Environment Configuration
This page contains a list of environment variables that you'll configure during the installation process. Some of these are required and must be at hand when you install Garden Enterprise.
These values are provided via the Replicated admin console. You can edit the configuration at any time. If you modify the configuration, Garden Enterprise will be re-deployed with the new values.
The values are grouped into categories for convenience.
General Garden Enterprise settings.
The fully qualified domain name for Garden Enterprise. This should point to the load balancer / ingress controller that exposes the Garden Enterprise cluster.
Type | Required | Default |
|---|---|---|
Text | Yes | |
The Kubernetes version of the cluster where Garden Enterprise is deployed.
Type | Required | Default | Options |
|---|---|---|---|
Select One | No | <1.22 | <1.22 >=1.22 |
Optionally specify the name of the Kubernetes Secret to use as your TLS certificate. Only required if you're doing SSL termination at the ingress controller level. Note that the secret must be in the same namespace as the Garden Enterprise services (defaults to 'garden-enterprise') and that you must manage it yourself. If you use this field, we recommend creating the namespace and the secret prior to installing Garden Enterprise.
Type | Required | Default |
|---|---|---|
Text | No | |
The log level for the Garden Enterprise system loggers.
Type | Required | Default | Options |
|---|---|---|---|
Select One | No | warn | Error Warn Info HTTP Verbose Debug Silly |
Number of replicas for the API service.
Type | Required | Default |
|---|---|---|
Text | No | 1 |
Check this box if you want Garden Enterprise to automatically install an Nginx ingress controller for the cluster. The ingress controller is installed either as a DaemonSet or a Deployment with a Load Balancer service in the main Garden Enterprise namespace. Leave this unchecked if you want to manage your own ingress controller(s).
Type | Required | Default |
|---|---|---|
Boolean | No | 0 |
This field is only required if Automatically Install Ingress Controller is
1.If you want to manage your own load balancer on your cloud provider choose the daemonset option. This option does not create a load balancer, but opens port 80 on each node. If you want a load balancer created and managed for you by the nginx ingress controller, choose the load balancer service option.
Type | Required | Default | Options |
|---|---|---|---|
Select One | No | install_ingress_controller_daemonset | Install Ingress Controller with a Load Balancer Service Install Ingress Controller as a DaemonSet listening on HostPorts. |
This field is only required if Automatically Install Ingress Controller is
1.The value for the 'kubernetes.io/ingress.class' Pod annotation. You only need to specify a different value than the default if you have multiple instances of the nginx ingress controller and the default value conflicts with existing annotations.
Type | Required | Default |
|---|---|---|
Text | No | nginx |
This field is only required if Automatically Install Ingress Controller is
0.The value for the 'kubernetes.io/ingress.class' Pod annotation.
Type | Required | Default |
|---|---|---|
Text | No | |
Here you can add optional additional Ingress annotations for the Ingress resource. Add one annotation per line. For example: 'appgw.ingress.kubernetes.io/appgw-ssl-certificate: mysslcert'.
Type | Required | Default |
|---|---|---|
| No | |
Optionally specify node selectors for the Garden Enterprise services. The value provided must be a string of key-value pairs where the pairs are separated by a ';' and the key and value by a '='. For example: 'app=garden-enterprise;disktype=ssd'.
Type | Required | Default |
|---|---|---|
| No | |
Please select the container runtime in use in your cluster. If your Kubernetes cluster is managed by GCP, AWS, or Azure, and your Kubernete version is less than 1.19, this is typically docker (unless you've configured things otherwise). For versions 1.19 or greater, this will be containerd or another CRI compatible container runtime.
Type | Required | Default | Options |
|---|---|---|---|
Select One | No | docker | Containerd Docker |
Configuration for the workflows runner.
The namespace in which workflow pods run on VCS events. Must be different from the namespace the other Garden Enterprise services run in.
Type | Required | Default |
|---|---|---|
Text | No | garden-workflows |
The CLI log level used when running triggered workflows.
Type | Required | Default | Options |
|---|---|---|---|
Select One | No | debug | Error Warn Info Verbose Debug Silly |
Configuration for the Hashicop Vault secrets backend.
The name of your KMS provider. This and the values below are used for auto-unsealing Vault during the installation process.
Type | Required | Default | Options |
|---|---|---|---|
Select One | No | gcp | Azure AWS GCP |
This field is only required if KMS Provider is
azure.Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if KMS Provider is
azure.Type | Required | Default |
|---|---|---|
Password | Yes | |
This field is only required if KMS Provider is
azure.Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if KMS Provider is
azure.Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if KMS Provider is
azure.Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if KMS Provider is
aws.The region where the KMS key was created.
Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if KMS Provider is
aws.The Access Key ID of the principal attached to the KMS Key.
Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if KMS Provider is
aws.The Secret Access Key of the principal attached to the KMS Key.
Type | Required | Default |
|---|---|---|
Password | Yes | |
This field is only required if KMS Provider is
aws.The ID of KMS key.
Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if KMS Provider is
gcp.Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if KMS Provider is
gcp.Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if KMS Provider is
gcp.Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if KMS Provider is
gcp.Type | Required | Default |
|---|---|---|
Text | Yes | |
The ID of the Vault AppRole configured for the Vault server/cluster. If you're using the Vault instance that's bundled with Garden Enterprise, you will need to initialize Vault to retreive this.
Type | Required | Default |
|---|---|---|
Password | No | |
The ID of the secret issued against the Vault AppRole. If you're using the Vault instance that's bundled with Garden Enterprise, you will need to initialize Vault to retreive this value.
Type | Required | Default |
|---|---|---|
Password | No | |
Configuration for SSO using the SAML protocol.
Check this box if you want to enable SSO.
