Single node deployment: Specifying the installation parameters

Deployment of Kaspersky Next XDR Expert > Preparation work and deployment > Single node deployment: Specifying the installation parameters

Single node deployment: Specifying the installation parameters

Expand all | Collapse all

Configuration file used to deploy Kaspersky Next XDR Expert on a single node contains installation parameters that are required both for the distributed and single node deployment. Also this configuration file contains parameters specific only for the single node deployment (vault_replicas, vault_ha_mode, vault_standalone, and defaultClassReplicaCount).

The template of the configuration file (smp_param.yaml.template) is located in the distribution package in the archive with the KDT utility. You can fill out the configuration file template manually; or use the Configuration wizard to specify the installation parameters that are required for the Kaspersky Next XDR Expert deployment, and then generate the configuration file.

For correct function of KDT with the configuration file, add an empty line at the end of the file.

The nodes section of the configuration file contains the target host parameters that are listed in the table below.

Nodes section

Parameter name	Required	Description
`desc`	Yes	The name of the node.
`type`	Yes	The node type. Possible parameter values: `primary` `worker` `primary-worker` For the target host, set the `type` parameter to `primary-worker` to enable the single node deployment. In this case, the target host will act as the primary and worker nodes.
`host`	Yes	The IP address of the node. All nodes must be included in the same subnet.
`kind`	No	The node type that specifies the Kaspersky Next XDR Expert component that will be installed on this node. If the `kind` parameter of the node is set to `admsrv`, Administration Server will be installed on this node. If you want to install a DBMS on the node inside the cluster, set the `kind` parameter to `db` for the corresponding node. For other nodes, you can leave this parameter empty. Possible parameter values: `admsrv` `db` Do not specify the `kind` parameter when you deploy Kaspersky Next XDR Expert on a single node.
`user`	Yes	The username of the user account created on the target host and used for connection to the node by KDT.
`key`	Yes	The path to the private part of the SSH key located on the administrator host and used for connection to the node by KDT.

Other installation parameters are listed in the parameters section of the configuration file and are described in the table below.

