Configure the Turbine Platform for an Embedded Cluster Install

when you need to access the tpi ui after the initial install you can access it by accessing port 8800 over https on any node ip (for example, https //\<node ip> 8800 ) ingress settings configure ingress traffic settings for your turbine deployment review and set the following fields as necessary expose the swimlane web service externally enable this option when using a layer 7 load balancer (application layer load balancer that operates at osi layer 7) the swimlane web service is directly exposed from each node in the cluster on tcp port 4443 (or the specified swimlane web service port) you must configure your external layer 7 load balancer to forward to each node over port 4443 tls termination is done at the load balancer enable the ingress controller enable this option when using a layer 4 load balancer (transport layer load balancer that operates at osi layer 4) or for single node lab/test environments the included ingress controller routes web requests to swimlane on each node you must configure your external layer 4 load balancer to forward to each node over port 443 swimlane recommends this option if you are running a single node (non ha) deployment this option also works for ha clusters tls termination is done by swimlane swimlane hostname the dns hostname for swimlane (e g , swimlane example com ) you must use a dns compliant record a dns record can be up to 63 characters long and can only contain letters, numbers, and hyphens the record cannot start or end with a hyphen, or have consecutive hyphens mandatory when the ingress controller is enabled upload a certificate for swimlane web enable this option to upload a certificate and key of your choosing for the swimlane web service if not selected, a self signed certificate will be used the certificate must be ascii encoded x 509 format the private key cannot be password protected upload a certificate for swimlane web backend enable this option to provide your own certificate and key for the backend swimlane web service otherwise, a self signed certificate is used the certificate must be ascii encoded x 509 format the private key cannot be password protected swimlane web cors headers enable this option to set http cross origin resource sharing (cors) headers in swimlane web for swimlane apis swimlane web cors header access control allow origin set the access control allow origin header default (allows all origins) swimlane web cors header access control allow headers set the access control allow headers header default swimlane web cors header access control allow methods set the access control allow methods header default get, post, put, delete, patch swimlane web csp header enable this option to set the http content security policy (csp) header in swimlane web for swimlane apis swimlane web content security policy header set the content security policy header a default policy is provided that allows resources from trusted sources configure logging settings asp net hosting environment set this option to control how asp net core behaves in different environments production stack traces are not sent to the browser for 500 errors this is the recommended setting for production deployments to prevent information disclosure development stack traces are sent to the browser for 500 errors use this setting only in development or troubleshooting scenarios, as it exposes sensitive information enable swimlane audit logging enable this option to log raw swimlane api requests and responses into swimlane pods when enabled, all api requests and their responses are logged, which is useful for security auditing, compliance, and troubleshooting note that enabling this option can generate significant log volume and may impact performance in high traffic environments default enabled swimlane logging level set the logging level for swimlane pods available levels are debug, info, warn, or error this field is only available when swimlane audit logging is enabled default info known proxies ip addresses comma separated list of ip addresses of known proxies to accept forwarded headers from each value must be a valid ip address these ip addresses are trusted when processing forwarded headers (x forwarded for, x forwarded proto) from load balancers or reverse proxies this is important for security when swimlane is deployed behind a proxy or load balancer default 1 example 192 168 1 1,10 0 0 1 known network addresses comma separated list of ip addresses that represent the prefix for the network each value must be a valid ip address used together with the prefix lengths field below to define trusted network ranges in cidr notation these networks are trusted when processing forwarded headers default 127 0 0 1 example 10 0 0 0,192 168 0 0 known network addresses (prefix lengths) comma separated list of prefix lengths (the cidr notation of the subnet mask) each value must be an integer used together with the known network addresses field above to define trusted network ranges the number of entries must match the number of entries in known network addresses (ip addresses) default 8 example 24,16 (corresponds to /24 and /16 subnet masks) configure openssl settings determine whether to override the openssl settings for cipherstring and minprotocol for outgoing secure connections that originate from api and tasks pods swimlane openssl cipherstring override the cipherstring configuration option for the openssl library on api and tasks pods default default\@seclevel=2 you can set this to security levels like high\@seclevel=5 or default\@seclevel=5 to enforce strong encryption higher security levels disable weaker ciphers and protocols swimlane openssl minprotocol override the minprotocol configuration option for the openssl library on api and tasks pods default tlsv1 2 valid values include tlsv1 2 and tlsv1 3 setting a higher minimum protocol version improves security but may break compatibility with older systems turbine settings git repo size limit (mb) set the git repository size limit in mb for turbine's content library default 100 this setting controls the maximum size of git repositories that store playbooks, connectors, and other content increase this value if you expect to store large amounts of content in git repositories pod liveness probe settings configure kubernetes liveness probes for swimlane api and tasks pods liveness probes are health checks that kubernetes uses to determine if a pod is running correctly if a liveness probe fails, kubernetes will restart the pod swimlane api pod liveness probe toggle the swimlane api pod(s) liveness probe default enabled swimlane tasks pod liveness probe toggle the swimlane tasks pod(s) liveness probe default enabled initial mongodb settings configure mongodb settings for the embedded mongodb cluster that will store swimlane data these settings are critical for data security and must be set during initial installation swimlane