Installation Options
The Structsure Enterprise installation can be customized in a number of ways by providing configuration details during the installation/upgrade process. This page describes the installation options and how to specify their values.
Command Line Arguments
For minor configuration changes, command line arguments are the simplest method of providing configuration details to the Structsure Enterprise installation process. These arguments can be supplied using the --set PARAMETER=value
syntax. For example, to deploy a collaboration cluster, issue the following command:
zarf package deploy zarf-package-structsure-enterprise-amd64-v5.0.0.tar.zst.part000 --no-progress --confirm --set CLUSTER_TYPE=collaboration
Configuration File
For more complex configurations, a configuration file is recommended. This configuration file's path can be passed to the installation process using the ZARF_CONFIG
environment variable.
Create a configuration file, and save it to a safe location.
package:
deploy:
set:
cluster_type: collaboration
Provide the configuration:
ZARF_CONFIG=/home/user/my-structsure-config.yaml zarf package deploy zarf-package-structsure-enterprise-amd64-v5.0.0.tar.zst.part000 --no-progress --confirm
This configuration can be create in the YAML, JSON, TOML, or INI format.
JSON:
{
"package": {
"deploy": {
"set": {
"cluster_type": "collaboration"
}
}
}
}
TOML:
[package.deploy.set]
cluster_type = 'collaboration'
INI:
[package.deploy.set]
cluster_type=collaboration
Full Example Configuration
Below you can find an example of every configuration option in a YAML config file. This file is for demonstration purposes only and should not be used to configure a Structsure installation.
package:
deploy:
set:
cluster_type: deployTarget
crossplane_replicas: 1
crossplane_rbac_replicas: 1
crossplane_metrics_enabled: true
domain: example.com
fqdn: host.example.com
single_node: false
cert_path: /path/to/server-cert.pem
key_path: /path/to/server-key.pem
ca_cert_path: /path/to/ca-cert.pem
cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
ca_cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
docker_socket: /var/run/docker.sock
disable_root_fs_mount: false
enf_no_system_profiles: false
bigbang_values_file: /path/to/bigbang-values.yaml
bigbang_secrets_file: /path/to/bigbang-secrets.yaml
# App toggles
argocd_enabled: true
authservice_enabled: true
certmanager_enabled: false
clusterauditor_enabled: false
clusterautoscaler_enabled: true
confluence_enabled: false
console_enabled: true
fluentbit_enabled: false
gatekeeper_enabled: false
gitlabrunner_enabled: false
grafana_enabled: true
istiocontrolplane_enabled: true
istiooperator_enabled: true
jira_enabled: false
keycloak_enabled: false
kyverno_enabled: true
kyvernopolicies_enabled: true
kyvernoreporter_enabled: true
loki_enabled: true
mattermost_enabled: false
mattermostoperator_enabled: false
metricsserver_enabled: false
minio_enabled: false
miniooperator_enabled: false
monitoring_enabled: true
neuvector_enabled: true
promtail_enabled: true
sonarqube_enabled: false
twistlock_enabled: false
vault_enabled: false
velero_enabled: true
metricsserver_enabled: false
kiali_enabled: false
Configuration Parameters
Parameter | Description | Default |
---|---|---|
CLUSTER_TYPE | Preset cluster type to deploy. Valid values are deployTarget , collaboration or custom . | deployTarget |
CROSSPLANE_REPLICAS | Number of Crossplane pods to run. | 1 |
CROSSPLANE_RBAC_REPLICAS | Number of Crossplane RBAC pods to run. | 1 |
CROSSPLANE_METRICS_ENABLED | Enable/disable the Crossplane metrics server. | true |
DOMAIN | Domain name to use when exposing services. If not provided, an attempt will be made to determine the IP address of the deployment and a nip.io domain will be used. | |
FQDN | Fully Qualified Domain Name of the installation. Used to create a nip.io domain. If left empty, the API server URL will be used instead. | |
SINGLE_NODE | Reduces the resource footprint of Structsure and removes redundant resources, and should only be used for demonstration purposes. This will automatically be enabled when deploying to a cluster with less than 3 nodes. | |
CERT_PATH | Filesystem path to a x509 DER encoded certificate. The ingress gateway will be configured to use this certificate. If none is provided, a self-signed certificate will be generated. | |
