---
aas-manager:
image:
name: aas-manager # Authentication & Authorization Manager image name
(**REQUIRED**)
aas:
url: # Authservice Base Url, Do not include "/" at the end. e.g for ingress https://aas.isecl.com/aas/v1 , for nodeport https://isecl.com:30444/aas/v1
hostAliasEnabled: false # Set this to true for using host aliases and also add entries accordingly in ip, hostname entries. hostalias is required when ingress is deployed and pods are not able to resolve the domain names
secret:
superAdminUsername:
superAdminPassword:
globalAdminUsername:
globalAdminPassword:
aliases:
hostAliases:
- ip: ""
hostnames:
- ""
- ""
trustagent:
image:
name: tagent # Trust Agent image name
(**REQUIRED**)
nodeLabel:
txt: TXT-ENABLED # The node label for TXT-ENABLED hosts
(**REQUIRED IF NODE IS TXT ENABLED**)
suefi: "" # The node label for SUEFI-ENABLED hosts (**REQUIRED IF NODE IS SUEFI ENABLED**)
config:
tpmOwnerSecret: # The TPM owner secret if TPM is already owned
hostAliasEnabled: false # Set this to true for using host aliases and also add entries accordingly in ip, hostname entries. hostalias is required when ingress is deployed and pods are not able to resolve the domain names
aliases:
hostAliases:
- ip: ""
hostnames:
- ""
- ""
isecl-controller:
image:
name: isecl-k8s-controller # ISecL Controller Service image name
(**REQUIRED**)
nodeTainting:
taintRegisteredNodes: true # If set to true, taints the node which are joined to the k8s cluster. (Allowed values: `true`\`false`)
taintRebootedNodes: false # If set to true, taints the node which are rebooted in the k8s cluster. (Allowed values: `true`\`false`)
taintUntrustedNode: true # If set to true, taints the node which has trust tag set to false in node labels. (Allowed values: `true`\`false`)
ihub:
image:
name: ihub # Integration Hub Service image name
(**REQUIRED**)
k8sApiServerPort: 6443
hostAliasEnabled: false # Set this to true for using host aliases and also add entries accordingly in ip, hostname entries. hostalias is required when ingress is deployed and pods are not able to resolve the domain names
aliases:
hostAliases:
- ip: ""
hostnames:
- ""
- ""
isecl-scheduler:
image:
name: isecl-k8s-scheduler # ISecL Scheduler image name
(**REQUIRED**)
admission-controller:
image:
name: admission-controller
caBundle:
nats-init:
image:
name: # The image name of nats-init container
global:
controlPlaneHostname: # K8s control plane IP/Hostname
(**REQUIRED**)
controlPlaneLabel: node-role.kubernetes.io/master #K8s control plane label
(**REQUIRED**)
Example: `node-role.kubernetes.io/master` in case of `kubeadm`/`microk8s.io/cluster` in case of `microk8s`
image:
pullPolicy: Always # The pull policy for pulling from container registry
(Allowed values: `Always`/`IfNotPresent`)
imagePullSecret: # The image pull secret for authenticating with image registry, can be left empty if image registry does not require authentication
initName: # The image name of init container
config:
dbhostSSLPodRange: 10.1.0.0/8 # PostgreSQL DB Host Address(IP address/subnet-mask). IP range varies for different k8s network plugins(Ex: Flannel - 10.1.0.0/8 (default), Calico - 192.168.0.0/16).
nats:
enabled: true # Enable/Disable NATS mode
(Allowed values: `true`\`false`)
servers: # NATS Server IP/Hostname
(**REQUIRED IF ENABLED**) ie "nats://:30222"
serviceMode: outbound # The model for TA
(Allowed values: `outbound`)
(**REQUIRED IF ENABLED**)
hvsUrl: # Hvs Base Url, Do not include "/" at the end. e.g for ingress https://hvs.isecl.com/hvs/v2 , for nodeport https://:30443/hvs/v2
cmsUrl: # CMS Base Url, Do not include "/" at the end. e.g for ingress https://cms.isecl.com/cms/v2 , for nodeport https://:30445/cms/v1
aasUrl: # Authservice Base Url, Do not include "/" at the end. e.g for ingress https://aas.isecl.com/aas/v1 , for nodeport https://:30444/aas/v1
cmsTlsSha384:
storage:
nfs:
server: # The NFS Server IP/Hostname
(**REQUIRED**)
path: /mnt/nfs_share # The path for storing persistent data on NFS
service:
ta: 31443 # The service port for Trust Agent
aas:
secret:
adminUsername: # Admin Username for AAS
adminPassword: # Admin Password for AAS
ihub:
secret:
serviceUsername: # Admin Username for IHub
servicePassword: # Admin Password for IHub
proxyEnabled: false # Set to true when running deploying behind corporate proxy
httpProxy: # Set http_proxy url
httpsProxy: # Set https_proxy url
allProxy: # Set all_proxy url
noProxy: # Set no_proxy