Deployment Options¶
The following table lists the configurable parameters of the Industrial Edge Helm Chart and their default values.
Those parameters can be einter set via helm cli or provisioning cli by using the flag --set.
| Parameter | Description | Default |
|---|---|---|
| global.security.runAsUser | Processes inside containers run with user ID | 10001 |
| global.security.runAsGroup | Specifies the primary group ID for all processes within the containers | 10001 |
| global.security.fsGroup | Specifies the owner if for volumeMounts and any files created in those volumes | 10001 |
| global.additionalSpec.security.fsGroup | Specifies the owner if for volumeMounts and any files created in those volumes | 10001 |
| global.changeMountPathOwner | Change access permissions of mounted volumes to user set for pod scurity context | false |
| global.gateway.ingress.enabled | Creation of ingress rule, which will point to the IE Gateway | true |
| global.additionalSpec.enabled | Adds pod specific security configuration. | true |
| global.enableCpuEnforcement | Enable cpu limit settings for deployments. | true |
| global.changeMountPathOwner | Adjust file permissions of volumes with initContaine. This setting helps in case of missing support of fsGroup setting. | true |
| global.gateway.ingress.class | Will set the ingress class for IE Gateway Ingress rule | nginx |
| global.gateway.ingress.annotations | Will include annotations to the created ingress rule | nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" nginx.ingress.kubernetes.io/proxy-body-size: 10240M nginx.ingress.kubernetes.io/client-body-buffer-size: 1M |
| global.storageClass | Storage class which will be used for creating Persistent Volume Claims for IEM Core Services like Docker Registry Service | standard |
| global.hostname | Hostname of IEM Installation. This value is required and will also be used to configure valid redirect urls. | |
| global.storageClassPg | Storage class which will be used for creating Persistent Volume Claim for Postgress database | standard |
| global.proxy.http_proxy global.proxy.https_proxy global.proxy.no_proxy | Proxy settings will be injected into containers as environmental variables. | |
| global.proxy.https_proxy | Proxy settings will be injected into containers as environmental variables. | |
| global.proxy.no_proxy | NoProxy settings will be injected into containers as environmental variables. | |
| global.databaseUserPassword | Database password | random generated uuid |
| global.iamAdminPassword (deprecated) | Overwrite the password for the IAM administrator of the master realm. This user is performing administrative tasks on the Indentity and Access Management system. IMPORTANT: this flag is deprecated | random generated password |
| global.iemAdminPassword | Overwrite the password of the initial IEM user with administrative rights. | random generated password |
| central-auth.keycloak.initialUser.enabled | Creates a first IEM user with the role Admin. | true |
| global.customerAdminPassword | Overwrite the password of the IAM administrator of the customer realm (IEM Client). This user can add new users to the IEM system. | random generated password |
| global.temporaryPassword | Set all the initial passwords as temporary. If you enable this action, a manual first login is necessary. | false |
| global.certChain | Add the Root and Intermediate CA Certificates of the Entrypoint (Ingress, Loadbalancer) to the IEM System. This certificates will be stored in the certificate store of the devices, to establish a secure connection to the IEM. | |
| global.dockerRuntime | Runtime for kubernetes is docker or not, will be used to collect kubernetes logs | true |
| global.dockerRootDir | path for Docker Root Directory, will only be used when global.dockerRuntime=true to collect kubernetes logs | /var/lib/docker |
| device-catalog.firmwaremanagement.enabled | Enable firmware management functionality. NOTE: workflow executor also needs to be enabled. | false |
| device-catalog.storage.storageCapacity | Define the storage capacity for Blob Volumes required for managing the Firmware artifacts. | 50Gi |
| device-catalog.workflowexecutor.enabled | Enable workflow executor to schedule firmware updates on IEDs. | false |
| edgeeye.enabled | Enable Logging and Monitoring backend services for IEDs and IEM logs. | false |
| edgeeye.influxdb.storage.storageCapacityInfluxdb | Blob volume capacity for Influxdb | 10Gi |
| postgres.storage.storageCapacityPostgres | Blob volume capacity for Postgres Service | 10Gi |
| kong.deployment.hostNetwork | Enable this value to run Gateway on host's port 443. | false |
| kong.dnsPolicy=ClusterFirstWithHostNet | Enable this value to run Gateway on host's port 443. | ClusterFirst |
| kong.containerSecurityContext.capabilities.add={NET_BIND_SERVICE} | Enable this value to run Gateway on host's port 443. | |
| kong.containerSecurityContext.runAsGroup=0 | Enable this value to run Gateway on host's port 443. | |
| kong.containerSecurityContext.runAsNonRoot=false | Enable this value to run Gateway on host's port 443. | |
| kong.containerSecurityContext.runAsUser=0 | Enable this value to run Gateway on host's port 443. | |
| kong.proxy.http.containerPort=80 | Enable this value to run Gateway on host's port 443. | |
| kong.proxy.tls.containerPort=443 | Enable this value to run Gateway on host's port 443. | |
| kong.deployment.daemonset=true | Enable Kong to run as daemonset, the default configuration is deployment with replicaset=1. | false |
| kong.proxy.type | Expose the Gateway as NodePort, ClusterIp or LoadBalancer. | ClusterIP |
| output.printPasswords | Print out initial user passwords after installation. | true |
| portal.hostAliases | Enable this to add portal service to add as loopback host alias in portal Pod | false |