Configuration file parameters for all-in-one installation
The following tables list the configurable properties of the Guardium® Data Security Center configuration (values.conf) file and the Guardium Data Security Center license value options.
Option | Installation type requirement | Default value | Description | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Mandatory parameters | ||||||||||||||||||
ONLINE_INSTALL |
Required for online and offline/air gap installations. | true |
Change the value to false to install in offline/air gap mode. This mode
requires more parameters and more preparation, and is provided as a means to install on clusters
with no or limited internet. |
|||||||||||||||
SKIP_INSTALL_ICS |
Required for online and offline/air gap installations. | false |
Change the value to true only if IBM® Common
Services is already installed on your
cluster. |
|||||||||||||||
ENTITLED_REGISTRY |
Required for online and offline/air gap installations. | cp.icr.io |
The hostname of the remote registry that contains installation images
(cp.icr.io , unless noted otherwise). |
|||||||||||||||
ICS_CATALOG_REGISTRY |
Required for online and offline/air gap installations. | icr.io |
The hostname of the remote docker registry that contains installation images
(icr.io , unless noted otherwise). |
|||||||||||||||
ENTITLED_REGISTRY_USER |
Required for online and offline/air gap installations. | n/a | The user that you use to log in to the entitled registry (typically, the user is
cp ). |
|||||||||||||||
ENTITLED_REGISTRY_PASS |
Required for online and offline/air gap installations. | n/a | The password or entitlement key that is used to log in to the entitled registry. | |||||||||||||||
GI_DATA_NODE |
Required for online and offline/air gap installations. | n/a | The name of the node or nodes that you select to house the Db2® instance. You need separate nodes for separate Db2 instances (comma-delimited). | |||||||||||||||
LABEL_DATA_NODE |
Required for online and offline/air gap installations. | true |
If true , data nodes are labeled as dedicated for data service usage. If
false , labeling is skipped. |
|||||||||||||||
GDSC_NAMESPACE |
Required for online and offline/air gap installations. |
|
Guardium Data Security Center namespace, where Guardium Data Security Center is deployed. | |||||||||||||||
ICS_NAMESPACE |
Required for online and offline/air gap installations. | ibm-common-services or GDSC_NAMESPACE |
IBM Common
Services is installed in the
|
|||||||||||||||
ICS_SIZE |
Required for online and offline/air gap installations. | small |
Set the ICS_SIZE to small if you are installing a
deployment of Guardium Data Security Center that is extra small or
small. Set the ICS_SIZE to medium if you are installing a Guardium Data Security Center deployment that is medium or higher. |
|||||||||||||||
ICS_POSTGRES_REGISTRY_URL | Required for online and offline/air gap installations. | cp.icr.io |
The hostname of the remote registry that contains installation images
(cp.icr.io , unless noted otherwise). |
|||||||||||||||
ICS_POSTGRES_REGISTRY_USER | Required for online and offline/air gap installations. | n/a | The user that you use to log in to the entitled registry (typically, the user is
cp ). |
|||||||||||||||
ICS_POSTGRES_REGISTRY_PASS | Required for online and offline/air gap installations. | n/a | The password or entitlement key that is used to log in to the entitled registry. | |||||||||||||||
CLOUD_INFRA |
Required for online and offline/air gap installations. | openshift |
Cloud provider for the cluster used for Guardium Data Security Center installation. The following values are acceptable:
|
|||||||||||||||
DOMAIN_NAME |
Required for online and offline/air gap installations. | n/a | Domain name of the cluster. | |||||||||||||||
HOST_NAME |
Required for online and offline/air gap installations. | n/a | Host name for the application. Important: When you create your custom resource
(CR) file, the
spec.guardiumInsightsGlobal.ingress.hostname value must be 58
characters or fewer. |
|||||||||||||||
STORAGE_CLASS_RWO |
Required for online and offline/air gap installations. | rook-ceph-block |
Storage classes that are defined for using Guardium Data Security Center. The storage class depends on the type of cloud
infrastructure used. Provide both read-write-only (RWO) and read-write-many (RWX) classes.
Important: The storage classes must be prepared before you run the installation. For
more information about creating and configuring storage classes, refer to your cloud provider's
documentation.
|
|||||||||||||||
STORAGE_CLASS_RWX |
Required for online and offline/air gap installations. | rook-cephfs |
||||||||||||||||
BACKUP_STORAGECLASS_RWX |
Required for online and offline/air gap installations. |
|
Backup storage classes that are defined for using Guardium Data Security Center. The backup storage class depends on the type of
cloud infrastructure used.
Important: The storage classes must be prepared before you run the installation. For
more information about creating and configuring storage classes, refer to your cloud provider's
documentation.
|
|||||||||||||||
LOCAL_REGISTRY_HOST |
Required for offline/air gap installations (ONLINE_INSTALL=false ). Not
applicable to online installations. |
n/a | These parameters specify a private Docker registry to use for image mirroring for an air gap
installation, along with the username and a password for logging in to the registry.
|
|||||||||||||||
LOCAL_REGISTRY_USER |
Required for offline/air gap installations (ONLINE_INSTALL=false ). Not
applicable to online installations. |
n/a | ||||||||||||||||
LOCAL_REGISTRY_PASS |
Required for offline/air gap installations (ONLINE_INSTALL=false ). Not
applicable to online installations. |
n/a | ||||||||||||||||
Optional parameters | ||||||||||||||||||
TAINT_DATA_NODE |
Optional for online and offline/air gap installations. | false |
Change to true to have data nodes that are tainted and dedicated for data
service usage. Leave as false to skip this step. |
|||||||||||||||
SKIP_GI_PREINSTALL |
Optional for online and offline/air gap installations. | false |
If set to true , the preinstall step in the Guardium Data Security Center deployment is skipped. |
|||||||||||||||
SKIP_GI_CATALOGS |
Optional for online and offline/air gap installations. | false |
If set to true , the dependency catalog installation in the Guardium Data Security Center deployment is skipped. |
|||||||||||||||
SKIP_GI_OPERATORS |
Optional for online and offline/air gap installations. | false |
If set to true , the dependency operator installation in the Guardium Data Security Center deployment is skipped. |
|||||||||||||||
SKIP_GI_INSTANCE |
Optional for online and offline/air gap installations. | false |
If set to true , instance (custom resource) creation in the Guardium Data Security Center deployment is skipped. |
|||||||||||||||
INSECURE_REGISTRY |
Optional for offline/air gap installations (ONLINE_INSTALL=false ). Not
applicable to online installations. |
false |
If you are using an insecure registry (no TLS or a self-signed certificate), setting this
parameter to true configures the cluster to allow the insecure registry. |
Product | License type value for Version 3.6.x |
---|---|
IBM Guardium Package (Software) | L-QABB-9QRLFB |
IBM Cloud Pak® for Security (Gen 3) (replaces IBM Guardium Data Security Center for IBM Cloud Pak for Security Version 3.1) | L-HZJW-JA6HJX |
IBM Guardium Data Security Center | L-NVCJ-9CYX5W |
IBM Guardium Data Security Center for Guardium Data Protection for z/OS® | L-VWLB-EGB2VZ |
IBM Guardium Data Security Center for IBM Cloud Pak for Security | L-YJXR-K9VF5F |