Preparing the configuration file
After setting up the AppScan 360° environment and before installing,
prepare the configuration file,
singular-singular.clusterKit.properties
. This is the file to which the
ASCP and AppScan Remediation Advisories installation files refer during installation.
- Create a new file in the text editor of your choice.
- Populate the file with appropriate parameters as described in the table
below.Note: You can supply a server certificate as part of the customization file to be used as the service entry point ingress certificate. If used, it should be provided as a PEM-structured certificate, as follows:
- Public key in
*.crt
or*.cer
file - Private key in
*.key
file
- Public key in
- Name the file
singular-singular.clusterKit.properties
and save it to the folder to which you have saved, or intend to save, the installation kit.Note: The self-extracting installation file must be able to locate this file during the installation process.
Configuration notes
- Public key in
*.crt
or*.cer
file - Private key in
*.key
file
Configuration parameters
Parameter | Description | Example value |
---|---|---|
CK_DOCKER_REGISTRY_ADDRESS |
Docker image registry address (FQDN), possibly with a port, separated by a colon | pi-dpr-lin.appscan.com |
CK_DOCKER_REGISTRY_USERNAME |
Docker image registry user name | |
CK_DOCKER_REGISTRY_PASSWORD |
Docker image registry password | |
CK_CNI_NETWORK_DOMAIN_SUFFIX |
Designated domain service name | appscan.com |
CK_CSI_STORAGE_CLASS_NAME |
Kubernetes storage driver class name | longhorn |
CK_CSI_STORAGE_SHARED_FILE_SYSTEM_VOLUME_NAME |
Kubernetes predefined PV (Persistent Volume) to be used with the auto-generated PVC (Persistent Volume Claim) for the shared file system. Note:
|
|
CK_CSI_STORAGE_SHARED_FILE_SYSTEM_REQUESTED_CAPACITY |
Kubernetes shared storage designated size, to be calculated before installation, following the calculation logic outlined in the formal documentation. | 100Gi |
CK_INGRESS_CONTROLLER_CAPABILITIES_IS_HTTPS_BACKEND_PROTOCOL_SUPPORTED |
Indicates whether the ingress controller is based on NGINX, or the SSL onload (HTTPS backend protocol) is supported by the ingress controller (not via an annotation, but by the controller itself). | false |
CK_INGRESS_INTERNAL_CLASS |
The ingress class name to be used when deploying ingresses into the Kubernetes cluster. | nginx |
CK_INGRESS_INTERNAL_HOST_DOMAIN |
The domain to be used when deploying ingresses into the Kubernetes cluster for building the host name. Note: If left empty, it will be taken from
CK_CNI_NETWORK_DOMAIN_SUFFIX |
appscan.com |
CK_INGRESS_INTERNAL_HOST_SUBDOMAIN |
Subdomain to be used when deploying ingresses into the Kubernetes cluster for building the host name. | expo.ascp |
CK_CUSTOMER_INGRESS_CERTIFICATE_ENABLED |
Indicates whether to use a given certificate as the applicable
external (out-of-cluster) microservices ingress certificates. Note: Supply a server certificate as part of the
customization file to be used as the service entry point ingress
certificate, or, supply the certificate as a PEM structured
certificate, as follows:
|
false |
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_CA_CRT_AS_BASE64 |
Supplied certificate authority (CA) signing certificate of the certificate used as the applicable external (out-of-cluster) microservices ingress certificates. | <BASE64_ENCODED_VALUE> |
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_TLS_CRT_AS_BASE64 |
Supplied public key of the certificate used as the applicable external (out-of-cluster) microservices ingress certificates. | <BASE64_ENCODED_VALUE> |
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_TLS_KEY_AS_BASE64 |
Supplied private key of the certificate used as the applicable external (out-of-cluster) microservices ingress certificates. | <BASE64_ENCODED_VALUE> |
CK_CONFIGURATION_DISCLOSED_SITE_URL |
AppScan 360° frontend URL. Note: Do not include a trailing
forward slash (/) in the URL. |
https://expo.ascp.appscan.com |
CK_CONFIGURATION_DISCLOSED_EXTERNAL_IDP_MODE |
AutoOnboard | |
CK_CONFIGURATION_DISCLOSED_LDAP_DOMAIN |
LDAP server/service domain. Important: When upgrading from AppScan 360°
version 1.1.0 or earlier, the LDAP configuration cannot be
resused as is. You must verify all LDAP parameters meet AppScan 360° version 1.2 requirements before
installing. |
appscan.il |
CK_CONFIGURATION_DISCLOSED_LDAP_USERNAME |
LDAP server/service user name for establishing connection. Note: Relevant when 'ManualOnboard' is selected
for the
' CK_CONFIGURATION_DISCLOSED_EXTERNAL_IDP_MODE . |
<LDAP_USERNAME> |
CK_CONFIGURATION_DISCLOSED_LDAP_AUTHORIZED_GROUPS |
The customer's list of LDAP groups (comma-separated) that are authorized to access AppScan 360° Note: Relevant when "GroupsAccess" is
indicated for
CK_CONFIGURATION_DISCLOSED_EXTERNAL_IDP_MODE . |
|
CK_CONFIGURATION_DISCLOSED_LDAP_TARGET_OU |
Designated location of the users in the AD (Active Directory) for LDAP queries. Used to authenticate AD users during login to AppScan 360°. | Users,DC=appscan,DC=com |
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_HOST |
SMTP mail server/service host name. | wfilsus.israel.ottawa.watchfire.com |
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_PORT |
SMTP mail server/service port. | 25 |
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_USERNAME |
SMTP mail server/service user name for establishing connection. | <SMTP_USERNAME> |
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_ENABLE_SSL |
Indicates whether to establish a secured (over SSL/TLS) connection towards the customer's SMTP mail server/service. | false |
|
Optional. When you have specified a dedicated external access
proxy to enable internet access from within the network, use
this parameter to hold the proxy address. If not used leave as a
remark/comment (that is, not to enabled with an empty
value).
