Configuring TIBCO Control Plane Helm Chart Values
Before you install TIBCO Control Plane Helm charts, you must configure the different values specific to your environment, such as service account, certificates, and storage. These values are used by TIBCO Control Plane during deployment.
Configuring platform-bootstrap Helm Chart Values
Sample Platform Bootstrap Helm Chart Values YAML file is available in the GitHub Repository. Update the file with values specific to your environment. Refer to the following table for more information about parameters in the values file.
Refer the following table to learn more about parameters used in the values.yaml
file.
Parameter | Required? | Default | Description |
---|---|---|---|
|
Mandatory | true |
Enable or disable Fluentbit sidecar deployment for log processing. By default, Fluentbit log processing is enabled. If you disable this option, the logs from Control Plane are not captured and forwarded to the log processor configured in the observability resource. If your organization's current infrastructure already captures logs from all workloads, then you can disable this feature to reduce resource consumption. |
serviceAccount
|
Optional | Specify the service account name used for deploying TIBCO Control Plane components in your cluster. If not set, the chart creates a service account control-plane-sa . If you specify a service account and set rbac.infra=false , it is your responsibility to apply the necessary RBACs for the service account. |
|
|
Mandatory | true | Set this to true to create RBAC resources for the service account (ClusterRole and Rolebinding). Set to false if the service account already has the RBACs created. By default this is set to true. |
Parameters for Container Registry for TIBCO Components | |||
|
Mandatory |
These are the values required to pull TIBCO Components images from the Jfrog repository. Account Owner must get these values by signing in to TIBCO Operated Control Plane environment. If you want to use custom container registry, you must specify details of your private registry. You must also ensure to download and push all TIBCO component images to your registry. |
|
Common Parameters | |||
createNetworkPolicy
|
Optional | false | Flag to enable or disable the creation of default network policies for TIBCO Control Plane namespace. The default value is false. |
controlPlaneInstanceId
|
Mandatory |
This is to identify multiple TIBCO Control Plane installations in the same cluster. The maximum characters allowed are five. Example: prod, stag |
|
dnsTunnelDomain
|
Mandatory | Domain to be used by the tunnel in the Data Plane to connect to TIBCO Control Plane. | |
dnsDomain
|
Mandatory |
Domain to be used for accessing TIBCO Control Plane. The value must be in the format: TIBCO Control Plane owns first three subdomains. Here Control Plane FQDN format is:
For example: |
|
|
Mandatory |
Example: 10.180.0.0/16
Example: 192.168.0.0/16 serviceCIDR is the IP range of Service CIDR (CIDR notation). The default value for serviceCIDR is 172.20.0.0/16. |
|
Log server Configuration Values |
|||
endpoint
|
Optional | The URL of the network proxy that provides access to the Elasticsearch endpoint URL. | |
username
|
Optional | Username to connect to the Elasticsearch server. | |
index
|
Optional | Specify the name of the index that matches the patterns of the Index template definition created on your Elasticsearch server. | |
password : |
Optional | Password to connect to the Elasticsearch server. | |
Storage Configuration Values | |||
storageClassName
|
Mandatory |
To create or use volumeName, uncomment the storageClassName and set a matching value as volume. To use default storageClass, keep the storageClassName key commented. To use preconfigured storageClass, uncomment storageClassName and pass the value. Example: |
|
volumeName
|
Optional | Specify the volume name |
Configuration for Ingress and Load Balancer
The following configurations must be done in hybrid-proxy
and router-operator
chart values. Cluster IP services are enabled by default for hybrid proxy and router. If required, Ingress must be explicitly enabled for both. The service type for hybrid proxy can be set to load balancer. For more information about Kubernetes Service, see Kubernetes documentation. Refer to the following table for more information about configuration parameters for both Hybrid proxy and router.
