Specifying the installation parameters

Deployment of Kaspersky Next XDR Expert > Demonstration deployment of Kaspersky Next XDR Expert > Specifying the installation parameters

Specifying the installation parameters

Expand all | Collapse all

The template of the configuration file (singlenode.smp_param.yaml.template) is located in the distribution package in the archive with the KDT utility.

Use the demonstration deployment of Kaspersky Next XDR Expert (in which the DBMS is installed into the Kubernetes cluster) only to get acquainted the solution. We do not recommend using this approach to solve standard work tasks. For standard usage, perform a multi-node or single-node deployment.

Not all of the parameters listed below are included in the configuration file template. This template contains only those parameters that must be specified before Kaspersky Next XDR Expert deployment. The remaining parameters are set to default values, and they are not included in the template. You can manually add these parameters to the configuration file to override its values.

For correct function of KDT with the configuration file, add an empty line at the end of the file.

The nodes section of the configuration file contains the target host parameters that are listed in the table below.

Nodes section

Parameter name	Required	Description
`desc`	Yes	The node name. The value must comply with the following rules: The node name must be 1 to 63 characters long. The node name can contain the following characters: Uppercase ASCII letters (A–Z) Lowercase ASCII letters (a–z) Numbers (0–9) Hyphen (-)
`type`	Yes	The node type. For the target host, set the `type` parameter to `primary-worker` to enable the demonstration deployment on a single node. In this case, the target host will act as the primary and worker nodes.
`host`	Yes	The IP address of the node. The primary worker node must be included in the same subnet as the Kubernetes cluster gateway.
`kind`	No	The node kind that specifies the Kaspersky Next XDR Expert component that will be installed on this node. For the single-node demonstration deployment, leave this parameter empty, because all components will be installed on a single node.
`user`	Yes	The user name of the account created on the target host and used for connection to the node by KDT. The value must comply with the following rules: The user name must be 1 to 31 characters long. The user name can contain the following characters: Lowercase letters (a–z) Numbers (0–9) Underscore (_), hyphen (-)
`password`	No	The password for connecting to the node, which can be used instead of the SSH key.
`key`	Yes	The path to the private part of the SSH key located on the administrator host and used for connection to the node by KDT. The parameter value must be a Linux file path or Base64-encoded file content. Also the value must match the `ssh_pk` parameter value. We recommend using the SSH key to establish a connection with the node.

Other installation parameters are listed in the parameters section of the configuration file and are described in the table below.