Parameters section

Parameter name	Required	Description
`psql_dsn`	Yes	The connection string for accessing the DBMS that is installed and configured on a separate server. Specify this parameter as follows: `psql_dsn=postgres://<dbms_username>:<password>@<fqdn>:<port>`. `dbms_username`—The user name of a privileged internal DBMS account. This account is granted permissions to create databases and other DBMS accounts. By using this privileged DBMS account, the databases and other DBMS accounts required for the Kaspersky Next XDR Expert components will be created during the deployment. `password`—The password of the privileged internal DBMS account. `fqdn:port`—The FQDN and connection port of a separate server on which the DBMS is installed. If the `psql_dsn` parameter is set, the Kaspersky Next XDR Expert components use the DBMS located at the specified FQDN. Otherwise, the Kaspersky Next XDR Expert components use the DBMS inside the cluster. After you deploy Kaspersky Next XDR Expert, changing the DBMS installed inside the cluster to a DBMS installed on a separate server is not available.
`nwc-language`	Yes	The language of the OSMP Console interface specified by default. After installation, you can change the OSMP Console language. Possible parameter values: `enUS` `ruRu`
`ipaddress`	Yes	The reserved static IP address of the Kubernetes cluster gateway. The gateway must be included in the same subnet as all cluster nodes. If you install the DBMS on a separate server, the gateway IP address must contain the subnet mask /32. If you install the DBMS inside the cluster, set the gateway IP address to an IP range in the format `0.0.0.0-0.0.0.0`, where the first IP address of the range is the gateway IP address itself and the second IP address of the range is the DBMS IP address.
`ssh_pk`	Yes	The path to the private part of the SSH key located on the administrator host and used for connection to the node by KDT.
`sshKey`	Yes	The path to the private part of the SSH key located on the administrator host and used for connection to the nodes with the KUMA services (collectors, correlators and storages).
`kscpassword` `adminPassword`	Yes	The `kscpassword` and `adminPassword` parameters specify the password of the same Kaspersky Next XDR Expert user account that will be created by KDT during the installation. The default username of this account is "admin". The Main administrator role is assigned to this user account. The `kscpassword` and `adminPassword` parameter values must match. The `adminPassword` parameter is used for uploading the KUMA license and out of the box resources. The password must comply with the following rules: The user password cannot have less than 8 or more than 16 characters. The password must contain characters from at least three of the groups listed below: Uppercase letters (A–Z) Lowercase letters (a–z) Numbers (0–9) Special characters (@ # $ % ^ & * - _ ! + = [ ] { } \| : ' , . ? / \ ` ~ " ( ) ;)
`lowResources`	Yes	The parameter that indicates that Kaspersky Next XDR Expert is installed on the target host with limited computing resources. Possible parameter values: `true`—installation with limited computing resources (for single node deployment) `false`—standard installation For the single node deployment, set the `lowResources` parameter to `true` so that Kaspersky Next XDR Expert components will require less memory and CPU resources. Also, if you enable this parameter, 4 GB of free disk space will be allocated to install KUMA Core on the target host.
`vault_replicas`	Yes	The number of replicas of the secret storage in the Kubernetes cluster. For the single node deployment, set the `vault_replicas` parameter to `1`.
`vault_ha_mode`	Yes	The parameter that indicates whether to run the secret storage in the High Availability (HA) mode. Possible parameter values: `true` `false` For the single node deployment, set the `vault_ha_mode` parameter to `false`.
`vault_standalone`	Yes	The parameter that indicates whether to run the secret storage in the standalone mode. Possible parameter values: `true` `false` For the single node deployment, set the `vault_standalone` parameter value to `true`.
`coreDiskRequest`	Yes	The parameter that specifies the amount of disk space for the operation of KUMA Core. This parameter is used only if the `lowResources` parameter is set to `false`. If the `lowResources` parameter is set to `true`, the `coreDiskRequest` parameter is ignored and 4 GB of the disk space for the operation of KUMA Core is allocated. If you do not specify the `coreDiskRequest` parameter and the `lowResources` parameter is set to `false`, the default amount of disk space for the operation of KUMA Core is allocated. The default amount of disk space is 512 GB.
`inventory`	Yes	The path to the KUMA inventory file located on the administrator host. The inventory file contains installation parameters for deployment of the KUMA services that are not included in the Kubernetes cluster.
`hostInventory`	No	The path to the additional KUMA inventory file located on the administrator host. This file contains the installation parameters used to partially add or remove hosts with the KUMA services. If you perform an initial deployment of Kaspersky Next XDR Expert or run a custom action that requires configuration file, leave the default parameter value (`/dev/null`).
`license`	Yes	The path to the license key of KUMA Core.
`smp_domain`	Yes	The domain name that is used in the FQDNs of the public Kaspersky Next XDR Expert services.
`pki_domain`	Yes	The domain name for which a self-signed or custom certificate is to be generated. The `pki_domain` and `smp_domain` parameter values must match.
`iam-nwc_host` `flow_host` `hydra_host` `login_host` `admsrv_fqdn` `console_fqdn` `api_fqdn` `kuma_fqdn` `psql_fqdn` `monitoring_fqdn` `coreIngressHost` `gateway_host` `hydra_fqdn`	Yes	The FQDNs of the Kaspersky Next XDR Expert services. These addresses contain the domain name, which must match the `smp_domain` parameter value.
