<br />
-**Description**: Enable Prom Remote Write Internal Ingestion<br />
-**Options**:<br />
-**Default**:`false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  beacon:
-    prwsInternalIngestionEnabled: true
+  resources:
+    scanningv2-reporting-worker-k8s:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.prwsInternalIngestionReplicaCount**
+## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of PRWS Internal Ingestion replicas<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-k8s pods<br />
 **Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  prwsInternalIngestionReplicaCount: 5
-```
-
-## **sysdig.prwsInternalIngestion.jvmOptions**
+**Default**:
 
-**Required**: `false`<br />
-**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
-**Options**:<br />
-**Default**:<br />
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    jvmOptions: |-
-      -Xms12g -Xmx12g
+  resources:
+    scanningv2-reporting-worker-k8s:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.prwsInternalIngestion.ingress**
+## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker-k8s pods<br />
 **Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  prwsInternalIngestion:
-    ingress:
-      - name: my-prws-internal-ingestion
-        omitBaseAnnotations: true
-        annotations:
-          haproxy-ingress.github.io/timeout-server: 20s
-          haproxy-ingress.github.io/config-backend: |
-            retries 2
-        labels:
-          app.kubernetes.io/managed-by: ingress-config
-          app.kubernetes.io/name: ingress-config
-          app.kubernetes.io/part-of: sysdigcloud
-          role: ingress-config
-          tier: infra
-        hosts:
-          - host: my-app.my-domain.com
-            sslSecretName: ssl-secret
-            paths:
-              - path: /api
-                serviceName: my-service-name
-                servicePort: 9510
-```
-
-## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
-
-**Required**: `false`<br />
-**Description**: Enable private endpoint communication for PRWS Internal Ingestion
-**Options**: `true|false`<br />
-**Default**: <br />
-**Example**:
-
-```yaml
-sysdig:
-  prwsInternalIngestion:
-    privateEndpointCommunicationEnforcement: false
-```
-
-## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
+**Default**:
 
-**Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names that can
-override the `privateEndpointCommunicationEnforcement`.
-**Options**:<br />
-**Default**:<br />
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    privateEndpointCommunicationEnforcement: false
-    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
+  resources:
+    scanningv2-reporting-worker-k8s:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.secure.netsec.rateLimit**
+## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Netsec api rate limit.<br />
+**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 200   |
-| medium       | 200   |
-| large        | 200   |
-
-## **sysdig.secure.scanningv2.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      enabled: true
-```
-
-## **sysdig.secure.scanningv2.proxy**
-
-**Required**: `false`<br />
-**Description**: Enables use of a proxy for two ScanningV2 services: PkgMeta and VulnAPI.<br />
-**Options**:<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-  secure:
-    scanningv2:
-      proxy:
-        defaultNoProxy: "https://foo.bar"
-        user: "user01"
-        password: "password"
-        noProxy: "localhost"
-        enable: true
-        host: "myproxy.example.com"
-        port: 3128
-        protocol: "http"
-```
-**Related parameters**: <br />
-<span>
-sysdig.secure.scanningv2.proxy.enable
-sysdig.secure.scanningv2.proxy.defaultNoProxy
-sysdig.secure.scanningv2.proxy.user
-sysdig.secure.scanningv2.proxy.noProxy
-sysdig.secure.scanningv2.proxy.host
-sysdig.secure.scanningv2.proxy.port
-sysdig.secure.scanningv2.proxy.protocol
-</span>
-
-## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
-
-**Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      vulnsApi:
-        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
-```
-
-## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
-
-**Required**: `false`<br />
-**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
-**Options**:<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      vulnsApi:
-        remoteSaaSTlsSkip: true
-```
-
-## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
-
-**Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      pkgMetaApi:
-        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
-```
-
-## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
-
-**Required**: `false`<br />
-**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
-**Options**:<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      pkgMetaApi:
-        remoteSaaSTlsSkip: true
-```
-
-## **sysdig.secure.scanningv2.reporting.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        enabled: true
-```
-
-## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
-
-**Required**: `false`<br />
-**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
-**Options**:<br />
-**Default**: "0 3 \* \* \*"<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        reportingJanitor:
-          schedule: "0 3 * * *"
-```
-
-## **sysdig.secure.scanningv2.reporting.storageDriver**
-
-**Required**: `false`<br />
-**Description**: Storage kind for the generated reports<br />
-**Options**: postgres, s3<br />
-**Default**: postgres<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        storageDriver: postgres
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.bucket**
-
-**Required**: `false`<br />
-**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          bucket: secure-scanningv2-reporting
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.endpoint**
-
-**Required**: `false`<br />
-**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          endpoint: s3.example.com
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.region**
-
-**Required**: `false`<br />
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          region: us-east-1
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
-
-**Required**: `false`<br />
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          accessKeyId: AKIAIOSFODNN7EXAMPLE
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
-
-**Required**: `false`<br />
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
-
-**Required**: `false`<br />
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-```
-
-## **sysdig.secure.scanningv2.customCerts**
-
-**Required**: `false`<br />
-**Description**:
-To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
-
-This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
-**Options**: `true|false`<br />
-**Default**: false<br />
-**Example**:
-
-```bash
-# In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/scanningv2-custom-certs
-certs/scanningv2-custom-certs/certificate1.pem
-certs/scanningv2-custom-certs/certificate2.pem
-values.yaml
-```
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      customCerts: true
-```
-
-## **sysdig.secure.scanningv2.airgappedFeeds**
-
-**Required**: `false`<br />
-**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      airgappedFeeds: true
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.enabled**
-**Required**: `false`<br />
-**Description**: Enables the ScanRequestor BE component. By default it is set at true; setting it at false disables the ScanRequestor. If this flag is set at false also the **sysdig.secure.scanningv2.agentsConf.isBackendScanningEnabled** must be set at `false`<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        enabled: true
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.deploymentType**
-**Required**: `false`<br />
-**Description**: Defines whether the ScanRequestor should exploit MinIO as S3 storage. Setting the value at `onprem` enables the initialization job required for the ScanRequestor to set-up required buckets on MinIO and triggers the deployment of MinIO in on-prem. If set at `saas` the storage type for the SR will be s3, if not set or empty SR will use cassandra. <br/>
-**Options**: `onprem|saas|empty`<br />
-**Default**: `empty`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        deploymentType: saas
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.loggingLevel**
-**Required**: `false`<br />
-**Description**: Sets the log level for the scan requestor component<br/>
-**Options**: `TRACE|DEBUG|INFO|WARN|ERROR`<br />
-**Default**: `INFO`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        loggingLevel: INFO
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.serviceAccount**
-**Required**: `false`<br />
-**Description**: Sets the service account (name) used to access the (S3) storage in case the selected storage type is S3.<br/>
-**Default**: `sysdig`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        serviceAccount: sysdig
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.type**
-**Required**: `false`<br />
-**Description**: Sets the type of storage is used by the ScanRequestor to persist its state.<br/>
-**Options**: `S3|cassandra`<br />
-**Default**: `cassandra`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          type: cassandra
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.bucketName**
-**Required**: `false`<br />
-**Description**: Sets the name of the bucket on which the ScanRequestor will store state and staging information, if the selected storage type is `S3`.<br/>
-**Default**: `scan-requestor`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          bucketName: "scan-requestor"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.endpoint**
-**Required**: `false`<br />
-**Description**: Sets the URl of the S3 service to use as storage, if the selected storage type is S3<br/>
-**Default**: `https://sysdigcloud-minio-hl.<namespace>.svc.cluster.local:9000`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          endpoint: https://sysdigcloud-minio-hl.sysdigloud.svc.cluster.local:9000
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.region**
-**Required**: `false`<br />
-**Description**: Sets the region S3 service to use as storage, if the selected storage type is S3. Set to `auto` for MinIO deployments.<br/>
-**Default**: `auto`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          region: auto
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.retentionTime**
-**Required**: `false`<br />
-**Description**: Sets the bucket retention time, if the selected storage type is S3 and the deployment is onprem (i.e., MinIO is used).<br/>
-**Default**: `2`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          retentionTime: 2
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.caCrt**
-**Required**: `false`<br />
-**Description**: Sets the certificate of the S3 service to use as storage, if the selected storage type is S3<br/>
-**Default**: `/opt/certs/minio-tls-ca/public.crt`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          caCrt: "/opt/certs/minio-tls-ca/public.crt"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.enabled**
-**Required**: `false`<br />
-**Description**: Enables the (PostgreSQL) Request Store used by the SR to store the ScanNow and ACValidation queue of requests.<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          requestStore: 
-            enabled: true
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestMaxAge**
-**Required**: `false`<br />
-**Description**: The maximum age for requests to be considered still valid/pending<br/>
-**Default**: `1h`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          requestStore: 
-            requestMaxAge: "1h"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestReplyTimeout**
-**Required**: `false`<br />
-**Description**: The period of time after which a scan request (in the ScanNow flow) is considered failed if no response is received.<br/>
-**Default**: `30s`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          requestStore: 
-            requestReplyTimeout: 30s
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.hosts**
-**Required**: `false`<br />
-**Description**: The URL of cassandra server(s).<br/>
-**Default**: `sysdigcloud-cassandra:9042`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            hosts: "sysdigcloud-cassandra:9042"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.keyspace**
-**Required**: `false`<br />
-**Description**: The cassandra key space to use for storing ScanRequestor tables.<br/>
-**Default**: `sysdig_scanning`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            keyspace: "sysdig_scanning"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.protocolVersion**
-**Required**: `false`<br />
-**Description**: The protocol version used to communicate with Cassandra<br/>
-**Default**: `3`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            protocolVersion: "3"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.replicationFactor**
-**Required**: `false`<br />
-**Description**: The replication factor to use for ScanRequestor tables.<br/>
-**Default**: `3`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            replicationFactor: "3"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.datacenter**
-**Required**: `false`<br />
-**Description**: The datacenter identifier to be used for cassandra communication.<br/>
-**Default**: `datacenter1`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            datacenter: "datacenter1"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.requestTimeout**
-**Required**: `false`<br />
-**Description**: The timeout for cassandra requests.<br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            requestTimeout: "3s"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxReadRequests**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            maxReadRequests: ""
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxWriteRequests**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            maxWriteRequests: ""
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionEnabled**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            compressionEnabled: true
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionThreshold**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            compressionThreshold: ""
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.Metadata**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            ttlSec: 
-              metadata: "86400"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.state**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            ttlSec: 
-              state: "86400"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.events**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            ttlSec: 
-              events: "86400"
-```
-
-## **sysdig.s3.scanRequestor.accessKeyId**
-**Required**: `false`<br />
-**Description**: The S3 access-key id to be used when the storage type is set at S3.<br/>
-**Default**: `scanningv2_scanrequestor`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    scanRequestor:
-      accessKeyId: "a-key"
-```
-## **sysdig.s3.scanRequestor.secretAccessKey**
-**Required**: `false`<br />
-**Description**: The S3 secret access-key id to be used when the storage type is set at S3.<br/>
-**Default**: `random`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    scanRequestor:
-      secretAccessKey: "DLGJdgoiefebefhbhdfuhvbEAFBVAUGWUEghdwbYUWREG"
-```
-
-## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.interval**
-**Required**: `false`<br />
-**Description**: The interval between two subsequent processing of messages in the ScanRequestor staging area. Should be no lower than `5m`<br/>
-**Default**: `5m`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor:
-        requestPartitionProcessingScheduler:
-          interval: "5m"
-```
-
-## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.startDelay**
-**Required**: `false`<br />
-**Description**: The initial delay in staging area scheduled processing.<br/>
-**Default**: `10s`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor:
-        requestPartitionProcessingScheduler:
-          startDelay: "10s"
-```
-
-## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.timeout**
-**Required**: `false`<br />
-**Description**: The timeout for getting partition processing requests from NATS.<br/>
-**Default**: `30s`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor:
-        requestPartitionProcessingScheduler:
-          timeout: "30s"
-```
-
-## **sysdig.secure.scanningv2.scanRequestor.partitionProcessing.deleteObjectsAfter**
-**Required**: `false`<br />
-**Description**: A flag requiring to delete events from the staging area, as soon as they are processed. Must be `true` when using the S3 MinIO backend to avoid incurring into premature end of available inodes.<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor:
-        partitionProcessing:
-          deleteObjectsAfter: true
-```
-
-## **sysdig.platformService.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable the platform-service deployment<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    enabled: false
-```
-
-## **sysdig.platformService.audit.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable sending of audit data for platform-service<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    audit:
-      enabled: false
-```
-
-## **sysdig.platformService.ingestion.endpoint**
-
-**Required**: `false`<br />
-**Description**: Endpoint where platform-service will send data for Sysdig Platform Audit<br/>
-**Default**: `sysdigcloud-events-ingestion:3000`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    ingestion:
-      endpoint: sysdigcloud-events-ingestion:3000
-```
-
-## **sysdig.platformService.server.port.metric**
-
-**Required**: `false`<br />
-**Description**: Server port that will be used to serve metrics data<br/>
-**Default**: `25000`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    server:
-      port:
-        metric: 25000
-```
-
-## **sysdig.platformService.server.port.health**
-
-**Required**: `false`<br />
-**Description**: Server port that will be used to serve health checker endpoint<br/>
-**Default**: `8083`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    server:
-      port:
-        health: 8083
-```
-
-## **sysdig.platformService.pdf.server.port.rest**
-
-**Required**: `false`<br />
-**Description**: PDF service server port that will serve HTTP requests<br/>
-**Default**: `7000`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    pdf:
-      server:
-        port:
-          rest: 7000
-```
-
-## **sysdig.platformService.pdf.server.port.grpc**
-
-**Required**: `false`<br />
-**Description**: PDF service server port that will serve GRPC requests<br/>
-**Default**: `5051`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    pdf:
-      server:
-        port:
-          grpc: 5051
-```
-
-## **sysdig.platformService.alerts.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable Platform Alerts service<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      enabled: false
-```
-
-## **sysdig.platformService.alerts.serviceToken**
-
-**Required**: `false`<br />
-**Description**: Service token used to identify platform service for service calls to other services<br />
-**Default**: `change_me`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      serviceToken: change_me
-
-
-## **sysdig.platformService.alerts.server.port.grpc**
-
-**Required**: `false`<br />
-**Description**: Platform Alerts service server port that will serve GRPC requests<br/>
-**Default**: `5052`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      server:
-        port:
-          grpc: 5052
-```
-
-## **sysdig.platformService.alerts.server.port.rest**
-
-**Required**: `false`<br />
-**Description**: Platform Alerts service server port that will serve HTTP requests<br/>
-**Default**: `7004`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      server:
-        port:
-          rest: 7004
-```
-
-## **sysdig.platformService.alerts.server.enableEventsEndpoints**
-
-**Required**: `false`<br />
-**Description**: Enable or disable test endpoints that will send fake events<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      server:
-        enableEventsEndpoints: false
-```
-
-## **sysdig.platformService.alerts.ticketing.url**
-
-**Required**: `false`<br />
-**Description**: URL of the ticketing service which platform alerts will call to create Jira tickets<br/>
-**Default**: `http://sysdigcloud-ticketing-api:7001`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      ticketing:
-        url: http://sysdigcloud-ticketing-api:7001
-```
-
-## **sysdig.platformService.alerts.monitor.url**
-
-**Required**: `false`<br />
-**Description**: Base URL for monitor API calls<br/>
-**Default**: `http://sysdigcloud-api:8080`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      monitor:
-        url: http://sysdigcloud-api:8080
-```
-
-## **sysdig.platformService.alerts.monitor.cache.expiration**
-
-**Required**: `false`<br />
-**Description**: Expiration time of the cache for monitor API calls<br/>
-**Default**: `5m`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      monitor:
-        cache:
-          expiration: 5m
-```
-
-## **sysdig.platformService.alerts.monitor.cache.cleanup**
-
-**Required**: `false`<br />
-**Description**: Time after which cache for monitor API calls will be cleanup<br/>
-**Default**: `10m`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      monitor:
-        cache:
-          cleanup: 10m
-```
-
-## **sysdig.platformService.alerts.nats.js.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable NATS for platform alerts service<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          enabled: false
-```
-
-## **sysdig.platformService.alerts.nats.js.url**
-
-**Required**: `false`<br />
-**Description**: Url of the NATS server that platform alerts service will connect to<br/>
-**Default**: `nats`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          url: nats
-```
-
-## **sysdig.platformService.alerts.nats.js.clientName**
-
-**Required**: `false`<br />
-**Description**: Client name for platform alerts service<br/>
-**Default**: `sysdigcloud-platform-alerts-api`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          clientName: sysdigcloud-platform-alerts-api
-```
-
-## **sysdig.platformService.alerts.nats.js.tls.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable TLS connection for NATS<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          tls:
-            enabled: true
-```
-
-## **sysdig.platformService.alerts.nats.js.tls.cert**
-
-**Required**: `false`<br />
-**Description**: TLS certificate for NATS connection<br/>
-**Default**: `/opt/certs/nats-js-tls-certs/ca.crt`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          tls:
-            cert: /opt/certs/nats-js-tls-certs/ca.crt
-```
-
-## **sysdig.platformService.alerts.nats.js.migrationFile**
-
-**Required**: `false`<br />
-**Description**: Location of the json migration file<br/>
-**Default**: `/nats/migrations/streams.json`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          migrationFile: /nats/migrations/streams.json
-```
-
-## **sysdig.platformService.alerts.nats.js.risk.consumer.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable NATS consumer for Risk integration<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            consumer:
-              enabled: false
-```
-
-## **sysdig.platformService.alerts.nats.js.risk.consumer.name**
-
-**Required**: `false`<br />
-**Description**: Name of NATS consumer for Risk integration<br/>
-**Default**: `risk-consumer`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            consumer:
-              name: risk-consumer
-```
-
-## **sysdig.platformService.alerts.nats.js.risk.consumer.stream**
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
-**Required**: `false`<br />
-**Description**: NATS stream name of consumer for Risk integration<br/>
-**Default**: `risk-alerts`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            consumer:
-              stream: risk-alerts
+  resources:
+    scanningv2-riskmanager-api:
+      limits:
+        cpu: 500m
 ```
 
-## **sysdig.platformService.alerts.nats.js.risk.consumer.subjects**
+## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: NATS subjects name of consumer for Risk integration<br/>
-**Default**: `risk.>`<br />
+**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            consumer:
-              subjects: risks-alerts.*
+  resources:
+    scanningv2-riskmanager-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.platformService.alerts.nats.js.risk.consumer.timeoutRetryMaxWait**
+## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Max retry wait time for consumer for Risk integration<br/>
-**Default**: `10s`<br />
+**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            consumer:
-              timeoutRetryMaxWait: 10s
+  resources:
+    scanningv2-riskmanager-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.platformService.alerts.nats.js.risk.notifier.enabled**
+## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Enable or disable NATS notifier publishing for Risk integration<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            notifier:
-              enabled: false
+  resources:
+    scanningv2-riskmanager-api:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.platformService.alerts.nats.js.risk.notifier.stream**
+## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Name of a NATS stream for publishing events to notifier for Risk integration<br/>
-**Default**: `notifier-notifications-1`<br />
+**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            notifier:
-              stream: notifier-notifications-1
+  resources:
+    scanningv2-scanresults-api:
+      limits:
+        cpu: 500m
 ```
 
-
-## **sysdig.platformService.alerts.nats.js.risk.notifier.subject**
+## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: NATS subject for publishing events to notifier for Risk integration<br/>
-**Default**: `notifier.notifications.1.risk`<br />
+**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            notifier:
-              subject: notifier.notifications.1.risk
+  resources:
+    scanningv2-scanresults-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.consumer.enabled**
+## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Enable or disable NATS consumer for VM integration<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            consumer:
-              enabled: false
+  resources:
+    scanningv2-scanresults-api:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.consumer.name**
+## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Name of NATS consumer for VM integration<br/>
-**Default**: `vm-consumer`<br />
+**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 500Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            consumer:
-              name: vm-consumer
+  resources:
+    scanningv2-scanresults-api:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.consumer.stream**
+## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: NATS stream name of consumer for VM integration<br/>
-**Default**: `secure-vm-notifier-integrations`<br />
+**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            consumer:
-              stream: secure-vm-notifier-integrations
+  resources:
+    scanningv2-vulns-api:
+      limits:
+        cpu: 500m
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.consumer.subjects**
+## **sysdig.resources.scanningv2-vulns-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: NATS subjects name of consumer for VM integration<br/>
-**Default**: `secure.vm.notifier.integrations.jira`<br />
+**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            consumer:
-              subjects: secure.vm.notifier.integrations.jira
+  resources:
+    scanningv2-vulns-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.consumer.timeoutRetryMaxWait**
+## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Max retry wait time for consumer for VM integration<br/>
-**Default**: `10s`<br />
+**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            consumer:
-              timeoutRetryMaxWait: 10s
+  resources:
+    scanningv2-vulns-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.notifier.enabled**
+## **sysdig.resources.scanningv2-vulns-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Enable or disable NATS notifier publishing for VM integration<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            notifier:
-              enabled: false
+  resources:
+    scanningv2-vulns-api:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.notifier.stream**
+## **sysdig.secureOnly**
 
 **Required**: `false`<br />
-**Description**: Name of a NATS stream for publishing events to notifier for VM integration<br/>
-**Default**: `notifier-notifications-1`<br />
+**Description**: Enable product optimizations for secure that break monitor.<br />
+**Options**: `true|false`<br />
+**Default**: `false`
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            notifier:
-              stream: notifier-notifications-1
+  secureOnly: true
 ```
 
-
-## **sysdig.platformService.alerts.nats.js.vm.notifier.subject**
+## **sysdig.secure.eventsForwarder.proxy.enable**
 
 **Required**: `false`<br />
-**Description**: NATS subject for publishing events to notifier for VM integration<br/>
-**Default**: `false`<br />
+**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
+**Options**: `true|false`<br />
+**Default**:
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            notifier:
-              subject: notifier.notifications.1.vm
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: false
 ```
 
-## **sysdig.platformService.alerts.workers.notification.enabled**
+## **sysdig.secure.eventsForwarder.proxy.host**
 
 **Required**: `false`<br />
-**Description**: Enables or disables workers for sending notifications in batches to alerts-notifier<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
+is configured.<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      workers:
-        notification:
-          enabled: true
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.platformService.alerts.workers.notification.pollInterval**
+## **sysdig.secure.eventsForwarder.proxy.noProxy**
 
 **Required**: `false`<br />
-**Description**: Pooling time interval that will read unsend notifications<br/>
-**Default**: `500ms`<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Options**:<br />
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      workers:
-        notification:
-          pollInterval: 500ms
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.platformService.alerts.workers.notification.batchSize**
+## **sysdig.secure.eventsForwarder.proxy.password**
 
 **Required**: `false`<br />
-**Description**: Number of events that will be sent from platform alerts to alert-notifier<br/>
-**Default**: `50`<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      workers:
-        notification:
-          batchSize: 50
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        password: F00B@r!
 ```
 
+## **sysdig.secure.eventsForwarder.proxy.port**
 
-## **sysdig.secure.ticketing.enabled**
+**Required**: `false`<br />
+**Description**: The port the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
+**Options**:<br />
+**Default**: `80`<br />
 
-**Required**: `false`<br />
-**Description**: Enable or disable the ticketing service deployment<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      enabled: false
+    eventsForwarder:
+      proxy:
+        enable: true
+        port: 3128
 ```
 
-## **sysdig.secure.ticketing.audit.enabled**
+## **sysdig.secure.eventsForwarder.proxy.protocol**
 
 **Required**: `false`<br />
-**Description**: Enable or disable sending of audit data for ticketing service<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      audit:
-        enabled: false
+    eventsForwarder:
+      proxy:
+        enable: true
+        protocol: https
 ```
 
-## **sysdig.secure.ticketing.jiraClientMaxRetries**
+## **sysdig.secure.eventsForwarder.proxy.user**
 
 **Required**: `false`<br />
-**Description**: Number of max retries for Jira client<br/>
-**Default**: `5`<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      jiraClientMaxRetries: 5
+    eventsForwarder:
+      proxy:
+        enable: true
+        user: alice
 ```
 
-## **sysdig.secure.ticketing.jiraClientBaseWait**
+## **sysdig.postgresDatabases.PRWSInternalIngestion**
 
 **Required**: `false`<br />
-**Description**: Jira client base wait time<br/>
-**Default**: `1s`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraClientBaseWait: 1s
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-prw-internal-ingestion-db-external.com
+      port: 5432
+      db: prws_internal_ingestion
+      username: prws_internal_ingestion_user
+      password: my_prws_internal_ingestion_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.secure.ticketing.jiraClientMaxWait**
+## **sysdig.beacon.prwsInternalIngestionEnabled**
 
 **Required**: `false`<br />
-**Description**: Max wait time for Jira client<br/>
-**Default**: `30s`<br />
+**Description**: Enable Prom Remote Write Internal Ingestion<br />
+**Options**:<br />
+**Default**:`false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraClientMaxWait: 30s
+  beacon:
+    prwsInternalIngestionEnabled: true
 ```
 
-## **sysdig.secure.ticketing.jiraClientJitterMaxMillis**
+## **sysdig.prwsInternalIngestionReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Max number for Jira client jitter in milliseconds<br/>
-**Default**: `1000`<br />
+**Description**: Number of PRWS Internal Ingestion replicas<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraClientJitterMaxMillis: 1000
+  prwsInternalIngestionReplicaCount: 5
 ```
 
-## **sysdig.secure.ticketing.jiraCacheDefaultExpiration**
+## **sysdig.prwsInternalIngestion.jvmOptions**
 
 **Required**: `false`<br />
-**Description**: Jira cache will expire after this period<br/>
-**Default**: `15m`<br />
+**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraCacheDefaultExpiration: 15m
+  prwsInternalIngestion:
+    jvmOptions: |-
+      -Xms12g -Xmx12g
 ```
 
-## **sysdig.secure.ticketing.jiraCacheCleanupInterval**
+## **sysdig.prwsInternalIngestion.ingress**
 
 **Required**: `false`<br />
-**Description**: Time interval for Jira cache cleanup<br/>
-**Default**: `1m`<br />
+**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraCacheCleanupInterval: 1m
+  prwsInternalIngestion:
+    ingress:
+      - name: my-prws-internal-ingestion
+        omitBaseAnnotations: true
+        annotations:
+          haproxy-ingress.github.io/timeout-server: 20s
+          haproxy-ingress.github.io/config-backend: |
+            retries 2
+        labels:
+          app.kubernetes.io/managed-by: ingress-config
+          app.kubernetes.io/name: ingress-config
+          app.kubernetes.io/part-of: sysdigcloud
+          role: ingress-config
+          tier: infra
+        hosts:
+          - host: my-app.my-domain.com
+            sslSecretName: ssl-secret
+            paths:
+              - path: /api
+                serviceName: my-service-name
+                servicePort: 9510
 ```
 
-## **sysdig.secure.ticketing.jiraAssignableMaxResults**
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
 
 **Required**: `false`<br />
-**Description**: Number of max results that you can assign to<br/>
-**Default**: `2000`<br />
+**Description**: Enable private endpoint communication for PRWS Internal Ingestion
+**Options**: `true|false`<br />
+**Default**: <br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraAssignableMaxResults: 2000
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
 ```
 
-## **sysdig.secure.ticketing.jiraSyncIssuesCronExpr**
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
 
 **Required**: `false`<br />
-**Description**: Expression for cron job for Jira sync issues job<br/>
-**Default**: `0 0 * * * *`<br />
+**Description**: Comma separated list of addresses or domain names that can
+override the `privateEndpointCommunicationEnforcement`.
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraSyncIssuesCronExpr: "0 0 * * * *"
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
+    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.secure.ticketing.jiraCreateIssuesCronExpr**
+## **sysdig.secure.netsec.rateLimit**
 
 **Required**: `false`<br />
-**Description**: Expression for cron job for Jira create issues job<br/>
-**Default**: `0 0 * * * *`<br />
-**Example**:
+**Description**: Netsec api rate limit.<br />
+**Options**:<br />
+**Default**:<br />
 
-```yaml
-sysdig:
-  secure:
-    ticketing:
-      jiraCreateIssuesCronExpr: "0 0 * * * *"
-```
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 200   |
+| medium       | 200   |
+| large        | 200   |
 
-## **sysdig.secure.ticketing.jiraCreateIssuesOrchestratorInterval**
+## **sysdig.secure.scanningv2.enabled**
 
 **Required**: `false`<br />
-**Description**: Time interval for creating issues orchestrator<br/>
-**Default**: `5m`<br />
+**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      jiraCreateIssuesOrchestratorInterval: 5m
+    scanningv2:
+      enabled: true
 ```
 
-## **sysdig.secure.ticketing.jiraCreateIssuesWorkersMinWait**
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
-**Required**: `false`<br />
-**Description**: Min wait time for create issues from workers to compleate<br/>
-**Default**: `1s`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      jiraCreateIssuesWorkersMinWait: 1s
+    scanningv2:
+      vulnsApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
 ```
 
-## **sysdig.secure.ticketing.jiraCreateIssuesWorkersMaxWait**
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
 
 **Required**: `false`<br />
-**Description**: Max wait time for create issues from workers to compleate<br/>
-**Default**: `5s`<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
+**Default**: `false`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      jiraCreateIssuesWorkersMaxWait: 5s
+    scanningv2:
+      vulnsApi:
+        remoteSaaSTlsSkip: true
 ```
 
-## **sysdig.secure.ticketing.jiraMaxAttachmentSize**
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
-**Required**: `false`<br />
-**Description**: Sets maximum size for jira attachment in bytes<br/>
-**Default**: `1048576`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      jiraMaxAttachmentSize: 1048576
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
 ```
 
-## **sysdig.secure.ticketing.hardDeleteIntegrationAPIEnabled**
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
 
 **Required**: `false`<br />
-**Description**: Enables or disables hard delete of integrations in ticketing service<br/>
-**Options**: `true|false`<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
 **Default**: `false`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      hardDeleteIntegrationAPIEnabled: false
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSTlsSkip: true
 ```
 
-## **sysdig.secure.ticketing.natsJS.migrationFile**
+## **sysdig.secure.scanningv2.reporting.enabled**
 
 **Required**: `false`<br />
-**Description**: Location of the json migration file<br/>
-**Default**: `/nats/migrations/streams.json`<br />
+**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        migrationFile: /nats/migrations/streams.json
+    scanningv2:
+      reporting:
+        enabled: true
 ```
 
-## **sysdig.secure.ticketing.natsJS.url**
+## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
 
 **Required**: `false`<br />
-**Description**: Url of the NATS server that ticketing service will connect to<br/>
-**Default**: `nats`<br />
+**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
+**Options**:<br />
+**Default**: "0 3 \* \* \*"<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        url: nats
+    scanningv2:
+      reporting:
+        reportingJanitor:
+          schedule: "0 3 * * *"
 ```
 
-## **sysdig.secure.ticketing.natsJS.secure.enabled**
+## **sysdig.secure.scanningv2.reporting.storageDriver**
 
 **Required**: `false`<br />
-**Description**: Enables or disables NATS in ticketing service<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+**Description**: Storage kind for the generated reports<br />
+**Options**: postgres, s3<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        secure:
-          enabled: true
+    scanningv2:
+      reporting:
+        storageDriver: postgres
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.deliverPolicyAll**
+## **sysdig.secure.scanningv2.reporting.aws.bucket**
 
 **Required**: `false`<br />
-**Description**: Enables or disables deliverPolicyAll for NATS attachments consumer in ticketing service<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          deliverPolicyAll: true
+    scanningv2:
+      reporting:
+        aws:
+          bucket: secure-scanningv2-reporting
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.durable**
+## **sysdig.secure.scanningv2.reporting.aws.endpoint**
 
 **Required**: `false`<br />
-**Description**: Name of NATS durable consumer for consuming attachments events for ticketing service<br/>
-**Default**: `add_attachment_to_issue_consumer`<br />
+**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          durable: add_attachment_to_issue_consumer
+    scanningv2:
+      reporting:
+        aws:
+          endpoint: s3.example.com
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.name**
+## **sysdig.secure.scanningv2.reporting.aws.region**
 
 **Required**: `false`<br />
-**Description**: Name of NATS consumer for consuming attachments events for ticketing service<br/>
-**Default**: `add_attachment_to_issue_consumer`<br />
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          name: add_attachment_to_issue_consumer
+    scanningv2:
+      reporting:
+        aws:
+          region: us-east-1
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.pull**
+## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
 
 **Required**: `false`<br />
-**Description**: Enable or disable pulling events for attachments consumer for ticketing service<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          pull: true
+    scanningv2:
+      reporting:
+        aws:
+          accessKeyId: AKIAIOSFODNN7EXAMPLE
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.streamName**
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
 
 **Required**: `false`<br />
-**Description**: Name of a NATS stream for consuming attachment events for ticketing service<br/>
-**Default**: `jira_attachments`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          streamName: jira_attachments
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.subject**
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
 
 **Required**: `false`<br />
-**Description**: NATS subject for consuming attachments events for ticketing service<br/>
-**Default**: `jira_attachments.add_to_issue`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          subject: jira_attachments.add_to_issue
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.maxDeliver**
+## **sysdig.secure.scanningv2.customCerts**
 
 **Required**: `false`<br />
-**Description**: Number of max retries for delivering attachment<br/>
-**Default**: `3`<br />
+**Description**:
+To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
+**Options**: `true|false`<br />
+**Default**: false<br />
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/scanningv2-custom-certs
+certs/scanningv2-custom-certs/certificate1.pem
+certs/scanningv2-custom-certs/certificate2.pem
+values.yaml
+```
+
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          maxDeliver: 3
+    scanningv2:
+      customCerts: true
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.ackWait**
+## **sysdig.secure.scanningv2.airgappedFeeds**
 
 **Required**: `false`<br />
-**Description**: Time to wait for receiving ACK signal for attachments<br/>
-**Default**: `5m`<br />
+**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          ackWait: 5m
+    scanningv2:
+      airgappedFeeds: true
 ```
diff --git a/installer/docs/03-upgrade.md b/installer/docs/03-upgrade.md
index 8d280a10..1d62842b 100644
--- a/installer/docs/03-upgrade.md
+++ b/installer/docs/03-upgrade.md
@@ -1,6 +1,5 @@
-<!-- Space: IONP -->
+<!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Parent: Git Synced Docs -->
 <!-- Title: Upgrade -->
 <!-- Layout: plain -->
 
@@ -29,9 +28,9 @@ Options](../README.md#quickstart-install) for more context.
 
 <br />
 
-### Step 1 - Download the latest `values.yaml` template
+### Step 1
 
-Copy the current version `sysdig-chart/values.yaml` to your working directory.
+Copy the current version sysdig-chart/values.yaml to your working directory.
 
 ```bash
 wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
@@ -39,7 +38,7 @@ wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/ins
 
 <br />
 
-### Step 2 - Configure `values.yaml` according to your environment
+### Step 2
 
 Edit the following values:
 
@@ -96,7 +95,7 @@ would also edit the following values:
 
 <br />
 
-### Step 3 - Check differences with the old Sysdig environment
+### Step 3
 
 Run the Installer (if you are in airgapped environment make sure you follow
 instructions from installation on how to get the images to your airgapped
@@ -108,7 +107,7 @@ registry)
 
 <br />
 
-### Step 4 - Deploy Sysdig version
+### Step 4
 
 If you are fine with the differences displayed, then run:
 
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 08dda5bb..93e8012c 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -1,10 +1,9 @@
-<!-- Space: IONP -->
+<!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Parent: Git Synced Docs -->
 <!-- Title: Advanced Configuration -->
 <!-- Layout: plain -->
 
-# Advanced Configuration
+# Advanced configuration
 
 <br />
 
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index 11d63313..fe03c37c 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -1,10 +1,9 @@
-<!-- Space: IONP -->
+<!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Parent: Git Synced Docs -->
 <!-- Title: Network policies v2 in the installer -->
 <!-- Layout: plain -->
 
-# Network Policies
+# Network policies
 
 <br />
 
@@ -12,7 +11,7 @@
 
 <br />
 
-## Overview
+## Introduction
 
 The current version of Sysdig Network policies v2 supports Sysdig HAProxy Ingress and IBM Cloud IKS ALBs.
 