Parameters section

Parameter name	Required	Description
`nwc-language`	Yes	The language of the OSMP Console interface specified by default. After installation, you can change the OSMP Console language. Possible parameter values: `enUS` `ruRu`
`ingress_ip`	Yes	The reserved static IP address of the Kubernetes cluster gateway. The Kubernetes cluster gateway is intended for connecting to the Kaspersky Next XDR Expert components installed inside the Kubernetes cluster. The gateway must be included in the same subnet as the primary worker node.
`pg_ip`	Yes	The IP address of the DBMS. For the demonstration deployment, when you install the DBMS inside the cluster, the DBMS IP address does not match the cluster gateway IP address and is set by using the `pg_ip` parameter.
`ssh_pk`	Yes	The path to the private part of the SSH key located on the administrator host and used for connection to the cluster nodes and nodes with the KUMA services (collectors, correlators, and storages) by using KDT. The parameter value must be a Linux file path or Base64-encoded file content. Also the value must match the `key` parameter value.
`admin_password`	Yes	The `admin_password` parameter specifies the password of the Kaspersky Next XDR Expert user account that will be created by KDT during the installation. The default user name of this account is "admin". The Main administrator role is assigned to this user account. The password must comply with the following rules: The user password cannot have fewer than 8 or more than 256 characters. The password must contain characters from at least three of the groups listed below: Uppercase letters (A–Z) Lowercase letters (a–z) Numbers (0–9) Special characters (@ # $ % ^ & * - _ ! + = [ ] { } \| : ' , . ? / \ ` ~ " ( ) ;) The password must not contain any whitespaces, Unicode characters, or the ".@" combination. When you specify the `admin_password` parameter value manually (not by the Configuration wizard), make sure that this value meets the YAML standard requirements for values in strings: The parameter value containing special characters must be enclosed in single quotes. Any single quote ' inside the parameter value must be doubled to escape this single quote. Example: the user account password `Any_pass%1234'5678"90` must be specified as the value `'Any_pass%1234''5678"90'` of the `admin_password` parameter. To avoid compromise, we do not recommend specifying passwords in the configuration file. Instead, you can specify passwords during the installation of Kaspersky Next XDR Expert.
`low_resources`	Yes	The parameter that indicates that Kaspersky Next XDR Expert is installed on the target host with limited computing resources. For the demonstration deployment on a single node, set the `low_resources` parameter to `true` so that Kaspersky Next XDR Expert components will require less memory and CPU resources. Also, if you enable this parameter, 4 GB of free disk space will be allocated to install KUMA Core on the target host.
`vault_replicas`	Yes	The number of replicas of the secret storage in the Kubernetes cluster. For the demonstration deployment on a single node, set the `vault_replicas` parameter to `1`.
`vault_ha_mode`	Yes	The parameter that indicates whether to run the secret storage in the High Availability (HA) mode. For the demonstration deployment on a single node, set the `vault_ha_mode` parameter to `false`.
`vault_standalone`	Yes	The parameter that indicates whether to run the secret storage in the standalone mode. For the demonstration deployment on a single node, set the `vault_standalone` parameter value to `true`.
`default_class_replica_count`	Yes	The number of disk volumes that are used to store the service data of Kaspersky Next XDR Expert components and KDT. The default value is `3`. For the demonstration deployment on a single node, set the `default_class_replica_count` parameter value to `1`.
`core_disk_request`	Yes	The parameter that specifies the amount of disk space for the operation of KUMA Core. This parameter is used only if the `low_resources` parameter is set to `false`. If the `low_resources` parameter is set to `true`, the `core_disk_request` parameter is ignored and 4 GB of the disk space for the operation of KUMA Core is allocated. If you do not specify the `core_disk_request` parameter and the `lowResources` parameter is set to `false`, the default amount of disk space for the operation of KUMA Core is allocated. The default amount of disk space is 512 GB.
`inventory`	Yes	The path to the KUMA inventory file located on the administrator host. The inventory file contains installation parameters for deployment of the KUMA services that are not included in the Kubernetes cluster. The parameter value must be a Linux file path or Base64-encoded file content.
`host_inventory`	No	The path to the additional KUMA inventory file located on the administrator host. This file contains the installation parameters used to partially add or remove hosts with the KUMA services. The parameter value must be a Linux file path or Base64-encoded file content. If you perform an initial deployment of Kaspersky Next XDR Expert or run a custom action that requires a configuration file, leave the default parameter value (`/dev/null`).
`license`	Yes	The path to the license key of KUMA Core. The parameter value must be a Linux file path or Base64-encoded file content.
`iam-nwc_host` `flow_host` `hydra_host` `login_host` `admsrv_host` `console_host` `api_host` `kuma_host` `psql_host` `monitoring_host` `gateway_host`	Yes	The host name that is used in the FQDNs of the public Kaspersky Next XDR Expert services. The service host name and domain name (the `smp_domain` parameter value) are parts of the service FQDN. Default values of the parameters: `iam-nwc_host—"console"` `flow_host—"console"` `hydra_host—"console"` `login_host—"console"` `admsrv_host—"admsrv"` `console_host—"console"` `api_host—"api"` `kuma_host—"kuma"` `psql_host—"psql"` (only for the demonstration deployment) `monitoring_host—"monitoring"` `gateway_host—"console"`