KEY_PATH | Filesystem path to a x509 DER encoded Key. The ingress gateway will be configured to use this key. If none is provided, a key will be generated. | |
CERT | The contents of a x509 DER encoded certificate provided as a string. The ingress gateway will be configured to use this certificate. If none is provided, a self-signed certificate will be generated. | |
KEY | The contents of a x509 DER encoded key provided as as a string. The ingress gateway will be configured to use this key. If none is provided, a key will be generated. | |
DOCKER_SOCKET | Path to the runtime socket. This value is passed to the container security engine (Neuvector) and is dependent on the distribution of Kubernetes. If not provided, the installer will attempt to determine the correct path. | |
DISABLE_ROOT_FS_MOUNT | Toggles the monitoring stack's root FS mount. Setting this to true is required on some deployments, such as k3d or colima + k3s. | |
ENF_NO_SYSTEM_PROFILES | Toggles a related environment variable in the Neuvector pods. This is required on some deployments lacking kernel capabilities. | |
BIGBANG_VALUES_FILE | Path to a YAML file containing Big Bang values. The contents will be written to corresponding Kubernetes configMap resources. | |
BIGBANG_SECRETS_FILE | Path to a YAML file containing sensitive Big Bang values. The contents will be written to corresponding Kubernetes secret resources. | |
ARGOCD_ENABLED | Enable/disable the Argo CD add-on. Enabled by default with a Deploy Target cluster type. | |
AUTHSERVICE_ENABLED | Enable/disable the Istio Authservice add-on. Enabled by default. | |
CLUSTERAUDITOR_ENABLED | Enable/disable the Cluster Auditor add-on. Disable by default. | |
CONFLUENCE_ENABLED | Enable/disable the Confluence add-on. Enabled by default with a Collaboration cluster type. | |
CONSOLE_ENABLED | Enable/disable the Console add-on. Enabled by default with a Collaboration cluster type. | |
FLUENTBIT_ENABLED | Enable/disable the Fluentbit add-on. Disable by default. | |
GATEKEEPER_ENABLED | Enable/disable the OPA Gatekeeper add-on. Disable by default. | |
GITLAB_ENABLED | Enable/disable the Keycloak add-on. Enabled by default with a Collaboration cluster type. | |
GITLABRUNNER_ENABLED | Enable/disable the Gitlab Runner add-on. Enabled by default with a Collaboration cluster type. | |
GRAFANA_ENABLED | Enable/disable the Grafana add-on. Enabled by default. | |
ISTIOCONTROLPLANE_ENABLED | Enable/disable the Istio Control Plane add-on. Enabled by default. | |
ISTIOOPERATOR_ENABLED | Enable/disable the Istio Operator add-on. Enabled by default. | |
JIRA_ENABLED | Enable/disable the Jira add-on. Enabled by default with a Collaboration cluster type. | |
KEYCLOAK_ENABLED | Enable/disable the Keycloak add-on. Enabled by default with a Collaboration cluster type. | |
KYVERNO_ENABLED | Enable/disable the Kyverno add-on. Enabled by default. | |
KYVERNOPOLICIES_ENABLED | Enable/disable the Kyverno Policies add-on. Enabled by default. | |
KYVERNOREPORTER_ENABLED | Enable/disable the Kyverno Reporter add-on. Enabled by default. | |
LOKI_ENABLED | Enable/disable the Loki add-on. Enabled by default. | |
MATTERMOST_ENABLED | Enable/disable the Mattermost add-on. Enabled by default with a Collaboration cluster type. | |
MATTERMOSTOPERATOR_ENABLED | Enable/disable the Mattermost Operator add-on. Enabled by default with a Collaboration cluster type. | |
MINIO_ENABLED | Enable/disable the Minio add-on. Disable by default. | |
MINIOOPERATOR_ENABLED | Enable/disable the Minio Operator add-on. Enabled by default with a Collaboration cluster type. | |
MONITORING_ENABLED | Enable/disable the Monitoring add-on. Enabled by default. | |
NEUVECTOR_ENABLED | Enable/disable the Neuvector add-on. Enabled by default. | |
PROMTAIL_ENABLED | Enable/disable the Promtail add-on. Enabled by default. | |
SONARQUBE_ENABLED | Enable/disable the Sonarqube add-on. Enabled by default with a Collaboration cluster type. | |
TWISTLOCK_ENABLED | Enable/disable the Twistlock add-on. Disable by default. | |
VAULT_ENABLED | Enable/disable the Vault add-on. Disable by default. | |
VELERO_ENABLED | Enable/disable the Velero add-on. Enabled by default. | |
METRICSSERVER_ENABLED | Enable/disable the Metrics Server add-on. Enabled by default if no other metrics server installations are present. | |
KIALI_ENABLED | Enable/disable the MKiali add-on. Disable by default. |