Configuration file parameters for all-in-one installation

The following tables list the configurable properties of the Guardium® Insights configuration (values.conf) file and the Guardium Insights license value options.

Table 1. Installation parameters
Option Installation type requirement Default value Description
Mandatory parameters
ONLINE_INSTALL Required for online and offline/air gap installations. true Change the value to false to install in offline/air gap mode. This mode requires more parameters and more preparation, and is provided as a means to install on clusters with no or limited internet.
SKIP_INSTALL_ICS Required for online and offline/air gap installations. false Change the value to true only if IBM® Common Services is already installed on your cluster.
ENTITLED_REGISTRY Required for online and offline/air gap installations. cp.icr.io The hostname of the remote registry that contains installation images (cp.icr.io, unless noted otherwise).
ICS_CATALOG_REGISTRY Required for online and offline/air gap installations. icr.io The hostname of the remote docker registry that contains installation images (icr.io, unless noted otherwise).
ENTITLED_REGISTRY_USER Required for online and offline/air gap installations. n/a The user that you use to log in to the entitled registry (typically, the user is cp).
ENTITLED_REGISTRY_PASS Required for online and offline/air gap installations. n/a The password or entitlement key that is used to log in to the entitled registry.
GI_DATA_NODE Required for online and offline/air gap installations. n/a The name of the node or nodes that you select to house the Db2® instance. You need separate nodes for separate Db2 instances (comma-delimited).
LABEL_DATA_NODE Required for online and offline/air gap installations. true If true, data nodes are labeled as dedicated for data service usage. If false, labeling is skipped.
GI_NAMESPACE Required for online and offline/air gap installations. Guardium Insights namespace, where Guardium Insights is deployed.
ICS_NAMESPACE Required for online and offline/air gap installations. ibm-common-services or GI_NAMESPACE For Guardium Insights version 3.3.x and earlier, IBM Common Services is installed in the default namespace (ibm-common-services).

For Guardium Insights version 3.4.x and later, IBM Common Services is installed in the GI_NAMESPACE namespace.

