ISD Installation Configuration

Parameter

Description

Default

imagePullSecret

Name of the image pull secret to fetch oes docker images from private registry

opsmxdev-secret

imageCredentials.registry

The registry where OES docker images are available

https://index.docker.io/v1/

imageCredentials.username

Username of docker account to access docker registry

dockerID

imageCredentials.password

Password of docker account

docker Password

imageCredentials.email

Email associated with docker account

info@opsmx.com

rbac.create

Enable or disable rbac

true

installSpinnaker

If true, install Spinnaker along with OES Extensions

true

installationMode

The installation mode. Available installation modes are OES-AP (both OES 3.0 and Autopilot), OES (Only OES 3.0) and AP (Only Autopilot) and None (Skip OES installation)

OES-AP

createIngress

If true, exposes Spinnaker deck & gate services over Ingress

false

oesUI.protocol

Change this to https if TLS is enabled for ingress endpoint

http

oesUI.host

Host using which UI needs to be accessed

oes.domain.com

k8sServiceType

Service Type of oes-ui, oes-gate, spin-deck-ui, spin-gate

LoadBalancer

installRedis

If false, OES will uninstall its own Redis for caching

false

redis.url

Set custom URL if installRedis is set to false

redis://{{ .Release.Name }}-redis-master:6379

db.enabled

Set it to false if OpsMx DB is already installed on cluster or if any external database is to be used.

true

db.url

URL of the external DB if not using OpsMx DB.

jdbc:postgresql://oes-db:5432/opsmx

db.storageMountSize

Storage to be allocated to OpsMx DB

8Gi

autopilot.config.buildAnalysis.enabled

Set it to false to disable build analysis

false

autopilot.config.ssl.enabled

Set it to true to enable SSL

false

autopilot.config.ssl.keystore

SSL keystore value

keystore.p12

autopilot.config.ssl.keyStorePassword

SSL keystore password

SSL Password

autopilot.config.ssl.keyStoreType

SSL keystore type

PKCS12

autopilot.config.ssl.keyAlias

SSL key alias

tomcat

dashboard.spinnakerLink

Specify if dashboard needs to be configured with a different spinnaker

{{ .Values.spinnaker.ingress.protocol }}://{{ .Values.spinnaker.ingress.host }}

gate.config.oesUIcors

Regex of OES-UI URL to prevent cross origin attacks

`^https?://(?:localhost

gate.config.fileBasedAuthentication

Set it to true to disable LDAP authentication and enable file based authentication

false

platform.config.adminGroups

Admin groups available

admin, Administrators

platform.config.userSource

Source of Users for authorization

ldap

platform.config.supportedFeatures

List of features to be supported by OES

[deployment-verification, services, releases, policies]

sapor.config.spinnaker.authnEnabled

Set it to true if authentication is enabled in Spinnaker

false

sapor.config.spinnaker.spinGateURL

URL of Spinnaker Gate

http://spin-gate.oes-spin:8084

sapor.config.spinnaker.spinExternalGateURL

Set the external IP address of spin-gate, this is used to redirect to the spinnaker pipelines from OES-UI

http://spin-gate.oes-spin:8084

sapor.config.spinnaker.ldap.ldapEnabled

Is LDAP authn enabled for spinnaker

true

sapor.config.spinnaker.ldap.ldapUsername

Spinnaker username

admin

sapor.config.spinnaker.ldap.ldapPassword

Spinnaker password

spinnaker password

sapor.config.spinnaker.x509.enabled

Is x509 cert authn enabled for spinnaker

false

sapor.config.spinnaker.x509.client.password

Password of x509 client certificate

x509 password

sapor.config.kubernetes.agent.enabled

Option to enable oes kubernetes agent

true

sapor.config.caCerts.override

If default java certs are to be overwritten, create custom config map 'oes-sapor-cacerts.yaml' under templates and set this option to true

false

ui.config.setApplicationRefreshInterval

Interval at which UI refreshes application dashboard

16000

visibility.config.configuredConnectors

Integrations options

JIRA,GIT,AUTOPILOT,SONARQUBE,JENKINS

visibility.config.logLevel

Default Log Level

ERROR

autoConfiguration.enabled

Option enables OES to be configured automatically. Load Balancer IPs will be automatically replaced in the configuration files of oes-gate, oes-ui & sapor. Set it to false if OES is being installed on restricted environment.

true

autoConfiguration.initContainer.externalIpCheckDelay

Expected delay in assigning load balancer IPs to oes-ui & oes-gate in secs

180

opa.enabled

Enable OPA with OES

true

installOpenLdap

If true, installs Open LDAP server

false

openldap.adminPassword

Password to be set for admin user of LDAP

OpenLDAP password

ldap.enabled

Set it to true if LDAP is to be enabled for OES

true

ldap.url

URL of LDAP server

ldap://{{ .Release.Name }}-openldap:389

spinnaker.enableHA

Enable HA for orca & echo

true

spinnaker.enableCentralMonitoring

Enable monitoring for Spinnaker

false

spinnaker.gitops.Halyard.enabled

Enable gitops style Halyard and account config

false

spinnaker.gitopsHalyard.mTLS.enabled

Enable mTLS for Spinnaker Services and SSL for Deck and Gate

false

spinnaker.gitopsHalyard.mTLS.deckIngressHost

Ingress host for deck

spindeck.{{ .Release.Name }}.domain.com

spinnaker.gitopsHalyard.mTLS.gateIngressHost

Ingress host for gate

spingate.{{ .Release.Name }}.domain.com

spinnaker.gitopsHalyard.repo-type

Repo type; git, s3, vault

git

spinnaker.gitopsHalyard.secretName

Secret in which git credentials shall be specified, sample secret found under templates/secrets/

opsmx-gitops-auth

spinnaker.gitopsHalyard.spinnakerLBCheckDelay

Timeout while fetching LB IPs of spin-deck and spin-gate to configure in hal config in seconds

180

spinnaker.gitopsHalyard.gatex509.enabled

Flag to enable x509 authentication for gate and use it for webhooks

false

spinnaker.gitopsHalyard.gatex509.host

Separate host for using x509 authentication

spingate-x509.domain.com

spinnaker.gitopsHalyard.pipelinePromotion.enabled

To Enable pipeline promotion from one environment to another

false