Environment Configuration
This page contains a list of environment variables that you'll configure during the installation process. Some of these are required and must be at hand when you install Garden Enterprise.
These values are provided via the Replicated admin console. You can edit the configuration at any time. If you modify the configuration, Garden Enterprise will be re-deployed with the new values.
The values are grouped into categories for convenience.
General Settings
General Garden Enterprise settings.
Main Garden Enterprise Hostname
The fully qualified domain name for Garden Enterprise. This should point to the load balancer / ingress controller that exposes the Garden Enterprise cluster.
Text
Yes
Kubernetes Version
The Kubernetes version of the cluster where Garden Enterprise is deployed.
Select One
No
<1.22
<1.22 >=1.22
TLS Secret
Optionally specify the name of the Kubernetes Secret to use as your TLS certificate. Only required if you're doing SSL termination at the ingress controller level. Note that the secret must be in the same namespace as the Garden Enterprise services (defaults to 'garden-enterprise') and that you must manage it yourself. If you use this field, we recommend creating the namespace and the secret prior to installing Garden Enterprise.
Text
No
Log Level
The log level for the Garden Enterprise system loggers.
Select One
No
warn
Error Warn Info HTTP Verbose Debug Silly
API Replica Count
Number of replicas for the API service.
Text
No
1
Automatically Install Ingress Controller
Check this box if you want Garden Enterprise to automatically install an Nginx ingress controller for the cluster. The ingress controller is installed either as a DaemonSet or a Deployment with a Load Balancer service in the main Garden Enterprise namespace. Leave this unchecked if you want to manage your own ingress controller(s).
Boolean
No
0
Install Ingress Controller with a Load Balancer service or as a DaemonSet with HostPorts.
If you want to manage your own load balancer on your cloud provider choose the daemonset option. This option does not create a load balancer, but opens port 80 on each node. If you want a load balancer created and managed for you by the nginx ingress controller, choose the load balancer service option.
Select One
No
install_ingress_controller_daemonset
Install Ingress Controller with a Load Balancer Service Install Ingress Controller as a DaemonSet listening on HostPorts.
IngressClass Pod Annotation
The value for the 'kubernetes.io/ingress.class' Pod annotation. You only need to specify a different value than the default if you have multiple instances of the nginx ingress controller and the default value conflicts with existing annotations.
Text
No
nginx
IngressClass Pod Annotation
The value for the 'kubernetes.io/ingress.class' Pod annotation.
Text
No
Additional Ingress Annotations
Here you can add optional additional Ingress annotations for the Ingress resource. Add one annotation per line. For example: 'appgw.ingress.kubernetes.io/appgw-ssl-certificate: mysslcert'.
No
Node Selectors
Optionally specify node selectors for the Garden Enterprise services. The value provided must be a string of key-value pairs where the pairs are separated by a ';' and the key and value by a '='. For example: 'app=garden-enterprise;disktype=ssd'.
No
Container Runtime
Please select the container runtime in use in your cluster. If your Kubernetes cluster is managed by GCP, AWS, or Azure, and your Kubernete version is less than 1.19, this is typically docker (unless you've configured things otherwise). For versions 1.19 or greater, this will be containerd or another CRI compatible container runtime.
Select One
No
docker
Containerd Docker
Workflow Runner Config
Configuration for the workflows runner.
Workflow Namespace
The namespace in which workflow pods run on VCS events. Must be different from the namespace the other Garden Enterprise services run in.
Text
No
garden-workflows
Workflow Runner Log Level
The CLI log level used when running triggered workflows.
Select One
No
debug
Error Warn Info Verbose Debug Silly
Vault Config
Configuration for the Hashicorp Vault secrets backend.
KMS Provider
The name of your KMS provider. This and the values below are used for auto-unsealing Vault during the installation process.
Select One
No
gcp
Azure AWS GCP
Azure Application Client Id
Text
Yes
Azure Application Client Secret
Password
Yes
Azure Account Tenant Id
Text
Yes
Azure Vault Name
Text
Yes
Azure Key Name
Text
Yes
AWS Region
The region where the KMS key was created.
Text
Yes
AWS Access Key ID
The Access Key ID of the principal attached to the KMS Key.
Text
Yes
AWS Secret Access Key
The Secret Access Key of the principal attached to the KMS Key.
Password
Yes
AWS KMS ID
The ID of KMS key.
Text
Yes
GCP Region
Text
Yes
GCP Project
Text
Yes
GCP Key Ring
Text
Yes
GCP Crypto Key
Text
Yes
Vault AppRole RoleID
The ID of the Vault AppRole configured for the Vault server/cluster. If you're using the Vault instance that's bundled with Garden Enterprise, you will need to initialize Vault to retrieve this.
Password
No
Vault App Role Secret ID
The ID of the secret issued against the Vault AppRole. If you're using the Vault instance that's bundled with Garden Enterprise, you will need to initialize Vault to retrieve this value.
Password
No
SSO via SAML
Configuration for SSO using the SAML protocol.
Enable SSO
Check this box if you want to enable SSO.
Boolean
No
0
SSO certificate.
Your SSO certificate. Metadata must be stripped out and it must be in one line.
Password
Yes
SSO Entry Point.
The full URL to your identity provider's authentication endpoint.
Text
Yes
VCS Config
Configuration for the VCS integration
VCS Provider
Your VCS provider. Used for authentication, importing projects, and optionally for running workflows on VCS events
Select One
No
github
GitHub Gitlab
GitHub Distribution
The GitHub Distribution currently in use
Select One
No
github-com
GitHub.com GitHub Enterprise Server GitHub Enterprise Cloud
GitHub Instance Hostname
The GitHub instance hostname: e.g. "github.your-domain.com". Defaults to "github.com".