@@ -28,7 +27,7 @@ A validation checks that the minimal requirements for each type of environment (
 
 - if `.deployment=kubernetes`, then the `.networkPolicies.ingress.haproxy.allowedNetworks` is required
 
-- if `.deployment=iks`, then the `.networkPolicies.ingress.alb.selector` is required
+- if `.deployment=iks`, then the `.networkPolicies.ingress.alb
 
 ## Parameters
 
@@ -50,7 +49,7 @@ networkPolicies:
 
 **Required**: `false` <br />
 **Description**: to render the NetworkPolicies this flag must be set to `deny`. It works together with flag `networkPolicies.enabled`.<br />
-**Options**: `deny|allow`<br />
+**Options**: `deny`/`allow`<br />
 **Default**: `false`<br />
 
 **Example**:
diff --git a/installer/values.yaml b/installer/values.yaml
index 61466c00..93ae7ef3 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -22,14 +22,3 @@ sysdig:
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
   ingressClassName: haproxy
-  # Uncomment the following two lines to enable Sysdig Platform Audit
-  #platformAuditTrail:
-  #  enabled: true
-  # Uncomment the following lines to enable origin IP in Sysdig Platform Audit
-  #secure:
-  #  events:
-  #    audit:
-  #      config:
-  #        store:
-  #          ip:
-  #            enabled: true

From 4e730b0ad5913281250ce856b04377b4ce15c78d Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Tue, 30 Jul 2024 18:27:26 +0000
Subject: [PATCH 152/156] updating installer docs

---
 installer/README.md                           |    6 +-
 installer/docs/01-command_line_arguments.md   |  103 +-
 installer/docs/02-configuration_parameters.md | 3992 ++++++++++-------
 installer/docs/03-upgrade.md                  |   13 +-
 installer/docs/04-advanced_configuration.md   |    5 +-
 installer/docs/05-networkPolicies.md          |   11 +-
 installer/values.yaml                         |   11 +
 7 files changed, 2458 insertions(+), 1683 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index cd47ed96..ff743055 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -1,5 +1,3 @@
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=draios_installer&metric=alert_status&token=ecba04faaa549f19a05480f249fcb0113cc43ef0)](https://sonarcloud.io/summary/new_code?id=draios_installer)
-
 # Installer
 
 The Sysdig Installer tool is a collection of scripts that help automate the
@@ -58,6 +56,10 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     Valid options: aws, gke, hostPath
   - [`sysdig.license`](docs/02-configuration_parameters.md#sysdiglicense): Sysdig license key
     provided with your Sysdig purchase confirmation mail
+  - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
+    Set this parameter to `true` if you would like to use Sysdig Platform Audit.
+  - [`sysdig.secure.events.audit.config.store.ip.enabled`](docs/02-configuration_parameters.md#sysdigsecureeventsauditconfigstoreipenabled):
+  	Set this parameter to `true` if you would like to see the origin IP address in Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
   - [`sysdig.collector.dnsName`](docs/02-configuration_parameters.md#sysdigcollectordnsName):
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index cacf8877..10ded1f4 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -1,9 +1,10 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Command Line Arguments -->
 <!-- Layout: plain -->
 
-# Command line arguments explained
+# Command Line Arguments
 
 <br/>
 
@@ -13,12 +14,12 @@
 
 - installer does not deploy the `namespace.yaml` manifest.
   It expects the Namespace to exist and to match the value in `values.yaml`
-  There is no validation, in case of mismatch the installer will fail
+  If there is a mismatch, the installer will fail as no validation is in place.
 
 `--skip-pull-secret`
 
-- the services expect the pull secret to exist,
-  to have the expected name (`sysdigcloud-pull-secret`) and to allow access to the registry.
+- The services require the pull secret to exist with the expected name (`sysdigcloud-pull-secret`) and to have access to the registry.
+
 - if the pull secret is missing, the behaviour could be unpredictable:
   some Pods could start if they can find the image locally and if their `imagePullPolicy`
   is not `Always`
@@ -26,7 +27,7 @@
 
 `--skip-serviceaccount`
 
-- The user must provide SAs with the exact same name expected:
+- The user must provide service accounts with the exact same name expected:
 
 ```text
 sysdig-serviceaccount.yaml:  name: sysdig
@@ -36,10 +37,10 @@ sysdig-serviceaccount.yaml:  name: sysdig-elasticsearch
 sysdig-serviceaccount.yaml:  name: sysdig-cassandra
 ```
 
-- One implication of this is that unless the `node-to-labels` SA is added,
-  rack awareness will not work neither in Cassandra nor in ES (to be verified)
-  Another implication is that if SA(s) are missing, the user will have to `describe`
-  the STS because Pods will not start at all:
+- One implication of this is that unless the `node-to-labels` ServiceAccount is added,
+  rack awareness will not be available for any datastore.
+  Another implication is that if the  ServiceAccount(s) are missing, the user will have to `describe`
+  the StatefulSet because Pods will not start at all:
 
 ```text
 Events:
@@ -54,13 +55,19 @@ Events:
 - installer does not apply the StorageClass manifest.
   It expects the storageClassName specified in values.yaml to exist.
 
+`--disable-proxy`
+
+- This flag allows disabling an existing configuration for proxy. Several services can be configured to use a proxy to go out to the Internet. For example `scanningv2-pkgmeta`, `certmanager`, `eventsForwarder` etc.
+- If it becomes necessary to remove such configuration, this flag can be used to remove the proxy configuration.
+- This flag also applies to `generate`, `diff` and `import`.
+
 ## Command: `import`
 
 `--zookeeper-workloadname <string value>`
 
 - This is the value that will be used for the `zookeeper` StatefulSet.
 The default value is `zookeeper`, this argument must be used when the
-actual name of the STS in the cluster differs
+actual name of the StatefulSet in the cluster differs
 
 `--kafka-workloadname <value>`
 
@@ -76,8 +83,6 @@ actual name of the STS in the cluster differs
 
 ## Command: `update-license`
 
-Added November 2022, this is a new command.
-
 ** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
 
 This command performs the minimal changes and restarts to apply a new license.
@@ -97,8 +102,6 @@ This command performs the following:
 
 ## Command: `image-list`
 
-Added November 2022
-
 This command prints to `stdout` (and optionally to a file) a list of all images in a generated stack.
 
 It requires a `values.yaml` and it produces a list of images based on that `values.yaml`.
@@ -107,7 +110,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Flags
 
-`-f <filename>` - write the list to a file. **If the file exists, it is overwritten**
+`-f <filename>` - write the list to a file. If the file already exists, it will be overwritten.
 
 ### Example
 
@@ -132,7 +135,6 @@ quay.io/sysdig/postgres:12.10.0.0
 quay.io/sysdig/cp-kafka-6:0.2.1
 quay.io/sysdig/kube-rbac-proxy:v0.8.0
 quay.io/sysdig/secure-onboarding-api:6.0.0.12431
-quay.io/sysdig/nats-streaming-init:0.22.0.8
 quay.io/sysdig/ui-monitor-nginx:6.0.0.12431
 quay.io/sysdig/sysdig-worker:6.0.0.12431
 quay.io/sysdig/profiling-api:6.0.0.12431
@@ -168,7 +170,6 @@ quay.io/sysdig/haproxy-ingress:1.1.5-v0.10
 quay.io/sysdig/sysdig-meerkat-api:6.0.0.12431
 quay.io/sysdig/metadata-service-operator:1.0.1.23
 quay.io/sysdig/netsec:6.0.0.12431
-quay.io/sysdig/nats-streaming:0.22.0.8
 quay.io/sysdig/nats-exporter:0.9.0.2
 quay.io/sysdig/secure-prometheus:2.17.2
 quay.io/sysdig/opensearch-1:0.0.16
@@ -177,11 +178,10 @@ quay.io/sysdig/reporting-api:6.0.0.12431
 quay.io/sysdig/promchap:0.99.0-master.2022-11-18T13-46-40Z.d6b3d10f83
 quay.io/sysdig/redis-6:1.0.1
 quay.io/sysdig/ui-admin-nginx:6.0.0.12431
-quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
-quay.io/sysdig/cassandra-3:0.0.36
+quay.io/sysdig/cassandra:0.0.36
 quay.io/sysdig/metadata-service-server:1.10.63
 quay.io/sysdig/rapid-response-connector:6.0.0.12431
 quay.io/sysdig/secure-todo-api:6.0.0.12431
@@ -258,6 +258,69 @@ This subcommand is DEPRECATED and will be removed starting from version 6.7.0, y
 
 - Sets the `kubernetesServerVersion` within values.
 
+`--helm-install`
+
+- The installer will extract the necessary files for an installation using the `helm` command only. By default it will create a directory `helm-install` in the directory where the installer is being executed. Content of the directory:
+
+  - `values.hi.yaml`: the complete values generated by the `installer`
+  - `values.hi.nats.yaml` and `values.hi.nats.global.yaml`: values for the rendering of NATSJS
+  - `charts`: the Helm charts that make up the Sysdig onprem stack
+
+`--helm-install-out-dir`
+
+- To use a custom directory to output the files generated by `--helm-install` instead of the default.
+
+### ArgoCD Generation
+
+We have introduced a way to generate ArgoCD apps definitions so that the sysdig stack can be installed using ArgoCD.
+
+At the moment we only take care of the generation of the files, the actual deploy of these files in ArgoCD is left to the user.
+
+`--argocd (boolean)`
+
+Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated.
+NOTE: Using this flag will automatically generate the charts that you would obtain with the --helm-install CLI flag. This happens because the argoCD generation is closely linked to the specific production method of the helm-charts.
+
+`--argo-repo-url (string)`
+
+The URL of the repository that will contain the ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. The default is `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. This will be replaced within the ArgoCD apps definition files.
+
+`--argo-repo-rev (string)`
+
+The name of the branch of the repo to use. The default is `main`. This will be replaced within the ArgoCD apps definition files.
+
+example of hierarchy:
+```
+git@github.com:ORGANIZATION/SAMPLE-REPO.git
+    |
+    '- argocd-projects/
+    |        '- sysdig/
+    |        |    '- argocd/
+    |        |    |    '- sysdig-root/
+    |        |    |    '- sysdig-common-config/
+    |        |    |    '- sysdigcloud-infra/
+    |        |    |         [...]
+    |        |    '- helm-install/
+    |        |    |    '- charts/
+    |        |    |          '- chart-1/
+    |        |    |          '- chart-2/
+    |        |    |          [...]
+```
+
+`--argo-git-apps-dir (string)`
+
+Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
+If you consider the example above, the correct value for this would be `argocd-projects/sysdig/argocd`.
+
+`--argo-git-charts-dir (string)`
+
+The relative path from the repo root that will contain the folder with charts. The default is `helm-install/charts`. This will be replaced within the ArgoCD apps definition files. If you consider the example above, the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
+
+`--argo-out-dir (string)`
+
+actual output directory on file system where argocd files will be written. Default is `./argocd/`.
+
+
 ## Command: `list-resources`
 
 Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index db21a73d..8cb50643 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -1,5 +1,6 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Configuration Parameters -->
 <!-- Layout: plain -->
 
@@ -10,9 +11,8 @@
 ## **quaypullsecret**
 
 **Required**: `true`<br />
-**Description**: quay.io credentials provided with your Sysdig purchase confirmation
-mail.<br />
-**Options**:<br />
+**Description**: quay.io credentials provided with your Sysdig purchase confirmation mail.<br />
+**Options**: <br />
 **Default**: <br />
 **Example**:
 
@@ -120,7 +120,7 @@ Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/im
 **Example**:
 
 ```yaml
-#tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
+# tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
 airgapped_repository_prefix: foo/bar
 ```
 
@@ -385,7 +385,7 @@ elasticsearch:
 ## **elasticsearch.jobs.rollNodes**
 
 **Required**: `false`<br />
-**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time.<br />
+**Description**: safely roll the elasticsearch nodes, if needed, after a change in the manifests. This can potentially take several minutes per node to restart. In case of an upgrade from elasticsearch to opensearch and this is false then a cluster restart will be performed, i.e. all elasticsearch nodes will be restarted at the same time. WARNING: do not set this to true in a 5.x to 6.x upgrade scenario.<br />
 **Options**: `true|false`<br />
 **Default**: `false`<br />
 **Example**:
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.35<br />
+**Default**: 0.0.48<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.35
+    toolsImageVersion: 0.0.48
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -568,21 +568,6 @@ hostPathCustomPaths:
   postgresql: `/sysdig/pgdata`
 ```
 
-## **hostPathCustomPaths.nats**
-
-**Required**: `false`<br />
-**Description**: The directory to bind mount nats streaming (in HA mode) pod's
-`/var/lib/stan` to on the host. This parameter is relevant
-only when `storageClassProvisioner` is `hostPath`.<br />
-**Options**: <br />
-**Default**: `/var/lib/stan`<br />
-**Example**:
-
-```yaml
-hostPathCustomPaths:
-  nats: `/sysdig/stan`
-```
-
 ## **hostPathCustomPaths.natsJs**
 
 **Required**: `false`<br />
@@ -630,12 +615,23 @@ nodeaffinityLabel:
   value: sysdig
 ```
 
+## **pvStorageSize.cassandra**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Cassandra, regardless of the cluster `size` used. This option *does not* apply when [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 30Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+    cassandra: 500Gi
+```
+
 ## **pvStorageSize.large.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) large. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 300Gi<br />
 **Example**:
@@ -681,9 +677,7 @@ pvStorageSize:
 ## **pvStorageSize.medium.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) medium. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 150Gi<br />
 **Example**:
@@ -729,9 +723,7 @@ pvStorageSize:
 ## **pvStorageSize.small.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) small. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 30Gi<br />
 **Example**:
@@ -774,22 +766,6 @@ pvStorageSize:
     postgresql: 100Gi
 ```
 
-## **pvStorageSize.large.nats**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 10Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  large:
-    nats: 10Gi
-```
-
 ## **pvStorageSize.large.natsJs**
 
 **Required**: `false`<br />
@@ -806,22 +782,6 @@ pvStorageSize:
     natsJs: 50Gi
 ```
 
-## **pvStorageSize.medium.nats**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 50Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  medium:
-    nats: 50Gi
-```
-
 ## **pvStorageSize.medium.natsJs**
 
 **Required**: `false`<br />
@@ -838,22 +798,6 @@ pvStorageSize:
     natsJs: 10Gi
 ```
 
-## **pvStorageSize.small.nats**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to NATS HA in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 10Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-  small:
-    nats: 10Gi
-```
-
 ## **pvStorageSize.small.natsJs**
 
 **Required**: `false`<br />
@@ -989,12 +933,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker image tag of Cassandra.<br />
 **Options**: <br />
-**Default**: 2.1.22.5<br />
+**Default**: 4.1.3-0.0.14<br />
 **Example**:
 
 ```yaml
 sysdig:
-  cassandraVersion: 2.1.22.5
+  cassandraVersion: 4.1.3-0.0.14
 ```
 
 ## **sysdig.cassandraExporterVersion**
@@ -1002,7 +946,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: The docker `image tag` of Cassandra's Prometheus JMX exporter. Default image: `<registry>/<repository>/promcat-jmx-exporter:v0.17.0-ubi` <br />
 **Options**: <br />
-**Default**: v0.17.0-ubi<br />
+**Default**: v0.20.0-ubi<br />
 **Example**:
 
 ```yaml
@@ -1025,10 +969,10 @@ sysdig:
       extractCMD: "cat /node-labels/failure-domain.beta.kubernetes.io/zone || cat /node-labels/topology.kubernetes.io/zone"
 ```
 
-## **sysdig.cassandra.useCassandra3**
+## **sysdig.cassandra.useCassandra3** (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
+**Description**: Deprecated: Use Cassandra 3 instead of Cassandra 2. Only available for fresh installs from 4.0.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -1039,10 +983,10 @@ sysdig:
     useCassandra3: false
 ```
 
-## **sysdig.Cassandra3Version**
+## **sysdig.Cassandra3Version** (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
+**Description**: Deprecated: Specify the image version of Cassandra 3.x. Ignored if `sysdig.useCassandra3` is not set to `true`. Only supported in fresh installs from 4.0<br />
 **Options**: <br />
 **Default**: `3.11.11.1`<br />
 **Example**:
@@ -1234,10 +1178,10 @@ documentation](https://docs.datastax.com/en/archived/cassandra/2.1/cassandra/con
 sysdig:
   cassandra:
     customOverrides: |
-      hinted_handoff_enabled: false
-      concurrent_compactors: 8
-      read_request_timeout_in_ms: 10000
-      write_request_timeout_in_ms: 10000
+      concurrent_compactors: 6
+      read_request_timeout: 10000ms
+      write_request_timeout: 10000ms
+      request_timeout: 11000ms
 ```
 
 ## **sysdig.cassandra.datacenterName**
@@ -1381,6 +1325,41 @@ sysdig:
   elasticsearchVersion: 5.6.16.18
 ```
 
+## **sysdig.platformAuditTrail.enabled**
+
+**Required**: `false`<br />
+**Description**: Global flag to enable Sysdig Platform Audit in all services.
+**Required**: `false`<br />
+**Options**: `true|false` <br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformAuditTrail:
+    enabled: true
+```
+
+## **sysdig.secure.events.audit.config.store.ip.enabled**
+
+**Required**: `false`<br />
+**Description**: Global flag to enable storing of origin IP in Sysdig Platform Audit in all services.
+**Required**: `false`<br />
+**Options**: `true|false` <br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    events:
+      audit:
+        config:
+          store:
+            ip:
+              enabled: true
+```
+
 ## **sysdig.elasticsearch6Version**
 
 **Required**: `false`<br />
@@ -1394,17 +1373,30 @@ sysdig:
   elasticsearch6Version: 6.8.6.12
 ```
 
+## **sysdig.opensearchImageName**
+
+**Required**: `false`<br />
+**Description**: Docker Image name for Opensearch. Eg, for Opensearch 2: "opensearch-2".<br />
+**Options**:<br />
+**Default**: opensearch-2<br />
+**Example**:
+
+```yaml
+sysdig:
+  opensearchImageName: "opensearch-2"
+```
+
 ## **sysdig.opensearchVersion**
 
 **Required**: `false`<br />
 **Description**: The docker image tag of Opensearch.<br />
 **Options**:<br />
-**Default**: 0.0.16<br />
+**Default**: 0.0.6<br />
 **Example**:
 
 ```yaml
 sysdig:
-  opensearchVersion: 0.0.16
+  opensearchVersion: 0.0.6
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1425,11 +1417,11 @@ sysdig:
 
 ## **sysdig.skipIngressGeneration**
 
-**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
-**Required**: `false`</br>
-**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
+**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources<br />
+**Required**: `false`<br />
+**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.<br />
+**Options**: `true|false` <br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -1641,22 +1633,6 @@ sysdig:
   sysdigWorkerVersion: 3.5.1.7018
 ```
 
-## **sysdig.enableAlerter**
-
-**Required**: `false`<br />
-**Description**: This creates a separate deployment for Alerters while
-disabling this functionality in workers. **Do not modify this unless you
-know what you are doing as modifying it could have unintended
-consequences**<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  enableAlerter: true
-```
-
 ## **sysdig.alertingSystem.enabled**
 
 **Required**: `false`<br />
@@ -1837,156 +1813,6 @@ sysdig:
   natsExporterVersion: 0.0.13
 ```
 
-## **sysdig.nats.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable NATS deployment for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    enabled: true
-```
-
-## **sysdig.nats.secure.enabled**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming TLS enabled.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-```
-
-## **sysdig.nats.secure.username**
-
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
-**Description**: NATS username<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      username: somevalue
-```
-
-## **sysdig.nats.secure.password**
-
-**Required**: `true` when `sysdig.nats.secure.enabled` is set to true<br />
-**Description**: NATS password<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    secure:
-      enabled: true
-      password: somevalue
-```
-
-## **sysdig.nats.ca**
-
-**Required**: `false`<br />
-**Description**: NATS CA<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    ca: <base64(ca.pem)>
-```
-
-## **sysdig.nats.cakey**
-
-**Required**: `false`<br />
-**Description**: NATS CA KEY<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    cakey: <base64(ca.pem)>
-```
-
-## **sysdig.nats.ha.enabled**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming HA (High Availability) enabled.<br />
-**Options**:<br />
-**Default**: false<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    ha:
-      enabled: false
-```
-
-## **sysdig.nats.urlha**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming URL for HA deployment.<br />
-**Options**:<br />
-**Default**: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    urlha: nats://sysdigcloud-nats-streaming-cluster-0.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-1.sysdigcloud-nats-streaming-cluster:4222,nats://sysdigcloud-nats-streaming-cluster-2.sysdigcloud-nats-streaming-cluster:4222
-```
-
-## **sysdig.nats.urltls**
-
-**Required**: `false`<br />
-**Description**: NATS Streaming URL for TLS enabled.<br />
-**Options**:<br />
-**Default**: nats://sysdigcloud-nats-streaming-tls:4222<br />
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    urltls: nats://sysdigcloud-nats-streaming-tls:4222
-```
-
-## **sysdig.nats.hostPathNodes**
-
-**Required**: `false`<br />
-**Description**: An array of node hostnames has shown in `kubectl get node -o name` that nats streaming (in HA mode) hostPath persistent volumes should be created on. The number of nodes must be 3. This is
-required if configured [`storageClassProvisioner`](#storageclassprovisioner)
-is `hostPath`.<br />
-**Options**:<br />
-**Default**: [] <br />
-
-**Example**:
-
-```yaml
-sysdig:
-  nats:
-    hostPathNodes:
-      - my-cool-host1.com
-```
-
 ## **sysdig.openshiftUrl**
 
 **Required**: `false`<br />
@@ -2044,19 +1870,6 @@ sysdig:
   postgresVersion: 10.6.11
 ```
 
-## **sysdig.mysqlToPostgresMigrationVersion**
-
-**Required**: `false`<br />
-**Description**: The docker image tag for MySQL to PostgreSQL migration.<br />
-**Options**:<br />
-**Default**: 1.2.5-mysql-to-postgres<br />
-**Example**:
-
-```yaml
-sysdig:
-  mysqlToPostgresMigrationVersion: 1.2.5-mysql-to-postgres
-```
-
 ## **sysdig.postgresql.rootUser**
 
 **Required**: `false`<br />
@@ -2102,7 +1915,7 @@ sysdig:
 ## **sysdig.postgresql.primary**
 
 **Required**: `false`<br />
-**Description**: If set, the installer starts the mysql to postgresql migration (if not already performed), services will start in postgresql mode.<br />
+**Description**: Services will start in postgresql mode.<br />
 **Options**: `true|false`<br />
 **Default**: `true`<br />
 **Example**:
@@ -3436,12 +3249,12 @@ redisTls:
 
 A Monitor service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
 
-| Instance  | Component |
-| --------- | --------- |
-| agent     | agent     |
-| common    | common    |
+| Instance  | Component                                                 |
+| --------- | --------------------------------------------------------- |
+| agent     | agent                                                     |
+| common    | common                                                    |
 | monitor-1 | cache, distributedJobs, ibmCache, promchap, policiesCache |
-| monitor-2 | alerting, meerkat, metering, prws |
+| monitor-2 | alerting, meerkat, metering, prws                         |
 
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
 **Default**: _Redis standalone/Redis HA_<br />
@@ -3500,9 +3313,9 @@ redisClientsMonitor:
 
 A Secure service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
 
-| Instance  | Component |
-| --------- | --------- |
-| profiling | profiling |
+| Instance  | Component                                                                                             |
+| --------- | ----------------------------------------------------------------------------------------------------- |
+| profiling | profiling                                                                                             |
 | secure-1  | scanning, forensic, events, rapidResponse, overview, compliance, cloudsec, policies, netsec, padvisor |
 
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
@@ -4597,17 +4410,17 @@ sysdig:
         memory: 200Mi
 ```
 
-## **sysdig.resources.alerter.limits.cpu**
+## **sysdig.resources.collector.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to alerter pods<br />
+**Description**: The amount of cpu assigned to collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4      |
-| medium       | 8      |
+| medium       | 4      |
 | large        | 16     |
 
 **Example**:
@@ -4615,22 +4428,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    collector:
       limits:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.limits.memory**
+## **sysdig.resources.collector.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to alerter pods<br />
+**Description**: The amount of memory assigned to collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 4Gi    |
-| medium       | 8Gi    |
+| medium       | 4Gi    |
 | large        | 16Gi   |
 
 **Example**:
@@ -4638,22 +4451,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    collector:
       limits:
         memory: 10Mi
 ```
 
-## **sysdig.resources.alerter.requests.cpu**
+## **sysdig.resources.collector.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule alerter pods<br />
+**Description**: The amount of cpu required to schedule collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1        |
-| medium       | 2        |
+| medium       | 1        |
 | large        | 4        |
 
 **Example**:
@@ -4661,22 +4474,22 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
+    collector:
       requests:
         cpu: 2
 ```
 
-## **sysdig.resources.alerter.requests.memory**
+## **sysdig.resources.collector.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule alerter pods<br />
+**Description**: The amount of memory required to schedule collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 1Gi      |
-| medium       | 2Gi      |
+| medium       | 1Gi      |
 | large        | 4Gi      |
 
 **Example**:
@@ -4684,99 +4497,7 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    alerter:
-      requests:
-        memory: 200Mi
-```
-
-## **sysdig.resources.collector.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to collector pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4      |
-| medium       | 4      |
-| large        | 16     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    collector:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.collector.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to collector pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 4Gi    |
-| medium       | 4Gi    |
-| large        | 16Gi   |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    collector:
-      limits:
-        memory: 10Mi
-```
-
-## **sysdig.resources.collector.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule collector pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1        |
-| medium       | 1        |
-| large        | 4        |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    collector:
-      requests:
-        cpu: 2
-```
-
-## **sysdig.resources.collector.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule collector pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 4Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    collector:
+    collector:
       requests:
         memory: 200Mi
 ```
@@ -5601,8 +5322,8 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Scanning DB engine<br />
-**Options**:<br />
-**Default**: mysql<br />
+**Options**: postgres|inmem<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
@@ -5610,7 +5331,7 @@ sysdig:
   secure:
     scanning:
       retentionMgr:
-        scanningDBEngine: mysql
+        scanningDBEngine: postgres
 ```
 
 ## **sysdig.secure.scanning.retentionMgr.defaultValues.datePolicy**
@@ -5865,102 +5586,6 @@ sysdig:
         memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to admission-controller-api PG
-migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningAdmissionControllerApiPgMigrate:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to admission-controller-api PG
-migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 256Mi  |
-| large        | 256Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningAdmissionControllerApiPgMigrate:
-      limits:
-        memory: 256Mi
-```
-
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule admission-controller-api
-PG migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningAdmissionControllerApiPgMigrate:
-      requests:
-        cpu: 100m
-```
-
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule admission-controller-api
-PG migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    admission-controller-api-pg-migrate:
-      requests:
-        memory: 50Mi
-```
-
 ## **sysdig.resources.reporting-init.limits.cpu**
 
 **Required**: `false`<br />
@@ -6902,9 +6527,8 @@ sysdig:
 ```yaml
 sysdig:
   natsJs:
-    nats:
-      natsbox:
-        enabled: true
+    natsbox:
+      enabled: true
 ```
 
 ## **sysdig.natsJs.natsTLSGenerator.enabled**
@@ -7118,98 +6742,6 @@ sysdig:
         gomemlimit: 900MiB
 ```
 
-## **sysdig.resources.nats-streaming.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2      |
-| medium       | 2      |
-| large        | 2      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        cpu: 2
-```
-
-## **sysdig.resources.nats-streaming.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 2Gi    |
-| medium       | 2Gi    |
-| large        | 2Gi    |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      limits:
-        memory: 2Gi
-```
-
-## **sysdig.resources.nats-streaming.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        cpu: 250m
-```
-
-## **sysdig.resources.nats-streaming.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule nats-streaming pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 1Gi      |
-| medium       | 1Gi      |
-| large        | 1Gi      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    nats-streaming:
-      requests:
-        memory: 1Gi
-```
-
 ## **sysdig.resources.activity-audit-api.limits.cpu**
 
 **Required**: `false`<br />
@@ -8584,14 +8116,13 @@ sysdig:
 ## **sysdig.cassandraReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of Cassandra replicas, this is a noop for clusters of
-`size` `small`.<br />
+**Description**: Number of Cassandra replicas<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 1     |
+| small        | 3     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8787,14 +8318,13 @@ sysdig:
 ## **sysdig.elasticsearchReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Number of ElasticSearch replicas, this is a noop for clusters of
-`size` `small`.<br />
+**Description**: Number of ElasticSearch replicas<br />
 **Options**:<br />
 **Default**:<br />
 
 | cluster-size | count |
 | ------------ | ----- |
-| small        | 1     |
+| small        | 3     |
 | medium       | 3     |
 | large        | 6     |
 
@@ -8847,27 +8377,6 @@ sysdig:
   workerReplicaCount: 7
 ```
 
-## **sysdig.alerterReplicaCount**
-
-**Required**: `false`<br />
-**Description**: Number of Sysdig alerter replicas, this is a noop for clusters
-of `size` `small`.<br />
-**Options**:<br />
-**Default**:<br />
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 3     |
-| large        | 5     |
-
-**Example**:
-
-```yaml
-sysdig:
-  alerterReplicaCount: 7
-```
-
 ## **sysdig.eventsGathererReplicaCount**
 
 **Required**: `false`<br />
@@ -9126,7 +8635,6 @@ sysdig:
 sysdig:
   collector:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
 ```
 
 ## **sysdig.collector.certificate.generate**
@@ -9210,25 +8718,9 @@ sysdig:
 sysdig:
   worker:
     jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
-```
-
-## **sysdig.alerter.jvmOptions**
-
-**Required**: `false`<br />
-**Description**: Custom configuration for Sysdig Alerter jvm.<br />
-**Options**:<br />
-**Default**:<br />
-**Example**:
-
-```yaml
-sysdig:
-  alerter:
-    jvmOptions: -Xms4G -Xmx4G -Ddraios.jvm-monitoring.ticker.enabled=true
-      -XX:-UseContainerSupport
 ```
 
-## **sysdig.eventsForwarderEnabledIntegrations**
+## **sysdig.secure.eventsForwarder.enabledIntegrations**
 
 **Required**: `false`<br />
 **Description**: List of enabled integrations, e.g. "MCM,QRADAR"<br />
@@ -9238,7 +8730,9 @@ sysdig:
 
 ```yaml
 sysdig:
-  eventsForwarderEnabledIntegrations: "MCM,QRADAR"
+  secure:
+    eventsForwarder:
+      enabledIntegrations: "MCM,QRADAR"
 ```
 
 ## **sysdig.secure.scanning.admissionControllerAPI.maxDurationBeforeDisconnection**
@@ -9374,15 +8868,15 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: which scanning database engine to use. <br />
-**Options**: mysql<br />
-**Default**: "mysql"<br />
+**Options**: postgres<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
     veJanitor:
-      scanningDbEngine: "mysql"
+      scanningDbEngine: postgres
 ```
 
 ## **sysdig.metadataService.enabled**
@@ -10547,16 +10041,15 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat API JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
+**Default**: <br />
+<span>
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
 -Dlogging.level.com.sysdig.meerkat.api.server.adapter.TimeSeriesGAdapter=DEBUG
 -Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.RealTimeQueryServiceImpl=DEBUG
 -Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.MeerkatClientDNSGrpcResolver=DEBUG
 -Dsysdig.meerkat.cassandra.features.queryAllMetricDescriptorsEnabled=true
-```
+</span>
 
 **Example**:
 
@@ -10663,12 +10156,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
+**Default**: <br/>
+<span>
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
-```
+</span>
+
 
 **Example**:
 
@@ -10882,9 +10375,8 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Collector JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
+**Default**: <br/>
+<span>
 -Dsysdig.cassandra.auto-schema=true
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
@@ -10893,7 +10385,7 @@ sysdig:
 -Dlogging.level.com.sysdig.meerkat.collector.service.MeerkatIndexer=DEBUG
 -Dlogging.level.com.sysdig.meerkat.collector.kafka.MeerkatWorker=DEBUG
 -Dlogging.level.com.sysdig.meerkat.collector.grpc.GPartsQueryServiceGrpcImpl=DEBUG
-```
+</span>
 
 **Example**:
 
@@ -11014,11 +10506,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Datastream JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
--Xms1g -Xmx1g
-```
+**Default**: -Xms1g -Xmx1g
 
 **Example**:
 
@@ -11046,7 +10534,7 @@ sysdig:
 ## **sysdig.kafkaVersion**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true`.<br />
 **Options**:<br />
 **Default**: 1.0.0<br />
 **Example**:
@@ -11222,7 +10710,7 @@ sysdig:
 ## **sysdig.zookeeperVersion**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true`.<br />
 **Options**:<br />
 **Default**: 1.0.0<br />
 **Example**:
@@ -11427,7 +10915,7 @@ sysdigcloud-collector                                HostAlreadyClaimed
 
 Use this overlay to avoid the error:
 
-```
+```yaml
 apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
@@ -11869,32 +11357,6 @@ sysdig:
   promqlatorVersion: 0.99.0-2022-07-12T09-19-16Z.93c0642b55
 ```
 
-## **sysdig.streamsnapVersion**
-
-**Required**: `false`<br />
-**Description**: Docker image tag of Sysdig Streamsnap service, relevant when `sysdig.streamsnap.enabled` is `true`.<br />
-**Options**:<br />
-**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
-**Example**:
-
-```yaml
-sysdig:
-  streamsnapVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
-```
-
-## ~~**sysdig.fastpathAggregatorVersion**~~ (**Deprecated**)
-
-**Required**: `false`<br />
-**Description**: Docker image tag of Sysdig Fastpath Aggregator service, relevant when `sysdig.fastpathAggregator.enabled` is `true`.<br />
-**Options**:<br />
-**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
-**Example**:
-
-```yaml
-sysdig:
-  fastpathAggregatorVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
-```
-
 ## **sysdig.promqlatorReplicaCount**
 
 **Required**: `false`<br />
@@ -12117,566 +11579,562 @@ sysdig:
         memory: 300Mi
 ```
 
-## **sysdig.streamsnapReplicaCount**
+## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of Streamsnap replicas.<br />
+**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 3     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnapReplicaCount: 2
+  resources:
+    scanningv2-agents-conf:
+      limits:
+        cpu: 500m
 ```
 
-## ~~**sysdig.fastpathAggregatorReplicaCount**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-agents-conf.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Number of Fastpath Aggregator replicas.<br />
+**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 3     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregatorReplicaCount: 2
+  resources:
+    scanningv2-agents-conf:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.streamsnap.enabled**
+## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Whether to enable Streamsnap or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    enabled: true
+  resources:
+    scanningv2-agents-conf:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.streamsnap.jvmOptions**
+## **sysdig.resources.scanningv2-agents-conf.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Custom configuration for Streamsnap jvm.<br />
-**Options**: <br />
+**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | jvmOptions |
-| ------------ | ---------- |
-| small        | -Xmx=4g    |
-| medium       | -Xmx=12g   |
-| large        | -Xmx=18g   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    jvmOptions: "-Xmx=4g"
+  resources:
+    scanningv2-agents-conf:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval60**
+## **sysdig.resources.scanningv2-collector.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 1-minute snapshots.<br />
-**Options**: <br />
+**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval60 |
-| ------------ | ----------------------- |
-| small        | 2                       |
-| medium       | 4                       |
-| large        | 6                       |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval60: 4
+  resources:
+    scanningv2-collector:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval600**
+## **sysdig.resources.scanningv2-collector.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 10-minutes snapshots.<br />
-**Options**: <br />
+**Description**: The amount of memory assigned to scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval600 |
-| ------------ | ------------------------ |
-| small        | 1                        |
-| medium       | 2                        |
-| large        | 6                        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval600: 2
+  resources:
+    scanningv2-collector:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval3600**
+## **sysdig.resources.scanningv2-collector.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 1-hour snapshots.<br />
-**Options**: <br />
+**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval3600 |
-| ------------ | ------------------------- |
-| small        | 1                         |
-| medium       | 2                         |
-| large        | 6                         |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval3600: 2
+  resources:
+    scanningv2-collector:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval86400**
+## **sysdig.resources.scanningv2-collector.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 1-day snapshots.<br />
-**Options**: <br />
+**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval86400 |
-| ------------ | -------------------------- |
-| small        | 1                          |
-| medium       | 2                          |
-| large        | 6                          |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval86400: 2
+  resources:
+    scanningv2-collector:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.resources.streamsnap.limits.cpu**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to Streamsnap containers<br />
+**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       limits:
-        cpu: 8
+        cpu: 500m
 ```
 