Hybrid Proxy and Router service Configuration
Parameter | Required? | Default | Description |
---|---|---|---|
|
Mandatory | true | Enables the creation of a Service. |
|
Mandatory | ClusterIP | Type of service |
|
Yes when type is LoadBalancer |
Load balancer class name. IP address and source range for load balancer.
|
|
(Applicable only when type is load balancer.) |
Optional | true | You can optionally disable NodePort allocation for a Service of type: LoadBalancer, by setting this field to false. This must be only used for load balancer implementations that route traffic directly to pods instead of node ports. |
(Applicable only when type is load balancer.) |
Optional | Cluster | By default, Service of type 'LoadBalancer' is created setting 'externalTrafficPolicy: Cluster' unless other value is explicitly set. Possible values are Cluster or Local. |
annotations: {}
|
Optional | Additional annotations for network load balancer service | |
internalTrafficPolicy: Cluster
|
Optional | Local | By default, Service is created setting internalTrafficPolicy: Local on mode as daemonset
unless other value is explicitly set.
Setting internalTrafficPolicy: Cluster on a daemonset is not recommended
|
Hybrid Proxy and Router ingress Configuration For more information about Kubernetes ingress, see Kubernetes documentation. |
|||
|
Optional | false |
Set this value to true to enable ingress. |
annotations: {} |
Optional | Annotations to apply to the ingress | |
ingressClassName
|
Mandatory if ingress is enabled |
Ingress Controller class name Example: For more information about ingress resource fields, see Kubernetes documentation. |
|
additionalIngresses: []
|
Optional |
Additional ingresses are only created if |
Configuring platform-base Helm Chart Values
The sample Platform Base Helm Chart Values YAML file is available in the GitHub Repository. Update the file with the values specific to your environment. Refer to the following table for more information about parameters in the values file.
- For SSL enabled database, you must create secret to store database SSL certificate before deploying
platform-base
helm chart. For more information, see Creating Kubernetes Secret. - You must have configured an email server used for sending emails from TIBCO Control Plane. Currently, TIBCO Control Plane supports SES, SMTP, or SendGrid.
- If you are using Amazon SES, you must have configured from and reply to email address. For more information, see Amazon SES documentation.
Refer to the following table to learn more about the parameters used in the preceding values.yaml
file.
Parameter | Required? |
Description |
---|---|---|
Global Configuration | ||
db_ssl_root_cert_secretname
|
Mandatory for SSL enabled database |
Kubernetes secret name which contains the certificate details for SSL connection to the database. For more information about creating secret, see Creating Kubernetes Secret. |
db_ssl_root_cert_filename
|
Mandatory for SSL enabled database |
SSL certificate filename Example: |
Database details | ||
|
Mandatory |
Database host address Example: |
|
Mandatory |
Database name Example: |
|
Mandatory |
Database port number Example: |
|
Mandatory |
Username to access the database |
|
Mandatory |
Password to access the database |
|
Mandatory |
Database secret name which stores user credentials Example: |
db_ssl_mode
|
Optional |
If you are connecting to a database instance over SSL, specify DB SSL mode value. Default: disable Example: verify-full For SSL enabled database, you must create secret to store database SSL certificate before deploying |
Email Service Configuration | ||
emailServerType
|
Mandatory |
Type of email service you have set up for email notifications. Supported values:
|
|
Mandatory if the type of email service is ses |
If emailServerType is ses, then you must specify this value. Amazon Resource Name (ARN) for Amazon SES. Example: |
|
Mandatory if type of email service is smtp |
If emailServerType is smtp, then you must specify these values:
|
|
Mandatory if type of email service is sendgrid | Key to authenticate access to SendGrid email services. You must specify this if you are using SendGrid email service. |
fromAndReplyToEmailAddress
|
Mandatory | From and reply to an email address to be used by email service. |
cronJobReportsEmailAlias
|
Optional | Cron Job reports are sent to this email alias if configured. |
platformEmailNotificationCcAddresses
|
Optional | Optional email address to mark as CC for subscription email notifications. |
TIBCO Platform Console Administrator user details | ||
|
Mandatory | Email address of the administrator user. Initial email is sent to this email address with the link to sign in to TIBCO Platform Console for provisioning subscription. |
|
Mandatory | First name of the administrator user |
|
Mandatory | Last name of the administrator user |
|
Mandatory | The Account owner must get this id by signing in to TIBCO Operated Control Plane environment. This id is available on the Settings > Account Details section. |