Type | Required | Default |
|---|---|---|
Boolean | No | 0 |
This field is only required if Enable SSO is
1.Your SSO certificate. Metadata must be stripped out and it must be in one line.
Type | Required | Default |
|---|---|---|
Password | Yes | |
This field is only required if Enable SSO is
1.The full URL to your identity provider's authentication endpoint.
Type | Required | Default |
|---|---|---|
Text | Yes | |
Configuration for the VCS integration
Your VCS provider. Used for authentication, importing projects, and optionally for running workflows on VCS events
Type | Required | Default | Options |
|---|---|---|---|
Select One | No | github | GitHub Gitlab |
This field is only required if VCS Provider is
github.The GitHub Distribution currently in use
Type | Required | Default | Options |
|---|---|---|---|
Select One | No | github-com | GitHub.com GitHub Enterprise Server GitHub Enterprise Cloud |
This field is only required if VCS Provider is
github.The GitHub instance hostname: e.g. "github.your-domain.com". Defaults to "github.com".
Type | Required | Default |
|---|---|---|
Text | Yes | github.com |
This field is only required if VCS Provider is
github.The GitHub App's App ID. You'll find this on the GitHub App's settings page.
Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if VCS Provider is
github.The GitHub App's client ID. You'll find this on the GitHub App's settings page.
Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if VCS Provider is
github.The GitHub App's client secret. You'll find this on the GitHub App's settings page.
Type | Required | Default |
|---|---|---|
Text | No | |
This field is only required if VCS Provider is
github.The webhook secret for the GitHub App. You can set this on the GitHub App's settings page.
Type | Required | Default |
|---|---|---|
Password | Yes | |
This field is only required if VCS Provider is
github.Turn on debug logs for the GitHub Api client.
Type | Required | Default |
|---|---|---|
Boolean | No | 0 |
This field is only required if VCS Provider is
github.The GitHub App's private key. You generate a private from the GitHub App's settings page.
Type | Required | Default |
|---|---|---|
File | Yes | |
This field is only required if VCS Provider is
gitlab.The hostname of your GitLab instance. If you're using hosted GitLab, this is simply gitlab.com.
Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if VCS Provider is
gitlab.The Application ID for the GitLab OAuth App that's used for authenticating users with Garden Enterprise.
Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if VCS Provider is
gitlab.The Application Secret for the GitLab OAuth App that's used for authenticating users with Garden Enterprise.
Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if VCS Provider is
gitlab.The access token for the GitLab user account that is used to interact with the GitLab API.
Type | Required | Default |
|---|---|---|
Text | Yes | |
This field is only required if VCS Provider is
gitlab.A user generated secret value that is used when creating and validating webhooks from GitLab.
Type | Required | Default |
|---|---|---|
Password | Yes | |
Configuration for the PostgreSQL database.
The hostname of the PostgreSQL database. This and the other database values below are used to connect to the PostgreSQL instance from the API service.
Type | Required | Default |
|---|---|---|
Text | Yes | |
The port the PostgreSQL database listens on.
Type | Required | Default |
|---|---|---|
Text | Yes | 5432 |
The PostgreSQL user name.
Type | Required | Default |
|---|---|---|
Text | Yes | |
The PostgreSQL database name.
Type | Required | Default |
|---|---|---|
Text | Yes | |
The PostgreSQL password.
Type | Required | Default |
|---|---|---|
Password | Yes | |
Select "Require" if your database connection is over SSL, otherwise "Disable".
Type | Required | Default | Options |
|---|---|---|---|
Select One | No | disable | Disable Require |
Required database seed data
The name of the first admin user that gets created on initialization
Type | Required | Default |
|---|---|---|
Text | Yes | |
The GitHub/GitLab username of the first admin user that gets created on initialization, depending on which VCS provider you're using. For GitHub, this is generally a username, not an email address, and is displayed when you click the profile image in the top right corner of the GitHb web UI. You can also find this one the admin users's GitHub profile page. For GitLab, this is the email address you use to log into GitLab.
Type | Required | Default |
|---|---|---|
Text | Yes | |
The name of the organization. Must be a valid RFC1035/RFC1123 (DNS) label (may contain lowercase letters, numbers and dashes, must start with a letter, and cannot end with a dash) and must not be longer than 63 characters.
Type | Required | Default |
|---|---|---|
Text | Yes | |
Configuration for the Grafana dashboard.
Check this box if you want Garden Enterprise to automatically install a Grafana metrics dashboard. The Grafana dashboard will be installed in the main Garden Enterprise namespace. Note that Grafana requires a datasource such as Prometheus. You can choose to let Garden Entprise install Prometheus below or alternatively install your own Grafana datasource.
Type | Required | Default |
|---|---|---|
Boolean | No | 0 |
This field is only required if Install Grafana is
1.Check this box if you want to enable access to the Grafana metrics dashboard from outside the cluster. An ingress will be created with the public hostname you enter below.
Type | Required | Default |
|---|---|---|
Boolean | No | 0 |
This field is only required if Enable Ingress for Grafana is
1.Public hostname for the Grafana metrics dashboard. If you don't want to publicly expose Grafana, uncheck the "Enable Ingress for Grafana" checkbox above.
Type | Required | Default |
|---|---|---|
Text | No | |
This field is only required if Install Grafana is
1.The admin password to the Grafana dashboard. You'll need this when first logging in.
Type | Required | Default |
|---|---|---|
Password | No | |
Configuration for the Kibana logs dashboard.
Check this box if you want Garden Enterprise to automatically install a Kibana logs dashboard. The Kibana dashboard will be installed in the main Garden Enterprise namespace.
Type | Required | Default |
|---|---|---|
Boolean | No | 0 |
This field is only required if Install Kibana is
1.