For AKS configuration, use the deploy.settings file available in the <TCSA_WORK_SPACE>/tcx-deployer/scripts/deployment/ directory.

Verify that you meet the following prerequisites for configuring the deploy.settings file in AKS:
  • Obtain KUBECONFIG file for AKS workload cluster from Azure.
  • For obtaining registry details, go to ACR registry section in Azure website and obtain registry URL, username, and password.

Update the parameters in the deploy.settings file. For the ACR registry url, use the format as harbor_fqdn/project_name/tcx. URL must be given without https or http and must end with /tcx.

If you are using docker login <registry-fqdn> command, then you do not have to update <REGISTRY_USERNAME> and <REGISTRY_PASSWORD> in deploy.settings file. For more information, see Prerequisites for Setting up Deployment Container.

# ========== General configuration ========== #
# Mandatory: Path to the KUBECONFIG file of the Kubernetes cluster inside the deployment container (for example: /tmp/.kube/<YOUR-CLUSTER-KUBECONFIG-file>
KUBECONFIG=
 
# ========== Product details  ========== #
PRODUCT=tcsa  # Do not modify
# Product helm config

# Mandatory: The footprint to deploy. Possible values are: 2.5k, 25k, 50k, 100k (case sensitive).
FOOTPRINT=
# Mandatory: Time to wait for the deployment to complete. Must be in seconds (examples: 1800 seconds for 2.5k, 2700 seconds for 25k, 3600 seconds for 50k, and 4500 seconds for 100k).
PRODUCT_DEPLOYMENT_TIMEOUT=1800

# ========== Deployment Location ========== #
# Mandatory: The cloud provider location for the deployment (azure or tkg)
LOCATION=azure

# == Azure configuration ==
# Mandatory: The resource group of your AKS cluster.
AKS_RESOURCE_GROUP=<resource group of AKS cluster>
# Mandatory: If the AKS cluster is in a private network, set this to TRUE
PRIVATE_NETWORK=<TRUE|FALSE>

# Mandatory: The IP address/FQDN of ingress. i.e. the name that will be use in the URL to
# access the product landing page.
# This can be:
# 1. A public IP address automatically assigned by Azure or
# 2. A static Public IP address created manually.
# 3. A private IP address from your Vnet. 
# Contact your Azure admin to get the right IP address. 
INGRESS_HOSTNAME=

# ========== Registry details ========== #
# These are mandatory parameters
# Note: The "/tcx" suffix is mandatory
REGISTRY_URL=<your ACR instance URL>/tcx
REGISTRY_USERNAME=<ACR registry username>
REGISTRY_PASSWORD=<ACR registry password>

# Optional: To access TCSA edge services with a static IP address, set this to "--set ingressHostname.edgeServices=<IP-address>"
# The IP address can be a public IP assigned by Azure or private IP from your Vnet. Contact your Azure admin to get the right parameter. 
PRODUCT_SPECIFIC_HELM_OVERRIDES=""
Note: If Kubenet network plugin is used for AKS cluster creation, then INGRESS_HOSTNAME=<IPAddress1> and PRODUCT_SPECIFIC_HELM_OVERRIDES="--set ingressHostname.edgeServices=<IPAddress2>". For example, PRODUCT_SPECIFIC_HELM_OVERRIDES="--set ingressHostname.edgeServices=10.183.142.44". In the variable , <IPAddress1> and <IPAddress2> must be obtained from the CIDR specified at the time of AKS cluster creation. These IP addresses must be free or available and must not be used for any other purpose.

If Azure CNI network plugin is used, you must update the variable INGRESS_HOSTNAME=<IPAddress1> and PRODUCT_SPECIFIC_HELM_OVERRIDES="" is left empty.

IPAddress1 is a public IP and must be created in the same region and resource group where AKS cluster is created. IPAddress1 is used for istio loadbalancer.