Text
Yes
github.com
GitHub App ID
The GitHub App's App ID. You'll find this on the GitHub App's settings page.
Text
Yes
GitHub App Client ID
The GitHub App's client ID. You'll find this on the GitHub App's settings page.
Text
Yes
GitHub App Client Secret
The GitHub App's client secret. You'll find this on the GitHub App's settings page.
Text
No
GitHub App Webhook Secret
The webhook secret for the GitHub App. You can set this on the GitHub App's settings page.
Password
Yes
Turn debugging on for GitHub Api client
Turn on debug logs for the GitHub Api client.
Boolean
No
0
GitHub Private Key
The GitHub App's private key. You generate a private from the GitHub App's settings page.
File
Yes
Gitlab Instance Hostname
The hostname of your GitLab instance. If you're using hosted GitLab, this is simply gitlab.com.
Text
Yes
Gitlab App ID
The Application ID for the GitLab OAuth App that's used for authenticating users with Garden Enterprise.
Text
Yes
Gitlab App Secret
The Application Secret for the GitLab OAuth App that's used for authenticating users with Garden Enterprise.
Text
Yes
Gitlab Access Token
The access token for the GitLab user account that is used to interact with the GitLab API.
Text
Yes
Gitlab Webhooks Secret
A user generated secret value that is used when creating and validating webhooks from GitLab.
Password
Yes
Database Config
Configuration for the PostgreSQL database.
Database Hostname
The hostname of the PostgreSQL database. This and the other database values below are used to connect to the PostgreSQL instance from the API service.
Text
Yes
Database Port
The port the PostgreSQL database listens on.
Text
Yes
5432
Database user name
The PostgreSQL user name.
Text
Yes
Database name
The PostgreSQL database name.
Text
Yes
Database Password
The PostgreSQL password.
Password
Yes
SSL Mode
Select "Require" if your database connection is over SSL, otherwise "Disable".
Select One
No
disable
Disable Require
Seed data
Required database seed data
Username
The name of the first admin user that gets created on initialization
Text
Yes
GitHub / GitLab username
The GitHub/GitLab username of the first admin user that gets created on initialization, depending on which VCS provider you're using. For GitHub, this is generally a username, not an email address, and is displayed when you click the profile image in the top right corner of the GitHb web UI. You can also find this one the admin users's GitHub profile page. For GitLab, this is the email address you use to log into GitLab.
Text
Yes
Organization name
The name of the organization. Must be a valid RFC1035/RFC1123 (DNS) label (may contain lowercase letters, numbers and dashes, must start with a letter, and cannot end with a dash) and must not be longer than 63 characters.
Text
Yes
Grafana Config
Configuration for the Grafana dashboard.
Install Grafana
Check this box if you want Garden Enterprise to automatically install a Grafana metrics dashboard. The Grafana dashboard will be installed in the main Garden Enterprise namespace. Note that Grafana requires a datasource such as Prometheus. You can choose to let Garden Enterprise install Prometheus below or alternatively install your own Grafana datasource.
Boolean
No
0
Enable Ingress for Grafana
Check this box if you want to enable access to the Grafana metrics dashboard from outside the cluster. An ingress will be created with the public hostname you enter below.
Boolean
No
0
Public Hostname for Grafana
Public hostname for the Grafana metrics dashboard. If you don't want to publicly expose Grafana, uncheck the "Enable Ingress for Grafana" checkbox above.
Text
No
Grafana Admin Password
The admin password to the Grafana dashboard. You'll need this when first logging in.
Password
No
Kibana Config
Configuration for the Kibana logs dashboard.
Install Kibana
Check this box if you want Garden Enterprise to automatically install a Kibana logs dashboard. The Kibana dashboard will be installed in the main Garden Enterprise namespace.
Boolean
No
0
Enable Ingress for Kibana
Check this box if you want to enable access to the Kibana logs dashboard from outside the cluster. An ingress will be created with the public hostname you enter below.
Boolean
No
0
Public Hostname for Kibana
Public URL for the Kibana logs dashboard. If you don't want to publicly expose Kibana, uncheck the "Enable Ingress for Kibana" checkbox above. | Type | Required | Default | | -------- | -------- | ----------- | | Text | No |
Prometheus Config
Configuration for Prometheus Server.
Install Prometheus
Check this box if you want Garden Enterprise to automatically install a Prometheus metrics server. The Prometheus server will be installed in the main Garden Enterprise namespace.
Boolean
No
0
Fluentd Config
Configuration for Fluentd.
Install Fluentd
Check this box if you want Garden Enterprise to automatically install the Fluentd logs collector. Fluentd will be installed in the main Garden Enterprise namespace. Note that Fluentd expects to find an Elasticsearch host at 'elasticsearch-master.garden-enterprise'
Boolean
No
0
Elasticsearch Config
Configuration for Elasticsearch.
Install Elasticsearch
Check this box if you want Garden Enterprise to automatically install an Elasticsearch search engine for logs. Elasticsearch will be installed in the main Garden Enterprise namespace.
Boolean
No
0
JWT Certificates
Keys used to sign and verify JSON Web Tokens.
JWT Private Key
The private key used to sign JSON Web Tokens.
File
Yes
JWT Public Key
The public key used to verify JSON Web Tokens.
File
Yes
CRON Job Settings
Settings for maintenance and automatic environment cleanup CRON jobs.
In-Cluster Auth Token
A random, user-generated token that's used for authenticating maintenance and cleanup CronJobs against the API service.
Password
Yes
Experimental Features
Use the checkboxes below to enable certain experimental features.
Last updated
Was this helpful?