Advanced Configurations

Configuration defaults are defined in the default values file of the SD Elements Helm chart. See the Retrieve Default Helm Chart Values section for instructions on retrieving default values.

The following are examples of more advanced optional settings. Please review values.yaml in the SD Elements Helm Chart for the full list of options and comments. If in doubt, contact sdesupport@securitycompass.com.

If you use advanced settings, put them in the values.custom.yaml file as you did with the settings used to deploy SD Elements.
global:
  storageClass: glusterfs-storage
sde:
  superuserEmail: sde-superuser@example.com
  superuserPassword: thePasswordForTheDefaultWebSuperUser
  defaultFromEmail: "ACME Corp. <noreply@example.com>"
  serverEmail: host@example.com
  defaultOrg: default
  feedbackEmail: sde-feedback@example.com
  supportEmail: sde-admin@example.com
  systemAdminEmail: it-support@example.com
Upgrading from any versions <2023.2 will require these values adjusted in the custom values.yaml file:
postgresql:
  primary:
    initdb:
      user: sde
  auth:
    username: sde
    password:  <replace with previous sc-database.clientPassword>
  # to enable metrics
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
rabbitmq:
  auth:
    erlangCookie: your-erlang-cookie
    password:  <replace with previous sc-broker.clientPassword>
  # to enable metrics
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true

These changes are required due to our introduction of Bitnami managed charts: postgresql and rabbitmq, replacing the previous charts sc-database and sc-broker respectively.

CPU and memory pod requests and limits

To configure CPU and memory requests for a pod, you can use the following example for a PostgreSQL resource

postgresql:
    ...
    primary:
        resources:
            requests:
                cpu: 1
                memory: 2048Mi
            limits:
                cpu: 4
                memory: 8192Mi

The requests field defines the minimum amount of CPU and memory that the container requires limits field establishes the maximum resources that the container is allowed to consume.

Workers example

worker:
    wsgiProcesses: 6
    synchronous:
        lowPriority:
            resources:
                limits:
                    cpu: 6
        highPriority:
            resources:
                limits:
                    cpu: 6

New Image Registry for Older Versions

This section is only compatible with SD Elements versions later than 2023.1.

To pull from the new image registry from an older version, the following configuration should be added to your existing configuration:

global:
  imageRegistry: repository.securitycompass.com/sde-docker-prod
  imageRegistryFormat: "%s/%s_%s/%s:%s"
  imageOrganization: prod

Pod replacement strategy

This section is only compatible with SD Elements versions later than 2023.2.

Since version 2023.4, the deployment strategy used to replace old Pods with new ones has been updated to Recreate for the following components:

  • Minio

It is possible to revert to the previous strategy by adding the following configuration to an overlay (e.g. values.custom.yaml).

minio:
  deploymentUpdate:
    type: RollingUpdate

Since version 2023.3, the deployment strategy used to replace old Pods with new ones has been updated to RollingUpdate for the following components:

  • Web

  • JITT

  • Workers

  • Reporting

It is possible to revert to the previous strategy by adding the following configuration to an overlay (e.g. values.custom.yaml).

web:
  updateStrategy:
    type: Recreate

sc-jitt:
  updateStrategy:
    type: Recreate

worker:
  updateStrategy:
    type: Recreate

reporting:
  updateStrategy:
    type: Recreate

Jobs

Asynchronous jobs are defined in values.yaml. You can remove default jobs and add new custom jobs. The jobs must be included under the specifications section and in map format.

The following are examples of custom jobs added under specifications:

job:
  specifications:
    custom_job:
      schedule: "01 1 * * *"
      niceness: 15
      command: ["/bin/sde.sh"]
      args:
        - "--{argument} {value}"
      failedJobsHistoryLimit: 1
      successfulJobsHistoryLimit: 1
      concurrencyPolicy: Forbid
      restartPolicy: OnFailure
      volumeWritePermission: false
      env:
        - name: {ENV_VAR_NAME}
      value: {ENV_VAR_VALUE}
      resources:
      requests:
        cpu: 1
        memory: 1024Mi
      limits:
        cpu: 2
        memory: 2048Mi

Trend Reporting

SD Elements 2023.2 introduces a daily cronjob that takes snapshots and generates data for trend reporting. Set the following in values.custom.yaml to:

  • Change the schedule

job:
  specifications:
    trend-reporting:
      schedule: "35 3 * * *"
  • Disable the feature

    trendReporting:
      enabled: false

Custom Error Page Text

The header and body sections of SD Elements error pages can be overridden through configuration in the custom values file by setting the web.customError.error_{PAGE}_{ELEMENT} node. See the Chart Values reference for configurable pages and elements.

While the nodes are free form and accept any input, only the following is warrantied.

  • Plain text

  • <p>, <a>, <br>, <strong>, <i>, and <u> HTML tags

  • Basic inline CSS styling (e.g., color property)

Set Custom Error Page Text

Example 1: Replace the 503 page header with plain text

Set web.customError.error_503_header in the custom values file.

web:
  customError:
    error_503_header: "<p><strong>SD Elements is Unavailable</strong></p>"

Add or modify web.customError.error_503_header in the custom values file to include an HTML anchor tag.

web:
  customError:
    error_503_body: "<p>See the <a href=\"https://example.com\">knowledge base</a> for more information</p>"
HTML attributes such as href require a backslack character (\) to escape quotation marks

Full sample

web:
  customError:
    error_403_header: "<p><strong>403 Forbidden</strong></p>"
    error_403_body: "<p>You do not have access to this resource.</p>"
    error_404_header: "<p><strong>404 Not Found</strong></p>"
    error_404_body: "<p>The server cannot find the requested resource.</p>"
    error_500_header: "<p><strong>500 Internal Server Error</strong></p>"
    error_500_body: "<p>Well, this is embarrassing. Something went wrong and we don't know how to handle it.</p><br><p>If this error persists, you can report it to site administrators</p>"
    error_503_header: "<p><strong>503 Service Unavailable</strong></p>"
    error_503_body: "<p>We're probably just performing some maintenance. Please try again shortly.</p><br><p>If this error persists, you can report it to site administrators</p>"

Update Custom Error Page Text

When updating custom error page text for an existing SD Elements instance, use helm upgrade to apply the changes then restart the {RELEASE_NAME}-web deployment. See kubectl rollout restart for documentation on restarting Kubernetes deployments.

results matching ""

    No results matching ""