-## **sysdig.resources.streamsnap.limits.memory**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to Streamsnap containers<br />
+**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8g     |
-| medium       | 16g    |
-| large        | 24g    |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       limits:
-        memory: 8Gi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.streamsnap.requests.cpu**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule Streamsnap containers<br />
+**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 2        |
-| medium       | 4        |
-| large        | 8        |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.streamsnap.requests.memory**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule Streamsnap containers<br />
+**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8g       |
-| medium       | 16g      |
-| large        | 24g      |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       requests:
-        memory: 2Gi
+        memory: 250Mi
 ```
 
-## ~~**sysdig.fastpathAggregator.enabled**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Whether to enable Fastpath Aggregator or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    enabled: true
+  resources:
+    scanningv2-policies-api:
+      limits:
+        cpu: 500m
 ```
 
-## ~~**sysdig.fastpathAggregator.jvmOptions**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Custom configuration for the Fastpath Aggregator jvm.<br />
-**Options**: <br />
+**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | jvmOptions |
-| ------------ | ---------- |
-| small        | -Xmx=4g    |
-| medium       | -Xmx=12g   |
-| large        | -Xmx=16g   |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    jvmOptions: "-Xmx=4g"
-```
-
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval60**~~ (**Deprecated**)
-
-**Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 1-minute snapshots.<br />
-**Options**: <br />
-**Default**:
-
-| cluster-size | numThreadsForInterval60 |
-| ------------ | ----------------------- |
-| small        | 2                       |
-| medium       | 4                       |
-| large        | 4                       |
-
-**Example**:
-
-```yaml
-sysdig:
-  fastpathAggregator:
-    numThreadsForInterval60: 4
-```
-
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval600**~~ (**Deprecated**)
-
-**Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 10-minutes snapshots.<br />
-**Options**: <br />
-**Default**:
-
-| cluster-size | numThreadsForInterval600 |
-| ------------ | ------------------------ |
-| small        | 1                        |
-| medium       | 2                        |
-| large        | 2                        |
-
-**Example**:
-
-```yaml
-sysdig:
-  fastpathAggregator:
-    numThreadsForInterval600: 2
+  resources:
+    scanningv2-policies-api:
+      limits:
+        memory: 1Gi
 ```
 
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval3600**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 1-hour snapshots.<br />
-**Options**: <br />
+**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval3600 |
-| ------------ | ------------------------- |
-| small        | 1                         |
-| medium       | 2                         |
-| large        | 2                         |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    numThreadsForInterval3600: 2
+  resources:
+    scanningv2-policies-api:
+      requests:
+        cpu: 250m
 ```
 
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval86400**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 1-day snapshots.<br />
-**Options**: <br />
+**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval86400 |
-| ------------ | -------------------------- |
-| small        | 1                          |
-| medium       | 2                          |
-| large        | 2                          |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    numThreadsForInterval86400: 2
+  resources:
+    scanningv2-policies-api:
+      requests:
+        memory: 250Mi
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.limits.cpu**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to Fastpath Aggregator containers<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       limits:
-        cpu: 8
+        cpu: 500m
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.limits.memory**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to Fastpath Aggregator containers<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8g     |
-| medium       | 16g    |
-| large        | 24g    |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       limits:
-        memory: 8Gi
+        memory: 1Gi
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.requests.cpu**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule Fastpath Aggregator containers<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 2        |
-| medium       | 4        |
-| large        | 8        |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.requests.memory**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule Fastpath Aggregator containers<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8g       |
-| medium       | 16g      |
-| large        | 24g      |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       requests:
-        memory: 2Gi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 500m   |
-| medium       | 500m   |
-| large        | 1      |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.limits.memory**
+## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 500m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       requests:
-        cpu: 250m
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.requests.memory**
+## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 250Mi    |
-| large        | 500Mi    |
+| small        | 250Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       requests:
-        memory: 100Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-collector.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12684,22 +12142,22 @@ sysdig:
 | ------------ | ------ |
 | small        | 1      |
 | medium       | 1      |
-| large        | 2      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-collector.limits.memory**
+## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-collector pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12707,97 +12165,97 @@ sysdig:
 | ------------ | ------ |
 | small        | 1Gi    |
 | medium       | 1Gi    |
-| large        | 2Gi    |
+| large        | 1Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-collector.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       requests:
-        cpu: 500m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-collector.requests.memory**
+## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       requests:
-        memory: 250Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 500m   |
-| medium       | 1      |
-| large        | 2      |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
+| small        | 500Mi  |
 | medium       | 1Gi    |
 | large        | 2Gi    |
 
@@ -12806,67 +12264,67 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       requests:
-        memory: 250Mi
+        memory: 100Mi
 ```
 
-## **sysdig.resources.scanningv2-policies-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
+| small        | 1      |
 | medium       | 1      |
 | large        | 1      |
 
@@ -12875,15 +12333,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       limits:
-        cpu: 500m
+        cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-policies-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12898,15 +12356,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-policies-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12921,15 +12379,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-policies-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12944,15 +12402,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
+## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12967,15 +12425,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.limits.memory**
+## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12990,15 +12448,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
+## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13013,15 +12471,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.requests.memory**
+## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13036,15 +12494,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
+## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
+**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13052,45 +12510,45 @@ sysdig:
 | ------------ | ------ |
 | small        | 500m   |
 | medium       | 1      |
-| large        | 2      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
+## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
+**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
+## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13098,68 +12556,68 @@ sysdig:
 | ------------ | -------- |
 | small        | 500m     |
 | medium       | 1        |
-| large        | 2        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       requests:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
+## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
+**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+| medium       | 500Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
+## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
+**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
+| small        | 500m   |
 | medium       | 1      |
-| large        | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       limits:
-        cpu: 1
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
+## **sysdig.resources.scanningv2-vulns-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
+**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -13167,1169 +12625,2407 @@ sysdig:
 | ------------ | ------ |
 | small        | 1Gi    |
 | medium       | 1Gi    |
-| large        | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
+## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
+## **sysdig.resources.scanningv2-vulns-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
+**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       requests:
-        memory: 50Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
+## **sysdig.secureOnly**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 1      |
+**Description**: Enable product optimizations for secure that break monitor.<br />
+**Options**: `true|false`<br />
+**Default**: `false`
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      limits:
-        cpu: 500m
+  secureOnly: true
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
+## **sysdig.secure.eventsForwarder.proxy.enable**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
-**Options**:<br />
+**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
+**Options**: `true|false`<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
-
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      limits:
-        memory: 500Mi
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: false
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
+## **sysdig.secure.eventsForwarder.proxy.host**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
+is configured.<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 500m     |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      requests:
-        cpu: 250m
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
+## **sysdig.secure.eventsForwarder.proxy.noProxy**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 250Mi    |
-| large        | 500Mi    |
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      requests:
-        memory: 100Mi
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-host.limits.cpu**
+## **sysdig.secure.eventsForwarder.proxy.password**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker-host pods<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      limits:
-        cpu: 1
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        password: F00B@r!
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-host.limits.memory**
+## **sysdig.secure.eventsForwarder.proxy.port**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker-host pods<br />
+**Description**: The port the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+**Default**: `80`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      limits:
-        memory: 1Gi
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        port: 3128
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-host.requests.cpu**
+## **sysdig.secure.eventsForwarder.proxy.protocol**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-host pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      requests:
-        cpu: 250m
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        protocol: https
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-host.requests.memory**
+## **sysdig.secure.eventsForwarder.proxy.user**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker-host pods<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker-host:
-      requests:
-        memory: 250Mi
-```
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        user: alice
+```
 
-## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.cpu**
+## **sysdig.secure.certman.proxy.enable**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker-k8s pods<br />
-**Options**:<br />
+**Description**: Set proxy settings for secure certman (overrides global settings)<br />
+**Options**: `true|false`<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: false
+```
+
+## **sysdig.secure.certman.proxy.host**
+
+**Required**: `false`<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable)
+is configured.<br />
+**Options**:<br />
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker-k8s:
-      limits:
-        cpu: 1
+  secure:
+    certman:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-k8s.limits.memory**
+## **sysdig.secure.certman.proxy.noProxy**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker-k8s pods<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
 **Options**:<br />
-**Default**:
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
+```
+
+## **sysdig.secure.certman.proxy.password**
+
+**Required**: `false`<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker-k8s:
-      limits:
-        memory: 1Gi
+  secure:
+    certman:
+      proxy:
+        enable: true
+        password: F00B@r!
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.cpu**
+## **sysdig.secure.certman.proxy.port**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker-k8s pods<br />
+**Description**: The port the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
 **Options**:<br />
-**Default**:
+**Default**: `80`<br />
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        port: 3128
+```
+
+## **sysdig.secure.certman.proxy.protocol**
+
+**Required**: `false`<br />
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker-k8s:
-      requests:
-        cpu: 250m
+  secure:
+    certman:
+      proxy:
+        enable: true
+        protocol: https
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker-k8s.requests.memory**
+## **sysdig.secure.certman.proxy.user**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker-k8s pods<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
 **Options**:<br />
-**Default**:
+**Default**:<br />
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        user: alice
+```
 
+## **sysdig.postgresDatabases.PRWSInternalIngestion**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker-k8s:
-      requests:
-        memory: 250Mi
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-prw-internal-ingestion-db-external.com
+      port: 5432
+      db: prws_internal_ingestion
+      username: prws_internal_ingestion_user
+      password: my_prws_internal_ingestion_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
+## **sysdig.beacon.prwsInternalIngestionEnabled**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
+**Description**: Enable Prom Remote Write Internal Ingestion<br />
 **Options**:<br />
-**Default**:
+**Default**:`false`<br />
+**Example**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+```yaml
+sysdig:
+  beacon:
+    prwsInternalIngestionEnabled: true
+```
+
+## **sysdig.prwsInternalIngestionReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of PRWS Internal Ingestion replicas<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestionReplicaCount: 5
+```
+
+## **sysdig.prwsInternalIngestion.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    jvmOptions: |-
+      -Xms12g -Xmx12g
+```
+
+## **sysdig.prwsInternalIngestion.ingress**
+
+**Required**: `false`<br />
+**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    ingress:
+      - name: my-prws-internal-ingestion
+        omitBaseAnnotations: true
+        annotations:
+          haproxy-ingress.github.io/timeout-server: 20s
+          haproxy-ingress.github.io/config-backend: |
+            retries 2
+        labels:
+          app.kubernetes.io/managed-by: ingress-config
+          app.kubernetes.io/name: ingress-config
+          app.kubernetes.io/part-of: sysdigcloud
+          role: ingress-config
+          tier: infra
+        hosts:
+          - host: my-app.my-domain.com
+            sslSecretName: ssl-secret
+            paths:
+              - path: /api
+                serviceName: my-service-name
+                servicePort: 9510
+```
+
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
+
+**Required**: `false`<br />
+**Description**: Enable private endpoint communication for PRWS Internal Ingestion
+**Options**: `true|false`<br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
+```
+
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
+
+**Required**: `false`<br />
+**Description**: Comma separated list of addresses or domain names that can
+override the `privateEndpointCommunicationEnforcement`.
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
+    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
+```
+
+## **sysdig.secure.netsec.rateLimit**
+
+**Required**: `false`<br />
+**Description**: Netsec api rate limit.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 200   |
+| medium       | 200   |
+| large        | 200   |
+
+## **sysdig.secure.scanningv2.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      enabled: true
+```
+
+## **sysdig.secure.scanningv2.proxy**
+
+**Required**: `false`<br />
+**Description**: Enables use of a proxy for two ScanningV2 services: PkgMeta and VulnAPI.<br />
+**Options**:<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+  secure:
+    scanningv2:
+      proxy:
+        defaultNoProxy: "https://foo.bar"
+        user: "user01"
+        password: "password"
+        noProxy: "localhost"
+        enable: true
+        host: "myproxy.example.com"
+        port: 3128
+        protocol: "http"
+```
+**Related parameters**: <br />
+<span>
+sysdig.secure.scanningv2.proxy.enable
+sysdig.secure.scanningv2.proxy.defaultNoProxy
+sysdig.secure.scanningv2.proxy.user
+sysdig.secure.scanningv2.proxy.noProxy
+sysdig.secure.scanningv2.proxy.host
+sysdig.secure.scanningv2.proxy.port
+sysdig.secure.scanningv2.proxy.protocol
+</span>
+
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      vulnsApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+```
+
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
+
+**Required**: `false`<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      vulnsApi:
+        remoteSaaSTlsSkip: true
+```
+
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+```
+
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
+
+**Required**: `false`<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSTlsSkip: true
+```
+
+## **sysdig.secure.scanningv2.reporting.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        enabled: true
+```
+
+## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
+
+**Required**: `false`<br />
+**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
+**Options**:<br />
+**Default**: "0 3 \* \* \*"<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        reportingJanitor:
+          schedule: "0 3 * * *"
+```
+
+## **sysdig.secure.scanningv2.reporting.storageDriver**
+
+**Required**: `false`<br />
+**Description**: Storage kind for the generated reports<br />
+**Options**: postgres, s3<br />
+**Default**: postgres<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        storageDriver: postgres
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.bucket**
+
+**Required**: `false`<br />
+**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          bucket: secure-scanningv2-reporting
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.endpoint**
+
+**Required**: `false`<br />
+**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          endpoint: s3.example.com
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.region**
+
+**Required**: `false`<br />
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          region: us-east-1
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
+
+**Required**: `false`<br />
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          accessKeyId: AKIAIOSFODNN7EXAMPLE
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+
+**Required**: `false`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+
+**Required**: `false`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+```
+
+## **sysdig.secure.scanningv2.customCerts**
+
+**Required**: `false`<br />
+**Description**:
+To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
+**Options**: `true|false`<br />
+**Default**: false<br />
+**Example**:
+
+```bash
+# In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/scanningv2-custom-certs
+certs/scanningv2-custom-certs/certificate1.pem
+certs/scanningv2-custom-certs/certificate2.pem
+values.yaml
+```
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      customCerts: true
+```
+
+## **sysdig.secure.scanningv2.airgappedFeeds**
+
+**Required**: `false`<br />
+**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      airgappedFeeds: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.enabled**
+**Required**: `false`<br />
+**Description**: Enables the ScanRequestor BE component. By default it is set at true; setting it at false disables the ScanRequestor. If this flag is set at false also the **sysdig.secure.scanningv2.agentsConf.isBackendScanningEnabled** must be set at `false`<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        enabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.deploymentType**
+**Required**: `false`<br />
+**Description**: Defines whether the ScanRequestor should exploit MinIO as S3 storage. Setting the value at `onprem` enables the initialization job required for the ScanRequestor to set-up required buckets on MinIO and triggers the deployment of MinIO in on-prem. If set at `saas` the storage type for the SR will be s3, if not set or empty SR will use cassandra. <br/>
+**Options**: `onprem|saas|empty`<br />
+**Default**: `empty`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        deploymentType: saas
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.loggingLevel**
+**Required**: `false`<br />
+**Description**: Sets the log level for the scan requestor component<br/>
+**Options**: `TRACE|DEBUG|INFO|WARN|ERROR`<br />
+**Default**: `INFO`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        loggingLevel: INFO
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.serviceAccount**
+**Required**: `false`<br />
+**Description**: Sets the service account (name) used to access the (S3) storage in case the selected storage type is S3.<br/>
+**Default**: `sysdig`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        serviceAccount: sysdig
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.type**
+**Required**: `false`<br />
+**Description**: Sets the type of storage is used by the ScanRequestor to persist its state.<br/>
+**Options**: `S3|cassandra`<br />
+**Default**: `cassandra`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          type: cassandra
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.bucketName**
+**Required**: `false`<br />
+**Description**: Sets the name of the bucket on which the ScanRequestor will store state and staging information, if the selected storage type is `S3`.<br/>
+**Default**: `scan-requestor`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          bucketName: "scan-requestor"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.endpoint**
+**Required**: `false`<br />
+**Description**: Sets the URl of the S3 service to use as storage, if the selected storage type is S3<br/>
+**Default**: `https://sysdigcloud-minio-hl.<namespace>.svc.cluster.local:9000`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          endpoint: https://sysdigcloud-minio-hl.sysdigloud.svc.cluster.local:9000
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.region**
+**Required**: `false`<br />
+**Description**: Sets the region S3 service to use as storage, if the selected storage type is S3. Set to `auto` for MinIO deployments.<br/>
+**Default**: `auto`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          region: auto
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.retentionTime**
+**Required**: `false`<br />
+**Description**: Sets the bucket retention time, if the selected storage type is S3 and the deployment is onprem (i.e., MinIO is used).<br/>
+**Default**: `2`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          retentionTime: 2
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.caCrt**
+**Required**: `false`<br />
+**Description**: Sets the certificate of the S3 service to use as storage, if the selected storage type is S3<br/>
+**Default**: `/opt/certs/minio-tls-ca/public.crt`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          caCrt: "/opt/certs/minio-tls-ca/public.crt"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.enabled**
+**Required**: `false`<br />
+**Description**: Enables the (PostgreSQL) Request Store used by the SR to store the ScanNow and ACValidation queue of requests.<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            enabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestMaxAge**
+**Required**: `false`<br />
+**Description**: The maximum age for requests to be considered still valid/pending<br/>
+**Default**: `1h`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            requestMaxAge: "1h"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestReplyTimeout**
+**Required**: `false`<br />
+**Description**: The period of time after which a scan request (in the ScanNow flow) is considered failed if no response is received.<br/>
+**Default**: `30s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            requestReplyTimeout: 30s
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.hosts**
+**Required**: `false`<br />
+**Description**: The URL of cassandra server(s).<br/>
+**Default**: `sysdigcloud-cassandra:9042`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            hosts: "sysdigcloud-cassandra:9042"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.keyspace**
+**Required**: `false`<br />
+**Description**: The cassandra key space to use for storing ScanRequestor tables.<br/>
+**Default**: `sysdig_scanning`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            keyspace: "sysdig_scanning"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.protocolVersion**
+**Required**: `false`<br />
+**Description**: The protocol version used to communicate with Cassandra<br/>
+**Default**: `3`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            protocolVersion: "3"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.replicationFactor**
+**Required**: `false`<br />
+**Description**: The replication factor to use for ScanRequestor tables.<br/>
+**Default**: `3`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            replicationFactor: "3"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.datacenter**
+**Required**: `false`<br />
+**Description**: The datacenter identifier to be used for cassandra communication.<br/>
+**Default**: `datacenter1`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            datacenter: "datacenter1"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.requestTimeout**
+**Required**: `false`<br />
+**Description**: The timeout for cassandra requests.<br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            requestTimeout: "3s"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxReadRequests**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            maxReadRequests: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxWriteRequests**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            maxWriteRequests: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionEnabled**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            compressionEnabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionThreshold**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            compressionThreshold: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.Metadata**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              metadata: "86400"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.state**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              state: "86400"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.events**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              events: "86400"
+```
+
+## **sysdig.s3.scanRequestor.accessKeyId**
+**Required**: `false`<br />
+**Description**: The S3 access-key id to be used when the storage type is set at S3.<br/>
+**Default**: `scanningv2_scanrequestor`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    scanRequestor:
+      accessKeyId: "a-key"
+```
+## **sysdig.s3.scanRequestor.secretAccessKey**
+**Required**: `false`<br />
+**Description**: The S3 secret access-key id to be used when the storage type is set at S3.<br/>
+**Default**: `random`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    scanRequestor:
+      secretAccessKey: "DLGJdgoiefebefhbhdfuhvbEAFBVAUGWUEghdwbYUWREG"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.interval**
+**Required**: `false`<br />
+**Description**: The interval between two subsequent processing of messages in the ScanRequestor staging area. Should be no lower than `5m`<br/>
+**Default**: `5m`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          interval: "5m"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.startDelay**
+**Required**: `false`<br />
+**Description**: The initial delay in staging area scheduled processing.<br/>
+**Default**: `10s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          startDelay: "10s"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.timeout**
+**Required**: `false`<br />
+**Description**: The timeout for getting partition processing requests from NATS.<br/>
+**Default**: `30s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          timeout: "30s"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.partitionProcessing.deleteObjectsAfter**
+**Required**: `false`<br />
+**Description**: A flag requiring to delete events from the staging area, as soon as they are processed. Must be `true` when using the S3 MinIO backend to avoid incurring into premature end of available inodes.<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        partitionProcessing:
+          deleteObjectsAfter: true
+```
+
+## **sysdig.platformService.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable the platform-service deployment<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    enabled: false
+```
+
+## **sysdig.platformService.audit.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable sending of audit data for platform-service<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    audit:
+      enabled: false
+```
+
+## **sysdig.platformService.ingestion.endpoint**
+
+**Required**: `false`<br />
+**Description**: Endpoint where platform-service will send data for Sysdig Platform Audit<br/>
+**Default**: `sysdigcloud-events-ingestion:3000`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    ingestion:
+      endpoint: sysdigcloud-events-ingestion:3000
+```
+
+## **sysdig.platformService.server.port.metric**
+
+**Required**: `false`<br />
+**Description**: Server port that will be used to serve metrics data<br/>
+**Default**: `25000`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    server:
+      port:
+        metric: 25000
+```
+
+## **sysdig.platformService.server.port.health**
+
+**Required**: `false`<br />
+**Description**: Server port that will be used to serve health checker endpoint<br/>
+**Default**: `8083`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    server:
+      port:
+        health: 8083
+```
+
+## **sysdig.platformService.pdf.server.port.rest**
+
+**Required**: `false`<br />
+**Description**: PDF service server port that will serve HTTP requests<br/>
+**Default**: `7000`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    pdf:
+      server:
+        port:
+          rest: 7000
+```
+
+## **sysdig.platformService.pdf.server.port.grpc**
+
+**Required**: `false`<br />
+**Description**: PDF service server port that will serve GRPC requests<br/>
+**Default**: `5051`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    pdf:
+      server:
+        port:
+          grpc: 5051
+```
+
+## **sysdig.platformService.alerts.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable Platform Alerts service<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      enabled: false
+```
+
+## **sysdig.platformService.alerts.serviceToken**
+
+**Required**: `false`<br />
+**Description**: Service token used to identify platform service for service calls to other services<br />
+**Default**: `change_me`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      serviceToken: change_me
+
+
+## **sysdig.platformService.alerts.server.port.grpc**
+
+**Required**: `false`<br />
+**Description**: Platform Alerts service server port that will serve GRPC requests<br/>
+**Default**: `5052`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      server:
+        port:
+          grpc: 5052
+```
+
+## **sysdig.platformService.alerts.server.port.rest**
+
+**Required**: `false`<br />
+**Description**: Platform Alerts service server port that will serve HTTP requests<br/>
+**Default**: `7004`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      server:
+        port:
+          rest: 7004
+```
+
+## **sysdig.platformService.alerts.server.enableEventsEndpoints**
+
+**Required**: `false`<br />
+**Description**: Enable or disable test endpoints that will send fake events<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      server:
+        enableEventsEndpoints: false
+```
+
+## **sysdig.platformService.alerts.ticketing.url**
+
+**Required**: `false`<br />
+**Description**: URL of the ticketing service which platform alerts will call to create Jira tickets<br/>
+**Default**: `http://sysdigcloud-ticketing-api:7001`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      ticketing:
+        url: http://sysdigcloud-ticketing-api:7001
+```
+
+## **sysdig.platformService.alerts.monitor.url**
+
+**Required**: `false`<br />
+**Description**: Base URL for monitor API calls<br/>
+**Default**: `http://sysdigcloud-api:8080`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      monitor:
+        url: http://sysdigcloud-api:8080
+```
+
+## **sysdig.platformService.alerts.monitor.cache.expiration**
+
+**Required**: `false`<br />
+**Description**: Expiration time of the cache for monitor API calls<br/>
+**Default**: `5m`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      monitor:
+        cache:
+          expiration: 5m
+```
+
+## **sysdig.platformService.alerts.monitor.cache.cleanup**
+
+**Required**: `false`<br />
+**Description**: Time after which cache for monitor API calls will be cleanup<br/>
+**Default**: `10m`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      monitor:
+        cache:
+          cleanup: 10m
+```
+
+## **sysdig.platformService.alerts.nats.js.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable NATS for platform alerts service<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          enabled: false
+```
+
+## **sysdig.platformService.alerts.nats.js.url**
+
+**Required**: `false`<br />
+**Description**: Url of the NATS server that platform alerts service will connect to<br/>
+**Default**: `nats`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          url: nats
+```
+
+## **sysdig.platformService.alerts.nats.js.clientName**
+
+**Required**: `false`<br />
+**Description**: Client name for platform alerts service<br/>
+**Default**: `sysdigcloud-platform-alerts-api`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          clientName: sysdigcloud-platform-alerts-api
+```
+
+## **sysdig.platformService.alerts.nats.js.tls.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable TLS connection for NATS<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          tls:
+            enabled: true
+```
+
+## **sysdig.platformService.alerts.nats.js.tls.cert**
+
+**Required**: `false`<br />
+**Description**: TLS certificate for NATS connection<br/>
+**Default**: `/opt/certs/nats-js-tls-certs/ca.crt`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          tls:
+            cert: /opt/certs/nats-js-tls-certs/ca.crt
+```
+
+## **sysdig.platformService.alerts.nats.js.migrationFile**
+
+**Required**: `false`<br />
+**Description**: Location of the json migration file<br/>
+**Default**: `/nats/migrations/streams.json`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          migrationFile: /nats/migrations/streams.json
+```
+
+## **sysdig.platformService.alerts.nats.js.risk.consumer.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable NATS consumer for Risk integration<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              enabled: false
+```
+
+## **sysdig.platformService.alerts.nats.js.risk.consumer.name**
+
+**Required**: `false`<br />
+**Description**: Name of NATS consumer for Risk integration<br/>
+**Default**: `risk-consumer`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              name: risk-consumer
+```
+
+## **sysdig.platformService.alerts.nats.js.risk.consumer.stream**
 
+**Required**: `false`<br />
+**Description**: NATS stream name of consumer for Risk integration<br/>
+**Default**: `risk-alerts`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      limits:
-        cpu: 500m
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              stream: risk-alerts
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
+## **sysdig.platformService.alerts.nats.js.risk.consumer.subjects**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
-
+**Description**: NATS subjects name of consumer for Risk integration<br/>
+**Default**: `risk.>`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      limits:
-        memory: 1Gi
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              subjects: risks-alerts.*
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
+## **sysdig.platformService.alerts.nats.js.risk.consumer.timeoutRetryMaxWait**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
-
+**Description**: Max retry wait time for consumer for Risk integration<br/>
+**Default**: `10s`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      requests:
-        cpu: 250m
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              timeoutRetryMaxWait: 10s
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
+## **sysdig.platformService.alerts.nats.js.risk.notifier.enabled**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
-
+**Description**: Enable or disable NATS notifier publishing for Risk integration<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      requests:
-        memory: 250Mi
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            notifier:
+              enabled: false
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
+## **sysdig.platformService.alerts.nats.js.risk.notifier.stream**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
-
+**Description**: Name of a NATS stream for publishing events to notifier for Risk integration<br/>
+**Default**: `notifier-notifications-1`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      limits:
-        cpu: 500m
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            notifier:
+              stream: notifier-notifications-1
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
-**Options**:<br />
-**Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+## **sysdig.platformService.alerts.nats.js.risk.notifier.subject**
 
+**Required**: `false`<br />
+**Description**: NATS subject for publishing events to notifier for Risk integration<br/>
+**Default**: `notifier.notifications.1.risk`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      limits:
-        memory: 500Mi
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            notifier:
+              subject: notifier.notifications.1.risk
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.enabled**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
+**Description**: Enable or disable NATS consumer for VM integration<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      requests:
-        cpu: 500m
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              enabled: false
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.name**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 500Mi    |
-
+**Description**: Name of NATS consumer for VM integration<br/>
+**Default**: `vm-consumer`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      requests:
-        memory: 250Mi
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              name: vm-consumer
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.stream**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 2      |
-
+**Description**: NATS stream name of consumer for VM integration<br/>
+**Default**: `secure-vm-notifier-integrations`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      limits:
-        cpu: 500m
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              stream: secure-vm-notifier-integrations
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.limits.memory**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.subjects**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
-
+**Description**: NATS subjects name of consumer for VM integration<br/>
+**Default**: `secure.vm.notifier.integrations.jira`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      limits:
-        memory: 1Gi
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              subjects: secure.vm.notifier.integrations.jira
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.timeoutRetryMaxWait**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
-
+**Description**: Max retry wait time for consumer for VM integration<br/>
+**Default**: `10s`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      requests:
-        cpu: 250m
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              timeoutRetryMaxWait: 10s
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.requests.memory**
+## **sysdig.platformService.alerts.nats.js.vm.notifier.enabled**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
-
+**Description**: Enable or disable NATS notifier publishing for VM integration<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      requests:
-        memory: 250Mi
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            notifier:
+              enabled: false
 ```
 
-## **sysdig.secureOnly**
+## **sysdig.platformService.alerts.nats.js.vm.notifier.stream**
 
 **Required**: `false`<br />
-**Description**: Enable product optimizations for secure that break monitor.<br />
-**Options**: `true|false`<br />
-**Default**: `false`
-
+**Description**: Name of a NATS stream for publishing events to notifier for VM integration<br/>
+**Default**: `notifier-notifications-1`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secureOnly: true
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            notifier:
+              stream: notifier-notifications-1
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.enable**
 
-**Required**: `false`<br />
-**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
-**Options**: `true|false`<br />
-**Default**:
+## **sysdig.platformService.alerts.nats.js.vm.notifier.subject**
 
+**Required**: `false`<br />
+**Description**: NATS subject for publishing events to notifier for VM integration<br/>
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: false
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            notifier:
+              subject: notifier.notifications.1.vm
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.host**
+## **sysdig.platformService.alerts.workers.notification.enabled**
 
 **Required**: `false`<br />
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
-is configured.<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Enables or disables workers for sending notifications in batches to alerts-notifier<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        host: my-awesome-proxy.my-awesome-domain.com
+  platformService:
+    alerts:
+      workers:
+        notification:
+          enabled: true
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.noProxy**
+## **sysdig.platformService.alerts.workers.notification.pollInterval**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
-**Options**:<br />
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
-
+**Description**: Pooling time interval that will read unsend notifications<br/>
+**Default**: `500ms`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        noProxy: my-awesome.domain.com, 192.168.0.0/16
+  platformService:
+    alerts:
+      workers:
+        notification:
+          pollInterval: 500ms
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.password**
+## **sysdig.platformService.alerts.workers.notification.batchSize**
 
 **Required**: `false`<br />
-**Description**: The password used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Number of events that will be sent from platform alerts to alert-notifier<br/>
+**Default**: `50`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        password: F00B@r!
+  platformService:
+    alerts:
+      workers:
+        notification:
+          batchSize: 50
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.port**
 
-**Required**: `false`<br />
-**Description**: The port the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
-configured it defaults to 80.<br />
-**Options**:<br />
-**Default**: `80`<br />
+## **sysdig.secure.ticketing.enabled**
 
+**Required**: `false`<br />
+**Description**: Enable or disable the ticketing service deployment<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        port: 3128
+    ticketing:
+      enabled: false
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.protocol**
+## **sysdig.secure.ticketing.audit.enabled**
 
 **Required**: `false`<br />
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
-**Options**: `http|https`<br />
-**Default**: `http`<br />
-
+**Description**: Enable or disable sending of audit data for ticketing service<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        protocol: https
+    ticketing:
+      audit:
+        enabled: false
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.user**
+## **sysdig.secure.ticketing.jiraClientMaxRetries**
 
 **Required**: `false`<br />
-**Description**: The user used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Number of max retries for Jira client<br/>
+**Default**: `5`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        user: alice
+    ticketing:
+      jiraClientMaxRetries: 5
 ```
 
-## **sysdig.postgresDatabases.PRWSInternalIngestion**
+## **sysdig.secure.ticketing.jiraClientBaseWait**
 
 **Required**: `false`<br />
-**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Description**: Jira client base wait time<br/>
+**Default**: `1s`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-prw-internal-ingestion-db-external.com
-      port: 5432
-      db: prws_internal_ingestion
-      username: prws_internal_ingestion_user
-      password: my_prws_internal_ingestion_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  secure:
+    ticketing:
+      jiraClientBaseWait: 1s
 ```
 
-## **sysdig.beacon.prwsInternalIngestionEnabled**
+## **sysdig.secure.ticketing.jiraClientMaxWait**
 
 **Required**: `false`<br />
-**Description**: Enable Prom Remote Write Internal Ingestion<br />
-**Options**:<br />
-**Default**:`false`<br />
+**Description**: Max wait time for Jira client<br/>
+**Default**: `30s`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  beacon:
-    prwsInternalIngestionEnabled: true
+  secure:
+    ticketing:
+      jiraClientMaxWait: 30s
 ```
 
-## **sysdig.prwsInternalIngestionReplicaCount**
+## **sysdig.secure.ticketing.jiraClientJitterMaxMillis**
 
 **Required**: `false`<br />
-**Description**: Number of PRWS Internal Ingestion replicas<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Max number for Jira client jitter in milliseconds<br/>
+**Default**: `1000`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestionReplicaCount: 5
+  secure:
+    ticketing:
+      jiraClientJitterMaxMillis: 1000
 ```
 
-## **sysdig.prwsInternalIngestion.jvmOptions**
+## **sysdig.secure.ticketing.jiraCacheDefaultExpiration**
 
 **Required**: `false`<br />
-**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Jira cache will expire after this period<br/>
+**Default**: `15m`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    jvmOptions: |-
-      -Xms12g -Xmx12g
+  secure:
+    ticketing:
+      jiraCacheDefaultExpiration: 15m
 ```
 
-## **sysdig.prwsInternalIngestion.ingress**
+## **sysdig.secure.ticketing.jiraCacheCleanupInterval**
 
 **Required**: `false`<br />
-**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Time interval for Jira cache cleanup<br/>
+**Default**: `1m`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    ingress:
-      - name: my-prws-internal-ingestion
-        omitBaseAnnotations: true
-        annotations:
-          haproxy-ingress.github.io/timeout-server: 20s
-          haproxy-ingress.github.io/config-backend: |
-            retries 2
-        labels:
-          app.kubernetes.io/managed-by: ingress-config
-          app.kubernetes.io/name: ingress-config
-          app.kubernetes.io/part-of: sysdigcloud
-          role: ingress-config
-          tier: infra
-        hosts:
-          - host: my-app.my-domain.com
-            sslSecretName: ssl-secret
-            paths:
-              - path: /api
-                serviceName: my-service-name
-                servicePort: 9510
+  secure:
+    ticketing:
+      jiraCacheCleanupInterval: 1m
 ```
 
-## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
+## **sysdig.secure.ticketing.jiraAssignableMaxResults**
 
 **Required**: `false`<br />
-**Description**: Enable private endpoint communication for PRWS Internal Ingestion
-**Options**: `true|false`<br />
-**Default**: <br />
+**Description**: Number of max results that you can assign to<br/>
+**Default**: `2000`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    privateEndpointCommunicationEnforcement: false
+  secure:
+    ticketing:
+      jiraAssignableMaxResults: 2000
 ```
 
-## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
+## **sysdig.secure.ticketing.jiraSyncIssuesCronExpr**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names that can
-override the `privateEndpointCommunicationEnforcement`.
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Expression for cron job for Jira sync issues job<br/>
+**Default**: `0 0 * * * *`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    privateEndpointCommunicationEnforcement: false
-    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
+  secure:
+    ticketing:
+      jiraSyncIssuesCronExpr: "0 0 * * * *"
 ```
 