ICS_SIZE Required for online and offline/air gap installations. small Set the ICS_SIZE to small if you are installing a deployment of Guardium Insights that is extra small or small. Set the ICS_SIZE to medium if you are installing a Guardium Insights deployment that is medium or higher.
Version 3.5.x and later ICS_POSTGRES_REGISTRY_URL Required for online and offline/air gap installations. cp.icr.io The hostname of the remote registry that contains installation images (cp.icr.io, unless noted otherwise).
Version 3.5.x and later ICS_POSTGRES_REGISTRY_USER Required for online and offline/air gap installations. n/a The user that you use to log in to the entitled registry (typically, the user is cp).
Version 3.5.x and later ICS_POSTGRES_REGISTRY_PASS Required for online and offline/air gap installations. n/a The password or entitlement key that is used to log in to the entitled registry.
CLOUD_INFRA Required for online and offline/air gap installations. openshift Cloud provider for the cluster used for Guardium Insights installation. The following values are acceptable:
  • openshift or OPENSHIFT
  • ibm-cloud or IBM-CLOUD
  • aws or AWS
  • azure or AZURE
DOMAIN_NAME Required for online and offline/air gap installations. n/a Domain name of the cluster.
HOST_NAME Required for online and offline/air gap installations. n/a Host name for the application.
Important: When you create your custom resource (CR) file, the spec.guardiumInsightsGlobal.ingress.hostname value must be 58 characters or fewer.
STORAGE_CLASS_RWO Required for online and offline/air gap installations. rook-ceph-block Storage classes that are defined for using Guardium Insights. The storage class depends on the type of cloud infrastructure used. Provide both read-write-only (RWO) and read-write-many (RWX) classes.
Cloud provider STORAGE_CLASS_RWO STORAGE_CLASS_RWX
openshift/ OPENSHIFT rook-ceph-block rook-cephfs
ibm-cloud/IBM-CLOUD ibmc-file-gold-gid ibmc-file-gold-gid
aws/ AWS gp2 ocs-storagecluster-cephfs
azure/AZURE ocs-storagecluster-ceph-rbd ocs-storagecluster-cephfs
Important: The storage classes must be prepared before you run the installation. For more information about creating and configuring storage classes, refer to your cloud provider's documentation.
STORAGE_CLASS_RWX Required for online and offline/air gap installations. rook-cephfs
BACKUP_STORAGECLASS_RWX Required for online and offline/air gap installations.
  • rook-cephfs or ocs-storagecluster-cephfs for all platforms except IBM Cloud.
  • managed-nfs-storage for IBM Cloud.
Backup storage classes that are defined for using Guardium Insights. The backup storage class depends on the type of cloud infrastructure used.
Cloud provider STORAGE_CLASS_RWX
openshift/ OPENSHIFT rook-cephfs
ibm-cloud/IBM-CLOUD managed-nfs-storage
aws/ AWS ocs-storagecluster-cephfs
azure/AZURE ocs-storagecluster-cephfs
Important: The storage classes must be prepared before you run the installation. For more information about creating and configuring storage classes, refer to your cloud provider's documentation.
LOCAL_REGISTRY_HOST Required for offline/air gap installations (ONLINE_INSTALL=false). Not applicable to online installations. n/a These parameters specify a private Docker registry to use for image mirroring for an air gap installation, along with the username and a password for logging in to the registry.
  • LOCAL_REGISTRY_HOST=Specify the host IP address or FQDN:Listening port.
  • LOCAL_REGISTRY_USER=Specify the username for your private registry.
  • LOCAL_REGISTRY_PASS=Specify the password for your private registry.
LOCAL_REGISTRY_USER Required for offline/air gap installations (ONLINE_INSTALL=false). Not applicable to online installations. n/a
LOCAL_REGISTRY_PASS Required for offline/air gap installations (ONLINE_INSTALL=false). Not applicable to online installations. n/a
Optional parameters
TAINT_DATA_NODE Optional for online and offline/air gap installations. false Change to true to have data nodes that are tainted and dedicated for data service usage. Leave as false to skip this step.
SKIP_GI_PREINSTALL Optional for online and offline/air gap installations. false If set to true, the preinstall step in the Guardium Insights deployment is skipped.
SKIP_GI_CATALOGS Optional for online and offline/air gap installations. false If set to true, the dependency catalog installation in the Guardium Insights deployment is skipped.
SKIP_GI_OPERATORS Optional for online and offline/air gap installations. false If set to true, the dependency operator installation in the Guardium Insights deployment is skipped.
SKIP_GI_INSTANCE Optional for online and offline/air gap installations. false If set to true, instance (custom resource) creation in the Guardium Insights deployment is skipped.
INSECURE_REGISTRY Optional for offline/air gap installations (ONLINE_INSTALL=false). Not applicable to online installations. false If you are using an insecure registry (no TLS or a self-signed certificate), setting this parameter to true configures the cluster to allow the insecure registry.
Table 2. License options
Product License type value for Version 3.3.x License type value for Version 3.4.x License type value for Version 3.5.x
IBM Guardium Package (Software) L-TFWF-ZZ5233 L-ZNAM-9BHMTZ L-YRPR-ZV3BA6
IBM Cloud Pak® for Security (Gen 3) (replaces IBM Guardium Insights for IBM Cloud Pak for Security Version 3.1) L-QAXS-3Q3M77 L-HZJW-JA6HJX L-HZJW-JA6HJX
IBM Guardium Insights L-EUYK-DLBJKL L-MYJN-5G3BE2 L-NVCJ-9CYX5W
IBM Guardium Insights for Guardium Data Protection for z/OS® L-QQNG-5WV2K5 L-EVXH-UJQRT9 L-VWLB-EGB2VZ
IBM Guardium Insights for IBM Cloud Pak for Security L-ABEU-LGJCCW L-DFKL-D2QRNM L-YJXR-K9VF5F