Configuring TIBCO Control Plane Helm Chart Values

Before you install TIBCO Control Plane Helm charts, you must configure the different values specific to your environment, such as service account, certificates, and storage. These values are used by TIBCO Control Plane during deployment.

Configuring platform-bootstrap Helm Chart Values

Sample Platform Bootstrap Helm Chart Values YAML file is available in the GitHub Repository. Update the file with values specific to your environment. Refer to the following table for more information about parameters in the values file.

Refer the following table to learn more about parameters used in the values.yaml file.

Parameter	Required?	Default	Description
`fluentbit:` `enabled: true`	Mandatory	true	Enable or disable Fluentbit sidecar deployment for log processing. By default, Fluentbit log processing is enabled. If you disable this option, the logs from Control Plane are not captured and forwarded to the log processor configured in the observability resource. If your organization's current infrastructure already captures logs from all workloads, then you can disable this feature to reduce resource consumption.
`serviceAccount`	Optional		Specify the service account name used for deploying TIBCO Control Plane components in your cluster. If not set, the chart creates a service account `control-plane-sa`. If you specify a service account and set `rbac.infra=false`, it is your responsibility to apply the necessary RBACs for the service account.
`rbac`: `infra: true`	Mandatory	true	Set this to true to create RBAC resources for the service account (ClusterRole and Rolebinding). Set to false if the service account already has the RBACs created. By default this is set to true.
Parameters for Container Registry for TIBCO Components
`containerRegistry:` `url` `username` `password`	Mandatory		These are the values required to pull TIBCO Components images from the Jfrog repository. Account Owner must get these values by signing in to TIBCO Operated Control Plane environment. If you want to use custom container registry, you must specify details of your private registry. You must also ensure to download and push all TIBCO component images to your registry.
Common Parameters
`createNetworkPolicy`	Optional	false	Flag to enable or disable the creation of default network policies for TIBCO Control Plane namespace. The default value is false.
`controlPlaneInstanceId`	Mandatory		This is to identify multiple TIBCO Control Plane installations in the same cluster. The maximum characters allowed are five. Example: prod, stag
`dnsTunnelDomain`	Mandatory		Domain to be used by the tunnel in the Data Plane to connect to TIBCO Control Plane.
`dnsDomain`	Mandatory		Domain to be used for accessing TIBCO Control Plane. The value must be in the format: `<cp-env-info>.<some-identifier>.example.com` TIBCO Control Plane owns first three subdomains. Here `<cp-env-info>` can be region identifier or unique word to identify control plane environment. Here `<some-identifier>` can be some unique word or identifier. The `example.com` represents your own base domain and it can be much more deeper than the minimum two levels. Control Plane FQDN format is: `<hostPrefix>.<cp-env-info>.<some-identifier>.<rest of domain>` `<hostPrefix>` is unique identifier configured when provisioning subscription. For example: `https://admin.us-west.my.example.com/`
`clusterInfo:` `nodeCIDR:` `podCIDR:` `serviceCIDR:`	Mandatory		`NodeIPCIDR` is the IP range of Nodes VPC or the VNet address space (CIDR notation). Example: 10.180.0.0/16 `PodIPCIDR` is IP range of Pod IP CIDR (CIDR notation). Example: 192.168.0.0/16 serviceCIDR is the IP range of Service CIDR (CIDR notation). The default value for serviceCIDR is 172.20.0.0/16.
Log server Configuration Values
`endpoint`	Optional		The URL of the network proxy that provides access to the Elasticsearch endpoint URL.
`username`	Optional		Username to connect to the Elasticsearch server.
`index`	Optional		Specify the name of the index that matches the patterns of the Index template definition created on your Elasticsearch server.
`password`:	Optional		Password to connect to the Elasticsearch server.
Storage Configuration Values
`storageClassName`	Mandatory		To create or use volumeName, uncomment the storageClassName and set a matching value as volume. To use default storageClass, keep the storageClassName key commented. To use preconfigured storageClass, uncomment storageClassName and pass the value. Example: `efs-sc`
`volumeName`	Optional		Specify the volume name

Configuration for Ingress and Load Balancer

The following configurations must be done in hybrid-proxy and router-operator chart values. Cluster IP services are enabled by default for hybrid proxy and router. If required, Ingress must be explicitly enabled for both. The service type for hybrid proxy can be set to load balancer. For more information about Kubernetes Service, see Kubernetes documentation. Refer to the following table for more information about configuration parameters for both Hybrid proxy and router.