-## **sysdig.secure.netsec.rateLimit**
+## **sysdig.secure.ticketing.jiraCreateIssuesCronExpr**
 
 **Required**: `false`<br />
-**Description**: Netsec api rate limit.<br />
-**Options**:<br />
-**Default**:<br />
+**Description**: Expression for cron job for Jira create issues job<br/>
+**Default**: `0 0 * * * *`<br />
+**Example**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 200   |
-| medium       | 200   |
-| large        | 200   |
+```yaml
+sysdig:
+  secure:
+    ticketing:
+      jiraCreateIssuesCronExpr: "0 0 * * * *"
+```
 
-## **sysdig.secure.scanningv2.enabled**
+## **sysdig.secure.ticketing.jiraCreateIssuesOrchestratorInterval**
 
 **Required**: `false`<br />
-**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
+**Description**: Time interval for creating issues orchestrator<br/>
+**Default**: `5m`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      enabled: true
+    ticketing:
+      jiraCreateIssuesOrchestratorInterval: 5m
 ```
 
-## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
-
-**Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+## **sysdig.secure.ticketing.jiraCreateIssuesWorkersMinWait**
 
+**Required**: `false`<br />
+**Description**: Min wait time for create issues from workers to compleate<br/>
+**Default**: `1s`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      vulnsApi:
-        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+    ticketing:
+      jiraCreateIssuesWorkersMinWait: 1s
 ```
 
-## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
+## **sysdig.secure.ticketing.jiraCreateIssuesWorkersMaxWait**
 
 **Required**: `false`<br />
-**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
-**Options**:<br />
-**Default**: `false`<br />
-
+**Description**: Max wait time for create issues from workers to compleate<br/>
+**Default**: `5s`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      vulnsApi:
-        remoteSaaSTlsSkip: true
+    ticketing:
+      jiraCreateIssuesWorkersMaxWait: 5s
 ```
 
-## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
-
-**Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+## **sysdig.secure.ticketing.jiraMaxAttachmentSize**
 
+**Required**: `false`<br />
+**Description**: Sets maximum size for jira attachment in bytes<br/>
+**Default**: `1048576`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      pkgMetaApi:
-        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+    ticketing:
+      jiraMaxAttachmentSize: 1048576
 ```
 
-## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
+## **sysdig.secure.ticketing.hardDeleteIntegrationAPIEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
-**Options**:<br />
+**Description**: Enables or disables hard delete of integrations in ticketing service<br/>
+**Options**: `true|false`<br />
 **Default**: `false`<br />
-
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      pkgMetaApi:
-        remoteSaaSTlsSkip: true
+    ticketing:
+      hardDeleteIntegrationAPIEnabled: false
 ```
 
-## **sysdig.secure.scanningv2.reporting.enabled**
+## **sysdig.secure.ticketing.natsJS.migrationFile**
 
 **Required**: `false`<br />
-**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
+**Description**: Location of the json migration file<br/>
+**Default**: `/nats/migrations/streams.json`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        enabled: true
+    ticketing:
+      natsJS:
+        migrationFile: /nats/migrations/streams.json
 ```
 
-## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
+## **sysdig.secure.ticketing.natsJS.url**
 
 **Required**: `false`<br />
-**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
-**Options**:<br />
-**Default**: "0 3 \* \* \*"<br />
+**Description**: Url of the NATS server that ticketing service will connect to<br/>
+**Default**: `nats`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        reportingJanitor:
-          schedule: "0 3 * * *"
+    ticketing:
+      natsJS:
+        url: nats
 ```
 
-## **sysdig.secure.scanningv2.reporting.storageDriver**
+## **sysdig.secure.ticketing.natsJS.secure.enabled**
 
 **Required**: `false`<br />
-**Description**: Storage kind for the generated reports<br />
-**Options**: postgres, s3<br />
-**Default**: postgres<br />
+**Description**: Enables or disables NATS in ticketing service<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        storageDriver: postgres
+    ticketing:
+      natsJS:
+        secure:
+          enabled: true
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.bucket**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.deliverPolicyAll**
 
 **Required**: `false`<br />
-**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
+**Description**: Enables or disables deliverPolicyAll for NATS attachments consumer in ticketing service<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          bucket: secure-scanningv2-reporting
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          deliverPolicyAll: true
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.endpoint**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.durable**
 
 **Required**: `false`<br />
-**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: Name of NATS durable consumer for consuming attachments events for ticketing service<br/>
+**Default**: `add_attachment_to_issue_consumer`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          endpoint: s3.example.com
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          durable: add_attachment_to_issue_consumer
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.region**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.name**
 
 **Required**: `false`<br />
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
+**Description**: Name of NATS consumer for consuming attachments events for ticketing service<br/>
+**Default**: `add_attachment_to_issue_consumer`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          region: us-east-1
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          name: add_attachment_to_issue_consumer
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.pull**
 
 **Required**: `false`<br />
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: Enable or disable pulling events for attachments consumer for ticketing service<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          accessKeyId: AKIAIOSFODNN7EXAMPLE
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          pull: true
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.streamName**
 
 **Required**: `false`<br />
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: Name of a NATS stream for consuming attachment events for ticketing service<br/>
+**Default**: `jira_attachments`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          streamName: jira_attachments
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.subject**
 
 **Required**: `false`<br />
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: NATS subject for consuming attachments events for ticketing service<br/>
+**Default**: `jira_attachments.add_to_issue`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          subject: jira_attachments.add_to_issue
 ```
 
-## **sysdig.secure.scanningv2.customCerts**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.maxDeliver**
 
 **Required**: `false`<br />
-**Description**:
-To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
-
-This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
-**Options**: `true|false`<br />
-**Default**: false<br />
+**Description**: Number of max retries for delivering attachment<br/>
+**Default**: `3`<br />
 **Example**:
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/scanningv2-custom-certs
-certs/scanningv2-custom-certs/certificate1.pem
-certs/scanningv2-custom-certs/certificate2.pem
-values.yaml
-```
-
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      customCerts: true
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          maxDeliver: 3
 ```
 
-## **sysdig.secure.scanningv2.airgappedFeeds**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.ackWait**
 
 **Required**: `false`<br />
-**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
+**Description**: Time to wait for receiving ACK signal for attachments<br/>
+**Default**: `5m`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      airgappedFeeds: true
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          ackWait: 5m
 ```
diff --git a/installer/docs/03-upgrade.md b/installer/docs/03-upgrade.md
index 1d62842b..8d280a10 100644
--- a/installer/docs/03-upgrade.md
+++ b/installer/docs/03-upgrade.md
@@ -1,5 +1,6 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Upgrade -->
 <!-- Layout: plain -->
 
@@ -28,9 +29,9 @@ Options](../README.md#quickstart-install) for more context.
 
 <br />
 
-### Step 1
+### Step 1 - Download the latest `values.yaml` template
 
-Copy the current version sysdig-chart/values.yaml to your working directory.
+Copy the current version `sysdig-chart/values.yaml` to your working directory.
 
 ```bash
 wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
@@ -38,7 +39,7 @@ wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/ins
 
 <br />
 
-### Step 2
+### Step 2 - Configure `values.yaml` according to your environment
 
 Edit the following values:
 
@@ -95,7 +96,7 @@ would also edit the following values:
 
 <br />
 
-### Step 3
+### Step 3 - Check differences with the old Sysdig environment
 
 Run the Installer (if you are in airgapped environment make sure you follow
 instructions from installation on how to get the images to your airgapped
@@ -107,7 +108,7 @@ registry)
 
 <br />
 
-### Step 4
+### Step 4 - Deploy Sysdig version
 
 If you are fine with the differences displayed, then run:
 
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 93e8012c..08dda5bb 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -1,9 +1,10 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Advanced Configuration -->
 <!-- Layout: plain -->
 
-# Advanced configuration
+# Advanced Configuration
 
 <br />
 
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index fe03c37c..11d63313 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -1,9 +1,10 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Network policies v2 in the installer -->
 <!-- Layout: plain -->
 
-# Network policies
+# Network Policies
 
 <br />
 
@@ -11,7 +12,7 @@
 
 <br />
 
-## Introduction
+## Overview
 
 The current version of Sysdig Network policies v2 supports Sysdig HAProxy Ingress and IBM Cloud IKS ALBs.
 
@@ -27,7 +28,7 @@ A validation checks that the minimal requirements for each type of environment (
 
 - if `.deployment=kubernetes`, then the `.networkPolicies.ingress.haproxy.allowedNetworks` is required
 
-- if `.deployment=iks`, then the `.networkPolicies.ingress.alb
+- if `.deployment=iks`, then the `.networkPolicies.ingress.alb.selector` is required
 
 ## Parameters
 
@@ -49,7 +50,7 @@ networkPolicies:
 
 **Required**: `false` <br />
 **Description**: to render the NetworkPolicies this flag must be set to `deny`. It works together with flag `networkPolicies.enabled`.<br />
-**Options**: `deny`/`allow`<br />
+**Options**: `deny|allow`<br />
 **Default**: `false`<br />
 
 **Example**:
diff --git a/installer/values.yaml b/installer/values.yaml
index 93ae7ef3..61466c00 100644
--- a/installer/values.yaml
+++ b/installer/values.yaml
@@ -22,3 +22,14 @@ sysdig:
   #supports hostnetwork | loadbalancer | nodeport
   ingressNetworking: hostnetwork
   ingressClassName: haproxy
+  # Uncomment the following two lines to enable Sysdig Platform Audit
+  #platformAuditTrail:
+  #  enabled: true
+  # Uncomment the following lines to enable origin IP in Sysdig Platform Audit
+  #secure:
+  #  events:
+  #    audit:
+  #      config:
+  #        store:
+  #          ip:
+  #            enabled: true

From 01a0c7e8c1aebfbe2eecf85f295c76d7af0b332c Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Thu, 1 Aug 2024 13:36:28 +0000
Subject: [PATCH 153/156] updating installer docs

---
 installer/docs/01-command_line_arguments.md   |   47 +-
 installer/docs/02-configuration_parameters.md | 3395 ++++++-----------
 installer/docs/03-upgrade.md                  |   13 +-
 installer/docs/04-advanced_configuration.md   |    5 +-
 installer/docs/05-networkPolicies.md          |    7 +-
 5 files changed, 1122 insertions(+), 2345 deletions(-)

diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 10ded1f4..a99a9948 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -1,10 +1,9 @@
-<!-- Space: IONP -->
+<!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Parent: Git Synced Docs -->
 <!-- Title: Command Line Arguments -->
 <!-- Layout: plain -->
 
-# Command Line Arguments
+# Command line arguments explained
 
 <br/>
 
@@ -14,12 +13,12 @@
 
 - installer does not deploy the `namespace.yaml` manifest.
   It expects the Namespace to exist and to match the value in `values.yaml`
-  If there is a mismatch, the installer will fail as no validation is in place.
+  There is no validation, in case of mismatch the installer will fail
 
 `--skip-pull-secret`
 
-- The services require the pull secret to exist with the expected name (`sysdigcloud-pull-secret`) and to have access to the registry.
-
+- the services expect the pull secret to exist,
+  to have the expected name (`sysdigcloud-pull-secret`) and to allow access to the registry.
 - if the pull secret is missing, the behaviour could be unpredictable:
   some Pods could start if they can find the image locally and if their `imagePullPolicy`
   is not `Always`
@@ -27,7 +26,7 @@
 
 `--skip-serviceaccount`
 
-- The user must provide service accounts with the exact same name expected:
+- The user must provide SAs with the exact same name expected:
 
 ```text
 sysdig-serviceaccount.yaml:  name: sysdig
@@ -37,10 +36,10 @@ sysdig-serviceaccount.yaml:  name: sysdig-elasticsearch
 sysdig-serviceaccount.yaml:  name: sysdig-cassandra
 ```
 
-- One implication of this is that unless the `node-to-labels` ServiceAccount is added,
-  rack awareness will not be available for any datastore.
-  Another implication is that if the  ServiceAccount(s) are missing, the user will have to `describe`
-  the StatefulSet because Pods will not start at all:
+- One implication of this is that unless the `node-to-labels` SA is added,
+  rack awareness will not work neither in Cassandra nor in ES (to be verified)
+  Another implication is that if SA(s) are missing, the user will have to `describe`
+  the STS because Pods will not start at all:
 
 ```text
 Events:
@@ -55,19 +54,13 @@ Events:
 - installer does not apply the StorageClass manifest.
   It expects the storageClassName specified in values.yaml to exist.
 
-`--disable-proxy`
-
-- This flag allows disabling an existing configuration for proxy. Several services can be configured to use a proxy to go out to the Internet. For example `scanningv2-pkgmeta`, `certmanager`, `eventsForwarder` etc.
-- If it becomes necessary to remove such configuration, this flag can be used to remove the proxy configuration.
-- This flag also applies to `generate`, `diff` and `import`.
-
 ## Command: `import`
 
 `--zookeeper-workloadname <string value>`
 
 - This is the value that will be used for the `zookeeper` StatefulSet.
 The default value is `zookeeper`, this argument must be used when the
-actual name of the StatefulSet in the cluster differs
+actual name of the STS in the cluster differs
 
 `--kafka-workloadname <value>`
 
@@ -83,6 +76,8 @@ actual name of the StatefulSet in the cluster differs
 
 ## Command: `update-license`
 
+Added November 2022, this is a new command.
+
 ** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
 
 This command performs the minimal changes and restarts to apply a new license.
@@ -102,6 +97,8 @@ This command performs the following:
 
 ## Command: `image-list`
 
+Added November 2022
+
 This command prints to `stdout` (and optionally to a file) a list of all images in a generated stack.
 
 It requires a `values.yaml` and it produces a list of images based on that `values.yaml`.
@@ -110,7 +107,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Flags
 
-`-f <filename>` - write the list to a file. If the file already exists, it will be overwritten.
+`-f <filename>` - write the list to a file. **If the file exists, it is overwritten**
 
 ### Example
 
@@ -178,6 +175,7 @@ quay.io/sysdig/reporting-api:6.0.0.12431
 quay.io/sysdig/promchap:0.99.0-master.2022-11-18T13-46-40Z.d6b3d10f83
 quay.io/sysdig/redis-6:1.0.1
 quay.io/sysdig/ui-admin-nginx:6.0.0.12431
+quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
@@ -278,16 +276,15 @@ At the moment we only take care of the generation of the files, the actual deplo
 
 `--argocd (boolean)`
 
-Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated.
-NOTE: Using this flag will automatically generate the charts that you would obtain with the --helm-install CLI flag. This happens because the argoCD generation is closely linked to the specific production method of the helm-charts.
+Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated. NOTE: that using this flag will automatically also run the generation of charts that you would obtain with the `--helm-install` cli flag, this is because the argoCD generation is strictly tied with the helm-charts being produced in a certain way.
 
 `--argo-repo-url (string)`
 
-The URL of the repository that will contain the ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. The default is `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. This will be replaced within the ArgoCD apps definition files.
+URL of repo that will contain ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. (default `git@github.com:ORGANIZATION/SAMPLE-REPO.git`). This will be replaced within the ArgoCD apps definition files.
 
 `--argo-repo-rev (string)`
 
-The name of the branch of the repo to use. The default is `main`. This will be replaced within the ArgoCD apps definition files.
+Name of the branch of the repo to use. (default "main"). This will be replaced within the ArgoCD apps definition files.
 
 example of hierarchy:
 ```
@@ -310,11 +307,11 @@ git@github.com:ORGANIZATION/SAMPLE-REPO.git
 `--argo-git-apps-dir (string)`
 
 Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
-If you consider the example above, the correct value for this would be `argocd-projects/sysdig/argocd`.
+If we look at the example above the correct value for this would be `argocd-projects/sysdig/argocd`.
 
 `--argo-git-charts-dir (string)`
 
-The relative path from the repo root that will contain the folder with charts. The default is `helm-install/charts`. This will be replaced within the ArgoCD apps definition files. If you consider the example above, the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
+relative path from the repo root that will contain the folder with charts. (default "helm-install/charts"). This will be replaced within the ArgoCD apps definition files. If we look at the example above the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
 
 `--argo-out-dir (string)`
 
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 8cb50643..b9f45cfa 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -1,6 +1,5 @@
-<!-- Space: IONP -->
+<!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Parent: Git Synced Docs -->
 <!-- Title: Configuration Parameters -->
 <!-- Layout: plain -->
 
@@ -11,8 +10,9 @@
 ## **quaypullsecret**
 
 **Required**: `true`<br />
-**Description**: quay.io credentials provided with your Sysdig purchase confirmation mail.<br />
-**Options**: <br />
+**Description**: quay.io credentials provided with your Sysdig purchase confirmation
+mail.<br />
+**Options**:<br />
 **Default**: <br />
 **Example**:
 
@@ -120,7 +120,7 @@ Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/im
 **Example**:
 
 ```yaml
-# tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
+#tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
 airgapped_repository_prefix: foo/bar
 ```
 
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.48<br />
+**Default**: 0.0.46<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.48
+    toolsImageVersion: 0.0.46
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -615,23 +615,12 @@ nodeaffinityLabel:
   value: sysdig
 ```
 
-## **pvStorageSize.cassandra**
-
-**Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra, regardless of the cluster `size` used. This option *does not* apply when [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
-**Options**:<br />
-**Default**: 30Gi<br />
-**Example**:
-
-```yaml
-pvStorageSize:
-    cassandra: 500Gi
-```
-
 ## **pvStorageSize.large.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) large. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) large. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 300Gi<br />
 **Example**:
@@ -677,7 +666,9 @@ pvStorageSize:
 ## **pvStorageSize.medium.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) medium. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) medium. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 150Gi<br />
 **Example**:
@@ -723,7 +714,9 @@ pvStorageSize:
 ## **pvStorageSize.small.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) small. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a
+cluster of [`size`](#size) small. This option is ignored if
+[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 30Gi<br />
 **Example**:
@@ -1329,9 +1322,9 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Global flag to enable Sysdig Platform Audit in all services.
-**Required**: `false`<br />
-**Options**: `true|false` <br />
-**Default**: `false`<br />
+**Required**: `false`</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
 **Example**:
 
 ```yaml
@@ -1344,9 +1337,9 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Global flag to enable storing of origin IP in Sysdig Platform Audit in all services.
-**Required**: `false`<br />
-**Options**: `true|false` <br />
-**Default**: `false`<br />
+**Required**: `false`</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
 **Example**:
 
 ```yaml
@@ -1373,30 +1366,17 @@ sysdig:
   elasticsearch6Version: 6.8.6.12
 ```
 
-## **sysdig.opensearchImageName**
-
-**Required**: `false`<br />
-**Description**: Docker Image name for Opensearch. Eg, for Opensearch 2: "opensearch-2".<br />
-**Options**:<br />
-**Default**: opensearch-2<br />
-**Example**:
-
-```yaml
-sysdig:
-  opensearchImageName: "opensearch-2"
-```
-
 ## **sysdig.opensearchVersion**
 
 **Required**: `false`<br />
 **Description**: The docker image tag of Opensearch.<br />
 **Options**:<br />
-**Default**: 0.0.6<br />
+**Default**: 0.0.16<br />
 **Example**:
 
 ```yaml
 sysdig:
-  opensearchVersion: 0.0.6
+  opensearchVersion: 0.0.16
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1417,11 +1397,11 @@ sysdig:
 
 ## **sysdig.skipIngressGeneration**
 
-**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources<br />
-**Required**: `false`<br />
-**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.<br />
-**Options**: `true|false` <br />
-**Default**: `false`<br />
+**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
+**Required**: `false`</br>
+**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
+**Options**: `true|false` </br>
+**Default**: `false`</br>
 **Example**:
 
 ```yaml
@@ -3249,12 +3229,12 @@ redisTls:
 
 A Monitor service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
 
-| Instance  | Component                                                 |
-| --------- | --------------------------------------------------------- |
-| agent     | agent                                                     |
-| common    | common                                                    |
+| Instance  | Component |
+| --------- | --------- |
+| agent     | agent     |
+| common    | common    |
 | monitor-1 | cache, distributedJobs, ibmCache, promchap, policiesCache |
-| monitor-2 | alerting, meerkat, metering, prws                         |
+| monitor-2 | alerting, meerkat, metering, prws |
 
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
 **Default**: _Redis standalone/Redis HA_<br />
@@ -3313,9 +3293,9 @@ redisClientsMonitor:
 
 A Secure service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
 
-| Instance  | Component                                                                                             |
-| --------- | ----------------------------------------------------------------------------------------------------- |
-| profiling | profiling                                                                                             |
+| Instance  | Component |
+| --------- | --------- |
+| profiling | profiling |
 | secure-1  | scanning, forensic, events, rapidResponse, overview, compliance, cloudsec, policies, netsec, padvisor |
 
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
@@ -5586,6 +5566,102 @@ sysdig:
         memory: 50Mi
 ```
 
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to admission-controller-api PG
+migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        cpu: 1
+```
+
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory assigned to admission-controller-api PG
+migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 256Mi  |
+| medium       | 256Mi  |
+| large        | 256Mi  |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      limits:
+        memory: 256Mi
+```
+
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
+
+**Required**: `false`<br />
+**Description**: The amount of cpu required to schedule admission-controller-api
+PG migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100m     |
+| medium       | 100m     |
+| large        | 100m     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    scanningAdmissionControllerApiPgMigrate:
+      requests:
+        cpu: 100m
+```
+
+## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
+
+**Required**: `false`<br />
+**Description**: The amount of memory required to schedule admission-controller-api
+PG migrate containers<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
+
+**Example**:
+
+```yaml
+sysdig:
+  resources:
+    admission-controller-api-pg-migrate:
+      requests:
+        memory: 50Mi
+```
+
 ## **sysdig.resources.reporting-init.limits.cpu**
 
 **Required**: `false`<br />
@@ -6527,8 +6603,9 @@ sysdig:
 ```yaml
 sysdig:
   natsJs:
-    natsbox:
-      enabled: true
+    nats:
+      natsbox:
+        enabled: true
 ```
 
 ## **sysdig.natsJs.natsTLSGenerator.enabled**
@@ -10041,15 +10118,16 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat API JVM.<br />
 **Options**:<br />
-**Default**: <br />
-<span>
+**Default**:
+
+```
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
 -Dlogging.level.com.sysdig.meerkat.api.server.adapter.TimeSeriesGAdapter=DEBUG
 -Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.RealTimeQueryServiceImpl=DEBUG
 -Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.MeerkatClientDNSGrpcResolver=DEBUG
 -Dsysdig.meerkat.cassandra.features.queryAllMetricDescriptorsEnabled=true
-</span>
+```
 
 **Example**:
 
@@ -10156,12 +10234,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator JVM.<br />
 **Options**:<br />
-**Default**: <br/>
-<span>
+**Default**:
+
+```
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
-</span>
-
+```
 
 **Example**:
 
@@ -10375,8 +10453,9 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Collector JVM.<br />
 **Options**:<br />
-**Default**: <br/>
-<span>
+**Default**:
+
+```
 -Dsysdig.cassandra.auto-schema=true
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
@@ -10385,7 +10464,7 @@ sysdig:
 -Dlogging.level.com.sysdig.meerkat.collector.service.MeerkatIndexer=DEBUG
 -Dlogging.level.com.sysdig.meerkat.collector.kafka.MeerkatWorker=DEBUG
 -Dlogging.level.com.sysdig.meerkat.collector.grpc.GPartsQueryServiceGrpcImpl=DEBUG
-</span>
+```
 
 **Example**:
 
@@ -10506,7 +10585,11 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Datastream JVM.<br />
 **Options**:<br />
-**Default**: -Xms1g -Xmx1g
+**Default**:
+
+```
+-Xms1g -Xmx1g
+```
 
 **Example**:
 
@@ -10534,7 +10617,7 @@ sysdig:
 ## **sysdig.kafkaVersion**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true`.<br />
+**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
 **Options**:<br />
 **Default**: 1.0.0<br />
 **Example**:
@@ -10710,7 +10793,7 @@ sysdig:
 ## **sysdig.zookeeperVersion**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true`.<br />
+**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
 **Options**:<br />
 **Default**: 1.0.0<br />
 **Example**:
@@ -10915,7 +10998,7 @@ sysdigcloud-collector                                HostAlreadyClaimed
 
 Use this overlay to avoid the error:
 
-```yaml
+```
 apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
@@ -11357,6 +11440,32 @@ sysdig:
   promqlatorVersion: 0.99.0-2022-07-12T09-19-16Z.93c0642b55
 ```
 
+## **sysdig.streamsnapVersion**
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Sysdig Streamsnap service, relevant when `sysdig.streamsnap.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
+**Example**:
+
+```yaml
+sysdig:
+  streamsnapVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
+```
+
+## ~~**sysdig.fastpathAggregatorVersion**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Docker image tag of Sysdig Fastpath Aggregator service, relevant when `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Options**:<br />
+**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregatorVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
+```
+
 ## **sysdig.promqlatorReplicaCount**
 
 **Required**: `false`<br />
@@ -11579,562 +11688,566 @@ sysdig:
         memory: 300Mi
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
+## **sysdig.streamsnapReplicaCount**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
+**Description**: Number of Streamsnap replicas.<br />
 **Options**:<br />
-**Default**:
+**Default**:<br />
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 1      |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 3     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-agents-conf:
-      limits:
-        cpu: 500m
+  streamsnapReplicaCount: 2
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.limits.memory**
+## ~~**sysdig.fastpathAggregatorReplicaCount**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
+**Description**: Number of Fastpath Aggregator replicas.<br />
 **Options**:<br />
-**Default**:
+**Default**:<br />
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 1     |
+| medium       | 2     |
+| large        | 3     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-agents-conf:
-      limits:
-        memory: 500Mi
+  fastpathAggregatorReplicaCount: 2
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
+## **sysdig.streamsnap.enabled**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 500m     |
+**Description**: Whether to enable Streamsnap or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-agents-conf:
-      requests:
-        cpu: 250m
+  streamsnap:
+    enabled: true
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.requests.memory**
+## **sysdig.streamsnap.jvmOptions**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
-**Options**:<br />
+**Description**: Custom configuration for Streamsnap jvm.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 250Mi    |
-| large        | 500Mi    |
+| cluster-size | jvmOptions |
+| ------------ | ---------- |
+| small        | -Xmx=4g    |
+| medium       | -Xmx=12g   |
+| large        | -Xmx=18g   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-agents-conf:
-      requests:
-        memory: 100Mi
+  streamsnap:
+    jvmOptions: "-Xmx=4g"
 ```
 
-## **sysdig.resources.scanningv2-collector.limits.cpu**
+## **sysdig.streamsnap.numThreadsForInterval60**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
-**Options**:<br />
+**Description**: Number of threads Streamsnap uses for the 1-minute snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 2      |
+| cluster-size | numThreadsForInterval60 |
+| ------------ | ----------------------- |
+| small        | 2                       |
+| medium       | 4                       |
+| large        | 6                       |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-collector:
-      limits:
-        cpu: 1
+  streamsnap:
+    numThreadsForInterval60: 4
 ```
 
-## **sysdig.resources.scanningv2-collector.limits.memory**
+## **sysdig.streamsnap.numThreadsForInterval600**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-collector pods<br />
-**Options**:<br />
+**Description**: Number of threads Streamsnap uses for the 10-minutes snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| cluster-size | numThreadsForInterval600 |
+| ------------ | ------------------------ |
+| small        | 1                        |
+| medium       | 2                        |
+| large        | 6                        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-collector:
-      limits:
-        memory: 1Gi
+  streamsnap:
+    numThreadsForInterval600: 2
 ```
 
-## **sysdig.resources.scanningv2-collector.requests.cpu**
+## **sysdig.streamsnap.numThreadsForInterval3600**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
-**Options**:<br />
+**Description**: Number of threads Streamsnap uses for the 1-hour snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | numThreadsForInterval3600 |
+| ------------ | ------------------------- |
+| small        | 1                         |
+| medium       | 2                         |
+| large        | 6                         |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-collector:
-      requests:
-        cpu: 500m
+  streamsnap:
+    numThreadsForInterval3600: 2
 ```
 
-## **sysdig.resources.scanningv2-collector.requests.memory**
+## **sysdig.streamsnap.numThreadsForInterval86400**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
-**Options**:<br />
+**Description**: Number of threads Streamsnap uses for the 1-day snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| cluster-size | numThreadsForInterval86400 |
+| ------------ | -------------------------- |
+| small        | 1                          |
+| medium       | 2                          |
+| large        | 6                          |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-collector:
-      requests:
-        memory: 250Mi
+  streamsnap:
+    numThreadsForInterval86400: 2
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
+## **sysdig.resources.streamsnap.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of cpu assigned to Streamsnap containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 2      |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    streamsnap:
       limits:
-        cpu: 500m
+        cpu: 8
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
+## **sysdig.resources.streamsnap.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of memory assigned to Streamsnap containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| small        | 8g     |
+| medium       | 16g    |
+| large        | 24g    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    streamsnap:
       limits:
-        memory: 1Gi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
+## **sysdig.resources.streamsnap.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of cpu required to schedule Streamsnap containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 2        |
+| medium       | 4        |
+| large        | 8        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    streamsnap:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
+## **sysdig.resources.streamsnap.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of memory required to schedule Streamsnap containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 8g       |
+| medium       | 16g      |
+| large        | 24g      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    streamsnap:
       requests:
-        memory: 250Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanningv2-policies-api.limits.cpu**
+## ~~**sysdig.fastpathAggregator.enabled**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
-**Options**:<br />
+**Description**: Whether to enable Fastpath Aggregator or not.<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregator:
+    enabled: true
+```
+
+## ~~**sysdig.fastpathAggregator.jvmOptions**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: Custom configuration for the Fastpath Aggregator jvm.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+| cluster-size | jvmOptions |
+| ------------ | ---------- |
+| small        | -Xmx=4g    |
+| medium       | -Xmx=12g   |
+| large        | -Xmx=16g   |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-policies-api:
-      limits:
-        cpu: 500m
+  fastpathAggregator:
+    jvmOptions: "-Xmx=4g"
 ```
 
-## **sysdig.resources.scanningv2-policies-api.limits.memory**
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval60**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
-**Options**:<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 1-minute snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| cluster-size | numThreadsForInterval60 |
+| ------------ | ----------------------- |
+| small        | 2                       |
+| medium       | 4                       |
+| large        | 4                       |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-policies-api:
-      limits:
-        memory: 1Gi
+  fastpathAggregator:
+    numThreadsForInterval60: 4
 ```
 
-## **sysdig.resources.scanningv2-policies-api.requests.cpu**
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval600**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
-**Options**:<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 10-minutes snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| cluster-size | numThreadsForInterval600 |
+| ------------ | ------------------------ |
+| small        | 1                        |
+| medium       | 2                        |
+| large        | 2                        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-policies-api:
-      requests:
-        cpu: 250m
+  fastpathAggregator:
+    numThreadsForInterval600: 2
 ```
 
-## **sysdig.resources.scanningv2-policies-api.requests.memory**
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval3600**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
-**Options**:<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 1-hour snapshots.<br />
+**Options**: <br />
 **Default**:
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| cluster-size | numThreadsForInterval3600 |
+| ------------ | ------------------------- |
+| small        | 1                         |
+| medium       | 2                         |
+| large        | 2                         |
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-policies-api:
-      requests:
-        memory: 250Mi
+  fastpathAggregator:
+    numThreadsForInterval3600: 2
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
+## ~~**sysdig.fastpathAggregator.numThreadsForInterval86400**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
+**Description**: Number of threads Fastpath Aggregator uses for the 1-day snapshots.<br />
+**Options**: <br />
+**Default**:
+
+| cluster-size | numThreadsForInterval86400 |
+| ------------ | -------------------------- |
+| small        | 1                          |
+| medium       | 2                          |
+| large        | 2                          |
+
+**Example**:
+
+```yaml
+sysdig:
+  fastpathAggregator:
+    numThreadsForInterval86400: 2
+```
+
+## ~~**sysdig.resources.fastpathAggregator.limits.cpu**~~ (**Deprecated**)
+
+**Required**: `false`<br />
+**Description**: The amount of cpu assigned to Fastpath Aggregator containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+| small        | 2      |
+| medium       | 4      |
+| large        | 8      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    fastpathAggregator:
       limits:
-        cpu: 500m
+        cpu: 8
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.limits.memory**
+## ~~**sysdig.resources.fastpathAggregator.limits.memory**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
+**Description**: The amount of memory assigned to Fastpath Aggregator containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| small        | 8g     |
+| medium       | 16g    |
+| large        | 24g    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    fastpathAggregator:
       limits:
-        memory: 1Gi
+        memory: 8Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
+## ~~**sysdig.resources.fastpathAggregator.requests.cpu**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
+**Description**: The amount of cpu required to schedule Fastpath Aggregator containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 2        |
+| medium       | 4        |
+| large        | 8        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    fastpathAggregator:
       requests:
-        cpu: 250m
+        cpu: 2
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.requests.memory**
+## ~~**sysdig.resources.fastpathAggregator.requests.memory**~~ (**Deprecated**)
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
+**Description**: The amount of memory required to schedule Fastpath Aggregator containers<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 8g       |
+| medium       | 16g      |
+| large        | 24g      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    fastpathAggregator:
       requests:
-        memory: 250Mi
+        memory: 2Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
+## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
+**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 500m   |
-| medium       | 1      |
-| large        | 2      |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-agents-conf:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
+## **sysdig.resources.scanningv2-agents-conf.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
+**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-agents-conf:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
+## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 2        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-agents-conf:
       requests:
-        cpu: 500m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
+## **sysdig.resources.scanningv2-agents-conf.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
+**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-agents-conf:
       requests:
-        memory: 250Mi
+        memory: 100Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
+## **sysdig.resources.scanningv2-collector.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
+**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12142,22 +12255,22 @@ sysdig:
 | ------------ | ------ |
 | small        | 1      |
 | medium       | 1      |
-| large        | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-collector:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
+## **sysdig.resources.scanningv2-collector.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
+**Description**: The amount of memory assigned to scanningv2-collector pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12165,97 +12278,97 @@ sysdig:
 | ------------ | ------ |
 | small        | 1Gi    |
 | medium       | 1Gi    |
-| large        | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-collector:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
+## **sysdig.resources.scanningv2-collector.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-collector:
       requests:
-        cpu: 250m
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
+## **sysdig.resources.scanningv2-collector.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
+**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-collector:
       requests:
-        memory: 50Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
+**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 500m   |
-| medium       | 500m   |
-| large        | 1      |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-scheduler:
+    scanningv2-pkgmeta-api:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
+**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
+| small        | 1Gi    |
 | medium       | 1Gi    |
 | large        | 2Gi    |
 
@@ -12264,67 +12377,67 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-scheduler:
+    scanningv2-pkgmeta-api:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 250m     |
-| large        | 500m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-scheduler:
+    scanningv2-pkgmeta-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
+**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 250Mi    |
-| large        | 500Mi    |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-scheduler:
+    scanningv2-pkgmeta-api:
       requests:
-        memory: 100Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
+## **sysdig.resources.scanningv2-policies-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
+**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
+| small        | 500m   |
 | medium       | 1      |
 | large        | 1      |
 
