Multi-node deployment: Specifying the installation parameters

Deployment of Kaspersky Next XDR Expert > Preparation work and deployment > Multi-node deployment: Specifying the installation parameters

Multi-node deployment: Specifying the installation parameters

Expand all | Collapse all

The configuration file is a file in the YAML format and contains a set of installation parameters for the Kaspersky Next XDR Expert components.

The installation parameters listed in the tables below are required for the multi-node deployment of Kaspersky Next XDR Expert. To deploy Kaspersky Next XDR Expert on a single node, use the configuration file that contains the installation parameters specific for the single-node deployment.

The template of the configuration file (multinode.smp_param.yaml.template) is located in the distribution package in the archive with the KDT utility. You can fill out the configuration file template manually; or use the Configuration wizard to specify the installation parameters that are required for the Kaspersky Next XDR Expert deployment, and then generate the configuration file.

Not all of the parameters listed below are included in the configuration file template. This template contains only those parameters that must be specified before Kaspersky Next XDR Expert deployment. Remaining parameters are set to default values, and they are not included in the template. You can manually add these parameters to the configuration file to override its values.

For correct function of KDT with the configuration file, add an empty line at the end of the file.

The nodes section of the configuration file contains installation parameters for each target host of the Kubernetes cluster. These parameters are listed in the table below.

Nodes section

Parameter name	Required	Description
`desc`	Yes	The name of the node. The node name must comply with the following rules: The node name must be 1 to 63 characters long. The node name can only contain ASCII letters 'a' to 'z' (in either upper or lower-case), the digits '0' to '9', and the hyphen ('-').
`type`	Yes	The node type. Possible parameter values: `primary` `worker`
`host`	Yes	The IP address of the node. All nodes must be included in the same subnet.
`kind`	No	The node type that specifies the Kaspersky Next XDR Expert component that will be installed on this node. Possible parameter values: `admsrv`—The value for the node on which Administration Server will be installed. `db`—The value for the node on which the DBMS will be installed. It is used if you want to install the DBMS on the node inside the cluster (not for standard usage of the solution, only for demonstration purposes). For Kaspersky Next XDR Expert to work correctly, we recommend that you select the node on which Administration Server will work. Also, you can select the node on which you want to install the DBMS. Specify the appropriate values of the `kind` parameter for these nodes. Do not specify this parameter for other nodes.
`user`	Yes	The user name of the account created on the target host and used for connection to the node by KDT. The user name must comply with the following rules: The user name must be 1 to 31 characters long. The user name can contain letters ('a' to 'z'), digits ('0' to '9'), underscores ('_'), and hyphens ('-').
`key`	Yes	The path to the private part of the SSH key located on the administrator host and used for connection to the node by KDT.

Other installation parameters are listed in the parameters section of the configuration file and are described in the table below.