`pki_fqdn_list`	Yes	The list of FQDNs of the public Kaspersky Next XDR Expert services for which a self-signed or custom certificate is to be generated. These FQDNs contain the domain name, which must match the `smp_domain` parameter value.
`intermediate_enabled`	No	The parameter that indicates whether to use the custom intermediate certificate instead of the self-signed certificates for the public Kaspersky Next XDR Expert services. The default value is `true`. Possible parameter values: `true`—use custom intermediate certificate `false`—use self-signed certificates
`intermediate_bundle`	No	The path to the custom intermediate certificate used to work with public Kaspersky Next XDR Expert services. Specify this parameter if the `intermediate_enabled` parameter is set to `true`.
`admsrv_bundle` `api_bundle` `console_bundle` `psql_bundle`	No	The paths to the custom leaf certificates used to work with the corresponding public Kaspersky Next XDR Expert services: admsrv.<smp_domain>, api.<smp_domain>, console.<smp_domain>, psql.<smp_domain>. Specify the `psql_bundle` parameter if you installed the DBMS inside the Kubernetes cluster on the DBMS node. If you want to specify the leaf custom certificates, set the `intermediate_enabled` parameter to `false` and do not specify the `intermediate_bundle` parameter.
`KUMAUIURL`	Yes	The address of KUMA Console. This address contains the domain name, which must match the `smp_domain` parameter value.
`webConsoleURL`	Yes	The address of OSMP Console. This address contains the domain name, which must match the `smp_domain` parameter value.
`encrypt_secret` `sign_secret`	Yes	The names of the secret files that are stored in the Kubernetes cluster. These names contain the domain name, which must match the `smp_domain` parameter value.
`ksc_state_size`	Yes	The amount of free disk space allocated to store the Administration Server data (updates, installation packages, and other internal service data).
`defaultClassReplicaCount`	Yes	The number of disk volumes that are used to store the service data of Kaspersky Next XDR Expert components and KDT. The default value is `3`. For the single node deployment, set the `defaultClassReplicaCount` parameter value to `1`.
`kdtStateSize`	No	The amount of free disk space allocated to store the internal service KDT data. The default value is `5Gi`.
`prometheus_size`	Yes	The amount of free disk space allocated to store metrics. The minimum recommend value is 5 GB.
`loki_size`	Yes	The amount of free disk space allocated to store OSMP logs. The minimum recommend value is 20 GB.
`loki_retention_period`	Yes	The storage period of OSMP logs after which logs are automatically removed. The default value is 72 hours (set the parameter value in the configuration file as "<time in hours>h". For example, "72h").
`adminLogin`	Yes	The `adminLogin` parameter specifies the username of the Kaspersky Next XDR Expert user account that will be created by KDT during the installation. This parameter is used for uploading of the KUMA resources. The `adminLogin` and `kumaLogin` parameter values must match. The default parameter value is `admin`. Do not change the parameter value.
`psql_tls_off`	No	The parameter that indicates whether to encrypt the traffic between the Kaspersky Next XDR Expert components and the DBMS by using the TLS protocol. Possible parameter values: `true`—do not encrypt the traffic (if the DBMS will be installed inside the cluster) `false`—encrypt the traffic
`psql_trusted_cas`	No	The path to the PEM file that can contain the TLS certificate of the DBMS server or a root certificate from which the TLS server certificate can be issued. Specify the `psql_trusted_cas` parameter if the DBMS will be installed and configured on a separate server and the traffic encryption is enabled (`psql_tls_off` is set to `false`).
`psql_client_certificate`	No	The path to the PEM file that contains a certificate and a private key of the Kaspersky Next XDR Expert component. This certificate is used to establish the TLS connection between the Kaspersky Next XDR Expert components and the DBMS. Specify the `psql_client_certificate` parameter if the DBMS will be installed and configured on a separate server and the traffic encryption is enabled (`psql_tls_off` is set to `false`).
`proxy_enabled`	No	The parameter that indicates whether to use the proxy server to connect the Kaspersky Next XDR Expert components to the internet. If the host on which Kaspersky Next XDR Expert is installed has internet access, you can also provide internet access for operation of Kaspersky Next XDR Expert components (for example, Administration Server) and for specific integrations, both Kaspersky and third-party. To establish the proxy connection, you must also specify the proxy server parameters in the Administration Server properties. The default value is `false`. Possible parameter values: `true`—proxy server is used `false`—proxy server is not used
`proxy_addresses`	No	The IP address of the proxy server. If the proxy server uses multiple IP addresses, specify these addresses separated by a space (for example, "`0.0.0.0` `0.0.0.1` `0.0.0.2`"). Specify this parameter if the `proxy_enabled` parameter is set to `true`.
`proxy_port`	No	The number of the port through which the proxy connection will be established. Specify this parameter if the `proxy_enabled` parameter is set to `true`.
`tracelevel`	No	The trace level. The default value is `0`. Possible parameter values: 0–5.
`kumaUrl` `kumaLogin`	Yes	The parameters for internal use. Do not change the parameter value.

Sample of the configuration file for the single node deployment of Kaspersky Next XDR Expert

Article ID: 271992, Last review: Dec 9, 2024

Page top