@@ -12333,15 +12446,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-policies-api:
       limits:
-        cpu: 1
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
+## **sysdig.resources.scanningv2-policies-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
+**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12356,15 +12469,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-policies-api:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
+## **sysdig.resources.scanningv2-policies-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12379,15 +12492,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-policies-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
+## **sysdig.resources.scanningv2-policies-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
+**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12402,15 +12515,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-worker:
+    scanningv2-policies-api:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12425,15 +12538,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-riskmanager-api:
+    scanningv2-reporting-api:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12448,15 +12561,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-riskmanager-api:
+    scanningv2-reporting-api:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12471,15 +12584,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-riskmanager-api:
+    scanningv2-reporting-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12494,15 +12607,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-riskmanager-api:
+    scanningv2-reporting-api:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12510,45 +12623,45 @@ sysdig:
 | ------------ | ------ |
 | small        | 500m   |
 | medium       | 1      |
-| large        | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-scanresults-api:
+    scanningv2-reporting-generator:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-scanresults-api:
+    scanningv2-reporting-generator:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12556,68 +12669,68 @@ sysdig:
 | ------------ | -------- |
 | small        | 500m     |
 | medium       | 1        |
-| large        | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-scanresults-api:
+    scanningv2-reporting-generator:
       requests:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 500Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-scanresults-api:
+    scanningv2-reporting-generator:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
+| small        | 1      |
 | medium       | 1      |
-| large        | 2      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-vulns-api:
+    scanningv2-reporting-janitor:
       limits:
-        cpu: 500m
+        cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12625,2407 +12738,1077 @@ sysdig:
 | ------------ | ------ |
 | small        | 1Gi    |
 | medium       | 1Gi    |
-| large        | 2Gi    |
+| large        | 1Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-vulns-api:
+    scanningv2-reporting-janitor:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-vulns-api:
+    scanningv2-reporting-janitor:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-vulns-api:
+    scanningv2-reporting-janitor:
       requests:
-        memory: 250Mi
+        memory: 50Mi
 ```
 
-## **sysdig.secureOnly**
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Enable product optimizations for secure that break monitor.<br />
-**Options**: `true|false`<br />
-**Default**: `false`
+**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secureOnly: true
+  resources:
+    scanningv2-reporting-scheduler:
+      limits:
+        cpu: 500m
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.enable**
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
-**Options**: `true|false`<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
+**Options**:<br />
 **Default**:
 
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: false
+  resources:
+    scanningv2-reporting-scheduler:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.host**
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
-is configured.<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        host: my-awesome-proxy.my-awesome-domain.com
+  resources:
+    scanningv2-reporting-scheduler:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.noProxy**
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+**Default**:
 
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        noProxy: my-awesome.domain.com, 192.168.0.0/16
-```
-
-## **sysdig.secure.eventsForwarder.proxy.password**
-
-**Required**: `false`<br />
-**Description**: The password used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
-**Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        password: F00B@r!
-```
-
-## **sysdig.secure.eventsForwarder.proxy.port**
-
-**Required**: `false`<br />
-**Description**: The port the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
-configured it defaults to 80.<br />
-**Options**:<br />
-**Default**: `80`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        port: 3128
-```
-
-## **sysdig.secure.eventsForwarder.proxy.protocol**
-
-**Required**: `false`<br />
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
-**Options**: `http|https`<br />
-**Default**: `http`<br />
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        protocol: https
+  resources:
+    scanningv2-reporting-scheduler:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.user**
+## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The user used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        user: alice
-```
-
-## **sysdig.secure.certman.proxy.enable**
-
-**Required**: `false`<br />
-**Description**: Set proxy settings for secure certman (overrides global settings)<br />
-**Options**: `true|false`<br />
 **Default**:
 
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: false
-```
-
-## **sysdig.secure.certman.proxy.host**
-
-**Required**: `false`<br />
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable)
-is configured.<br />
-**Options**:<br />
-**Default**:<br />
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        host: my-awesome-proxy.my-awesome-domain.com
+  resources:
+    scanningv2-reporting-worker:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.secure.certman.proxy.noProxy**
+## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        noProxy: my-awesome.domain.com, 192.168.0.0/16
-```
-
-## **sysdig.secure.certman.proxy.password**
+**Default**:
 
-**Required**: `false`<br />
-**Description**: The password used to access the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
-**Options**:<br />
-**Default**:<br />
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        password: F00B@r!
+  resources:
+    scanningv2-reporting-worker:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.secure.certman.proxy.port**
+## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The port the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) is listening on. If this is not
-configured it defaults to 80.<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
-**Default**: `80`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        port: 3128
-```
-
-## **sysdig.secure.certman.proxy.protocol**
+**Default**:
 
-**Required**: `false`<br />
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) .<br />
-**Options**: `http|https`<br />
-**Default**: `http`<br />
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        protocol: https
+  resources:
+    scanningv2-reporting-worker:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.secure.certman.proxy.user**
+## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The user used to access the configured
-[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    certman:
-      proxy:
-        enable: true
-        user: alice
-```
-
-## **sysdig.postgresDatabases.PRWSInternalIngestion**
-
-**Required**: `false`<br />
-**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
-**Example**:
-
-```yaml
-sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-prw-internal-ingestion-db-external.com
-      port: 5432
-      db: prws_internal_ingestion
-      username: prws_internal_ingestion_user
-      password: my_prws_internal_ingestion_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
-```
+**Default**:
 
-## **sysdig.beacon.prwsInternalIngestionEnabled**
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
-**Required**: `false`<br />
-**Description**: Enable Prom Remote Write Internal Ingestion<br />
-**Options**:<br />
-**Default**:`false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  beacon:
-    prwsInternalIngestionEnabled: true
+  resources:
+    scanningv2-reporting-worker:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.prwsInternalIngestionReplicaCount**
+## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of PRWS Internal Ingestion replicas<br />
+**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
 **Options**:<br />
-**Default**:<br />
-
-**Example**:
+**Default**:
 
-```yaml
-sysdig:
-  prwsInternalIngestionReplicaCount: 5
-```
-
-## **sysdig.prwsInternalIngestion.jvmOptions**
-
-**Required**: `false`<br />
-**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
-**Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  prwsInternalIngestion:
-    jvmOptions: |-
-      -Xms12g -Xmx12g
-```
-
-## **sysdig.prwsInternalIngestion.ingress**
-
-**Required**: `false`<br />
-**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
-**Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  prwsInternalIngestion:
-    ingress:
-      - name: my-prws-internal-ingestion
-        omitBaseAnnotations: true
-        annotations:
-          haproxy-ingress.github.io/timeout-server: 20s
-          haproxy-ingress.github.io/config-backend: |
-            retries 2
-        labels:
-          app.kubernetes.io/managed-by: ingress-config
-          app.kubernetes.io/name: ingress-config
-          app.kubernetes.io/part-of: sysdigcloud
-          role: ingress-config
-          tier: infra
-        hosts:
-          - host: my-app.my-domain.com
-            sslSecretName: ssl-secret
-            paths:
-              - path: /api
-                serviceName: my-service-name
-                servicePort: 9510
-```
-
-## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
-
-**Required**: `false`<br />
-**Description**: Enable private endpoint communication for PRWS Internal Ingestion
-**Options**: `true|false`<br />
-**Default**: <br />
-**Example**:
-
-```yaml
-sysdig:
-  prwsInternalIngestion:
-    privateEndpointCommunicationEnforcement: false
-```
-
-## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
-
-**Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names that can
-override the `privateEndpointCommunicationEnforcement`.
-**Options**:<br />
-**Default**:<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  prwsInternalIngestion:
-    privateEndpointCommunicationEnforcement: false
-    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
-```
-
-## **sysdig.secure.netsec.rateLimit**
-
-**Required**: `false`<br />
-**Description**: Netsec api rate limit.<br />
-**Options**:<br />
-**Default**:<br />
-
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 200   |
-| medium       | 200   |
-| large        | 200   |
-
-## **sysdig.secure.scanningv2.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      enabled: true
-```
-
-## **sysdig.secure.scanningv2.proxy**
-
-**Required**: `false`<br />
-**Description**: Enables use of a proxy for two ScanningV2 services: PkgMeta and VulnAPI.<br />
-**Options**:<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-  secure:
-    scanningv2:
-      proxy:
-        defaultNoProxy: "https://foo.bar"
-        user: "user01"
-        password: "password"
-        noProxy: "localhost"
-        enable: true
-        host: "myproxy.example.com"
-        port: 3128
-        protocol: "http"
-```
-**Related parameters**: <br />
-<span>
-sysdig.secure.scanningv2.proxy.enable
-sysdig.secure.scanningv2.proxy.defaultNoProxy
-sysdig.secure.scanningv2.proxy.user
-sysdig.secure.scanningv2.proxy.noProxy
-sysdig.secure.scanningv2.proxy.host
-sysdig.secure.scanningv2.proxy.port
-sysdig.secure.scanningv2.proxy.protocol
-</span>
-
-## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
-
-**Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      vulnsApi:
-        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
-```
-
-## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
-
-**Required**: `false`<br />
-**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
-**Options**:<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      vulnsApi:
-        remoteSaaSTlsSkip: true
-```
-
-## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
-
-**Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      pkgMetaApi:
-        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
-```
-
-## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
-
-**Required**: `false`<br />
-**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
-**Options**:<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      pkgMetaApi:
-        remoteSaaSTlsSkip: true
-```
-
-## **sysdig.secure.scanningv2.reporting.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        enabled: true
-```
-
-## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
-
-**Required**: `false`<br />
-**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
-**Options**:<br />
-**Default**: "0 3 \* \* \*"<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        reportingJanitor:
-          schedule: "0 3 * * *"
-```
-
-## **sysdig.secure.scanningv2.reporting.storageDriver**
-
-**Required**: `false`<br />
-**Description**: Storage kind for the generated reports<br />
-**Options**: postgres, s3<br />
-**Default**: postgres<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        storageDriver: postgres
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.bucket**
-
-**Required**: `false`<br />
-**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          bucket: secure-scanningv2-reporting
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.endpoint**
-
-**Required**: `false`<br />
-**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          endpoint: s3.example.com
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.region**
-
-**Required**: `false`<br />
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          region: us-east-1
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
-
-**Required**: `false`<br />
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          accessKeyId: AKIAIOSFODNN7EXAMPLE
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
-
-**Required**: `false`<br />
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-```
-
-## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
-
-**Required**: `false`<br />
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      reporting:
-        aws:
-          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-```
-
-## **sysdig.secure.scanningv2.customCerts**
-
-**Required**: `false`<br />
-**Description**:
-To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
-
-This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
-**Options**: `true|false`<br />
-**Default**: false<br />
-**Example**:
-
-```bash
-# In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/scanningv2-custom-certs
-certs/scanningv2-custom-certs/certificate1.pem
-certs/scanningv2-custom-certs/certificate2.pem
-values.yaml
-```
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      customCerts: true
-```
-
-## **sysdig.secure.scanningv2.airgappedFeeds**
-
-**Required**: `false`<br />
-**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      airgappedFeeds: true
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.enabled**
-**Required**: `false`<br />
-**Description**: Enables the ScanRequestor BE component. By default it is set at true; setting it at false disables the ScanRequestor. If this flag is set at false also the **sysdig.secure.scanningv2.agentsConf.isBackendScanningEnabled** must be set at `false`<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        enabled: true
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.deploymentType**
-**Required**: `false`<br />
-**Description**: Defines whether the ScanRequestor should exploit MinIO as S3 storage. Setting the value at `onprem` enables the initialization job required for the ScanRequestor to set-up required buckets on MinIO and triggers the deployment of MinIO in on-prem. If set at `saas` the storage type for the SR will be s3, if not set or empty SR will use cassandra. <br/>
-**Options**: `onprem|saas|empty`<br />
-**Default**: `empty`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        deploymentType: saas
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.loggingLevel**
-**Required**: `false`<br />
-**Description**: Sets the log level for the scan requestor component<br/>
-**Options**: `TRACE|DEBUG|INFO|WARN|ERROR`<br />
-**Default**: `INFO`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        loggingLevel: INFO
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.serviceAccount**
-**Required**: `false`<br />
-**Description**: Sets the service account (name) used to access the (S3) storage in case the selected storage type is S3.<br/>
-**Default**: `sysdig`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        serviceAccount: sysdig
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.type**
-**Required**: `false`<br />
-**Description**: Sets the type of storage is used by the ScanRequestor to persist its state.<br/>
-**Options**: `S3|cassandra`<br />
-**Default**: `cassandra`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          type: cassandra
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.bucketName**
-**Required**: `false`<br />
-**Description**: Sets the name of the bucket on which the ScanRequestor will store state and staging information, if the selected storage type is `S3`.<br/>
-**Default**: `scan-requestor`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          bucketName: "scan-requestor"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.endpoint**
-**Required**: `false`<br />
-**Description**: Sets the URl of the S3 service to use as storage, if the selected storage type is S3<br/>
-**Default**: `https://sysdigcloud-minio-hl.<namespace>.svc.cluster.local:9000`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          endpoint: https://sysdigcloud-minio-hl.sysdigloud.svc.cluster.local:9000
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.region**
-**Required**: `false`<br />
-**Description**: Sets the region S3 service to use as storage, if the selected storage type is S3. Set to `auto` for MinIO deployments.<br/>
-**Default**: `auto`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          region: auto
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.retentionTime**
-**Required**: `false`<br />
-**Description**: Sets the bucket retention time, if the selected storage type is S3 and the deployment is onprem (i.e., MinIO is used).<br/>
-**Default**: `2`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          retentionTime: 2
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.caCrt**
-**Required**: `false`<br />
-**Description**: Sets the certificate of the S3 service to use as storage, if the selected storage type is S3<br/>
-**Default**: `/opt/certs/minio-tls-ca/public.crt`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          caCrt: "/opt/certs/minio-tls-ca/public.crt"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.enabled**
-**Required**: `false`<br />
-**Description**: Enables the (PostgreSQL) Request Store used by the SR to store the ScanNow and ACValidation queue of requests.<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          requestStore: 
-            enabled: true
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestMaxAge**
-**Required**: `false`<br />
-**Description**: The maximum age for requests to be considered still valid/pending<br/>
-**Default**: `1h`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          requestStore: 
-            requestMaxAge: "1h"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestReplyTimeout**
-**Required**: `false`<br />
-**Description**: The period of time after which a scan request (in the ScanNow flow) is considered failed if no response is received.<br/>
-**Default**: `30s`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          requestStore: 
-            requestReplyTimeout: 30s
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.hosts**
-**Required**: `false`<br />
-**Description**: The URL of cassandra server(s).<br/>
-**Default**: `sysdigcloud-cassandra:9042`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            hosts: "sysdigcloud-cassandra:9042"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.keyspace**
-**Required**: `false`<br />
-**Description**: The cassandra key space to use for storing ScanRequestor tables.<br/>
-**Default**: `sysdig_scanning`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            keyspace: "sysdig_scanning"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.protocolVersion**
-**Required**: `false`<br />
-**Description**: The protocol version used to communicate with Cassandra<br/>
-**Default**: `3`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            protocolVersion: "3"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.replicationFactor**
-**Required**: `false`<br />
-**Description**: The replication factor to use for ScanRequestor tables.<br/>
-**Default**: `3`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            replicationFactor: "3"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.datacenter**
-**Required**: `false`<br />
-**Description**: The datacenter identifier to be used for cassandra communication.<br/>
-**Default**: `datacenter1`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra: 
-            datacenter: "datacenter1"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.requestTimeout**
-**Required**: `false`<br />
-**Description**: The timeout for cassandra requests.<br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            requestTimeout: "3s"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxReadRequests**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            maxReadRequests: ""
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxWriteRequests**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            maxWriteRequests: ""
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionEnabled**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            compressionEnabled: true
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionThreshold**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            compressionThreshold: ""
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.Metadata**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            ttlSec: 
-              metadata: "86400"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.state**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            ttlSec: 
-              state: "86400"
-```
-
-## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.events**
-**Required**: `false`<br />
-**Description**: - to be filled - <br/>
-**Default**: ` `<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor: 
-        storage:
-          cassandra:
-            ttlSec: 
-              events: "86400"
-```
-
-## **sysdig.s3.scanRequestor.accessKeyId**
-**Required**: `false`<br />
-**Description**: The S3 access-key id to be used when the storage type is set at S3.<br/>
-**Default**: `scanningv2_scanrequestor`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    scanRequestor:
-      accessKeyId: "a-key"
-```
-## **sysdig.s3.scanRequestor.secretAccessKey**
-**Required**: `false`<br />
-**Description**: The S3 secret access-key id to be used when the storage type is set at S3.<br/>
-**Default**: `random`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  s3:
-    scanRequestor:
-      secretAccessKey: "DLGJdgoiefebefhbhdfuhvbEAFBVAUGWUEghdwbYUWREG"
-```
-
-## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.interval**
-**Required**: `false`<br />
-**Description**: The interval between two subsequent processing of messages in the ScanRequestor staging area. Should be no lower than `5m`<br/>
-**Default**: `5m`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor:
-        requestPartitionProcessingScheduler:
-          interval: "5m"
-```
-
-## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.startDelay**
-**Required**: `false`<br />
-**Description**: The initial delay in staging area scheduled processing.<br/>
-**Default**: `10s`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor:
-        requestPartitionProcessingScheduler:
-          startDelay: "10s"
-```
-
-## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.timeout**
-**Required**: `false`<br />
-**Description**: The timeout for getting partition processing requests from NATS.<br/>
-**Default**: `30s`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor:
-        requestPartitionProcessingScheduler:
-          timeout: "30s"
-```
-
-## **sysdig.secure.scanningv2.scanRequestor.partitionProcessing.deleteObjectsAfter**
-**Required**: `false`<br />
-**Description**: A flag requiring to delete events from the staging area, as soon as they are processed. Must be `true` when using the S3 MinIO backend to avoid incurring into premature end of available inodes.<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    scanningv2:
-      scanRequestor:
-        partitionProcessing:
-          deleteObjectsAfter: true
-```
-
-## **sysdig.platformService.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable the platform-service deployment<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    enabled: false
-```
-
-## **sysdig.platformService.audit.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable sending of audit data for platform-service<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    audit:
-      enabled: false
-```
-
-## **sysdig.platformService.ingestion.endpoint**
-
-**Required**: `false`<br />
-**Description**: Endpoint where platform-service will send data for Sysdig Platform Audit<br/>
-**Default**: `sysdigcloud-events-ingestion:3000`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    ingestion:
-      endpoint: sysdigcloud-events-ingestion:3000
-```
-
-## **sysdig.platformService.server.port.metric**
-
-**Required**: `false`<br />
-**Description**: Server port that will be used to serve metrics data<br/>
-**Default**: `25000`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    server:
-      port:
-        metric: 25000
-```
-
-## **sysdig.platformService.server.port.health**
-
-**Required**: `false`<br />
-**Description**: Server port that will be used to serve health checker endpoint<br/>
-**Default**: `8083`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    server:
-      port:
-        health: 8083
-```
-
-## **sysdig.platformService.pdf.server.port.rest**
-
-**Required**: `false`<br />
-**Description**: PDF service server port that will serve HTTP requests<br/>
-**Default**: `7000`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    pdf:
-      server:
-        port:
-          rest: 7000
-```
-
-## **sysdig.platformService.pdf.server.port.grpc**
-
-**Required**: `false`<br />
-**Description**: PDF service server port that will serve GRPC requests<br/>
-**Default**: `5051`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    pdf:
-      server:
-        port:
-          grpc: 5051
-```
-
-## **sysdig.platformService.alerts.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable Platform Alerts service<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      enabled: false
-```
-
-## **sysdig.platformService.alerts.serviceToken**
-
-**Required**: `false`<br />
-**Description**: Service token used to identify platform service for service calls to other services<br />
-**Default**: `change_me`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      serviceToken: change_me
-
-
-## **sysdig.platformService.alerts.server.port.grpc**
-
-**Required**: `false`<br />
-**Description**: Platform Alerts service server port that will serve GRPC requests<br/>
-**Default**: `5052`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      server:
-        port:
-          grpc: 5052
-```
-
-## **sysdig.platformService.alerts.server.port.rest**
-
-**Required**: `false`<br />
-**Description**: Platform Alerts service server port that will serve HTTP requests<br/>
-**Default**: `7004`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      server:
-        port:
-          rest: 7004
-```
-
-## **sysdig.platformService.alerts.server.enableEventsEndpoints**
-
-**Required**: `false`<br />
-**Description**: Enable or disable test endpoints that will send fake events<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      server:
-        enableEventsEndpoints: false
-```
-
-## **sysdig.platformService.alerts.ticketing.url**
-
-**Required**: `false`<br />
-**Description**: URL of the ticketing service which platform alerts will call to create Jira tickets<br/>
-**Default**: `http://sysdigcloud-ticketing-api:7001`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      ticketing:
-        url: http://sysdigcloud-ticketing-api:7001
-```
-
-## **sysdig.platformService.alerts.monitor.url**
-
-**Required**: `false`<br />
-**Description**: Base URL for monitor API calls<br/>
-**Default**: `http://sysdigcloud-api:8080`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      monitor:
-        url: http://sysdigcloud-api:8080
-```
-
-## **sysdig.platformService.alerts.monitor.cache.expiration**
-
-**Required**: `false`<br />
-**Description**: Expiration time of the cache for monitor API calls<br/>
-**Default**: `5m`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      monitor:
-        cache:
-          expiration: 5m
-```
-
-## **sysdig.platformService.alerts.monitor.cache.cleanup**
-
-**Required**: `false`<br />
-**Description**: Time after which cache for monitor API calls will be cleanup<br/>
-**Default**: `10m`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      monitor:
-        cache:
-          cleanup: 10m
-```
-
-## **sysdig.platformService.alerts.nats.js.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable NATS for platform alerts service<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          enabled: false
-```
-
-## **sysdig.platformService.alerts.nats.js.url**
-
-**Required**: `false`<br />
-**Description**: Url of the NATS server that platform alerts service will connect to<br/>
-**Default**: `nats`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          url: nats
-```
-
-## **sysdig.platformService.alerts.nats.js.clientName**
-
-**Required**: `false`<br />
-**Description**: Client name for platform alerts service<br/>
-**Default**: `sysdigcloud-platform-alerts-api`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          clientName: sysdigcloud-platform-alerts-api
-```
-
-## **sysdig.platformService.alerts.nats.js.tls.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable TLS connection for NATS<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          tls:
-            enabled: true
-```
-
-## **sysdig.platformService.alerts.nats.js.tls.cert**
-
-**Required**: `false`<br />
-**Description**: TLS certificate for NATS connection<br/>
-**Default**: `/opt/certs/nats-js-tls-certs/ca.crt`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          tls:
-            cert: /opt/certs/nats-js-tls-certs/ca.crt
-```
-
-## **sysdig.platformService.alerts.nats.js.migrationFile**
-
-**Required**: `false`<br />
-**Description**: Location of the json migration file<br/>
-**Default**: `/nats/migrations/streams.json`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          migrationFile: /nats/migrations/streams.json
-```
-
-## **sysdig.platformService.alerts.nats.js.risk.consumer.enabled**
-
-**Required**: `false`<br />
-**Description**: Enable or disable NATS consumer for Risk integration<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            consumer:
-              enabled: false
-```
-
-## **sysdig.platformService.alerts.nats.js.risk.consumer.name**
-
-**Required**: `false`<br />
-**Description**: Name of NATS consumer for Risk integration<br/>
-**Default**: `risk-consumer`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            consumer:
-              name: risk-consumer
-```
-
-## **sysdig.platformService.alerts.nats.js.risk.consumer.stream**
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
-**Required**: `false`<br />
-**Description**: NATS stream name of consumer for Risk integration<br/>
-**Default**: `risk-alerts`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            consumer:
-              stream: risk-alerts
+  resources:
+    scanningv2-riskmanager-api:
+      limits:
+        cpu: 500m
 ```
 
-## **sysdig.platformService.alerts.nats.js.risk.consumer.subjects**
+## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: NATS subjects name of consumer for Risk integration<br/>
-**Default**: `risk.>`<br />
+**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            consumer:
-              subjects: risks-alerts.*
+  resources:
+    scanningv2-riskmanager-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.platformService.alerts.nats.js.risk.consumer.timeoutRetryMaxWait**
+## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Max retry wait time for consumer for Risk integration<br/>
-**Default**: `10s`<br />
+**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            consumer:
-              timeoutRetryMaxWait: 10s
+  resources:
+    scanningv2-riskmanager-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.platformService.alerts.nats.js.risk.notifier.enabled**
+## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Enable or disable NATS notifier publishing for Risk integration<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            notifier:
-              enabled: false
+  resources:
+    scanningv2-riskmanager-api:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.platformService.alerts.nats.js.risk.notifier.stream**
+## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Name of a NATS stream for publishing events to notifier for Risk integration<br/>
-**Default**: `notifier-notifications-1`<br />
+**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            notifier:
-              stream: notifier-notifications-1
+  resources:
+    scanningv2-scanresults-api:
+      limits:
+        cpu: 500m
 ```
 
-
-## **sysdig.platformService.alerts.nats.js.risk.notifier.subject**
+## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: NATS subject for publishing events to notifier for Risk integration<br/>
-**Default**: `notifier.notifications.1.risk`<br />
+**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          risk:
-            notifier:
-              subject: notifier.notifications.1.risk
+  resources:
+    scanningv2-scanresults-api:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.consumer.enabled**
+## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Enable or disable NATS consumer for VM integration<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            consumer:
-              enabled: false
+  resources:
+    scanningv2-scanresults-api:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.consumer.name**
+## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Name of NATS consumer for VM integration<br/>
-**Default**: `vm-consumer`<br />
+**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 500Mi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            consumer:
-              name: vm-consumer
+  resources:
+    scanningv2-scanresults-api:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.consumer.stream**
+## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: NATS stream name of consumer for VM integration<br/>
-**Default**: `secure-vm-notifier-integrations`<br />
+**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 2      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            consumer:
-              stream: secure-vm-notifier-integrations
+  resources:
+    scanningv2-vulns-api:
+      limits:
+        cpu: 500m
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.consumer.subjects**
+## **sysdig.resources.scanningv2-vulns-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: NATS subjects name of consumer for VM integration<br/>
-**Default**: `secure.vm.notifier.integrations.jira`<br />
+**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            consumer:
-              subjects: secure.vm.notifier.integrations.jira
+  resources:
+    scanningv2-vulns-api:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.consumer.timeoutRetryMaxWait**
+## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Max retry wait time for consumer for VM integration<br/>
-**Default**: `10s`<br />
+**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            consumer:
-              timeoutRetryMaxWait: 10s
+  resources:
+    scanningv2-vulns-api:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.notifier.enabled**
+## **sysdig.resources.scanningv2-vulns-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Enable or disable NATS notifier publishing for VM integration<br/>
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            notifier:
-              enabled: false
+  resources:
+    scanningv2-vulns-api:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.platformService.alerts.nats.js.vm.notifier.stream**
+## **sysdig.secureOnly**
 
 **Required**: `false`<br />
-**Description**: Name of a NATS stream for publishing events to notifier for VM integration<br/>
-**Default**: `notifier-notifications-1`<br />
+**Description**: Enable product optimizations for secure that break monitor.<br />
+**Options**: `true|false`<br />
+**Default**: `false`
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            notifier:
-              stream: notifier-notifications-1
+  secureOnly: true
 ```
 
-
-## **sysdig.platformService.alerts.nats.js.vm.notifier.subject**
+## **sysdig.secure.eventsForwarder.proxy.enable**
 
 **Required**: `false`<br />
-**Description**: NATS subject for publishing events to notifier for VM integration<br/>
-**Default**: `false`<br />
+**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
+**Options**: `true|false`<br />
+**Default**:
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      nats:
-        js:
-          vm:
-            notifier:
-              subject: notifier.notifications.1.vm
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: false
 ```
 
-## **sysdig.platformService.alerts.workers.notification.enabled**
+## **sysdig.secure.eventsForwarder.proxy.host**
 
 **Required**: `false`<br />
-**Description**: Enables or disables workers for sending notifications in batches to alerts-notifier<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
+is configured.<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      workers:
-        notification:
-          enabled: true
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.platformService.alerts.workers.notification.pollInterval**
+## **sysdig.secure.eventsForwarder.proxy.noProxy**
 
 **Required**: `false`<br />
-**Description**: Pooling time interval that will read unsend notifications<br/>
-**Default**: `500ms`<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
+**Options**:<br />
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      workers:
-        notification:
-          pollInterval: 500ms
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.platformService.alerts.workers.notification.batchSize**
+## **sysdig.secure.eventsForwarder.proxy.password**
 
 **Required**: `false`<br />
-**Description**: Number of events that will be sent from platform alerts to alert-notifier<br/>
-**Default**: `50`<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  platformService:
-    alerts:
-      workers:
-        notification:
-          batchSize: 50
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        password: F00B@r!
 ```
 
-
-## **sysdig.secure.ticketing.enabled**
+## **sysdig.secure.eventsForwarder.proxy.port**
 
 **Required**: `false`<br />
-**Description**: Enable or disable the ticketing service deployment<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
+**Description**: The port the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
+**Options**:<br />
+**Default**: `80`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      enabled: false
+    eventsForwarder:
+      proxy:
+        enable: true
+        port: 3128
 ```
 
-## **sysdig.secure.ticketing.audit.enabled**
+## **sysdig.secure.eventsForwarder.proxy.protocol**
 
 **Required**: `false`<br />
-**Description**: Enable or disable sending of audit data for ticketing service<br />
-**Options**:`true|false`<br />
-**Default**: `false`<br />
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      audit:
-        enabled: false
+    eventsForwarder:
+      proxy:
+        enable: true
+        protocol: https
 ```
 
-## **sysdig.secure.ticketing.jiraClientMaxRetries**
+## **sysdig.secure.eventsForwarder.proxy.user**
 
 **Required**: `false`<br />
-**Description**: Number of max retries for Jira client<br/>
-**Default**: `5`<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      jiraClientMaxRetries: 5
+    eventsForwarder:
+      proxy:
+        enable: true
+        user: alice
 ```
 
-## **sysdig.secure.ticketing.jiraClientBaseWait**
+## **sysdig.postgresDatabases.PRWSInternalIngestion**
 
 **Required**: `false`<br />
-**Description**: Jira client base wait time<br/>
-**Default**: `1s`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraClientBaseWait: 1s
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-prw-internal-ingestion-db-external.com
+      port: 5432
+      db: prws_internal_ingestion
+      username: prws_internal_ingestion_user
+      password: my_prws_internal_ingestion_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
 ```
 
-## **sysdig.secure.ticketing.jiraClientMaxWait**
+## **sysdig.beacon.prwsInternalIngestionEnabled**
 
 **Required**: `false`<br />
-**Description**: Max wait time for Jira client<br/>
-**Default**: `30s`<br />
+**Description**: Enable Prom Remote Write Internal Ingestion<br />
+**Options**:<br />
+**Default**:`false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraClientMaxWait: 30s
+  beacon:
+    prwsInternalIngestionEnabled: true
 ```
 
-## **sysdig.secure.ticketing.jiraClientJitterMaxMillis**
+## **sysdig.prwsInternalIngestionReplicaCount**
 
 **Required**: `false`<br />
-**Description**: Max number for Jira client jitter in milliseconds<br/>
-**Default**: `1000`<br />
+**Description**: Number of PRWS Internal Ingestion replicas<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraClientJitterMaxMillis: 1000
+  prwsInternalIngestionReplicaCount: 5
 ```
 
-## **sysdig.secure.ticketing.jiraCacheDefaultExpiration**
+## **sysdig.prwsInternalIngestion.jvmOptions**
 
 **Required**: `false`<br />
-**Description**: Jira cache will expire after this period<br/>
-**Default**: `15m`<br />
+**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraCacheDefaultExpiration: 15m
+  prwsInternalIngestion:
+    jvmOptions: |-
+      -Xms12g -Xmx12g
 ```
 
-## **sysdig.secure.ticketing.jiraCacheCleanupInterval**
+## **sysdig.prwsInternalIngestion.ingress**
 
 **Required**: `false`<br />
-**Description**: Time interval for Jira cache cleanup<br/>
-**Default**: `1m`<br />
+**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraCacheCleanupInterval: 1m
+  prwsInternalIngestion:
+    ingress:
+      - name: my-prws-internal-ingestion
+        omitBaseAnnotations: true
+        annotations:
+          haproxy-ingress.github.io/timeout-server: 20s
+          haproxy-ingress.github.io/config-backend: |
+            retries 2
+        labels:
+          app.kubernetes.io/managed-by: ingress-config
+          app.kubernetes.io/name: ingress-config
+          app.kubernetes.io/part-of: sysdigcloud
+          role: ingress-config
+          tier: infra
+        hosts:
+          - host: my-app.my-domain.com
+            sslSecretName: ssl-secret
+            paths:
+              - path: /api
+                serviceName: my-service-name
+                servicePort: 9510
 ```
 
-## **sysdig.secure.ticketing.jiraAssignableMaxResults**
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
 
 **Required**: `false`<br />
-**Description**: Number of max results that you can assign to<br/>
-**Default**: `2000`<br />
+**Description**: Enable private endpoint communication for PRWS Internal Ingestion
+**Options**: `true|false`<br />
+**Default**: <br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraAssignableMaxResults: 2000
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
 ```
 
-## **sysdig.secure.ticketing.jiraSyncIssuesCronExpr**
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
 
 **Required**: `false`<br />
-**Description**: Expression for cron job for Jira sync issues job<br/>
-**Default**: `0 0 * * * *`<br />
+**Description**: Comma separated list of addresses or domain names that can
+override the `privateEndpointCommunicationEnforcement`.
+**Options**:<br />
+**Default**:<br />
+
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    ticketing:
-      jiraSyncIssuesCronExpr: "0 0 * * * *"
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
+    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
 ```
 
-## **sysdig.secure.ticketing.jiraCreateIssuesCronExpr**
+## **sysdig.secure.netsec.rateLimit**
 
 **Required**: `false`<br />
-**Description**: Expression for cron job for Jira create issues job<br/>
-**Default**: `0 0 * * * *`<br />
-**Example**:
+**Description**: Netsec api rate limit.<br />
+**Options**:<br />
+**Default**:<br />
 
-```yaml
-sysdig:
-  secure:
-    ticketing:
-      jiraCreateIssuesCronExpr: "0 0 * * * *"
-```
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 200   |
+| medium       | 200   |
+| large        | 200   |
 
-## **sysdig.secure.ticketing.jiraCreateIssuesOrchestratorInterval**
+## **sysdig.secure.scanningv2.enabled**
 
 **Required**: `false`<br />
-**Description**: Time interval for creating issues orchestrator<br/>
-**Default**: `5m`<br />
+**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      jiraCreateIssuesOrchestratorInterval: 5m
+    scanningv2:
+      enabled: true
 ```
 
-## **sysdig.secure.ticketing.jiraCreateIssuesWorkersMinWait**
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
-**Required**: `false`<br />
-**Description**: Min wait time for create issues from workers to compleate<br/>
-**Default**: `1s`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      jiraCreateIssuesWorkersMinWait: 1s
+    scanningv2:
+      vulnsApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
 ```
 
-## **sysdig.secure.ticketing.jiraCreateIssuesWorkersMaxWait**
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
 
 **Required**: `false`<br />
-**Description**: Max wait time for create issues from workers to compleate<br/>
-**Default**: `5s`<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
+**Default**: `false`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      jiraCreateIssuesWorkersMaxWait: 5s
+    scanningv2:
+      vulnsApi:
+        remoteSaaSTlsSkip: true
 ```
 
-## **sysdig.secure.ticketing.jiraMaxAttachmentSize**
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
 
-**Required**: `false`<br />
-**Description**: Sets maximum size for jira attachment in bytes<br/>
-**Default**: `1048576`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      jiraMaxAttachmentSize: 1048576
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
 ```
 
-## **sysdig.secure.ticketing.hardDeleteIntegrationAPIEnabled**
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
 
 **Required**: `false`<br />
-**Description**: Enables or disables hard delete of integrations in ticketing service<br/>
-**Options**: `true|false`<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
 **Default**: `false`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      hardDeleteIntegrationAPIEnabled: false
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSTlsSkip: true
 ```
 
-## **sysdig.secure.ticketing.natsJS.migrationFile**
+## **sysdig.secure.scanningv2.reporting.enabled**
 
 **Required**: `false`<br />
-**Description**: Location of the json migration file<br/>
-**Default**: `/nats/migrations/streams.json`<br />
+**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        migrationFile: /nats/migrations/streams.json
+    scanningv2:
+      reporting:
+        enabled: true
 ```
 
-## **sysdig.secure.ticketing.natsJS.url**
+## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
 
 **Required**: `false`<br />
-**Description**: Url of the NATS server that ticketing service will connect to<br/>
-**Default**: `nats`<br />
+**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
+**Options**:<br />
+**Default**: "0 3 \* \* \*"<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        url: nats
+    scanningv2:
+      reporting:
+        reportingJanitor:
+          schedule: "0 3 * * *"
 ```
 
-## **sysdig.secure.ticketing.natsJS.secure.enabled**
+## **sysdig.secure.scanningv2.reporting.storageDriver**
 
 **Required**: `false`<br />
-**Description**: Enables or disables NATS in ticketing service<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+**Description**: Storage kind for the generated reports<br />
+**Options**: postgres, s3<br />
+**Default**: postgres<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        secure:
-          enabled: true
+    scanningv2:
+      reporting:
+        storageDriver: postgres
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.deliverPolicyAll**
+## **sysdig.secure.scanningv2.reporting.aws.bucket**
 
 **Required**: `false`<br />
-**Description**: Enables or disables deliverPolicyAll for NATS attachments consumer in ticketing service<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          deliverPolicyAll: true
+    scanningv2:
+      reporting:
+        aws:
+          bucket: secure-scanningv2-reporting
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.durable**
+## **sysdig.secure.scanningv2.reporting.aws.endpoint**
 
 **Required**: `false`<br />
-**Description**: Name of NATS durable consumer for consuming attachments events for ticketing service<br/>
-**Default**: `add_attachment_to_issue_consumer`<br />
+**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          durable: add_attachment_to_issue_consumer
+    scanningv2:
+      reporting:
+        aws:
+          endpoint: s3.example.com
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.name**
+## **sysdig.secure.scanningv2.reporting.aws.region**
 
 **Required**: `false`<br />
-**Description**: Name of NATS consumer for consuming attachments events for ticketing service<br/>
-**Default**: `add_attachment_to_issue_consumer`<br />
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          name: add_attachment_to_issue_consumer
+    scanningv2:
+      reporting:
+        aws:
+          region: us-east-1
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.pull**
+## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
 
 **Required**: `false`<br />
-**Description**: Enable or disable pulling events for attachments consumer for ticketing service<br/>
-**Options**: `true|false`<br />
-**Default**: `true`<br />
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          pull: true
+    scanningv2:
+      reporting:
+        aws:
+          accessKeyId: AKIAIOSFODNN7EXAMPLE
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.streamName**
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
 
 **Required**: `false`<br />
-**Description**: Name of a NATS stream for consuming attachment events for ticketing service<br/>
-**Default**: `jira_attachments`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          streamName: jira_attachments
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.subject**
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
 
 **Required**: `false`<br />
-**Description**: NATS subject for consuming attachments events for ticketing service<br/>
-**Default**: `jira_attachments.add_to_issue`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          subject: jira_attachments.add_to_issue
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.maxDeliver**
+## **sysdig.secure.scanningv2.customCerts**
 
 **Required**: `false`<br />
-**Description**: Number of max retries for delivering attachment<br/>
-**Default**: `3`<br />
+**Description**:
+To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
+**Options**: `true|false`<br />
+**Default**: false<br />
 **Example**:
 
+```bash
+#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/scanningv2-custom-certs
+certs/scanningv2-custom-certs/certificate1.pem
+certs/scanningv2-custom-certs/certificate2.pem
+values.yaml
+```
+
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          maxDeliver: 3
+    scanningv2:
+      customCerts: true
 ```
 
-## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.ackWait**
+## **sysdig.secure.scanningv2.airgappedFeeds**
 
 **Required**: `false`<br />
-**Description**: Time to wait for receiving ACK signal for attachments<br/>
-**Default**: `5m`<br />
+**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    ticketing:
-      natsJS:
-        addAttachmentConsumer:
-          ackWait: 5m
+    scanningv2:
+      airgappedFeeds: true
 ```
diff --git a/installer/docs/03-upgrade.md b/installer/docs/03-upgrade.md
index 8d280a10..1d62842b 100644
--- a/installer/docs/03-upgrade.md
+++ b/installer/docs/03-upgrade.md
@@ -1,6 +1,5 @@
-<!-- Space: IONP -->
+<!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Parent: Git Synced Docs -->
 <!-- Title: Upgrade -->
 <!-- Layout: plain -->
 
@@ -29,9 +28,9 @@ Options](../README.md#quickstart-install) for more context.
 
 <br />
 
-### Step 1 - Download the latest `values.yaml` template
+### Step 1
 
-Copy the current version `sysdig-chart/values.yaml` to your working directory.
+Copy the current version sysdig-chart/values.yaml to your working directory.
 