Parameters section

Parameter name	Required	Description
`psql_dsn`	Yes	The connection string for accessing the DBMS that is installed and configured on a separate server. Specify this parameter as follows: `psql_dsn=postgres://<dbms_username>:<password>@<fqdn>:<port>`. `dbms_username`—The user name of a privileged internal DBMS account. This account is granted permissions to create databases and other DBMS accounts. By using this privileged DBMS account, the databases and other DBMS accounts required for the Kaspersky Next XDR Expert components will be created during the deployment. `password`—The password of the privileged internal DBMS account. The password must not contain the following symbols: " = ' % @ & ? _ # `fqdn:port`—The FQDN and connection port of a separate server on which the DBMS is installed. The `psql_dsn` parameter value must comply with the URI format. If the connection URI includes symbols with special meaning in any of its parts, it must be encoded with percent-encoding. Symbols that must be replaced in the `psql_dsn` parameter value: Whitespace → `%20` `%` → `%25` `&` → `%26` `/` → `%2F` `:` → `%3A` `=` → `%3D` `?` → `%3F` `@` → `%40` `[` → `%5B` `]` → `%5D` Refer to the PostgreSQL connection string article for details. If the `psql_dsn` parameter is set, the Kaspersky Next XDR Expert components use the DBMS located at the specified FQDN. Otherwise, the Kaspersky Next XDR Expert components use the DBMS inside the cluster (only for demonstration purposes). For standard usage of the solution, install a DBMS on a separate server outside the cluster. After you deploy Kaspersky Next XDR Expert, changing the DBMS installed inside the cluster to a DBMS installed on a separate server is not available.
`nwc-language`	Yes	The language of the OSMP Console interface specified by default. After installation, you can change the OSMP Console language. Possible parameter values: `enUS` `ruRu`
`ip_address`	Yes	The reserved static IP address of the Kubernetes cluster gateway. The gateway must be included in the same subnet as all cluster nodes. For standard usage of the solution, when you install the DBMS on a separate server, specify the gateway IP address as an IP address in CIDR notation that contains the subnet mask /32. For demonstration purposes, when you install the DBMS inside the cluster, set the gateway IP address to an IP range in the format `0.0.0.0-0.0.0.0`, where the first IP address of the range is the gateway IP address and the second IP address of the range is the DBMS IP address.
`ssh_pk`	Yes	The path to the private part of the SSH key located on the administrator host and used for connection to the cluster nodes and nodes with the KUMA services (collectors, correlators, and storages) by using KDT.
`admin_password`	Yes	The `admin_password` parameter specifies the password of the Kaspersky Next XDR Expert user account that will be created by KDT during the installation. The default username of this account is "admin". The Main administrator role is assigned to this user account. The password must comply with the following rules: The user password cannot have fewer than 8 or more than 256 characters. The password must contain characters from at least three of the groups listed below: Uppercase letters (A–Z) Lowercase letters (a–z) Numbers (0–9) Special characters (@ # $ % ^ & * - _ ! + = [ ] { } \| : ' , . ? / \ ` ~ " ( ) ;) The password must not contain any whitespaces, Unicode characters, or the ".@" combination. When you specify the `admin_password` parameter value manually (not by the Configuration wizard), make sure that this value meets the YAML standard requirements for values in strings: The parameter value containing special characters must be enclosed in single quotes. Any single quote ' inside the parameter value must be doubled to escape this single quote. Example: the user account password `Any_pass%1234'5678"90` must be specified as the value `'Any_pass%1234''5678"90'` of the `admin_password` parameter.
`low_resources`	No	The parameter indicating that Kaspersky Next XDR Expert is installed on the target host with limited computing resources. Set the `low_resources` parameter to `false` for multi-node deployment. The default value is `false`. Possible parameter values: `true`—Installation with limited computing resources (for single-node deployment). `false`—Standard installation.
`core_disk_request`	Yes	The parameter that specifies the amount of disk space for the operation of KUMA Core. This parameter is used only if the `low_resources` parameter is set to `false`. If the `low_resources` parameter is set to `true`, the `core_disk_request` parameter is ignored and 4 GB of the disk space for the operation of KUMA Core is allocated. If you do not specify the `core_disk_request` parameter and the `low_resources` parameter is set to `false`, the default amount of disk space for the operation of KUMA Core is allocated. The default amount of disk space is 512 GB.
`inventory`	Yes	The path to the KUMA inventory file located on the administrator host. The inventory file contains the installation parameters for deployment of the KUMA services that are not included in the Kubernetes cluster.
`host_inventory`	No	The path to the additional KUMA inventory file located on the administrator host. This file contains the installation parameters used to partially add or remove hosts with the KUMA services. If you perform an initial deployment of Kaspersky Next XDR Expert or run a custom action that requires configuration file, leave the default parameter value (`/dev/null`).
`license`	Yes	The path to the license key of KUMA Core.
`iam-nwc_host` `flow_host` `hydra_host` `login_host` `admsrv_host` `console_host` `api_host` `kuma_host` `psql_host` `monitoring_host` `gateway_host`	Yes	The host name that is used in the FQDNs of the public Kaspersky Next XDR Expert services. The service host name and domain name (the `smp_domain` parameter value) are parts of the service FQDN. Default values of the parameters: `iam-nwc_host—"console"` `flow_host—"console"` `hydra_host—"console"` `login_host—"console"` `admsrv_host—"admsrv"` `console_host—"console"` `api_host—"api"` `kuma_host—"kuma"` `psql_host—"psql"` `monitoring_host—"monitoring"` `gateway_host—"console"`
`smp_domain`	Yes	The domain name that is used in the FQDNs of the public Kaspersky Next XDR Expert services. The service host name and domain name are parts of the service FQDN. For example, if the value of the `console_host` variable is `osmp_console`, and the value of the `smp_domain` variable is `smp.local`, then the FQDN of the service that provides access to the OSMP Console is `osmp_console.smp.local`.
