desc

Yes

The name of the node.

String value

type

Yes

The node type.

primary or worker

host

Yes

The IP address of the node. All nodes must be included in the same subnet.

IP address

kind

No

The node type that specifies the Kaspersky XDR Expert component that will be installed on this node. If the kind parameter of the node is set to admsrv, Administration Server will be installed on this node. If you want to install a DBMS on the node inside the cluster, set the kind parameter to db for the corresponding node. For other nodes, you can leave this parameter empty.

We recommend specifying this parameter for Kaspersky XDR Expert to work correctly.

admsrv or db

user

Yes

The username of the user account created on the target machine and used for connection to the node by KDT.

String value

key

Yes

The path to the private part of the SSH key located on the administrator machine and used for connection to the node by KDT.

String value

psql_dsn

Yes

The connection string for accessing the DBMS that is installed and configured on a separate server. 

Specify this parameter as follows: psql_dsn=postgres://<dbms_username>:<password>@<fqdn>:<port>.

dbms_username—The user name of a privileged internal DBMS account. This account is granted permissions to create databases and other DBMS accounts. By using this privileged DBMS account, the databases and other DBMS accounts required for the Kaspersky XDR Expert components will be created during the deployment. 

password—The password of the privileged internal DBMS account.

fqdn:port—The FQDN and connection port of a separate server on which the DBMS is installed.

If the psql_dsn parameter is set, the Kaspersky XDR Expert components use the DBMS located at the specified FQDN. Otherwise, the Kaspersky XDR Expert components use the DBMS inside the cluster.

We recommend installing a DBMS on a separate server outside the cluster.
After you deploy Kaspersky XDR Expert, changing the DBMS installed inside the cluster to a DBMS installed on a separate server is not available.

String value

nwc-language

Yes

The language of the KSMP Console interface specified by default. After installation, you can change the KSMP Console language.

enUS or ruRu

ipaddress

Yes

The reserved static IP address of the Kubernetes cluster gateway. The gateway must be included in the same subnet as all cluster nodes.

If you install the DBMS on a separate server, the gateway IP address must contain the subnet mask /32.

If you install the DBMS inside the cluster, set the gateway IP address to an IP range included the gateway IP address itself and the DBMS IP address.

IP address

ssh_pk

Yes

The path to the private part of the SSH key located on the administrator machine and used for connection to the node by KDT.

String value

sshKey

Yes

The path to the private part of the SSH key located on the administrator machine and used for connection to the nodes with the KUMA services (collectors, correlators and storages).

String value

kscpassword, adminPassword

Yes

The kscpassword and adminPassword parameters specify the password of the same Kaspersky XDR Expert user account that will be created by KDT during the installation. The default username of this account is "admin".

The Main administrator role is assigned to this user account.

The kscpassword and adminPassword parameter values must match.

The adminPassword parameter is used for uploading the KUMA license and out of the box resources.

The password must comply with the following rules:

• The user password cannot have less than 8 or more than 16 characters.
• The password must contain characters from at least three of the groups listed below:
  • Uppercase letters (A–Z)
  • Lowercase letters (a–z)
  • Numbers (0–9)
  • Special characters (@ # $ % ^ & * - _ ! + = [ ] { } | : ' , . ? / \ ` ~ " ( ) ;)

String value

lowResources

No

The parameter that indicates that KUMA is installed in an environment with limited computing resources. In this case, KUMA Core can be installed on a host that has 4 GB of free disk space. Enable this parameter if you perform the demonstration deployment.

true or false

coreDiskRequest

Yes

The parameter that specifies the amount of disk space for the operation of KUMA Core. This parameter is used only if the lowResources parameter is set to false. If the lowResources parameter is set to true, the coreDiskRequest parameter is ignored and 4 GB of the disk space for the operation of KUMA Core is allocated. If you do not specify the coreDiskRequest parameter and the lowResources parameter is set to false, the default amount of disk space for the operation of KUMA Core is allocated. The default amount of disk space is 512 GB.

String value

inventory

Yes

The path to the inventory file located on the administrator machine. The inventory file contains installation parameters for deployment of the KUMA services that are not included in the Kubernetes cluster.

String value

hostInventory

No

The path to the additional inventory file located on the administrator machine. This file contains the installation parameters used to partially add or remove hosts with the KUMA services.

If you perform an initial deployment of Kaspersky XDR Expert or you do not need to partially add or remove hosts with the KUMA services, set this parameter to /dev/null.

String value

license

Yes

The path to the KUMA license file.

String value

smp_domain

Yes

The domain name that is used in the addresses of the public Kaspersky XDR Expert services.

String value

pki_domain

Yes

The domain name for which a self-signed or custom certificate is to be generated. The pki_domain and smp_domain parameter values must match.

String value

iam-nwc_host, flow_host, hydra_host, login_host, admsrv_fqdn, console_fqdn, api_fqdn, kuma_fqdn, psql_fqdn, coreIngressHost, gateway_host, hydra_fqdn, IAMHydraServerPublicExternal

Yes

The addresses of the Kaspersky XDR Expert services. These addresses contain the domain name, which must match the smp_domain parameter value.

String value

pki_fqdn_list

Yes

The list of addresses of the public Kaspersky XDR Expert services for which a self-signed or custom certificate is to be generated. These addresses contain the domain name, which must match the smp_domain parameter value.

String value

KUMAUIURL

Yes

The address of KUMA Console. This address contains the domain name, which must match the smp_domain parameter value.

String value

webConsoleURL

Yes

The address of KSMP Console. This address contains the domain name, which must match the smp_domain parameter value.

String value

encrypt_secret, sign_secret

Yes

The names of the secret files that are stored in the Kuberneters cluster. These names contain the domain name, which must match the smp_domain parameter value.

String value

ksc_state_size

Yes

The amount of free disk space allocated to store the Administration Server data (updates, installation packages, and other internal service data).

String value

prometheus_size

Yes

The amount of free disk space allocated to store metrics. The recommend value is 10 GB. When the allocated disk space is full, the metrics will be overwritten.

String value

loki_size

Yes

The amount of free disk space allocated to store KSMP logs. The recommend value is 20 GB. When the allocated disk space is full, the logs will be overwritten.

String value

adminLogin

Yes

The adminLogin parameter specifies the username of the Kaspersky XDR Expert user account that will be created by KDT during the installation. This parameter is used for uploading of the KUMA resources.

The adminLogin and kumaLogin parameter values must match.

The default parameter value is "admin". Do not change the parameter value.

String value

psql_ns, psql_instance, kumaUrl, kumaLogin

Yes

The parameters for internal use. Do not change the parameter value.

String value