 ```bash
 wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
@@ -39,7 +38,7 @@ wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/ins
 
 <br />
 
-### Step 2 - Configure `values.yaml` according to your environment
+### Step 2
 
 Edit the following values:
 
@@ -96,7 +95,7 @@ would also edit the following values:
 
 <br />
 
-### Step 3 - Check differences with the old Sysdig environment
+### Step 3
 
 Run the Installer (if you are in airgapped environment make sure you follow
 instructions from installation on how to get the images to your airgapped
@@ -108,7 +107,7 @@ registry)
 
 <br />
 
-### Step 4 - Deploy Sysdig version
+### Step 4
 
 If you are fine with the differences displayed, then run:
 
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 08dda5bb..93e8012c 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -1,10 +1,9 @@
-<!-- Space: IONP -->
+<!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Parent: Git Synced Docs -->
 <!-- Title: Advanced Configuration -->
 <!-- Layout: plain -->
 
-# Advanced Configuration
+# Advanced configuration
 
 <br />
 
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index 11d63313..4c69750b 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -1,10 +1,9 @@
-<!-- Space: IONP -->
+<!-- Space: TOOLS -->
 <!-- Parent: Installer -->
-<!-- Parent: Git Synced Docs -->
 <!-- Title: Network policies v2 in the installer -->
 <!-- Layout: plain -->
 
-# Network Policies
+# Network policies
 
 <br />
 
@@ -12,7 +11,7 @@
 
 <br />
 
-## Overview
+## Introduction
 
 The current version of Sysdig Network policies v2 supports Sysdig HAProxy Ingress and IBM Cloud IKS ALBs.
 

From 31ff9a641636df317d45709e64cc733d2c4127c9 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 6 Sep 2024 21:09:35 +0000
Subject: [PATCH 154/156] updating installer docs

---
 installer/docs/01-command_line_arguments.md   |   47 +-
 installer/docs/02-configuration_parameters.md | 3403 +++++++++++------
 installer/docs/03-upgrade.md                  |   13 +-
 installer/docs/04-advanced_configuration.md   |   41 +-
 installer/docs/05-networkPolicies.md          |    7 +-
 5 files changed, 2376 insertions(+), 1135 deletions(-)

diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index a99a9948..10ded1f4 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -1,9 +1,10 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Command Line Arguments -->
 <!-- Layout: plain -->
 
-# Command line arguments explained
+# Command Line Arguments
 
 <br/>
 
@@ -13,12 +14,12 @@
 
 - installer does not deploy the `namespace.yaml` manifest.
   It expects the Namespace to exist and to match the value in `values.yaml`
-  There is no validation, in case of mismatch the installer will fail
+  If there is a mismatch, the installer will fail as no validation is in place.
 
 `--skip-pull-secret`
 
-- the services expect the pull secret to exist,
-  to have the expected name (`sysdigcloud-pull-secret`) and to allow access to the registry.
+- The services require the pull secret to exist with the expected name (`sysdigcloud-pull-secret`) and to have access to the registry.
+
 - if the pull secret is missing, the behaviour could be unpredictable:
   some Pods could start if they can find the image locally and if their `imagePullPolicy`
   is not `Always`
@@ -26,7 +27,7 @@
 
 `--skip-serviceaccount`
 
-- The user must provide SAs with the exact same name expected:
+- The user must provide service accounts with the exact same name expected:
 
 ```text
 sysdig-serviceaccount.yaml:  name: sysdig
@@ -36,10 +37,10 @@ sysdig-serviceaccount.yaml:  name: sysdig-elasticsearch
 sysdig-serviceaccount.yaml:  name: sysdig-cassandra
 ```
 
-- One implication of this is that unless the `node-to-labels` SA is added,
-  rack awareness will not work neither in Cassandra nor in ES (to be verified)
-  Another implication is that if SA(s) are missing, the user will have to `describe`
-  the STS because Pods will not start at all:
+- One implication of this is that unless the `node-to-labels` ServiceAccount is added,
+  rack awareness will not be available for any datastore.
+  Another implication is that if the  ServiceAccount(s) are missing, the user will have to `describe`
+  the StatefulSet because Pods will not start at all:
 
 ```text
 Events:
@@ -54,13 +55,19 @@ Events:
 - installer does not apply the StorageClass manifest.
   It expects the storageClassName specified in values.yaml to exist.
 
+`--disable-proxy`
+
+- This flag allows disabling an existing configuration for proxy. Several services can be configured to use a proxy to go out to the Internet. For example `scanningv2-pkgmeta`, `certmanager`, `eventsForwarder` etc.
+- If it becomes necessary to remove such configuration, this flag can be used to remove the proxy configuration.
+- This flag also applies to `generate`, `diff` and `import`.
+
 ## Command: `import`
 
 `--zookeeper-workloadname <string value>`
 
 - This is the value that will be used for the `zookeeper` StatefulSet.
 The default value is `zookeeper`, this argument must be used when the
-actual name of the STS in the cluster differs
+actual name of the StatefulSet in the cluster differs
 
 `--kafka-workloadname <value>`
 
@@ -76,8 +83,6 @@ actual name of the STS in the cluster differs
 
 ## Command: `update-license`
 
-Added November 2022, this is a new command.
-
 ** WARNING: THIS FEATURE requires `kubectl` to be at least version `1.20.0` **
 
 This command performs the minimal changes and restarts to apply a new license.
@@ -97,8 +102,6 @@ This command performs the following:
 
 ## Command: `image-list`
 
-Added November 2022
-
 This command prints to `stdout` (and optionally to a file) a list of all images in a generated stack.
 
 It requires a `values.yaml` and it produces a list of images based on that `values.yaml`.
@@ -107,7 +110,7 @@ It does not require a live cluster, and it does not fetches any value from a liv
 
 ### Flags
 
-`-f <filename>` - write the list to a file. **If the file exists, it is overwritten**
+`-f <filename>` - write the list to a file. If the file already exists, it will be overwritten.
 
 ### Example
 
@@ -175,7 +178,6 @@ quay.io/sysdig/reporting-api:6.0.0.12431
 quay.io/sysdig/promchap:0.99.0-master.2022-11-18T13-46-40Z.d6b3d10f83
 quay.io/sysdig/redis-6:1.0.1
 quay.io/sysdig/ui-admin-nginx:6.0.0.12431
-quay.io/sysdig/admission-controller-api-pg-migrate:6.0.0.12431
 quay.io/sysdig/admission-controller-api:6.0.0.12431
 quay.io/sysdig/scanning:6.0.0.12431
 quay.io/sysdig/sysdig-alert-notifier:6.0.0.12431
@@ -276,15 +278,16 @@ At the moment we only take care of the generation of the files, the actual deplo
 
 `--argocd (boolean)`
 
-Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated. NOTE: that using this flag will automatically also run the generation of charts that you would obtain with the `--helm-install` cli flag, this is because the argoCD generation is strictly tied with the helm-charts being produced in a certain way.
+Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated.
+NOTE: Using this flag will automatically generate the charts that you would obtain with the --helm-install CLI flag. This happens because the argoCD generation is closely linked to the specific production method of the helm-charts.
 
 `--argo-repo-url (string)`
 
-URL of repo that will contain ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. (default `git@github.com:ORGANIZATION/SAMPLE-REPO.git`). This will be replaced within the ArgoCD apps definition files.
+The URL of the repository that will contain the ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. The default is `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. This will be replaced within the ArgoCD apps definition files.
 
 `--argo-repo-rev (string)`
 
-Name of the branch of the repo to use. (default "main"). This will be replaced within the ArgoCD apps definition files.
+The name of the branch of the repo to use. The default is `main`. This will be replaced within the ArgoCD apps definition files.
 
 example of hierarchy:
 ```
@@ -307,11 +310,11 @@ git@github.com:ORGANIZATION/SAMPLE-REPO.git
 `--argo-git-apps-dir (string)`
 
 Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
-If we look at the example above the correct value for this would be `argocd-projects/sysdig/argocd`.
+If you consider the example above, the correct value for this would be `argocd-projects/sysdig/argocd`.
 
 `--argo-git-charts-dir (string)`
 
-relative path from the repo root that will contain the folder with charts. (default "helm-install/charts"). This will be replaced within the ArgoCD apps definition files. If we look at the example above the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
+The relative path from the repo root that will contain the folder with charts. The default is `helm-install/charts`. This will be replaced within the ArgoCD apps definition files. If you consider the example above, the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
 
 `--argo-out-dir (string)`
 
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index b9f45cfa..3b2a02b5 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -1,5 +1,6 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Configuration Parameters -->
 <!-- Layout: plain -->
 
@@ -10,9 +11,8 @@
 ## **quaypullsecret**
 
 **Required**: `true`<br />
-**Description**: quay.io credentials provided with your Sysdig purchase confirmation
-mail.<br />
-**Options**:<br />
+**Description**: quay.io credentials provided with your Sysdig purchase confirmation mail.<br />
+**Options**: <br />
 **Default**: <br />
 **Example**:
 
@@ -120,7 +120,7 @@ Tags and pushes images as airgapped_registry_name/airgapped_repository_prefix/im
 **Example**:
 
 ```yaml
-#tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
+# tags and pushes the image to <airgapped_registry_name>/foo/bar/<image_name:tag>
 airgapped_repository_prefix: foo/bar
 ```
 
@@ -401,13 +401,13 @@ elasticsearch:
 **Required**: `false`<br />
 **Description**: The docker image tag of the elasticsearch jobs<br />
 **Options**:<br />
-**Default**: 0.0.46<br />
+**Default**: 0.0.49<br />
 **Example**:
 
 ```yaml
 elasticsearch:
   jobs:
-    toolsImageVersion: 0.0.46
+    toolsImageVersion: 0.0.49
 ```
 
 ## **elasticsearch.enableMetrics**
@@ -615,12 +615,23 @@ nodeaffinityLabel:
   value: sysdig
 ```
 
+## **pvStorageSize.cassandra**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Cassandra, regardless of the cluster `size` used. This option *does not* apply when [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Options**:<br />
+**Default**: 30Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+    cassandra: 500Gi
+```
+
 ## **pvStorageSize.large.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a
-cluster of [`size`](#size) large. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) large. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 300Gi<br />
 **Example**:
@@ -666,9 +677,7 @@ pvStorageSize:
 ## **pvStorageSize.medium.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a
-cluster of [`size`](#size) medium. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) medium. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 150Gi<br />
 **Example**:
@@ -714,9 +723,7 @@ pvStorageSize:
 ## **pvStorageSize.small.cassandra**
 
 **Required**: `false`<br />
-**Description**: The size of the persistent volume assigned to Cassandra in a
-cluster of [`size`](#size) small. This option is ignored if
-[`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
+**Description**: The size of the persistent volume assigned to Cassandra in a cluster of [`size`](#size) small. This option *only* applies if [`storageClassProvisioner`](#storageclassprovisioner) is `hostPath`.<br />
 **Options**:<br />
 **Default**: 30Gi<br />
 **Example**:
@@ -1322,9 +1329,9 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Global flag to enable Sysdig Platform Audit in all services.
-**Required**: `false`</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
+**Required**: `false`<br />
+**Options**: `true|false` <br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -1337,9 +1344,9 @@ sysdig:
 
 **Required**: `false`<br />
 **Description**: Global flag to enable storing of origin IP in Sysdig Platform Audit in all services.
-**Required**: `false`</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
+**Required**: `false`<br />
+**Options**: `true|false` <br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -1366,17 +1373,30 @@ sysdig:
   elasticsearch6Version: 6.8.6.12
 ```
 
+## **sysdig.opensearchImageName**
+
+**Required**: `false`<br />
+**Description**: Docker Image name for Opensearch. Eg, for Opensearch 2: "opensearch-2".<br />
+**Options**:<br />
+**Default**: opensearch-2<br />
+**Example**:
+
+```yaml
+sysdig:
+  opensearchImageName: "opensearch-2"
+```
+
 ## **sysdig.opensearchVersion**
 
 **Required**: `false`<br />
 **Description**: The docker image tag of Opensearch.<br />
 **Options**:<br />
-**Default**: 0.0.16<br />
+**Default**: 0.2.7<br />
 **Example**:
 
 ```yaml
 sysdig:
-  opensearchVersion: 0.0.16
+  opensearchVersion: 0.2.7
 ```
 
 ## **sysdig.haproxyVersion**
@@ -1397,11 +1417,11 @@ sysdig:
 
 ## **sysdig.skipIngressGeneration**
 
-**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources</br>
-**Required**: `false`</br>
-**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.</br>
-**Options**: `true|false` </br>
-**Default**: `false`</br>
+**NOTE** - this is a recently added variable that bypasses the previous logic of skipping Ingress resource generation when networking was set to `external`. The goal is to generate the Ingress manifests either way, because even if a customer uses their own Ingress controller, they would still need the Ingress resources. The only reason to have this parameter is if we _explicitly_ need to avoid the generation of Ingress resources<br />
+**Required**: `false`<br />
+**Description**: Boolean parameter which can be used to skip the generation of the ingress resources if desired.<br />
+**Options**: `true|false` <br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
@@ -3229,12 +3249,12 @@ redisTls:
 
 A Monitor service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
 
-| Instance  | Component |
-| --------- | --------- |
-| agent     | agent     |
-| common    | common    |
+| Instance  | Component                                                 |
+| --------- | --------------------------------------------------------- |
+| agent     | agent                                                     |
+| common    | common                                                    |
 | monitor-1 | cache, distributedJobs, ibmCache, promchap, policiesCache |
-| monitor-2 | alerting, meerkat, metering, prws |
+| monitor-2 | alerting, meerkat, metering, prws                         |
 
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
 **Default**: _Redis standalone/Redis HA_<br />
@@ -3293,9 +3313,9 @@ redisClientsMonitor:
 
 A Secure service can have multiple [component connection](https://docs.google.com/spreadsheets/d/1vuNIc4tPInTbAiMwlV8xgFdjWKoTmP8AYm04hwnqHN8/edit#gid=700533343):<br />
 
-| Instance  | Component |
-| --------- | --------- |
-| profiling | profiling |
+| Instance  | Component                                                                                             |
+| --------- | ----------------------------------------------------------------------------------------------------- |
+| profiling | profiling                                                                                             |
 | secure-1  | scanning, forensic, events, rapidResponse, overview, compliance, cloudsec, policies, netsec, padvisor |
 
 **Options**: _Redis standalone/Redis HA_ | _Redis with TLS_ | _external Redis_<br />
@@ -5566,102 +5586,6 @@ sysdig:
         memory: 50Mi
 ```
 
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu assigned to admission-controller-api PG
-migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningAdmissionControllerApiPgMigrate:
-      limits:
-        cpu: 1
-```
-
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to admission-controller-api PG
-migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 256Mi  |
-| medium       | 256Mi  |
-| large        | 256Mi  |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningAdmissionControllerApiPgMigrate:
-      limits:
-        memory: 256Mi
-```
-
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.cpu**
-
-**Required**: `false`<br />
-**Description**: The amount of cpu required to schedule admission-controller-api
-PG migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100m     |
-| medium       | 100m     |
-| large        | 100m     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    scanningAdmissionControllerApiPgMigrate:
-      requests:
-        cpu: 100m
-```
-
-## **sysdig.resources.scanningAdmissionControllerApiPgMigrate.requests.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory required to schedule admission-controller-api
-PG migrate containers<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
-
-**Example**:
-
-```yaml
-sysdig:
-  resources:
-    admission-controller-api-pg-migrate:
-      requests:
-        memory: 50Mi
-```
-
 ## **sysdig.resources.reporting-init.limits.cpu**
 
 **Required**: `false`<br />
@@ -6603,9 +6527,8 @@ sysdig:
 ```yaml
 sysdig:
   natsJs:
-    nats:
-      natsbox:
-        enabled: true
+    natsbox:
+      enabled: true
 ```
 
 ## **sysdig.natsJs.natsTLSGenerator.enabled**
@@ -10118,16 +10041,15 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat API JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
+**Default**: <br />
+<span>
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
 -Dlogging.level.com.sysdig.meerkat.api.server.adapter.TimeSeriesGAdapter=DEBUG
 -Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.RealTimeQueryServiceImpl=DEBUG
 -Dlogging.level.com.sysdig.meerkat.api.server.service.realtime.MeerkatClientDNSGrpcResolver=DEBUG
 -Dsysdig.meerkat.cassandra.features.queryAllMetricDescriptorsEnabled=true
-```
+</span>
 
 **Example**:
 
@@ -10234,12 +10156,12 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Aggregator JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
+**Default**: <br/>
+<span>
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
-```
+</span>
+
 
 **Example**:
 
@@ -10453,9 +10375,8 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Collector JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
+**Default**: <br/>
+<span>
 -Dsysdig.cassandra.auto-schema=true
 -Dlogging.level.org.springframework.transaction.interceptor=TRACE
 -Dio.netty.leakDetection.level=advanced
@@ -10464,7 +10385,7 @@ sysdig:
 -Dlogging.level.com.sysdig.meerkat.collector.service.MeerkatIndexer=DEBUG
 -Dlogging.level.com.sysdig.meerkat.collector.kafka.MeerkatWorker=DEBUG
 -Dlogging.level.com.sysdig.meerkat.collector.grpc.GPartsQueryServiceGrpcImpl=DEBUG
-```
+</span>
 
 **Example**:
 
@@ -10585,11 +10506,7 @@ sysdig:
 **Required**: `false`<br />
 **Description**: Custom configuration for Meerkat Datastream JVM.<br />
 **Options**:<br />
-**Default**:
-
-```
--Xms1g -Xmx1g
-```
+**Default**: -Xms1g -Xmx1g
 
 **Example**:
 
@@ -10617,7 +10534,7 @@ sysdig:
 ## **sysdig.kafkaVersion**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Description**: Docker image tag of Kafka, relevant when `sysdig.meerkat.enabled` is `true`.<br />
 **Options**:<br />
 **Default**: 1.0.0<br />
 **Example**:
@@ -10793,7 +10710,7 @@ sysdig:
 ## **sysdig.zookeeperVersion**
 
 **Required**: `false`<br />
-**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true` or `sysdig.fastpathAggregator.enabled` is `true`.<br />
+**Description**: Docker image tag of Zookeeper, relevant when `sysdig.meerkat.enabled` is `true`.<br />
 **Options**:<br />
 **Default**: 1.0.0<br />
 **Example**:
@@ -10998,7 +10915,7 @@ sysdigcloud-collector                                HostAlreadyClaimed
 
 Use this overlay to avoid the error:
 
-```
+```yaml
 apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
@@ -11440,32 +11357,6 @@ sysdig:
   promqlatorVersion: 0.99.0-2022-07-12T09-19-16Z.93c0642b55
 ```
 
-## **sysdig.streamsnapVersion**
-
-**Required**: `false`<br />
-**Description**: Docker image tag of Sysdig Streamsnap service, relevant when `sysdig.streamsnap.enabled` is `true`.<br />
-**Options**:<br />
-**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
-**Example**:
-
-```yaml
-sysdig:
-  streamsnapVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
-```
-
-## ~~**sysdig.fastpathAggregatorVersion**~~ (**Deprecated**)
-
-**Required**: `false`<br />
-**Description**: Docker image tag of Sysdig Fastpath Aggregator service, relevant when `sysdig.fastpathAggregator.enabled` is `true`.<br />
-**Options**:<br />
-**Default**: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4<br />
-**Example**:
-
-```yaml
-sysdig:
-  fastpathAggregatorVersion: 0.99.0-staging.2022-07-29T13-34-18Z.2d308b4
-```
-
 ## **sysdig.promqlatorReplicaCount**
 
 **Required**: `false`<br />
@@ -11688,566 +11579,562 @@ sysdig:
         memory: 300Mi
 ```
 
-## **sysdig.streamsnapReplicaCount**
+## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of Streamsnap replicas.<br />
+**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 3     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnapReplicaCount: 2
+  resources:
+    scanningv2-agents-conf:
+      limits:
+        cpu: 500m
 ```
 
-## ~~**sysdig.fastpathAggregatorReplicaCount**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-agents-conf.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Number of Fastpath Aggregator replicas.<br />
+**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
 **Options**:<br />
-**Default**:<br />
+**Default**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 1     |
-| medium       | 2     |
-| large        | 3     |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregatorReplicaCount: 2
+  resources:
+    scanningv2-agents-conf:
+      limits:
+        memory: 500Mi
 ```
 
-## **sysdig.streamsnap.enabled**
+## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Whether to enable Streamsnap or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
+**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
+**Options**:<br />
+**Default**:
+
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    enabled: true
+  resources:
+    scanningv2-agents-conf:
+      requests:
+        cpu: 250m
 ```
 
-## **sysdig.streamsnap.jvmOptions**
+## **sysdig.resources.scanningv2-agents-conf.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Custom configuration for Streamsnap jvm.<br />
-**Options**: <br />
+**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | jvmOptions |
-| ------------ | ---------- |
-| small        | -Xmx=4g    |
-| medium       | -Xmx=12g   |
-| large        | -Xmx=18g   |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    jvmOptions: "-Xmx=4g"
+  resources:
+    scanningv2-agents-conf:
+      requests:
+        memory: 100Mi
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval60**
+## **sysdig.resources.scanningv2-collector.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 1-minute snapshots.<br />
-**Options**: <br />
+**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval60 |
-| ------------ | ----------------------- |
-| small        | 2                       |
-| medium       | 4                       |
-| large        | 6                       |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1      |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval60: 4
+  resources:
+    scanningv2-collector:
+      limits:
+        cpu: 1
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval600**
+## **sysdig.resources.scanningv2-collector.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 10-minutes snapshots.<br />
-**Options**: <br />
+**Description**: The amount of memory assigned to scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval600 |
-| ------------ | ------------------------ |
-| small        | 1                        |
-| medium       | 2                        |
-| large        | 6                        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval600: 2
+  resources:
+    scanningv2-collector:
+      limits:
+        memory: 1Gi
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval3600**
+## **sysdig.resources.scanningv2-collector.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 1-hour snapshots.<br />
-**Options**: <br />
+**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval3600 |
-| ------------ | ------------------------- |
-| small        | 1                         |
-| medium       | 2                         |
-| large        | 6                         |
-
-**Example**:
-
-```yaml
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 500m     |
+| medium       | 500m     |
+| large        | 1        |
+
+**Example**:
+
+```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval3600: 2
+  resources:
+    scanningv2-collector:
+      requests:
+        cpu: 500m
 ```
 
-## **sysdig.streamsnap.numThreadsForInterval86400**
+## **sysdig.resources.scanningv2-collector.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Number of threads Streamsnap uses for the 1-day snapshots.<br />
-**Options**: <br />
+**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval86400 |
-| ------------ | -------------------------- |
-| small        | 1                          |
-| medium       | 2                          |
-| large        | 6                          |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  streamsnap:
-    numThreadsForInterval86400: 2
+  resources:
+    scanningv2-collector:
+      requests:
+        memory: 250Mi
 ```
 
-## **sysdig.resources.streamsnap.limits.cpu**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to Streamsnap containers<br />
+**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       limits:
-        cpu: 8
+        cpu: 500m
 ```
 
-## **sysdig.resources.streamsnap.limits.memory**
+## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to Streamsnap containers<br />
+**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8g     |
-| medium       | 16g    |
-| large        | 24g    |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       limits:
-        memory: 8Gi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.streamsnap.requests.cpu**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule Streamsnap containers<br />
+**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 2        |
-| medium       | 4        |
-| large        | 8        |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## **sysdig.resources.streamsnap.requests.memory**
+## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule Streamsnap containers<br />
+**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8g       |
-| medium       | 16g      |
-| large        | 24g      |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    streamsnap:
+    scanningv2-pkgmeta-api:
       requests:
-        memory: 2Gi
-```
-
-## ~~**sysdig.fastpathAggregator.enabled**~~ (**Deprecated**)
-
-**Required**: `false`<br />
-**Description**: Whether to enable Fastpath Aggregator or not.<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
-**Example**:
-
-```yaml
-sysdig:
-  fastpathAggregator:
-    enabled: true
-```
-
-## ~~**sysdig.fastpathAggregator.jvmOptions**~~ (**Deprecated**)
-
-**Required**: `false`<br />
-**Description**: Custom configuration for the Fastpath Aggregator jvm.<br />
-**Options**: <br />
-**Default**:
-
-| cluster-size | jvmOptions |
-| ------------ | ---------- |
-| small        | -Xmx=4g    |
-| medium       | -Xmx=12g   |
-| large        | -Xmx=16g   |
-
-**Example**:
-
-```yaml
-sysdig:
-  fastpathAggregator:
-    jvmOptions: "-Xmx=4g"
+        memory: 250Mi
 ```
 
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval60**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 1-minute snapshots.<br />
-**Options**: <br />
+**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval60 |
-| ------------ | ----------------------- |
-| small        | 2                       |
-| medium       | 4                       |
-| large        | 4                       |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    numThreadsForInterval60: 4
+  resources:
+    scanningv2-policies-api:
+      limits:
+        cpu: 500m
 ```
 
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval600**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 10-minutes snapshots.<br />
-**Options**: <br />
+**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval600 |
-| ------------ | ------------------------ |
-| small        | 1                        |
-| medium       | 2                        |
-| large        | 2                        |
+| cluster-size | limits |
+| ------------ | ------ |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    numThreadsForInterval600: 2
+  resources:
+    scanningv2-policies-api:
+      limits:
+        memory: 1Gi
 ```
 
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval3600**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 1-hour snapshots.<br />
-**Options**: <br />
+**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval3600 |
-| ------------ | ------------------------- |
-| small        | 1                         |
-| medium       | 2                         |
-| large        | 2                         |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    numThreadsForInterval3600: 2
+  resources:
+    scanningv2-policies-api:
+      requests:
+        cpu: 250m
 ```
 
-## ~~**sysdig.fastpathAggregator.numThreadsForInterval86400**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-policies-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: Number of threads Fastpath Aggregator uses for the 1-day snapshots.<br />
-**Options**: <br />
+**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
+**Options**:<br />
 **Default**:
 
-| cluster-size | numThreadsForInterval86400 |
-| ------------ | -------------------------- |
-| small        | 1                          |
-| medium       | 2                          |
-| large        | 2                          |
+| cluster-size | requests |
+| ------------ | -------- |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
-  fastpathAggregator:
-    numThreadsForInterval86400: 2
+  resources:
+    scanningv2-policies-api:
+      requests:
+        memory: 250Mi
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.limits.cpu**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to Fastpath Aggregator containers<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 2      |
-| medium       | 4      |
-| large        | 8      |
+| small        | 500m   |
+| medium       | 1      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       limits:
-        cpu: 8
+        cpu: 500m
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.limits.memory**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to Fastpath Aggregator containers<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 8g     |
-| medium       | 16g    |
-| large        | 24g    |
+| small        | 1Gi    |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       limits:
-        memory: 8Gi
+        memory: 1Gi
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.requests.cpu**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule Fastpath Aggregator containers<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 2        |
-| medium       | 4        |
-| large        | 8        |
+| small        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       requests:
-        cpu: 2
+        cpu: 250m
 ```
 
-## ~~**sysdig.resources.fastpathAggregator.requests.memory**~~ (**Deprecated**)
+## **sysdig.resources.scanningv2-reporting-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule Fastpath Aggregator containers<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 8g       |
-| medium       | 16g      |
-| large        | 24g      |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    fastpathAggregator:
+    scanningv2-reporting-api:
       requests:
-        memory: 2Gi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-agents-conf pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 500m   |
-| medium       | 500m   |
-| large        | 1      |
+| medium       | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.limits.memory**
+## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-agents-conf pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+| small        | 1Gi    |
+| medium       | 2Gi    |
+| large        | 4Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       limits:
-        memory: 500Mi
+        memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-agents-conf pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 500m     |
+| small        | 500m     |
+| medium       | 1        |
+| large        | 2        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       requests:
-        cpu: 250m
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-agents-conf.requests.memory**
+## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-agents-conf pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 250Mi    |
-| large        | 500Mi    |
+| small        | 250Mi    |
+| medium       | 1Gi      |
+| large        | 2Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-agents-conf:
+    scanningv2-reporting-generator:
       requests:
-        memory: 100Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-collector.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-collector pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12255,22 +12142,22 @@ sysdig:
 | ------------ | ------ |
 | small        | 1      |
 | medium       | 1      |
-| large        | 2      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       limits:
         cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-collector.limits.memory**
+## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-collector pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12278,97 +12165,97 @@ sysdig:
 | ------------ | ------ |
 | small        | 1Gi    |
 | medium       | 1Gi    |
-| large        | 2Gi    |
+| large        | 1Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-collector.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-collector pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 500m     |
-| medium       | 500m     |
-| large        | 1        |
+| small        | 250m     |
+| medium       | 250m     |
+| large        | 250m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       requests:
-        cpu: 500m
+        cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-collector.requests.memory**
+## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-collector pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 50Mi     |
+| medium       | 50Mi     |
+| large        | 50Mi     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-collector:
+    scanningv2-reporting-janitor:
       requests:
-        memory: 250Mi
+        memory: 50Mi
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
 | small        | 500m   |
-| medium       | 1      |
-| large        | 2      |
+| medium       | 500m   |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
+| small        | 500Mi  |
 | medium       | 1Gi    |
 | large        | 2Gi    |
 
@@ -12377,67 +12264,67 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+| medium       | 250m     |
+| large        | 500m     |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-pkgmeta-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-pkgmeta-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+| small        | 100Mi    |
+| medium       | 250Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-pkgmeta-api:
+    scanningv2-reporting-scheduler:
       requests:
-        memory: 250Mi
+        memory: 100Mi
 ```
 
-## **sysdig.resources.scanningv2-policies-api.limits.cpu**
+## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-policies-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 500m   |
+| small        | 1      |
 | medium       | 1      |
 | large        | 1      |
 
@@ -12446,15 +12333,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       limits:
-        cpu: 500m
+        cpu: 1
 ```
 
-## **sysdig.resources.scanningv2-policies-api.limits.memory**
+## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-policies-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12469,15 +12356,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-policies-api.requests.cpu**
+## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-policies-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12492,15 +12379,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-policies-api.requests.memory**
+## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-policies-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12515,15 +12402,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-policies-api:
+    scanningv2-reporting-worker:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.limits.cpu**
+## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-api pods<br />
+**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12538,15 +12425,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.limits.memory**
+## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-api pods<br />
+**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12561,15 +12448,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.requests.cpu**
+## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-api pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12584,15 +12471,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-api.requests.memory**
+## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-api pods<br />
+**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12607,15 +12494,15 @@ sysdig:
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-api:
+    scanningv2-riskmanager-api:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.limits.cpu**
+## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-generator pods<br />
+**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12623,45 +12510,45 @@ sysdig:
 | ------------ | ------ |
 | small        | 500m   |
 | medium       | 1      |
-| large        | 2      |
+| large        | 1      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       limits:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.limits.memory**
+## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-generator pods<br />
+**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 2Gi    |
-| large        | 4Gi    |
+| small        | 500Mi  |
+| medium       | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       limits:
-        memory: 1Gi
+        memory: 500Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.requests.cpu**
+## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-generator pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12669,68 +12556,68 @@ sysdig:
 | ------------ | -------- |
 | small        | 500m     |
 | medium       | 1        |
-| large        | 2        |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       requests:
         cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-generator.requests.memory**
+## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-generator pods<br />
+**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250Mi    |
-| medium       | 1Gi      |
-| large        | 2Gi      |
+| medium       | 500Mi    |
+| large        | 500Mi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-generator:
+    scanningv2-scanresults-api:
       requests:
         memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.limits.cpu**
+## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-janitor pods<br />
+**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | limits |
 | ------------ | ------ |
-| small        | 1      |
+| small        | 500m   |
 | medium       | 1      |
-| large        | 1      |
+| large        | 2      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       limits:
-        cpu: 1
+        cpu: 500m
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.limits.memory**
+## **sysdig.resources.scanningv2-vulns-api.limits.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-janitor pods<br />
+**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
@@ -12738,1077 +12625,2407 @@ sysdig:
 | ------------ | ------ |
 | small        | 1Gi    |
 | medium       | 1Gi    |
-| large        | 1Gi    |
+| large        | 2Gi    |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       limits:
         memory: 1Gi
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.requests.cpu**
+## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-janitor pods<br />
+**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
 | small        | 250m     |
-| medium       | 250m     |
-| large        | 250m     |
+| medium       | 500m     |
+| large        | 1        |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       requests:
         cpu: 250m
 ```
 
-## **sysdig.resources.scanningv2-reporting-janitor.requests.memory**
+## **sysdig.resources.scanningv2-vulns-api.requests.memory**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-janitor pods<br />
+**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
 **Options**:<br />
 **Default**:
 
 | cluster-size | requests |
 | ------------ | -------- |
-| small        | 50Mi     |
-| medium       | 50Mi     |
-| large        | 50Mi     |
+| small        | 250Mi    |
+| medium       | 500Mi    |
+| large        | 1Gi      |
 
 **Example**:
 