`smp_domain`	Yes	The domain name that is used in the FQDNs of the public Kaspersky Next XDR Expert services. The parameter value must meet the requirements for second-level domain naming. The service host name and domain name are parts of the service FQDN. For example, if the value of the `console_host` variable is `console`, and the value of the `smp_domain` variable is `smp.local`, then the full name of the service that provides access to the OSMP Console is `console.smp.local`.
`pki_host_list`	Yes	The list of host names of the public Kaspersky Next XDR Expert services for which a self-signed or custom certificate is to be generated. The parameter value must be a list of host names, separated by spaces. If custom host names are not specified, the default host names are used.
`intermediate_enabled`	No	The parameter that indicates whether to use the custom intermediate certificate instead of the self-signed certificates for the public Kaspersky Next XDR Expert services. The default value is `true`. Possible parameter values: `true`—Use custom intermediate certificate. `false`—Use self-signed certificates.
`intermediate_bundle`	No	The path to the custom intermediate certificate used to work with public Kaspersky Next XDR Expert services. Specify this parameter if the `intermediate_enabled` parameter is set to `true`. The parameter value must be a Linux file path or Base64-encoded file content.
`admsrv_bundle` `api_bundle` `console_bundle` `psql_bundle`	No	The paths to the custom leaf certificates used to work with the corresponding public Kaspersky Next XDR Expert services: `<admsrv_host>.<smp_domain>`, `<api_host>.<smp_domain>`, `<console_host>.<smp_domain>`, and `<psql_host>.<smp_domain>`. The parameter values must be a Linux file path or Base64-encoded file content. Specify the `psql_bundle` parameter only if you perform the demonstration deployment and install the DBMS inside the Kubernetes cluster. If you want to specify the leaf custom certificates, set the `intermediate_enabled` parameter to `false` and do not specify the `intermediate_bundle` parameter.
`encrypt_secret` `sign_secret`	Yes	The names of the secret files that are stored in the Kubernetes cluster. These names contain the domain name, which must match the `smp_domain` parameter value.
`ksc_state_size`	Yes	The amount of free disk space allocated to store the Administration Server data (updates, installation packages, and other internal service data). Measured in gigabytes, specified as "<amount>Gi". The required amount of free disk space depends on the number of managed devices and other parameters, and can be calculated. The minimum recommended value is 10 GB.
`prometheus_size`	Yes	The amount of free disk space allocated to store metrics. Measured in gigabytes, specified as "<amount>GB". The minimum recommended value is 5 GB.
`grafana_admin_user`	No	The user name of the account used to view OSMP metrics through the Grafana tool.
`grafana_admin_password`	No	The password of the account used to view OSMP metrics through the Grafana tool.
`loki_size`	Yes	The amount of free disk space allocated to store OSMP logs. Measured in gigabytes, specified as "<amount>Gi". The minimum recommended value is 20 GB.
`loki_retention_period`	Yes	The storage period of OSMP logs after which logs are automatically removed. The default value is 72 hours (set the parameter value in the configuration file as "<time in hours>h". For example, "72h").
`file_storage_cp`	No	The amount of free disk space allocated to store data of the component for working with response actions. Measured in gigabytes, specified as "<amount>Gi". The minimum recommended value is 20 GB.
`psql_tls_off`	No	The parameter that indicates whether to encrypt the traffic between the Kaspersky Next XDR Expert components and the DBMS by using the TLS protocol. If the DBMS is installed outside the cluster, TLS encryption is disabled by default. For the demonstration deployment, if the DBMS is installed inside the cluster, TLS encryption must be disabled (`psql_tls_off` is set to `true`). Possible parameter values: `true`—Do not encrypt the traffic (default value). `false`—Encrypt the traffic.
`proxy_enabled`	No	The parameter that indicates whether to use the proxy server to connect the Kaspersky Next XDR Expert components to the internet. If the host on which Kaspersky Next XDR Expert is installed has internet access, you can also provide internet access for operation of Kaspersky Next XDR Expert components (for example, Administration Server) and for specific integrations, both Kaspersky and third-party. To establish the proxy connection, you must also specify the proxy server parameters in the Administration Server properties. The default value is `false`. Possible parameter values: `true`—Proxy server is used. `false`—Proxy server is not used.
`proxy_addresses`	No	The IP address of the proxy server. If the proxy server uses multiple IP addresses, specify these addresses separated by a space (for example, "`0.0.0.0` `0.0.0.1` `0.0.0.2`"). Specify this parameter if the `proxy_enabled` parameter is set to `true`.
`proxy_port`	No	The number of the port through which the proxy connection will be established. Specify this parameter if the `proxy_enabled` parameter is set to `true`.
`trace_level`	No	The trace level. The default value is `0`. Possible parameter values: 0–5.
`ansible_extra_flags`	No	The verbosity level of logs of the KUMA Core and KUMA services deployment that is performed by KDT. Possible parameter values: `-v` `-vv` `-vvv` `-vvvv` As the number of "v" letters in the flag increases, logs become more detailed. If this parameter is not specified in the configuration file, the standard component installation logs are saved.
`incident_attachments_max_count_limit`	No	The number of files that you can attach to the incident. The default value is `100`.
`incident_attachments_max_size_limit`	No	The total size of files attached to the incident. Measured in bytes. Specified without units of measurement. The default value is `26214400`.
`ignore_precheck`	No	The parameter indicating whether to check the hardware, software, and network configuration of the Kubernetes cluster nodes for compliance with the prerequisites for installing the solution before the deployment. The default value is `false`. Possible parameter values: `true`—Skip the pre-checks. `false`—Perform the pre-checks.

Sample of the configuration file for the demonstration deployment on a single node

Article ID: 298406, Last review: May 26, 2025

Page top