Note:
|
<PROXY_FQDN>:<PROXY_PORT> |
CK_CONFIGURATION_CONFIDENTIAL_DEFAULT_CONNECTION |
MSSQL data store (database) connection string used to established a connection with the database. | <DB_CONNECT_STRING> |
CK_CONFIGURATION_CONFIDENTIAL_LDAP_PASSWORD |
LDAP server/service password for establishing connection. Note: Relevant when "ManualOnboard" is
indicated for
'
CK_CONFIGURATION_DISCLOSED_EXTERNAL_IDP_MODE . |
<LDAP_PASSWORD> |
CK_CONFIGURATION_CONFIDENTIAL_MAIL_SMTP_PASSWORD |
SMTP mail server/service password for establishing connection. | <SMTP_PASSWORD> |
Sample singular-singular.clusterKit.properties
#
## Docker Registry info
#
CK_DOCKER_REGISTRY_ADDRESS='pi-dpr-lin.appscan.com'
CK_DOCKER_REGISTRY_USERNAME='user'
CK_DOCKER_REGISTRY_PASSWORD='password'
#
## Network info
#
CK_CNI_NETWORK_DOMAIN_SUFFIX='appscan.com'
#
## Storage info
#
CK_CSI_STORAGE_CLASS_NAME='longhorn'
CK_CSI_STORAGE_SHARED_FILE_SYSTEM_VOLUME_NAME=''
CK_CSI_STORAGE_SHARED_FILE_SYSTEM_REQUESTED_CAPACITY='100Gi'
#
## Ingress info
#
CK_INGRESS_CONTROLLER_CAPABILITIES_IS_HTTPS_BACKEND_PROTOCOL_SUPPORTED='false'
CK_INGRESS_INTERNAL_CLASS='nginx'
CK_INGRESS_INTERNAL_HOST_DOMAIN='appscan.com'
CK_INGRESS_INTERNAL_HOST_SUBDOMAIN='expo.ascp'
#
## Customer certificate info
#
CK_CUSTOMER_INGRESS_CERTIFICATE_ENABLED='false'
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_CA_CRT_AS_BASE64=' '
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_TLS_CRT_AS_BASE64=' '
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_TLS_KEY_AS_BASE64=' '
#
## Configuration/Disclosed info
#
CK_CONFIGURATION_DISCLOSED_SITE_URL='https://expo.ascp.appscan.com'
CK_CONFIGURATION_DISCLOSED_EXTERNAL_IDP_MODE='AutoOnboard'
CK_CONFIGURATION_DISCLOSED_LDAP_DOMAIN='appscan.com'
CK_CONFIGURATION_DISCLOSED_LDAP_USERNAME='labmgr'
CK_CONFIGURATION_DISCLOSED_LDAP_AUTHORIZED_GROUPS=''
CK_CONFIGURATION_DISCLOSED_LDAP_TARGET_OU='CN=Users,DC=appscan,DC=com'
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_HOST='wfilsus.israel.ottawa.watchfire.com'
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_PORT='25'
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_USERNAME='admin@abcd'
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_ENABLE_SSL='false'
CK_CONFIGURATION_DISCLOSED_EXTERNAL_ACCESS_PROXY='<PROXY_FQDN>:<PROXY_PORT>'
#
## Configuration/Confidential info
#
CK_CONFIGURATION_CONFIDENTIAL_DEFAULT_CONNECTION='Data Source=mssql-service.expo.ascp.appscan.com;Initial Catalog=AppScanCloudDB;User ID=ABC;Password=1234;MultipleActiveResultSets=True;TrustServerCertificate=True'
CK_CONFIGURATION_CONFIDENTIAL_LDAP_PASSWORD='12345678Abcdefg'
CK_CONFIGURATION_CONFIDENTIAL_MAIL_SMTP_PASSWORD='ABC!@#123'