 ```yaml
 sysdig:
   resources:
-    scanningv2-reporting-janitor:
+    scanningv2-vulns-api:
       requests:
-        memory: 50Mi
+        memory: 250Mi
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.limits.cpu**
+## **sysdig.secureOnly**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-scheduler pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 500m   |
-| large        | 1      |
+**Description**: Enable product optimizations for secure that break monitor.<br />
+**Options**: `true|false`<br />
+**Default**: `false`
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      limits:
-        cpu: 500m
+  secureOnly: true
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.limits.memory**
+## **sysdig.secure.eventsForwarder.proxy.enable**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-scheduler pods<br />
-**Options**:<br />
+**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
+**Options**: `true|false`<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
-
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      limits:
-        memory: 500Mi
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: false
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.requests.cpu**
+## **sysdig.secure.eventsForwarder.proxy.host**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-scheduler pods<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
+is configured.<br />
 **Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 250m     |
-| large        | 500m     |
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      requests:
-        cpu: 250m
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.scanningv2-reporting-scheduler.requests.memory**
+## **sysdig.secure.eventsForwarder.proxy.noProxy**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-scheduler pods<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
 **Options**:<br />
-**Default**:
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 100Mi    |
-| medium       | 250Mi    |
-| large        | 500Mi    |
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
+```
+
+## **sysdig.secure.eventsForwarder.proxy.password**
+
+**Required**: `false`<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-scheduler:
-      requests:
-        memory: 100Mi
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        password: F00B@r!
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.limits.cpu**
+## **sysdig.secure.eventsForwarder.proxy.port**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-reporting-worker pods<br />
+**Description**: The port the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
 **Options**:<br />
-**Default**:
+**Default**: `80`<br />
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1      |
-| medium       | 1      |
-| large        | 1      |
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        port: 3128
+```
+
+## **sysdig.secure.eventsForwarder.proxy.protocol**
+
+**Required**: `false`<br />
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker:
-      limits:
-        cpu: 1
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        protocol: https
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.limits.memory**
+## **sysdig.secure.eventsForwarder.proxy.user**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-reporting-worker pods<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
 **Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    eventsForwarder:
+      proxy:
+        enable: true
+        user: alice
+```
+
+## **sysdig.secure.certman.proxy.enable**
+
+**Required**: `false`<br />
+**Description**: Set proxy settings for secure certman (overrides global settings)<br />
+**Options**: `true|false`<br />
 **Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: false
+```
+
+## **sysdig.secure.certman.proxy.host**
+
+**Required**: `false`<br />
+**Description**: The address of the web proxy, this could be a domain name or
+an IP address. This is required if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable)
+is configured.<br />
+**Options**:<br />
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker:
-      limits:
-        memory: 1Gi
+  secure:
+    certman:
+      proxy:
+        enable: true
+        host: my-awesome-proxy.my-awesome-domain.com
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.requests.cpu**
+## **sysdig.secure.certman.proxy.noProxy**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-reporting-worker pods<br />
+**Description**: Comma separated list of addresses or domain names
+that can be reached without going through the configured web proxy. This is
+only relevant if [`sysdig.secure.certman.proxy.enable`](#sysdigsecurecertmanproxyenable) is configured and
+appended to the list in
+[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
 **Options**:<br />
-**Default**:
+**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        noProxy: my-awesome.domain.com, 192.168.0.0/16
+```
+
+## **sysdig.secure.certman.proxy.password**
+
+**Required**: `false`<br />
+**Description**: The password used to access the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
+**Options**:<br />
+**Default**:<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker:
-      requests:
-        cpu: 250m
+  secure:
+    certman:
+      proxy:
+        enable: true
+        password: F00B@r!
 ```
 
-## **sysdig.resources.scanningv2-reporting-worker.requests.memory**
+## **sysdig.secure.certman.proxy.port**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-reporting-worker pods<br />
+**Description**: The port the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) is listening on. If this is not
+configured it defaults to 80.<br />
 **Options**:<br />
-**Default**:
+**Default**: `80`<br />
 
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        port: 3128
+```
+
+## **sysdig.secure.certman.proxy.protocol**
+
+**Required**: `false`<br />
+**Description**: The protocol to use to communicate with the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost) .<br />
+**Options**: `http|https`<br />
+**Default**: `http`<br />
 
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-reporting-worker:
-      requests:
-        memory: 250Mi
+  secure:
+    certman:
+      proxy:
+        enable: true
+        protocol: https
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.limits.cpu**
+## **sysdig.secure.certman.proxy.user**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-riskmanager-api pods<br />
+**Description**: The user used to access the configured
+[`sysdig.secure.certman.proxy.host`](#sysdigsecurecertmanproxyhost).<br />
 **Options**:<br />
-**Default**:
+**Default**:<br />
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    certman:
+      proxy:
+        enable: true
+        user: alice
+```
+
+## **sysdig.postgresDatabases.PRWSInternalIngestion**
+
+**Required**: `false`<br />
+**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Example**:
+
+```yaml
+sysdig:
+  postgresql:
+    external: true
+  postgresDatabases:
+    rapidResponse:
+      host: my-prw-internal-ingestion-db-external.com
+      port: 5432
+      db: prws_internal_ingestion
+      username: prws_internal_ingestion_user
+      password: my_prws_internal_ingestion_password
+      sslmode: disable
+      admindb: root_db
+      adminusername: root_user
+      adminpassword: my_root_user_password
+```
+
+## **sysdig.beacon.prwsInternalIngestionEnabled**
+
+**Required**: `false`<br />
+**Description**: Enable Prom Remote Write Internal Ingestion<br />
+**Options**:<br />
+**Default**:`false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  beacon:
+    prwsInternalIngestionEnabled: true
+```
+
+## **sysdig.prwsInternalIngestionReplicaCount**
+
+**Required**: `false`<br />
+**Description**: Number of PRWS Internal Ingestion replicas<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestionReplicaCount: 5
+```
+
+## **sysdig.prwsInternalIngestion.jvmOptions**
+
+**Required**: `false`<br />
+**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    jvmOptions: |-
+      -Xms12g -Xmx12g
+```
+
+## **sysdig.prwsInternalIngestion.ingress**
+
+**Required**: `false`<br />
+**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    ingress:
+      - name: my-prws-internal-ingestion
+        omitBaseAnnotations: true
+        annotations:
+          haproxy-ingress.github.io/timeout-server: 20s
+          haproxy-ingress.github.io/config-backend: |
+            retries 2
+        labels:
+          app.kubernetes.io/managed-by: ingress-config
+          app.kubernetes.io/name: ingress-config
+          app.kubernetes.io/part-of: sysdigcloud
+          role: ingress-config
+          tier: infra
+        hosts:
+          - host: my-app.my-domain.com
+            sslSecretName: ssl-secret
+            paths:
+              - path: /api
+                serviceName: my-service-name
+                servicePort: 9510
+```
+
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
+
+**Required**: `false`<br />
+**Description**: Enable private endpoint communication for PRWS Internal Ingestion
+**Options**: `true|false`<br />
+**Default**: <br />
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
+```
+
+## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
+
+**Required**: `false`<br />
+**Description**: Comma separated list of addresses or domain names that can
+override the `privateEndpointCommunicationEnforcement`.
+**Options**:<br />
+**Default**:<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  prwsInternalIngestion:
+    privateEndpointCommunicationEnforcement: false
+    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
+```
+
+## **sysdig.secure.netsec.rateLimit**
+
+**Required**: `false`<br />
+**Description**: Netsec api rate limit.<br />
+**Options**:<br />
+**Default**:<br />
+
+| cluster-size | count |
+| ------------ | ----- |
+| small        | 200   |
+| medium       | 200   |
+| large        | 200   |
+
+## **sysdig.secure.scanningv2.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      enabled: true
+```
+
+## **sysdig.secure.scanningv2.proxy**
+
+**Required**: `false`<br />
+**Description**: Enables use of a proxy for two ScanningV2 services: PkgMeta and VulnAPI.<br />
+**Options**:<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+  secure:
+    scanningv2:
+      proxy:
+        defaultNoProxy: "https://foo.bar"
+        user: "user01"
+        password: "password"
+        noProxy: "localhost"
+        enable: true
+        host: "myproxy.example.com"
+        port: 3128
+        protocol: "http"
+```
+**Related parameters**: <br />
+<span>
+sysdig.secure.scanningv2.proxy.enable
+sysdig.secure.scanningv2.proxy.defaultNoProxy
+sysdig.secure.scanningv2.proxy.user
+sysdig.secure.scanningv2.proxy.noProxy
+sysdig.secure.scanningv2.proxy.host
+sysdig.secure.scanningv2.proxy.port
+sysdig.secure.scanningv2.proxy.protocol
+</span>
+
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      vulnsApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+```
+
+## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
+
+**Required**: `false`<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      vulnsApi:
+        remoteSaaSTlsSkip: true
+```
+
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
+
+**Required**: `true`<br />
+**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+```
+
+## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
+
+**Required**: `false`<br />
+**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
+**Options**:<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      pkgMetaApi:
+        remoteSaaSTlsSkip: true
+```
+
+## **sysdig.secure.scanningv2.reporting.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
+**Options**:<br />
+**Default**: true<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        enabled: true
+```
+
+## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
+
+**Required**: `false`<br />
+**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
+**Options**:<br />
+**Default**: "0 3 \* \* \*"<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        reportingJanitor:
+          schedule: "0 3 * * *"
+```
+
+## **sysdig.secure.scanningv2.reporting.storageDriver**
+
+**Required**: `false`<br />
+**Description**: Storage kind for the generated reports<br />
+**Options**: postgres, s3<br />
+**Default**: postgres<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        storageDriver: postgres
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.bucket**
+
+**Required**: `false`<br />
+**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          bucket: secure-scanningv2-reporting
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.endpoint**
+
+**Required**: `false`<br />
+**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          endpoint: s3.example.com
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.region**
+
+**Required**: `false`<br />
+**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          region: us-east-1
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
+
+**Required**: `false`<br />
+**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          accessKeyId: AKIAIOSFODNN7EXAMPLE
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+
+**Required**: `false`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+```
+
+## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+
+**Required**: `false`<br />
+**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      reporting:
+        aws:
+          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+```
+
+## **sysdig.secure.scanningv2.customCerts**
+
+**Required**: `false`<br />
+**Description**:
+To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
+
+This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
+**Options**: `true|false`<br />
+**Default**: false<br />
+**Example**:
+
+```bash
+# In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
+bash-5.0$ find certs values.yaml
+certs
+certs/scanningv2-custom-certs
+certs/scanningv2-custom-certs/certificate1.pem
+certs/scanningv2-custom-certs/certificate2.pem
+values.yaml
+```
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      customCerts: true
+```
+
+## **sysdig.secure.scanningv2.airgappedFeeds**
+
+**Required**: `false`<br />
+**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      airgappedFeeds: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.enabled**
+**Required**: `false`<br />
+**Description**: Enables the ScanRequestor BE component. By default it is set at true; setting it at false disables the ScanRequestor. If this flag is set at false also the **sysdig.secure.scanningv2.agentsConf.isBackendScanningEnabled** must be set at `false`<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        enabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.deploymentType**
+**Required**: `false`<br />
+**Description**: Defines whether the ScanRequestor should exploit MinIO as S3 storage. Setting the value at `onprem` enables the initialization job required for the ScanRequestor to set-up required buckets on MinIO and triggers the deployment of MinIO in on-prem. If set at `saas` the storage type for the SR will be s3, if not set or empty SR will use cassandra. <br/>
+**Options**: `onprem|saas|empty`<br />
+**Default**: `empty`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        deploymentType: saas
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.loggingLevel**
+**Required**: `false`<br />
+**Description**: Sets the log level for the scan requestor component<br/>
+**Options**: `TRACE|DEBUG|INFO|WARN|ERROR`<br />
+**Default**: `INFO`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        loggingLevel: INFO
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.serviceAccount**
+**Required**: `false`<br />
+**Description**: Sets the service account (name) used to access the (S3) storage in case the selected storage type is S3.<br/>
+**Default**: `sysdig`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        serviceAccount: sysdig
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.type**
+**Required**: `false`<br />
+**Description**: Sets the type of storage is used by the ScanRequestor to persist its state.<br/>
+**Options**: `S3|cassandra`<br />
+**Default**: `cassandra`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          type: cassandra
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.bucketName**
+**Required**: `false`<br />
+**Description**: Sets the name of the bucket on which the ScanRequestor will store state and staging information, if the selected storage type is `S3`.<br/>
+**Default**: `scan-requestor`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          bucketName: "scan-requestor"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.endpoint**
+**Required**: `false`<br />
+**Description**: Sets the URl of the S3 service to use as storage, if the selected storage type is S3<br/>
+**Default**: `https://sysdigcloud-minio-hl.<namespace>.svc.cluster.local:9000`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          endpoint: https://sysdigcloud-minio-hl.sysdigloud.svc.cluster.local:9000
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.region**
+**Required**: `false`<br />
+**Description**: Sets the region S3 service to use as storage, if the selected storage type is S3. Set to `auto` for MinIO deployments.<br/>
+**Default**: `auto`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          region: auto
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.retentionTime**
+**Required**: `false`<br />
+**Description**: Sets the bucket retention time, if the selected storage type is S3 and the deployment is onprem (i.e., MinIO is used).<br/>
+**Default**: `2`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          retentionTime: 2
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.caCrt**
+**Required**: `false`<br />
+**Description**: Sets the certificate of the S3 service to use as storage, if the selected storage type is S3<br/>
+**Default**: `/opt/certs/minio-tls-ca/public.crt`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          caCrt: "/opt/certs/minio-tls-ca/public.crt"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.enabled**
+**Required**: `false`<br />
+**Description**: Enables the (PostgreSQL) Request Store used by the SR to store the ScanNow and ACValidation queue of requests.<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            enabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestMaxAge**
+**Required**: `false`<br />
+**Description**: The maximum age for requests to be considered still valid/pending<br/>
+**Default**: `1h`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            requestMaxAge: "1h"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.requestReplyTimeout**
+**Required**: `false`<br />
+**Description**: The period of time after which a scan request (in the ScanNow flow) is considered failed if no response is received.<br/>
+**Default**: `30s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          requestStore: 
+            requestReplyTimeout: 30s
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.hosts**
+**Required**: `false`<br />
+**Description**: The URL of cassandra server(s).<br/>
+**Default**: `sysdigcloud-cassandra:9042`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            hosts: "sysdigcloud-cassandra:9042"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.keyspace**
+**Required**: `false`<br />
+**Description**: The cassandra key space to use for storing ScanRequestor tables.<br/>
+**Default**: `sysdig_scanning`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            keyspace: "sysdig_scanning"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.protocolVersion**
+**Required**: `false`<br />
+**Description**: The protocol version used to communicate with Cassandra<br/>
+**Default**: `3`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            protocolVersion: "3"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.replicationFactor**
+**Required**: `false`<br />
+**Description**: The replication factor to use for ScanRequestor tables.<br/>
+**Default**: `3`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            replicationFactor: "3"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.datacenter**
+**Required**: `false`<br />
+**Description**: The datacenter identifier to be used for cassandra communication.<br/>
+**Default**: `datacenter1`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra: 
+            datacenter: "datacenter1"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.requestTimeout**
+**Required**: `false`<br />
+**Description**: The timeout for cassandra requests.<br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            requestTimeout: "3s"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxReadRequests**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            maxReadRequests: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.maxWriteRequests**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            maxWriteRequests: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionEnabled**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            compressionEnabled: true
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.compressionThreshold**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            compressionThreshold: ""
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.Metadata**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              metadata: "86400"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.state**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              state: "86400"
+```
+
+## **sysdig.secure.scanningV2.scanRequestor.storage.requestStore.cassandra.ttlSec.events**
+**Required**: `false`<br />
+**Description**: - to be filled - <br/>
+**Default**: ` `<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor: 
+        storage:
+          cassandra:
+            ttlSec: 
+              events: "86400"
+```
+
+## **sysdig.s3.scanRequestor.accessKeyId**
+**Required**: `false`<br />
+**Description**: The S3 access-key id to be used when the storage type is set at S3.<br/>
+**Default**: `scanningv2_scanrequestor`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    scanRequestor:
+      accessKeyId: "a-key"
+```
+## **sysdig.s3.scanRequestor.secretAccessKey**
+**Required**: `false`<br />
+**Description**: The S3 secret access-key id to be used when the storage type is set at S3.<br/>
+**Default**: `random`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  s3:
+    scanRequestor:
+      secretAccessKey: "DLGJdgoiefebefhbhdfuhvbEAFBVAUGWUEghdwbYUWREG"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.interval**
+**Required**: `false`<br />
+**Description**: The interval between two subsequent processing of messages in the ScanRequestor staging area. Should be no lower than `5m`<br/>
+**Default**: `5m`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          interval: "5m"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.startDelay**
+**Required**: `false`<br />
+**Description**: The initial delay in staging area scheduled processing.<br/>
+**Default**: `10s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          startDelay: "10s"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.requestPartitionProcessingScheduler.timeout**
+**Required**: `false`<br />
+**Description**: The timeout for getting partition processing requests from NATS.<br/>
+**Default**: `30s`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        requestPartitionProcessingScheduler:
+          timeout: "30s"
+```
+
+## **sysdig.secure.scanningv2.scanRequestor.partitionProcessing.deleteObjectsAfter**
+**Required**: `false`<br />
+**Description**: A flag requiring to delete events from the staging area, as soon as they are processed. Must be `true` when using the S3 MinIO backend to avoid incurring into premature end of available inodes.<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    scanningv2:
+      scanRequestor:
+        partitionProcessing:
+          deleteObjectsAfter: true
+```
+
+## **sysdig.platformService.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable the platform-service deployment<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    enabled: false
+```
+
+## **sysdig.platformService.audit.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable sending of audit data for platform-service<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    audit:
+      enabled: false
+```
+
+## **sysdig.platformService.ingestion.endpoint**
+
+**Required**: `false`<br />
+**Description**: Endpoint where platform-service will send data for Sysdig Platform Audit<br/>
+**Default**: `sysdigcloud-events-ingestion:3000`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    ingestion:
+      endpoint: sysdigcloud-events-ingestion:3000
+```
+
+## **sysdig.platformService.server.port.metric**
+
+**Required**: `false`<br />
+**Description**: Server port that will be used to serve metrics data<br/>
+**Default**: `25000`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    server:
+      port:
+        metric: 25000
+```
+
+## **sysdig.platformService.server.port.health**
+
+**Required**: `false`<br />
+**Description**: Server port that will be used to serve health checker endpoint<br/>
+**Default**: `8083`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    server:
+      port:
+        health: 8083
+```
+
+## **sysdig.platformService.pdf.server.port.rest**
+
+**Required**: `false`<br />
+**Description**: PDF service server port that will serve HTTP requests<br/>
+**Default**: `7000`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    pdf:
+      server:
+        port:
+          rest: 7000
+```
+
+## **sysdig.platformService.pdf.server.port.grpc**
+
+**Required**: `false`<br />
+**Description**: PDF service server port that will serve GRPC requests<br/>
+**Default**: `5051`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    pdf:
+      server:
+        port:
+          grpc: 5051
+```
+
+## **sysdig.platformService.alerts.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable Platform Alerts service<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      enabled: false
+```
+
+## **sysdig.platformService.alerts.serviceToken**
+
+**Required**: `false`<br />
+**Description**: Service token used to identify platform service for service calls to other services<br />
+**Default**: `change_me`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      serviceToken: change_me
+
+
+## **sysdig.platformService.alerts.server.port.grpc**
+
+**Required**: `false`<br />
+**Description**: Platform Alerts service server port that will serve GRPC requests<br/>
+**Default**: `5052`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      server:
+        port:
+          grpc: 5052
+```
+
+## **sysdig.platformService.alerts.server.port.rest**
+
+**Required**: `false`<br />
+**Description**: Platform Alerts service server port that will serve HTTP requests<br/>
+**Default**: `7004`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      server:
+        port:
+          rest: 7004
+```
+
+## **sysdig.platformService.alerts.server.enableEventsEndpoints**
+
+**Required**: `false`<br />
+**Description**: Enable or disable test endpoints that will send fake events<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      server:
+        enableEventsEndpoints: false
+```
+
+## **sysdig.platformService.alerts.ticketing.url**
+
+**Required**: `false`<br />
+**Description**: URL of the ticketing service which platform alerts will call to create Jira tickets<br/>
+**Default**: `http://sysdigcloud-ticketing-api:7001`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      ticketing:
+        url: http://sysdigcloud-ticketing-api:7001
+```
+
+## **sysdig.platformService.alerts.monitor.url**
+
+**Required**: `false`<br />
+**Description**: Base URL for monitor API calls<br/>
+**Default**: `http://sysdigcloud-api:8080`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      monitor:
+        url: http://sysdigcloud-api:8080
+```
+
+## **sysdig.platformService.alerts.monitor.cache.expiration**
+
+**Required**: `false`<br />
+**Description**: Expiration time of the cache for monitor API calls<br/>
+**Default**: `5m`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      monitor:
+        cache:
+          expiration: 5m
+```
+
+## **sysdig.platformService.alerts.monitor.cache.cleanup**
+
+**Required**: `false`<br />
+**Description**: Time after which cache for monitor API calls will be cleanup<br/>
+**Default**: `10m`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      monitor:
+        cache:
+          cleanup: 10m
+```
+
+## **sysdig.platformService.alerts.nats.js.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable NATS for platform alerts service<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          enabled: false
+```
+
+## **sysdig.platformService.alerts.nats.js.url**
+
+**Required**: `false`<br />
+**Description**: Url of the NATS server that platform alerts service will connect to<br/>
+**Default**: `nats`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          url: nats
+```
+
+## **sysdig.platformService.alerts.nats.js.clientName**
+
+**Required**: `false`<br />
+**Description**: Client name for platform alerts service<br/>
+**Default**: `sysdigcloud-platform-alerts-api`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          clientName: sysdigcloud-platform-alerts-api
+```
+
+## **sysdig.platformService.alerts.nats.js.tls.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable TLS connection for NATS<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          tls:
+            enabled: true
+```
+
+## **sysdig.platformService.alerts.nats.js.tls.cert**
+
+**Required**: `false`<br />
+**Description**: TLS certificate for NATS connection<br/>
+**Default**: `/opt/certs/nats-js-tls-certs/ca.crt`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          tls:
+            cert: /opt/certs/nats-js-tls-certs/ca.crt
+```
+
+## **sysdig.platformService.alerts.nats.js.migrationFile**
+
+**Required**: `false`<br />
+**Description**: Location of the json migration file<br/>
+**Default**: `/nats/migrations/streams.json`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          migrationFile: /nats/migrations/streams.json
+```
+
+## **sysdig.platformService.alerts.nats.js.risk.consumer.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable NATS consumer for Risk integration<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              enabled: false
+```
+
+## **sysdig.platformService.alerts.nats.js.risk.consumer.name**
+
+**Required**: `false`<br />
+**Description**: Name of NATS consumer for Risk integration<br/>
+**Default**: `risk-consumer`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              name: risk-consumer
+```
 
+## **sysdig.platformService.alerts.nats.js.risk.consumer.stream**
+
+**Required**: `false`<br />
+**Description**: NATS stream name of consumer for Risk integration<br/>
+**Default**: `risk-alerts`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      limits:
-        cpu: 500m
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              stream: risk-alerts
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.limits.memory**
+## **sysdig.platformService.alerts.nats.js.risk.consumer.subjects**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-riskmanager-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
-
+**Description**: NATS subjects name of consumer for Risk integration<br/>
+**Default**: `risk.>`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      limits:
-        memory: 1Gi
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              subjects: risks-alerts.*
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.requests.cpu**
+## **sysdig.platformService.alerts.nats.js.risk.consumer.timeoutRetryMaxWait**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-riskmanager-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
-
+**Description**: Max retry wait time for consumer for Risk integration<br/>
+**Default**: `10s`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      requests:
-        cpu: 250m
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            consumer:
+              timeoutRetryMaxWait: 10s
 ```
 
-## **sysdig.resources.scanningv2-riskmanager-api.requests.memory**
+## **sysdig.platformService.alerts.nats.js.risk.notifier.enabled**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-riskmanager-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
-
+**Description**: Enable or disable NATS notifier publishing for Risk integration<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-riskmanager-api:
-      requests:
-        memory: 250Mi
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            notifier:
+              enabled: false
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.limits.cpu**
+## **sysdig.platformService.alerts.nats.js.risk.notifier.stream**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-scanresults-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 1      |
-
+**Description**: Name of a NATS stream for publishing events to notifier for Risk integration<br/>
+**Default**: `notifier-notifications-1`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      limits:
-        cpu: 500m
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            notifier:
+              stream: notifier-notifications-1
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.limits.memory**
-
-**Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-scanresults-api pods<br />
-**Options**:<br />
-**Default**:
 
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500Mi  |
-| medium       | 1Gi    |
-| large        | 2Gi    |
+## **sysdig.platformService.alerts.nats.js.risk.notifier.subject**
 
+**Required**: `false`<br />
+**Description**: NATS subject for publishing events to notifier for Risk integration<br/>
+**Default**: `notifier.notifications.1.risk`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      limits:
-        memory: 500Mi
+  platformService:
+    alerts:
+      nats:
+        js:
+          risk:
+            notifier:
+              subject: notifier.notifications.1.risk
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.requests.cpu**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.enabled**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-scanresults-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 500m     |
-| medium       | 1        |
-| large        | 1        |
-
+**Description**: Enable or disable NATS consumer for VM integration<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      requests:
-        cpu: 500m
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              enabled: false
 ```
 
-## **sysdig.resources.scanningv2-scanresults-api.requests.memory**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.name**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-scanresults-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 500Mi    |
-
+**Description**: Name of NATS consumer for VM integration<br/>
+**Default**: `vm-consumer`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-scanresults-api:
-      requests:
-        memory: 250Mi
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              name: vm-consumer
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.limits.cpu**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.stream**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu assigned to scanningv2-vulns-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 500m   |
-| medium       | 1      |
-| large        | 2      |
-
+**Description**: NATS stream name of consumer for VM integration<br/>
+**Default**: `secure-vm-notifier-integrations`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      limits:
-        cpu: 500m
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              stream: secure-vm-notifier-integrations
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.limits.memory**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.subjects**
 
 **Required**: `false`<br />
-**Description**: The amount of memory assigned to scanningv2-vulns-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | limits |
-| ------------ | ------ |
-| small        | 1Gi    |
-| medium       | 1Gi    |
-| large        | 2Gi    |
-
+**Description**: NATS subjects name of consumer for VM integration<br/>
+**Default**: `secure.vm.notifier.integrations.jira`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      limits:
-        memory: 1Gi
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              subjects: secure.vm.notifier.integrations.jira
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.requests.cpu**
+## **sysdig.platformService.alerts.nats.js.vm.consumer.timeoutRetryMaxWait**
 
 **Required**: `false`<br />
-**Description**: The amount of cpu required to schedule scanningv2-vulns-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250m     |
-| medium       | 500m     |
-| large        | 1        |
-
+**Description**: Max retry wait time for consumer for VM integration<br/>
+**Default**: `10s`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      requests:
-        cpu: 250m
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            consumer:
+              timeoutRetryMaxWait: 10s
 ```
 
-## **sysdig.resources.scanningv2-vulns-api.requests.memory**
+## **sysdig.platformService.alerts.nats.js.vm.notifier.enabled**
 
 **Required**: `false`<br />
-**Description**: The amount of memory required to schedule scanningv2-vulns-api pods<br />
-**Options**:<br />
-**Default**:
-
-| cluster-size | requests |
-| ------------ | -------- |
-| small        | 250Mi    |
-| medium       | 500Mi    |
-| large        | 1Gi      |
-
+**Description**: Enable or disable NATS notifier publishing for VM integration<br/>
+**Options**: `true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  resources:
-    scanningv2-vulns-api:
-      requests:
-        memory: 250Mi
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            notifier:
+              enabled: false
 ```
 
-## **sysdig.secureOnly**
+## **sysdig.platformService.alerts.nats.js.vm.notifier.stream**
 
 **Required**: `false`<br />
-**Description**: Enable product optimizations for secure that break monitor.<br />
-**Options**: `true|false`<br />
-**Default**: `false`
-
+**Description**: Name of a NATS stream for publishing events to notifier for VM integration<br/>
+**Default**: `notifier-notifications-1`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secureOnly: true
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            notifier:
+              stream: notifier-notifications-1
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.enable**
 
-**Required**: `false`<br />
-**Description**: Set proxy settings for secure forwarding (overrides global settings)<br />
-**Options**: `true|false`<br />
-**Default**:
+## **sysdig.platformService.alerts.nats.js.vm.notifier.subject**
 
+**Required**: `false`<br />
+**Description**: NATS subject for publishing events to notifier for VM integration<br/>
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: false
+  platformService:
+    alerts:
+      nats:
+        js:
+          vm:
+            notifier:
+              subject: notifier.notifications.1.vm
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.host**
+## **sysdig.platformService.alerts.workers.notification.enabled**
 
 **Required**: `false`<br />
-**Description**: The address of the web proxy, this could be a domain name or
-an IP address. This is required if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable)
-is configured.<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Enables or disables workers for sending notifications in batches to alerts-notifier<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        host: my-awesome-proxy.my-awesome-domain.com
+  platformService:
+    alerts:
+      workers:
+        notification:
+          enabled: true
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.noProxy**
+## **sysdig.platformService.alerts.workers.notification.pollInterval**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names
-that can be reached without going through the configured web proxy. This is
-only relevant if [`sysdig.secure.eventsForwarder.proxy.enable`](#sysdigsecureeventsforwarderproxyenable) is configured and
-appended to the list in
-[`sysdig.proxy.defaultNoProxy`](#sysdigproxydefaultnoproxy]).<br />
-**Options**:<br />
-**Default**: `127.0.0.1, localhost, sysdigcloud-anchore-core, sysdigcloud-anchore-api`<br />
-
+**Description**: Pooling time interval that will read unsend notifications<br/>
+**Default**: `500ms`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        noProxy: my-awesome.domain.com, 192.168.0.0/16
+  platformService:
+    alerts:
+      workers:
+        notification:
+          pollInterval: 500ms
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.password**
+## **sysdig.platformService.alerts.workers.notification.batchSize**
 
 **Required**: `false`<br />
-**Description**: The password used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Number of events that will be sent from platform alerts to alert-notifier<br/>
+**Default**: `50`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        password: F00B@r!
+  platformService:
+    alerts:
+      workers:
+        notification:
+          batchSize: 50
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.port**
 
-**Required**: `false`<br />
-**Description**: The port the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) is listening on. If this is not
-configured it defaults to 80.<br />
-**Options**:<br />
-**Default**: `80`<br />
+## **sysdig.secure.ticketing.enabled**
 
+**Required**: `false`<br />
+**Description**: Enable or disable the ticketing service deployment<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        port: 3128
+    ticketing:
+      enabled: false
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.protocol**
+## **sysdig.secure.ticketing.audit.enabled**
 
 **Required**: `false`<br />
-**Description**: The protocol to use to communicate with the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost) .<br />
-**Options**: `http|https`<br />
-**Default**: `http`<br />
-
+**Description**: Enable or disable sending of audit data for ticketing service<br />
+**Options**:`true|false`<br />
+**Default**: `false`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        protocol: https
+    ticketing:
+      audit:
+        enabled: false
 ```
 
-## **sysdig.secure.eventsForwarder.proxy.user**
+## **sysdig.secure.ticketing.jiraClientMaxRetries**
 
 **Required**: `false`<br />
-**Description**: The user used to access the configured
-[`sysdig.secure.eventsForwarder.proxy.host`](#sysdigsecureeventsforwarderproxyhost).<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Number of max retries for Jira client<br/>
+**Default**: `5`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    eventsForwarder:
-      proxy:
-        enable: true
-        user: alice
+    ticketing:
+      jiraClientMaxRetries: 5
 ```
 
-## **sysdig.postgresDatabases.PRWSInternalIngestion**
+## **sysdig.secure.ticketing.jiraClientBaseWait**
 
 **Required**: `false`<br />
-**Description**: A map containing database connection details for external postgresql instance used as `prwsInternalIngestion` database. To use in conjunction with `sysdig.postgresql.external`.<br />
+**Description**: Jira client base wait time<br/>
+**Default**: `1s`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  postgresql:
-    external: true
-  postgresDatabases:
-    rapidResponse:
-      host: my-prw-internal-ingestion-db-external.com
-      port: 5432
-      db: prws_internal_ingestion
-      username: prws_internal_ingestion_user
-      password: my_prws_internal_ingestion_password
-      sslmode: disable
-      admindb: root_db
-      adminusername: root_user
-      adminpassword: my_root_user_password
+  secure:
+    ticketing:
+      jiraClientBaseWait: 1s
 ```
 
-## **sysdig.beacon.prwsInternalIngestionEnabled**
+## **sysdig.secure.ticketing.jiraClientMaxWait**
 
 **Required**: `false`<br />
-**Description**: Enable Prom Remote Write Internal Ingestion<br />
-**Options**:<br />
-**Default**:`false`<br />
+**Description**: Max wait time for Jira client<br/>
+**Default**: `30s`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  beacon:
-    prwsInternalIngestionEnabled: true
+  secure:
+    ticketing:
+      jiraClientMaxWait: 30s
 ```
 
-## **sysdig.prwsInternalIngestionReplicaCount**
+## **sysdig.secure.ticketing.jiraClientJitterMaxMillis**
 
 **Required**: `false`<br />
-**Description**: Number of PRWS Internal Ingestion replicas<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Max number for Jira client jitter in milliseconds<br/>
+**Default**: `1000`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestionReplicaCount: 5
+  secure:
+    ticketing:
+      jiraClientJitterMaxMillis: 1000
 ```
 
-## **sysdig.prwsInternalIngestion.jvmOptions**
+## **sysdig.secure.ticketing.jiraCacheDefaultExpiration**
 
 **Required**: `false`<br />
-**Description**: Custom JVM configuration for PRWS Internal Ingestion<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Jira cache will expire after this period<br/>
+**Default**: `15m`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    jvmOptions: |-
-      -Xms12g -Xmx12g
+  secure:
+    ticketing:
+      jiraCacheDefaultExpiration: 15m
 ```
 
-## **sysdig.prwsInternalIngestion.ingress**
+## **sysdig.secure.ticketing.jiraCacheCleanupInterval**
 
 **Required**: `false`<br />
-**Description**: Add a custom Ingress for PRWS Internal Ingestion<br />
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Time interval for Jira cache cleanup<br/>
+**Default**: `1m`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    ingress:
-      - name: my-prws-internal-ingestion
-        omitBaseAnnotations: true
-        annotations:
-          haproxy-ingress.github.io/timeout-server: 20s
-          haproxy-ingress.github.io/config-backend: |
-            retries 2
-        labels:
-          app.kubernetes.io/managed-by: ingress-config
-          app.kubernetes.io/name: ingress-config
-          app.kubernetes.io/part-of: sysdigcloud
-          role: ingress-config
-          tier: infra
-        hosts:
-          - host: my-app.my-domain.com
-            sslSecretName: ssl-secret
-            paths:
-              - path: /api
-                serviceName: my-service-name
-                servicePort: 9510
+  secure:
+    ticketing:
+      jiraCacheCleanupInterval: 1m
 ```
 
-## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcement**
+## **sysdig.secure.ticketing.jiraAssignableMaxResults**
 
 **Required**: `false`<br />
-**Description**: Enable private endpoint communication for PRWS Internal Ingestion
-**Options**: `true|false`<br />
-**Default**: <br />
+**Description**: Number of max results that you can assign to<br/>
+**Default**: `2000`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    privateEndpointCommunicationEnforcement: false
+  secure:
+    ticketing:
+      jiraAssignableMaxResults: 2000
 ```
 
-## **sysdig.prwsInternalIngestion.privateEndpointCommunicationEnforcementExclusions**
+## **sysdig.secure.ticketing.jiraSyncIssuesCronExpr**
 
 **Required**: `false`<br />
-**Description**: Comma separated list of addresses or domain names that can
-override the `privateEndpointCommunicationEnforcement`.
-**Options**:<br />
-**Default**:<br />
-
+**Description**: Expression for cron job for Jira sync issues job<br/>
+**Default**: `0 0 * * * *`<br />
 **Example**:
 
 ```yaml
 sysdig:
-  prwsInternalIngestion:
-    privateEndpointCommunicationEnforcement: false
-    privateEndpointCommunicationEnforcementExclusions: my-awesome.domain.com, 192.168.0.0/16
+  secure:
+    ticketing:
+      jiraSyncIssuesCronExpr: "0 0 * * * *"
 ```
 
-## **sysdig.secure.netsec.rateLimit**
+## **sysdig.secure.ticketing.jiraCreateIssuesCronExpr**
 
 **Required**: `false`<br />
-**Description**: Netsec api rate limit.<br />
-**Options**:<br />
-**Default**:<br />
+**Description**: Expression for cron job for Jira create issues job<br/>
+**Default**: `0 0 * * * *`<br />
+**Example**:
 
-| cluster-size | count |
-| ------------ | ----- |
-| small        | 200   |
-| medium       | 200   |
-| large        | 200   |
+```yaml
+sysdig:
+  secure:
+    ticketing:
+      jiraCreateIssuesCronExpr: "0 0 * * * *"
+```
 
-## **sysdig.secure.scanningv2.enabled**
+## **sysdig.secure.ticketing.jiraCreateIssuesOrchestratorInterval**
 
 **Required**: `false`<br />
-**Description**: Enable Vulnerability Engine V2 for Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
+**Description**: Time interval for creating issues orchestrator<br/>
+**Default**: `5m`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      enabled: true
+    ticketing:
+      jiraCreateIssuesOrchestratorInterval: 5m
 ```
 
-## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSEndpoint**
-
-**Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+## **sysdig.secure.ticketing.jiraCreateIssuesWorkersMinWait**
 
+**Required**: `false`<br />
+**Description**: Min wait time for create issues from workers to compleate<br/>
+**Default**: `1s`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      vulnsApi:
-        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+    ticketing:
+      jiraCreateIssuesWorkersMinWait: 1s
 ```
 
-## **sysdig.secure.scanningv2.vulnsApi.remoteSaaSTlsSkip**
+## **sysdig.secure.ticketing.jiraCreateIssuesWorkersMaxWait**
 
 **Required**: `false`<br />
-**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
-**Options**:<br />
-**Default**: `false`<br />
-
+**Description**: Max wait time for create issues from workers to compleate<br/>
+**Default**: `5s`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      vulnsApi:
-        remoteSaaSTlsSkip: true
+    ticketing:
+      jiraCreateIssuesWorkersMaxWait: 5s
 ```
 
-## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSEndpoint**
-
-**Required**: `true`<br />
-**Description**: Remote endpoint that will be used to retrieve vulnerability feed metadata. Select the optimal Sysdig secure endpoint from <https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/>.<br />
+## **sysdig.secure.ticketing.jiraMaxAttachmentSize**
 
+**Required**: `false`<br />
+**Description**: Sets maximum size for jira attachment in bytes<br/>
+**Default**: `1048576`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      pkgMetaApi:
-        remoteSaaSEndpoint: "https://eu1.app.sysdig.com"
+    ticketing:
+      jiraMaxAttachmentSize: 1048576
 ```
 
-## **sysdig.secure.scanningv2.pkgMetaApi.remoteSaaSTlsSkip**
+## **sysdig.secure.ticketing.hardDeleteIntegrationAPIEnabled**
 
 **Required**: `false`<br />
-**Description**: Whether to validate SSL certificates for the remote vuln feed download, especially useful when connecting via a proxy using self-signed certificate.<br />
-**Options**:<br />
+**Description**: Enables or disables hard delete of integrations in ticketing service<br/>
+**Options**: `true|false`<br />
 **Default**: `false`<br />
-
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      pkgMetaApi:
-        remoteSaaSTlsSkip: true
+    ticketing:
+      hardDeleteIntegrationAPIEnabled: false
 ```
 
-## **sysdig.secure.scanningv2.reporting.enabled**
+## **sysdig.secure.ticketing.natsJS.migrationFile**
 
 **Required**: `false`<br />
-**Description**: Enable reporting for the Vulnerability Engine V2 of Sysdig Secure.<br />
-**Options**:<br />
-**Default**: true<br />
+**Description**: Location of the json migration file<br/>
+**Default**: `/nats/migrations/streams.json`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        enabled: true
+    ticketing:
+      natsJS:
+        migrationFile: /nats/migrations/streams.json
 ```
 
-## **sysdig.secure.scanningv2.reporting.reportingJanitor.schedule**
+## **sysdig.secure.ticketing.natsJS.url**
 
 **Required**: `false`<br />
-**Description**: K8s Cronjob schedule string for Vulnerability Engine V2 reporting cleanup process<br />
-**Options**:<br />
-**Default**: "0 3 \* \* \*"<br />
+**Description**: Url of the NATS server that ticketing service will connect to<br/>
+**Default**: `nats`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        reportingJanitor:
-          schedule: "0 3 * * *"
+    ticketing:
+      natsJS:
+        url: nats
 ```
 
-## **sysdig.secure.scanningv2.reporting.storageDriver**
+## **sysdig.secure.ticketing.natsJS.secure.enabled**
 
 **Required**: `false`<br />
-**Description**: Storage kind for the generated reports<br />
-**Options**: postgres, s3<br />
-**Default**: postgres<br />
+**Description**: Enables or disables NATS in ticketing service<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        storageDriver: postgres
+    ticketing:
+      natsJS:
+        secure:
+          enabled: true
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.bucket**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.deliverPolicyAll**
 
 **Required**: `false`<br />
-**Description**: The AWS S3-compatible storage bucket name where reports will be saved (required when using `s3` driver)<br />
+**Description**: Enables or disables deliverPolicyAll for NATS attachments consumer in ticketing service<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          bucket: secure-scanningv2-reporting
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          deliverPolicyAll: true
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.endpoint**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.durable**
 
 **Required**: `false`<br />
-**Description**: The service endpoint of a AWS S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: Name of NATS durable consumer for consuming attachments events for ticketing service<br/>
+**Default**: `add_attachment_to_issue_consumer`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          endpoint: s3.example.com
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          durable: add_attachment_to_issue_consumer
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.region**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.name**
 
 **Required**: `false`<br />
-**Description**: The AWS region where the S3 bucket is created (required when using `s3` driver in a AWS deployment)<br />
+**Description**: Name of NATS consumer for consuming attachments events for ticketing service<br/>
+**Default**: `add_attachment_to_issue_consumer`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          region: us-east-1
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          name: add_attachment_to_issue_consumer
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.accessKeyId**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.pull**
 
 **Required**: `false`<br />
-**Description**: The Access Key ID used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: Enable or disable pulling events for attachments consumer for ticketing service<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          accessKeyId: AKIAIOSFODNN7EXAMPLE
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          pull: true
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.streamName**
 
 **Required**: `false`<br />
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: Name of a NATS stream for consuming attachment events for ticketing service<br/>
+**Default**: `jira_attachments`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          streamName: jira_attachments
 ```
 
-## **sysdig.secure.scanningv2.reporting.aws.secretAccessKey**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.subject**
 
 **Required**: `false`<br />
-**Description**: The Secret Access Key used to authenticate with a S3-compatible storage (required when using `s3` driver in a non-AWS deployment)<br />
+**Description**: NATS subject for consuming attachments events for ticketing service<br/>
+**Default**: `jira_attachments.add_to_issue`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      reporting:
-        aws:
-          secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          subject: jira_attachments.add_to_issue
 ```
 
-## **sysdig.secure.scanningv2.customCerts**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.maxDeliver**
 
 **Required**: `false`<br />
-**Description**:
-To allow the scanningv2 subsystem to trust these certificates, use this configuration to upload one or more PEM-format CA certificates. You must ensure you've uploaded all certificates in the CA approval chain to the root CA.
-
-This configuration when set expects certificates with .pem extension under certs/scanningv2-custom-certs/ in the same level as `values.yaml`<br />
-**Options**: `true|false`<br />
-**Default**: false<br />
+**Description**: Number of max retries for delivering attachment<br/>
+**Default**: `3`<br />
 **Example**:
 
-```bash
-#In the example directory structure below, certificate1.crt and certificate2.crt will be added to the trusted list.
-bash-5.0$ find certs values.yaml
-certs
-certs/scanningv2-custom-certs
-certs/scanningv2-custom-certs/certificate1.pem
-certs/scanningv2-custom-certs/certificate2.pem
-values.yaml
-```
-
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      customCerts: true
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          maxDeliver: 3
 ```
 
-## **sysdig.secure.scanningv2.airgappedFeeds**
+## **sysdig.secure.ticketing.natsJS.addAttachmentConsumer.ackWait**
 
 **Required**: `false`<br />
-**Description**: Deploys a local object storage for scanningv2 vuln feeds artifacts for airgapped installs. It does not reach out to one of Sysdig SaaS products<br />
-**Options**: `true|false`<br />
-**Default**: `false`<br />
-
+**Description**: Time to wait for receiving ACK signal for attachments<br/>
+**Default**: `5m`<br />
 **Example**:
 
 ```yaml
 sysdig:
   secure:
-    scanningv2:
-      airgappedFeeds: true
+    ticketing:
+      natsJS:
+        addAttachmentConsumer:
+          ackWait: 5m
 ```
diff --git a/installer/docs/03-upgrade.md b/installer/docs/03-upgrade.md
index 1d62842b..8d280a10 100644
--- a/installer/docs/03-upgrade.md
+++ b/installer/docs/03-upgrade.md
@@ -1,5 +1,6 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Upgrade -->
 <!-- Layout: plain -->
 
@@ -28,9 +29,9 @@ Options](../README.md#quickstart-install) for more context.
 
 <br />
 
-### Step 1
+### Step 1 - Download the latest `values.yaml` template
 
-Copy the current version sysdig-chart/values.yaml to your working directory.
+Copy the current version `sysdig-chart/values.yaml` to your working directory.
 
 ```bash
 wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/installer/values.yaml
@@ -38,7 +39,7 @@ wget https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/installer/ins
 
 <br />
 
-### Step 2
+### Step 2 - Configure `values.yaml` according to your environment
 
 Edit the following values:
 
@@ -95,7 +96,7 @@ would also edit the following values:
 
 <br />
 
-### Step 3
+### Step 3 - Check differences with the old Sysdig environment
 
 Run the Installer (if you are in airgapped environment make sure you follow
 instructions from installation on how to get the images to your airgapped
@@ -107,7 +108,7 @@ registry)
 
 <br />
 
-### Step 4
+### Step 4 - Deploy Sysdig version
 
 If you are fine with the differences displayed, then run:
 
diff --git a/installer/docs/04-advanced_configuration.md b/installer/docs/04-advanced_configuration.md
index 93e8012c..c42f3015 100644
--- a/installer/docs/04-advanced_configuration.md
+++ b/installer/docs/04-advanced_configuration.md
@@ -1,9 +1,10 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Advanced Configuration -->
 <!-- Layout: plain -->
 
-# Advanced configuration
+# Advanced Configuration
 
 <br />
 
@@ -131,16 +132,19 @@ Make sure that subnets have internet gateway configured and has enough ips.
 
 ### Updating the feeds database in airgapped environments [ScanningV2]
 
-This is a script that can be used to automatically update the vulnerability feeds used by the ScanningV2 engine.
+In non-airgap onprem environments, the vulnerabilities feeds is automatically retrieved by the Sysdig stack from a Sysdig SaaS endpoint.
+In an airgap onprem environment, the customer must retrieve the feed as a Docker image from a workstation with Internet access and then load the image onto their own private registry.
+
+The following is an example of a Bash script that could be used to update the vulnerability feeds used by the ScanningV2 engine.
+The tag used is `latest`, and Sysdig is building and pushing this tag multiple times each day.
+The details of the image can be found using the `docker inspect` command, even if the tag is `latest`.
+The script is only provided as an example or template to be filled and customized.
 
 ```bash
 #!/bin/bash
 QUAY_USERNAME="<change_me>"
 QUAY_PASSWORD="<change_me>"
-
-# Calculate the tag of the last version.
-epoch=`date +%s`
-IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
+IMAGE_TAG="latest"
 
 # Download image
 docker login quay.io/sysdig -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD}
@@ -154,15 +158,30 @@ ssh -t user@airgapped-host "docker image load -i /var/shared-folder/airgap-vuln-
 # Push image remotely
 ssh -t user@airgapped-host "docker tag airgap-vuln-feeds:${IMAGE_TAG} airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
 ssh -t user@airgapped-host "docker image push airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+# verify the image timestamp - this command should return the timestamp in epoch format
+epoch_timestamp=$(ssh -q -t user@airgapped-host "docker inspect --format '{{ index .Config.Labels \"sysdig.origin-docker-image-tag\" }}' airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}")
+human_readable_timestamp=$(date -d@"$epoch_timestamp")
+echo "Actual timestamp of the image based on the label sysdig.origin-docker-image-tag: epoch: ${epoch_timestamp} human readable: ${human_readable_timestamp}"
+
 
-# Update the image
-ssh -t user@airgapped-host "kubectl -n sysdigcloud set image deploy/sysdigcloud-scanningv2-airgap-vuln-feeds airgap-vuln-feeds=airgapped-registry/airgap-vuln-feeds:${IMAGE_TAG}"
+# Update the image: we need to restart the Deployment so that the image will be reloaded
+ssh -t user@airgapped-host "kubectl -n <namespace> rollout restart deploy/sysdigcloud-scanningv2-airgap-vuln-feeds"
+
+# Follow and check the restart
+ssh -t user@airgapped-host "kubectl -n <namespace> rollout status deploy/sysdigcloud-scanningv2-airgap-vuln-feeds"
 ```
 
-The above script could be scheduled using a cron job that run every day like
+> Note: The `IMAGE_TAG` mentioned above could also be used with the timestamp as well, like it was used in previous releases, here an example how to re-write the `IMAGE_TAG` line for the timestamp:
+> ```
+> # Calculate the tag of the last version.
+> epoch=`date +%s`
+> IMAGE_TAG=$(( $epoch - 86400 - $epoch % 86400))
+> ```
+
+The above script could be scheduled using a Linux cronjob that runs every day. E.g.:
 
 ```bash
-0 8 * * * airgap-vuln-feeds-image-update.sh >/dev/null 2>&1
+0 8 * * * airgap-vuln-feeds-image-update.sh > /somedir/sysdig-airgapvulnfeed.log 2>&1
 ```
 
 ### Updating the feeds database in airgapped environments [Legacy Scanning]
diff --git a/installer/docs/05-networkPolicies.md b/installer/docs/05-networkPolicies.md
index 4c69750b..11d63313 100644
--- a/installer/docs/05-networkPolicies.md
+++ b/installer/docs/05-networkPolicies.md
@@ -1,9 +1,10 @@
-<!-- Space: TOOLS -->
+<!-- Space: IONP -->
 <!-- Parent: Installer -->
+<!-- Parent: Git Synced Docs -->
 <!-- Title: Network policies v2 in the installer -->
 <!-- Layout: plain -->
 
-# Network policies
+# Network Policies
 
 <br />
 
@@ -11,7 +12,7 @@
 
 <br />
 
-## Introduction
+## Overview
 
 The current version of Sysdig Network policies v2 supports Sysdig HAProxy Ingress and IBM Cloud IKS ALBs.
 

From 9bc453350400a3671c2e0df365127079b723d858 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Fri, 29 Nov 2024 18:35:30 +0000
Subject: [PATCH 155/156] updating installer docs

---
 installer/docs/02-configuration_parameters.md | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 3b2a02b5..550c2957 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -9075,6 +9075,36 @@ sysdig:
   mdsOperatorVersion: 1.0.1.27
 ```
 
+## **sysdig.secure.artifactDeployer.tag**
+
+**Required**: `false`<br />
+**Description**: Docker image tag for `artifactDeployer`, default is `latest`.<br />
+**Options**:<br />
+**Default**: latest <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    artifactDeployer
+      tag: latest
+```
+
+## **sysdig.secure.rulesDeployer.tag**
+
+**Required**: `false`<br />
+**Description**: Docker image tag for `rulesDeployer`, default is `latest`.<br />
+**Options**:<br />
+**Default**: latest <br />
+**Example**:
+
+```yaml
+sysdig:
+  secure:
+    rulesDeployer:
+      tag: latest
+```
+
 ## **sysdig.MdsServerVersion**
 
 **Required**: `false`<br />
@@ -9088,6 +9118,7 @@ sysdig:
   mdsServerVersion: 1.10.250-vf2bcc4a
 ```
 
+
 ## **sysdig.helmRenderer.enabled**
 
 **Required**: `false`<br />

From 76a6d48cd3755b13d3f36ae96ce852026ef18eb0 Mon Sep 17 00:00:00 2001
From: jenkins <jenkins@sysdig.com>
Date: Sat, 21 Dec 2024 15:09:00 +0000
Subject: [PATCH 156/156] updating installer docs

---
 installer/README.md                           |  27 +-
 installer/docs/01-command_line_arguments.md   |  51 ---
 installer/docs/02-configuration_parameters.md | 427 +++++++++++++-----
 3 files changed, 334 insertions(+), 171 deletions(-)

diff --git a/installer/README.md b/installer/README.md
index ff743055..a32e30ae 100644
--- a/installer/README.md
+++ b/installer/README.md
@@ -58,7 +58,7 @@ This install assumes the Kubernetes cluster has network access to pull images fr
     provided with your Sysdig purchase confirmation mail
   - [`sysdig.platformAuditTrail.enabled`](docs/02-configuration_parameters.md#sysdigplatformAuditTrailenabled):
     Set this parameter to `true` if you would like to use Sysdig Platform Audit.
-  - [`sysdig.secure.events.audit.config.store.ip.enabled`](docs/02-configuration_parameters.md#sysdigsecureeventsauditconfigstoreipenabled):
+  - [`sysdig.secure.events.audit.config.store.ip`](docs/02-configuration_parameters.md#sysdigsecureeventsauditconfigstoreip):
   	Set this parameter to `true` if you would like to see the origin IP address in Sysdig Platform Audit.
   - [`sysdig.dnsName`](docs/02-configuration_parameters.md#sysdigdnsName): The domain name
     the Sysdig APIs will be served on.
@@ -314,18 +314,21 @@ For advanced configuration option see [advanced.md](docs/04-advanced_configurati
 
 # Example values.yaml
 
-- [single-node values.yaml](examples/single-node/values.yaml)
 - [openshift-with-hostpath values.yaml](examples/openshift-with-hostpath/values.yaml)
 
 # Resource requirements
 
-The below table represents the amount of resources for various cluster sizes
-in their default configuration. The `Redis HA` column indicates extra amount
-of resources required if `redisHa: true` is configured.
-
-| Application | SMALL        |            | GB              | GB            | GB      |     | MEDIUM       |            | GB              | GB            | GB      |     | LARGE |              | GB         | GB              | GB            |         |
-| ----------- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ------------ | ---------- | --------------- | ------------- | ------- | --- | ----- | ------------ | ---------- | --------------- | ------------- | ------- |
-|             | cpu requests | cpu limits | memory requests | memory limits | storage |     | cpu requests | cpu limits | memory requests | memory limits | storage |     |       | cpu requests | cpu limits | memory requests | memory limits | storage |
-| Platform    | 8.1          | 36         | 14.6            | 50            | 115     |     | 35.6         | 118        | 42.1            | 142           | 685     |     |       | 82.1         | 298        | 142.1           | 304           | 1885    |
-| Monitor     | 5.6          | 18         | 10.1            | 30            | 85      |     | 30.6         | 98         | 37.1            | 122           | 625     |     |       | 76.1         | 278        | 136.1           | 280           | 1825    |
-| Redis HA    | 0.45         | 6.9        | 0.345           | 6.06          |         |     | 0.45         | 6.9        | 0.345           | 6.06          |         |     |       | 0.45         | 6.9        | 0.345           | 6.06          |         |
+The below table represents the amount of resources for various cluster sizes and deployment modes
+in their default configuration.
+
+|Size                                    |Mode        |CPU Cores Requests|CPU Cores Limits|Memory GB Limits|Total Disk GB|
+|----------------------------------------|------------|------------------|----------------|----------------|-------------|
+|Small                                   |Secure Only |23                |80              |94              |947.15       |
+|                                        |Platform    |53                |119             |213             |1403.15      |
+|                                        |Monitor Only|26                |76              |169             |1191         |
+|Medium                                  |Secure Only |37                |92              |109             |1589         |
+|                                        |Platform    |61                |137             |222             |4244         |
+|                                        |Monitor Only|31                |81              |182             |2616         |
+|Large                                   |Secure Only |45                |101             |115             |3040         |
+|                                        |Platform    |111               |166             |403             |10180        |
+|                                        |Monitor Only|91                |120             |365             |6663         |
diff --git a/installer/docs/01-command_line_arguments.md b/installer/docs/01-command_line_arguments.md
index 10ded1f4..50d7bf70 100644
--- a/installer/docs/01-command_line_arguments.md
+++ b/installer/docs/01-command_line_arguments.md
@@ -270,57 +270,6 @@ This subcommand is DEPRECATED and will be removed starting from version 6.7.0, y
 
 - To use a custom directory to output the files generated by `--helm-install` instead of the default.
 
-### ArgoCD Generation
-
-We have introduced a way to generate ArgoCD apps definitions so that the sysdig stack can be installed using ArgoCD.
-
-At the moment we only take care of the generation of the files, the actual deploy of these files in ArgoCD is left to the user.
-
-`--argocd (boolean)`
-
-Generates files needed to deploy the sysdig stack on an ArgoCD installation. If the ArgoCD output directory exists, it will be deleted and recreated.
-NOTE: Using this flag will automatically generate the charts that you would obtain with the --helm-install CLI flag. This happens because the argoCD generation is closely linked to the specific production method of the helm-charts.
-
-`--argo-repo-url (string)`
-
-The URL of the repository that will contain the ArgoCD files and helm charts, expected in the form `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. The default is `git@github.com:ORGANIZATION/SAMPLE-REPO.git`. This will be replaced within the ArgoCD apps definition files.
-
-`--argo-repo-rev (string)`
-
-The name of the branch of the repo to use. The default is `main`. This will be replaced within the ArgoCD apps definition files.
-
-example of hierarchy:
-```
-git@github.com:ORGANIZATION/SAMPLE-REPO.git
-    |
-    '- argocd-projects/
-    |        '- sysdig/
-    |        |    '- argocd/
-    |        |    |    '- sysdig-root/
-    |        |    |    '- sysdig-common-config/
-    |        |    |    '- sysdigcloud-infra/
-    |        |    |         [...]
-    |        |    '- helm-install/
-    |        |    |    '- charts/
-    |        |    |          '- chart-1/
-    |        |    |          '- chart-2/
-    |        |    |          [...]
-```
-
-`--argo-git-apps-dir (string)`
-
-Relative path from the repo root that will contain the folder with ArgoCD apps definitions. (default "argocd"). This will be replaced within the ArgoCD apps definition files.
-If you consider the example above, the correct value for this would be `argocd-projects/sysdig/argocd`.
-
-`--argo-git-charts-dir (string)`
-
-The relative path from the repo root that will contain the folder with charts. The default is `helm-install/charts`. This will be replaced within the ArgoCD apps definition files. If you consider the example above, the correct value for this would be `argocd-projects/sysdig/helm-install/charts`.
-
-`--argo-out-dir (string)`
-
-actual output directory on file system where argocd files will be written. Default is `./argocd/`.
-
-
 ## Command: `list-resources`
 
 Will list all the required resources and limits for a planned deployment, based on the the defaults, provided values, and overlays.
diff --git a/installer/docs/02-configuration_parameters.md b/installer/docs/02-configuration_parameters.md
index 550c2957..612c2179 100644
--- a/installer/docs/02-configuration_parameters.md
+++ b/installer/docs/02-configuration_parameters.md
@@ -814,6 +814,72 @@ pvStorageSize:
     natsJs: 50Gi
 ```
 
+## **pvStorageSize.small.neo4j**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Neo4J HA in a
+cluster of [`size`](#size) small. This option is ignored if
+`sysdig.neo4j.neo4j.volumes.data.dynamic.requests.storage` is set.<br />
+**Options**:<br />
+**Default**: 10Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    neo4j: 10Gi
+```
+
+## **pvStorageSize.medium.neo4j**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Neo4J HA in a
+cluster of [`size`](#size) medium. This option is ignored if
+`sysdig.neo4j.neo4j.volumes.data.dynamic.requests.storage` is set.<br />
+**Options**:<br />
+**Default**: 50Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  medium:
+    natsJs: 50Gi
+```
+
+## **pvStorageSize.large.neo4j**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Neo4J HA in a
+cluster of [`size`](#size) large. This option is ignored if
+`sysdig.neo4j.neo4j.volumes.data.dynamic.requests.storage` is set.<br />
+**Options**:<br />
+**Default**: 100Gi<br />
+**Example**:
+
+```yaml
+pvStorageSize:
+  large:
+    neo4j: 100Gi
+```
+
+## **sysdig.neo4j.neo4j.volumes.data.dynamic.requests.storage**
+
+**Required**: `false`<br />
+**Description**: The size of the persistent volume assigned to Neo4J HA.<br />
+**Options**:<br />
+**Default**:<br />
+**Example**:
+
+```yaml
+neo4j:
+    neo4j:
+      volumes:
+        data:
+          dynamic:
+            requests:
+              storage: 50Gi
+```
+
 ## **sysdig.anchoreVersion**
 
 **Required**: `false`<br />
@@ -1340,7 +1406,7 @@ sysdig:
     enabled: true
 ```
 
-## **sysdig.secure.events.audit.config.store.ip.enabled**
+## **sysdig.secure.events.audit.config.store.ip**
 
 **Required**: `false`<br />
 **Description**: Global flag to enable storing of origin IP in Sysdig Platform Audit in all services.
@@ -1356,8 +1422,7 @@ sysdig:
       audit:
         config:
           store:
-            ip:
-              enabled: true
+            ip: true
 ```
 
 ## **sysdig.elasticsearch6Version**
@@ -9075,7 +9140,7 @@ sysdig:
   mdsOperatorVersion: 1.0.1.27
 ```
 
-## **sysdig.secure.artifactDeployer.tag**
+## **sysdig.ArtifactDeployerTag**
 
 **Required**: `false`<br />
 **Description**: Docker image tag for `artifactDeployer`, default is `latest`.<br />
@@ -9085,12 +9150,10 @@ sysdig:
 
 ```yaml
 sysdig:
-  secure:
-    artifactDeployer
-      tag: latest
+  artifactDeployerTag: latest
 ```
 
-## **sysdig.secure.rulesDeployer.tag**
+## **sysdig.RulesDeployerTag**
 
 **Required**: `false`<br />
 **Description**: Docker image tag for `rulesDeployer`, default is `latest`.<br />
@@ -9100,9 +9163,7 @@ sysdig:
 
 ```yaml
 sysdig:
-  secure:
-    rulesDeployer:
-      tag: latest
+  rulesDeployerTag: latest
 ```
 
 ## **sysdig.MdsServerVersion**
@@ -13451,7 +13512,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         enabled: true
 ```
 
@@ -13467,7 +13528,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         deploymentType: saas
 ```
 
@@ -13483,7 +13544,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         loggingLevel: INFO
 ```
 
@@ -13498,7 +13559,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         serviceAccount: sysdig
 ```
 
@@ -13514,7 +13575,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           type: cassandra
 ```
@@ -13530,7 +13591,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           bucketName: "scan-requestor"
 ```
@@ -13546,7 +13607,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           endpoint: https://sysdigcloud-minio-hl.sysdigloud.svc.cluster.local:9000
 ```
@@ -13562,7 +13623,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           region: auto
 ```
@@ -13578,7 +13639,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           retentionTime: 2
 ```
@@ -13594,7 +13655,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           caCrt: "/opt/certs/minio-tls-ca/public.crt"
 ```
@@ -13611,9 +13672,9 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
-          requestStore: 
+          requestStore:
             enabled: true
 ```
 
@@ -13628,9 +13689,9 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
-          requestStore: 
+          requestStore:
             requestMaxAge: "1h"
 ```
 
@@ -13645,9 +13706,9 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
-          requestStore: 
+          requestStore:
             requestReplyTimeout: 30s
 ```
 
@@ -13662,9 +13723,9 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
-          cassandra: 
+          cassandra:
             hosts: "sysdigcloud-cassandra:9042"
 ```
 
@@ -13679,9 +13740,9 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
-          cassandra: 
+          cassandra:
             keyspace: "sysdig_scanning"
 ```
 
@@ -13696,9 +13757,9 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
-          cassandra: 
+          cassandra:
             protocolVersion: "3"
 ```
 
@@ -13713,9 +13774,9 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
-          cassandra: 
+          cassandra:
             replicationFactor: "3"
 ```
 
@@ -13730,9 +13791,9 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
-          cassandra: 
+          cassandra:
             datacenter: "datacenter1"
 ```
 
@@ -13747,7 +13808,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           cassandra:
             requestTimeout: "3s"
@@ -13764,7 +13825,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           cassandra:
             maxReadRequests: ""
@@ -13781,7 +13842,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           cassandra:
             maxWriteRequests: ""
@@ -13799,7 +13860,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           cassandra:
             compressionEnabled: true
@@ -13816,7 +13877,7 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           cassandra:
             compressionThreshold: ""
@@ -13833,10 +13894,10 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           cassandra:
-            ttlSec: 
+            ttlSec:
               metadata: "86400"
 ```
 
@@ -13851,10 +13912,10 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           cassandra:
-            ttlSec: 
+            ttlSec:
               state: "86400"
 ```
 
@@ -13869,10 +13930,10 @@ sysdig:
 sysdig:
   secure:
     scanningv2:
-      scanRequestor: 
+      scanRequestor:
         storage:
           cassandra:
-            ttlSec: 
+            ttlSec:
               events: "86400"
 ```
 
@@ -14041,38 +14102,6 @@ sysdig:
         health: 8083
 ```
 
-## **sysdig.platformService.pdf.server.port.rest**
-
-**Required**: `false`<br />
-**Description**: PDF service server port that will serve HTTP requests<br/>
-**Default**: `7000`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    pdf:
-      server:
-        port:
-          rest: 7000
-```
-
-## **sysdig.platformService.pdf.server.port.grpc**
-
-**Required**: `false`<br />
-**Description**: PDF service server port that will serve GRPC requests<br/>
-**Default**: `5051`<br />
-**Example**:
-
-```yaml
-sysdig:
-  platformService:
-    pdf:
-      server:
-        port:
-          grpc: 5051
-```
-
 ## **sysdig.platformService.alerts.enabled**
 
 **Required**: `false`<br />
@@ -14655,6 +14684,216 @@ sysdig:
           batchSize: 50
 ```
 
+## **sysdig.platformService.zones.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable Platform Zones service<br/>
+**Options**:`true|false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      enabled: false
+```
+
+
+## **sysdig.platformService.zones.readOnly**
+
+**Required**: `false`<br />
+**Description**: Puts the Platform Zones service in read-only mode<br/>
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      readOnly: false
+```
+
+
+## **sysdig.platformService.zones.devmode**
+
+**Required**: `false`<br />
+**Description**: Puts the Platform Zones service in devmode with enhanced logs and debug capabilities<br/>
+**Options**:`true|false`<br />
+**Default**: `false`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      devmode: false
+```
+
+## **sysdig.platformService.zones.nats.js.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable NATS for Platform Zones service<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      nats:
+        js:
+          enabled: false
+```
+
+## **sysdig.platformService.zones.nats.js.url**
+
+**Required**: `false`<br />
+**Description**: Url of the NATS server that Platform Zones service will connect to<br/>
+**Default**: `nats`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      nats:
+        js:
+          url: nats
+```
+
+## **sysdig.platformService.zones.nats.js.clientName**
+
+**Required**: `false`<br />
+**Description**: Client name for Platform Zones service<br/>
+**Default**: `sysdigcloud-platform-zones-service`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      nats:
+        js:
+          clientName: sysdigcloud-platform-zones-service
+```
+
+## **sysdig.platformService.zones.nats.js.tls.enabled**
+
+**Required**: `false`<br />
+**Description**: Enable or disable TLS connection for NATS<br/>
+**Options**: `true|false`<br />
+**Default**: `true`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      nats:
+        js:
+          tls:
+            enabled: true
+```
+
+## **sysdig.platformService.zones.nats.js.tls.cert**
+
+**Required**: `false`<br />
+**Description**: TLS certificate for NATS connection<br/>
+**Default**: `/opt/certs/nats-js-tls-certs/ca.crt`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      nats:
+        js:
+          tls:
+            cert: /opt/certs/nats-js-tls-certs/ca.crt
+```
+
+## **sysdig.platformService.zones.nats.js.migrationFile**
+
+**Required**: `false`<br />
+**Description**: Location of the json migration file<br/>
+**Default**: `/platform-service/zones/nats/migrations/streams.json`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      nats:
+        js:
+          migrationFile: /nats/migrations/streams.json
+```
+
+## **sysdig.platformService.zones.monitor.url**
+
+**Required**: `false`<br />
+**Description**: Base URL for monitor API calls<br/>
+**Default**: `http://sysdigcloud-api:8080`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      monitor:
+        url: http://sysdigcloud-api:8080
+```
+
+## **sysdig.platformService.zones.monitor.authCache.expiration**
+
+**Required**: `false`<br />
+**Description**: Expiration time of the authentication cache for monitor API calls<br/>
+**Default**: `5m`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      monitor:
+        authCache:
+          expiration: 5m
+```
+
+## **sysdig.platformService.zones.server.port.rest**
+
+**Required**: `false`<br />
+**Description**: Platform Zones service server port that will serve HTTP requests<br/>
+**Default**: `8090`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      server:
+        port:
+          rest: 7004
+```
+
+
+## **sysdig.platformService.zones.server.port.grpc**
+
+**Required**: `false`<br />
+**Description**: Platform Zones service server port that will serve HTTP requests<br/>
+**Default**: `8091`<br />
+**Example**:
+
+```yaml
+sysdig:
+  platformService:
+    zones:
+      server:
+        port:
+          rest: 7004
+```
+
 
 ## **sysdig.secure.ticketing.enabled**
 
@@ -14729,20 +14968,6 @@ sysdig:
       jiraClientMaxWait: 30s
 ```
 
-## **sysdig.secure.ticketing.jiraClientJitterMaxMillis**
-
-**Required**: `false`<br />
-**Description**: Max number for Jira client jitter in milliseconds<br/>
-**Default**: `1000`<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    ticketing:
-      jiraClientJitterMaxMillis: 1000
-```
-
 ## **sysdig.secure.ticketing.jiraCacheDefaultExpiration**
 
 **Required**: `false`<br />
@@ -14771,20 +14996,6 @@ sysdig:
       jiraCacheCleanupInterval: 1m
 ```
 
-## **sysdig.secure.ticketing.jiraAssignableMaxResults**
-
-**Required**: `false`<br />
-**Description**: Number of max results that you can assign to<br/>
-**Default**: `2000`<br />
-**Example**:
-
-```yaml
-sysdig:
-  secure:
-    ticketing:
-      jiraAssignableMaxResults: 2000
-```
-
 ## **sysdig.secure.ticketing.jiraSyncIssuesCronExpr**
 
 **Required**: `false`<br />