global:
storageClass: glusterfs-storage
sde:
superuserEmail: sde-superuser@example.com
superuserPassword: thePasswordForTheDefaultWebSuperUser
defaultFromEmail: "ACME Corp. <noreply@example.com>"
serverEmail: host@example.com
defaultOrg: default
feedbackEmail: sde-feedback@example.com
supportEmail: sde-admin@example.com
systemAdminEmail: it-support@example.comAdvanced Configurations
Table of Contents
Configuration defaults are defined in the default values file of the SD Elements Helm chart. See the Retrieve Default Helm Chart Values section for instructions on retrieving default values.
The following are examples of more advanced optional settings. Please review values.yaml in the
SD Elements Helm Chart for the full list of options and comments. If in doubt, contact sdesupport@securitycompass.com.
If you use advanced settings, put them in the values.custom.yaml file as you did with the settings used to deploy SD Elements.
|
Upgrading from any versions <2023.2 will require these values adjusted in the custom values.yaml file:
|
postgresql:
primary:
initdb:
user: sde
auth:
username: sde
password: <replace with previous sc-database.clientPassword>
# to enable metrics
metrics:
enabled: true
serviceMonitor:
enabled: true
rabbitmq:
auth:
erlangCookie: your-erlang-cookie
password: <replace with previous sc-broker.clientPassword>
# to enable metrics
metrics:
enabled: true
serviceMonitor:
enabled: trueThese changes are required due to our introduction of Bitnami managed charts: postgresql and rabbitmq, replacing the previous charts sc-database and sc-broker respectively.
CPU and memory pod requests and limits
To configure CPU and memory requests for a pod, you can use the following example for a PostgreSQL resource
postgresql:
...
primary:
resources:
requests:
cpu: 1
memory: 2048Mi
limits:
cpu: 4
memory: 8192MiThe requests field defines the minimum amount of CPU and memory that the container requires limits field establishes the maximum resources that the container is allowed to consume.
Workers example
worker:
wsgiProcesses: 6
synchronous:
lowPriority:
resources:
limits:
cpu: 6
highPriority:
resources:
limits:
cpu: 6New Image Registry for Older Versions
This section is only compatible with SD Elements versions later than 2023.1.
|
To pull from the new image registry from an older version, the following configuration should be added to your existing configuration:
global:
imageRegistry: repository.securitycompass.com/sde-docker-prod
imageRegistryFormat: "%s/%s_%s/%s:%s"
imageOrganization: prodPod replacement strategy
This section is only compatible with SD Elements versions later than 2023.2.
|
Since version 2023.4, the deployment strategy used to replace old Pods with new ones has been updated to Recreate for the following components:
-
Minio
It is possible to revert to the previous strategy by adding the following configuration to an overlay (e.g. values.custom.yaml).
minio:
deploymentUpdate:
type: RollingUpdateSince version 2023.3, the deployment strategy used to replace old Pods with new ones has been updated to RollingUpdate for the following components:
-
Web
-
JITT
-
Workers
-
Reporting
It is possible to revert to the previous strategy by adding the following configuration to an overlay (e.g. values.custom.yaml).
web:
updateStrategy:
type: Recreate
sc-jitt:
updateStrategy:
type: Recreate
worker:
updateStrategy:
type: Recreate
reporting:
updateStrategy:
type: RecreateJobs
Asynchronous jobs are defined in values.yaml. You can remove default jobs and add new custom jobs.
The jobs must be included under the specifications section and in map format.
The following are examples of custom jobs added under specifications:
job:
specifications:
custom_job:
schedule: "01 1 * * *"
niceness: 15
command: ["/bin/sde.sh"]
args:
- "--{argument} {value}"
failedJobsHistoryLimit: 1
successfulJobsHistoryLimit: 1
concurrencyPolicy: Forbid
restartPolicy: OnFailure
volumeWritePermission: false
env:
- name: {ENV_VAR_NAME}
value: {ENV_VAR_VALUE}
resources:
requests:
cpu: 1
memory: 1024Mi
limits:
cpu: 2
memory: 2048MiTrend Reporting
SD Elements 2023.2 introduces a daily cronjob that takes snapshots and generates data for trend reporting. Set the following in values.custom.yaml to:
-
Change the schedule
job:
specifications:
trend-reporting:
schedule: "35 3 * * *"
-
Disable the feature
trendReporting: enabled: false
Custom Error Page Text
The header and body sections of SD Elements error pages can be overridden through configuration in the custom values file by setting the web.customError.error_{PAGE}_{ELEMENT} node. See the Chart Values reference for configurable pages and elements.
| SD Elements 2024.2 supports custom text in the 503 page only. Future versions will add support for remaining error pages (e.g., 400, 403). |
While the nodes are free form and accept any input, only the following is warrantied.
-
Plain text
-
<p>,<a>,<br>,<strong>,<i>, and<u>HTML tags -
Basic inline CSS styling (e.g.,
colorproperty)
Set Custom Error Page Text
Example 1: Replace the 503 page header with plain text
Set web.customError.error_503_header in the custom values file.
web:
customError:
error_503_header: "<p><strong>SD Elements is Unavailable</strong></p>"Example 2: Include a hyperlink in the 503 page body
Add or modify web.customError.error_503_header in the custom values file to include an HTML anchor tag.
web:
customError:
error_503_body: "<p>See the <a href=\"https://example.com\">knowledge base</a> for more information</p>"
HTML attributes such as href require a backslack character (\) to escape quotation marks
|
Update Custom Error Page Text
When updating custom error page text for an existing SD Elements instance, use helm upgrade to apply the changes then restart the {RELEASE_NAME}-web deployment. See kubectl rollout restart for documentation on restarting Kubernetes deployments.