Hybrid Proxy and Router service Configuration

Parameter	Required?	Default	Description
`service:` `enabled: true`	Mandatory	true	Enables the creation of a Service.
`type: ClusterIP`	Mandatory	ClusterIP	Type of service
`type: LoadBalancer` `loadBalancerIP: 1.2.3.4loadBalancerSourceRanges: []loadBalancerClass: ""`	Yes when type is LoadBalancer		Load balancer class name. IP address and source range for load balancer. `loadBalancerIP`, `loadBalancerSourceRanges`, `loadBalancerClass`, `allocateLoadBalancerNodePorts`, `externalTrafficPolicy` and `internalTrafficPolicy` are only applicable when `type:` `LoadBalancer`.
`allocateLoadBalancerNodePorts: false` (Applicable only when type is load balancer.)	Optional	true	You can optionally disable NodePort allocation for a Service of type: LoadBalancer, by setting this field to false. This must be only used for load balancer implementations that route traffic directly to pods instead of node ports.
`externalTrafficPolicy: Cluster` (Applicable only when type is load balancer.)	Optional	Cluster	By default, Service of type 'LoadBalancer' is created setting 'externalTrafficPolicy: Cluster' unless other value is explicitly set. Possible values are Cluster or Local.
`annotations: {}`	Optional		Additional annotations for network load balancer service
`internalTrafficPolicy: Cluster`	Optional	Local	By default, Service is created setting `internalTrafficPolicy: Local` on mode as daemonset unless other value is explicitly set. Setting `internalTrafficPolicy: Cluster` on a daemonset is not recommended
Hybrid Proxy and Router ingress Configuration For more information about Kubernetes ingress, see Kubernetes documentation.
`ingress:` `enabled: false`	Optional	false	Set this value to true to enable ingress.
`annotations: {}`	Optional		Annotations to apply to the ingress
`ingressClassName`	Mandatory if ingress is enabled		Ingress Controller class name Example: `nginx` For more information about ingress resource fields, see Kubernetes documentation.
`additionalIngresses: []`	Optional		Additional ingresses are only created if `ingress.enabled` is true. This is useful when different annotated ingress services are required. Each additional ingress needs a key "name" set to something unique.

Configuring platform-base Helm Chart Values

The sample Platform Base Helm Chart Values YAML file is available in the GitHub Repository. Update the file with the values specific to your environment. Refer to the following table for more information about parameters in the values file.

Before you begin

For SSL enabled database, you must create secret to store database SSL certificate before deploying platform-base helm chart. For more information, see Creating Kubernetes Secret.
You must have configured an email server used for sending emails from TIBCO Control Plane. Currently, TIBCO Control Plane supports SES, SMTP, or SendGrid.
If you are using Amazon SES, you must have configured from and reply to email address. For more information, see Amazon SES documentation.

Refer to the following table to learn more about the parameters used in the preceding values.yaml file.

Parameter	Required?	Description
Global Configuration
`db_ssl_root_cert_secretname`	Mandatory for SSL enabled database	Kubernetes secret name which contains the certificate details for SSL connection to the database. For more information about creating secret, see Creating Kubernetes Secret.
`db_ssl_root_cert_filename`	Mandatory for SSL enabled database	SSL certificate filename Example: `db_ssl_root.cert`
Database details
`db_host`	Mandatory	Database host address Example: `platform-postgres-fs6b8-4cphb.cdqjgaolpoo0.us-west-2.rds.amazonaws.com`
`db_name`	Mandatory	Database name Example: `postgres`
`db_port`	Mandatory	Database port number Example: `5432`
`db_username`	Mandatory	Username to access the database
`db_password`	Mandatory	Password to access the database
`db_secret_name`	Mandatory	Database secret name which stores user credentials Example: `provider-cp-database-credentials`
`db_ssl_mode`	Optional	If you are connecting to a database instance over SSL, specify DB SSL mode value. Default: disable Example: verify-full For SSL enabled database, you must create secret to store database SSL certificate before deploying `platform-base` helm chart. For more information, see Creating Kubernetes Secret.
Email Service Configuration
`emailServerType`	Mandatory	Type of email service you have set up for email notifications. Supported values: smtp ses sendgrid
`emailServer:` `ses:` `arn: ""`	Mandatory if the type of email service is ses	If emailServerType is ses, then you must specify this value. Amazon Resource Name (ARN) for Amazon SES. Example: `arn:aws:ses:us-east-1:123456789012:identity/user@example.com`
`emailServer:` `smtp:` `server: ""` `port: "25"` `username: ""` `password: ""`	Mandatory if type of email service is smtp	If emailServerType is smtp, then you must specify these values: SMTP server address. SMTP port SMTP username SMTP password
`emailServer:` `sendgrid:` `apiKey: ""`	Mandatory if type of email service is sendgrid	Key to authenticate access to SendGrid email services. You must specify this if you are using SendGrid email service.
`fromAndReplyToEmailAddress`	Mandatory	From and reply to an email address to be used by email service.
`cronJobReportsEmailAlias`	Optional	Cron Job reports are sent to this email alias if configured.
`platformEmailNotificationCcAddresses`	Optional	Optional email address to mark as CC for subscription email notifications.
TIBCO Platform Console Administrator user details
`admin:` `email:`	Mandatory	Email address of the administrator user. Initial email is sent to this email address with the link to sign in to TIBCO Platform Console for provisioning subscription.
`admin:` `firstname:`	Mandatory	First name of the administrator user
`admin:` `lastname:`	Mandatory	Last name of the administrator user
`admin:` `customerID:`	Mandatory	The Account owner must get this id by signing in to TIBCO Operated Control Plane environment. This id is available on the Settings > Account Details section.

Subtopics

Did you find this helpful?

Yes No