database encryption key enter the key to use to encrypt sensitive swimlane data in mongodb must be at least 8 characters store this key securely, as it is required to decrypt your data confirm the swimlane database encryption key re enter the encryption key to confirm it matches initial mongodb admin password enter the password for the "admin" user in mongodb must be at least 8 characters this password controls access to mongodb's administrative functions use a strong, complex password confirm the mongodb admin password re enter the admin password to confirm it matches use an external mongodb deployment select if you want swimlane to use an external mongodb deployment and disable the included one if selected, you can skip the embedded mongodb configuration steps you can skip the embedded mongodb configuration if you are using an external mongodb cluster for more information, see deploy swimlane with an external mongodb cluster configure turbine cloud settings the turbine cloud settings section is used to configure the api connection between the swimlane platform and turbine cloud this configuration ensures secure and authorized access to the cloud environment for more information, contact swimlane support ha settings configure high availability (ha) settings for your turbine deployment ha configuration is available when you have 3 or more nodes in your cluster and ensures redundancy and fault tolerance ha environment select if the deployment is a cluster and has multiple nodes default disabled when ha environment is enabled, set the number of replicas (pods) for each service type number of web replicas the number of web pods default 3 number of api replicas the number of api pods default 3 number of tenant replicas the number of tenant pods default 3 number of task replicas the number of task pods default 3 number of reports replicas the number of reports pods default 3 number of record replicas the number of record pods default 3 number of turbine api replicas the number of turbine api pods default 3 number of turbine engine replicas the number of turbine engine pods default 6 number of turbine agent replicas the number of turbine agent pods default 3 number of turbine agent native actions replicas the number of turbine agent native actions pods default 3 number of turbine agent container actions replicas the number of turbine agent container actions pods default 3 number of turbine webhook agent replicas the number of turbine webhook agent pods default 3 number of turbine agent gateway replicas the number of turbine agent gateway pods default 3 number of turbine content library replicas the number of turbine content library pods default 3 number of turbine record qos replicas the number of turbine record qos pods default 3 number of mongodb replicas enter the number of mongodb pods in the replica set must be at least 3 and an odd number default 3 number of postgresql replicas enter the number of postgresql pods in the replica set must be at least 3 and an odd number default 3 number of rabbitmq replicas the number of rabbitmq pods default 3 number of elasticsearch replicas the number of elasticsearch replicas default 3 number of swimlane data elasticingestion replicas the number of swimlane data elasticingestion replicas default 3 number of swimlane notifications replicas the number of swimlane notifications replicas default 3 number of swimlane securityintelligence replicas the number of swimlane securityintelligence replicas default 3 number of swimlane fileapi replicas the number of swimlane fileapi replicas default 3 number of swimlane file utilities replicas the number of swimlane file utilities replicas default 3 number of swimlane data elasticingestion playbook run replicas the number of swimlane data elasticingestion playbook run replicas default 3 number of swimlane data elasticingestion heroai replicas the number of swimlane data elasticingestion hero ai replicas default 3 affinity settings configure pod affinity and anti affinity rules to control how pods are distributed across nodes in your cluster these settings help ensure high availability and optimal resource utilization swimlane web / api / tasks / reports / metric and turbine api / engine / agent / webhook agent / rabbitmq pod antiaffinity settings select the anti affinity setting for these services soft (recommended) prefer that pods are scheduled separately from similar pods continue with scheduling if the affinity rule cannot be satisfied this provides a balance between availability and resource utilization hard require that pods are scheduled separately from similar pods and do not schedule if the affinity rule cannot be satisfied this provides maximum availability guarantees but may prevent scheduling if nodes are unavailable none no antiaffinity settings schedule pods anywhere mongodb pod antiaffinity settings select the anti affinity setting for mongodb pods soft prefer that mongodb pods are scheduled on different hosts continue with scheduling if the affinity rule cannot be satisfied hard (recommended) require that mongodb pods are scheduled on different hosts and do not schedule if the affinity rule cannot be satisfied this ensures that if one node fails, your mongodb data remains available on other nodes none no antiaffinity settings schedule mongodb pods anywhere rabbitmq pod antiaffinity settings select the anti affinity setting for rabbitmq pods soft prefer that rabbitmq pods are scheduled on different hosts continue with scheduling if the affinity rule cannot be satisfied hard (recommended) require that rabbitmq pods are scheduled on different hosts and do not schedule if the affinity rule cannot be satisfied default tenant settings configure default tenant and account identifiers for multi tenant deployments these settings are optional and used primarily in multi tenant environments where you need to specify default tenant and account associations default account id enter the default account id this is useful in multi tenant deployments where you want to associate resources with a specific account by default optional default tenant id enter the default tenant id this helps ensure that resources are created in the correct tenant context in multi tenant environments optional beta configuration settings the beta configuration settings section contains experimental configuration options these settings are experimental do not configure them without assistance from swimlane configure beta settings enable this option to access beta configuration options default disabled when enabled, additional beta settings may be available, including mongodb memory management settings cluster descheduler options cert manager configuration feature management options additional helm values preflight and deployment once the preflight checks process, the turbine platform installer admin console opens once the status of your application says ready , you have a successful installation of turbine