`pki_host_list`	Yes	The list of host names of the public Kaspersky Next XDR Expert services for which a self-signed or custom certificate is to be generated.
`intermediate_enabled`	No	The parameter that indicates whether to use the custom intermediate certificate instead of the self-signed certificates for the public Kaspersky Next XDR Expert services. The default value is `true`. Possible parameter values: `true`—Use custom intermediate certificate. `false`—Use self-signed certificates.
`intermediate_bundle`	No	The path to the custom intermediate certificate used to work with public Kaspersky Next XDR Expert services. Specify this parameter if the `intermediate_enabled` parameter is set to `true`.
`admsrv_bundle` `api_bundle` `console_bundle` `psql_bundle`	No	The paths to the custom leaf certificates used to work with the public Kaspersky Next XDR Expert services: `<admsrv_host>.<smp_domain>`, `<api_host>.<smp_domain>`, `<console_host>.<smp_domain>`, `<psql_host>.<smp_domain>`. Specify the `psql_bundle` parameter only if you perform the demonstration deployment and install the DBMS inside the Kubernetes cluster on the DBMS node. If you want to specify the leaf custom certificates, set the `intermediate_enabled` parameter to `false` and do not specify the `intermediate_bundle` parameter.
`encrypt_secret` `sign_secret`	Yes	The names of the secret files that are stored in the Kubernetes cluster. These names contain the domain name, which must match the `smp_domain` parameter value.
`ksc_state_size`	Yes	The amount of free disk space allocated to store the Administration Server data (updates, installation packages, and other internal service data). Measured in gigabytes, specified as "<amount>Gi". The required amount of free disk space depends on the number of managed devices and other parameters, and can be calculated. The minimum recommended value is 10 GB.
`prometheus_size`	Yes	The amount of free disk space allocated to store metrics. Measured in gigabytes, specified as "<amount>GB". The minimum recommended value is 5 GB.
`grafana_admin_user`	No	The username of the account used to view OSMP metrics through the Grafana tool.
`grafana_admin_password`	No	The password of the account used to view OSMP metrics through the Grafana tool.
`loki_size`	Yes	The amount of free disk space allocated to store OSMP logs. Measured in gigabytes, specified as "<amount>Gi". The minimum recommended value is 20 GB.
`loki_retention_period`	Yes	The storage period of OSMP logs after which logs are automatically removed. The default value is 72 hours (set the parameter value in the configuration file as "<time in hours>h". For example, "72h").
`file_storage_cp`	No	The amount of free disk space allocated to store data of the component for working with response actions. Measured in gigabytes, specified as "<amount>Gi". The minimum recommended value is 20 GB.
`psql_tls_off`	No	The parameter that indicates whether to encrypt the traffic between the Kaspersky Next XDR Expert components and the DBMS by using the TLS protocol. If the DBMS is installed outside the cluster, TLS encryption is disabled by default. If the DBMS is installed inside the cluster (not for standard usage of the solution, only for demonstration purposes), TLS encryption must be disabled. Possible parameter values: `true`—Do not encrypt the traffic (default value). `false`—Encrypt the traffic.
`psql_trusted_cas`	No	The path to the PEM file that can contain the TLS certificate of the DBMS server or a root certificate from which the TLS server certificate can be issued. Specify the `psql_trusted_cas` parameter if the DBMS will be installed and configured on a separate server and the traffic encryption is enabled (`psql_tls_off` is set to `false`).
`psql_client_certificate`	No	The path to the PEM file that contains a certificate and a private key of the Kaspersky Next XDR Expert component. This certificate is used to establish the TLS connection between the Kaspersky Next XDR Expert components and the DBMS. Specify the `psql_client_certificate` parameter if the DBMS will be installed and configured on a separate server, and traffic encryption is enabled (`psql_tls_off` is set to `false`).
`proxy_enabled`	No	The parameter that indicates whether to use the proxy server to connect the Kaspersky Next XDR Expert components to the internet. If the host on which Kaspersky Next XDR Expert is installed has internet access, you can also provide internet access for the operation of Kaspersky Next XDR Expert components (for example, Administration Server) and for specific integrations, both Kaspersky and third-party. To establish the proxy connection, you must also specify the proxy server parameters in the Administration Server properties. The default value is `false`. Possible parameter values: `true`—Proxy server is used. `false`—Proxy server is not used.
`proxy_addresses`	No	The IP address of the proxy server. If the proxy server uses multiple IP addresses, specify these addresses separated by a space (for example, "`0.0.0.0` `0.0.0.1` `0.0.0.2`"). Specify this parameter if the `proxy_enabled` parameter is set to `true`.
`proxy_port`	No	The number of the port through which the proxy connection will be established. Specify this parameter if the `proxy_enabled` parameter is set to `true`.
`ansible_extra_flags`	No	The verbosity level of logs of the KUMA Core and KUMA services deployment that is performed by KDT. Possible parameter values: `-v` `-vv` `-vvv` `-vvvv` As the number of "v" letters in the flag increases, logs become more detailed. If this parameter is not specified in the configuration file, the standard component installation logs are saved.
`incident_attachments_max_count_limit`	No	The number of files that you can attach to the incident. The default value is `100`.
`incident_attachments_max_size_limit`	No	The total size of files attached to the incident. Measured in bytes. Specified without units of measurement. The default value is `26214400`.
`ignore_precheck`	No	The parameter indicating whether to check the hardware, software, and network configuration of the Kubernetes cluster nodes for compliance with the prerequisites for installing the solution before the deployment. The default value is `false`. Possible parameter values: `true`—Skip the pre-checks. `false`—Perform the pre-checks.

Sample of the configuration file for the multi-node deployment of Kaspersky Next XDR Expert

Article ID: 249240, Last review: Apr 14, 2025

Page top