Configuring Security

This section guides you through setting up the UnO AI Pilot initial configurations.

Configuring Security

  • Default configurations: No changes are required for default configurations.
  • Custom configurations: To install custom SSL certificates, see values.yaml file.
For custom configurations, the following parameters need to be modified under the following sections:
  • uno.hclaipilot.certificates
  • uno.hclaipilot.rag.certificates
  • uno.hclaipilot.pgvector.tls
Table 1.
Property Description
# useCustomizedCert

Specifies if you use custom certificates or certificates generated by the cert-manager. Supported values are true and false. If you set it to false, you must have the cert-manager deployed that manages the certificates. If you set it to true, provide the required certificates and customize the parameters listed below.

useCustomizedCert: false
# customIssuer

Defines the name of the issuer. This parameter is relevant only if useCustomizedCert is set to false. If not specified, a self-signed issuer will be created by default.

customIssuer: <issuer-name>
# customIngressIssuer

Specifies the optional name of the certificate issuer that overrides the default internal issuer, used specifically for ingress-related certificates.

customIngressIssuer: <issuer-name>
# caPairSecretName

Defines the name of the certificate authority (CA) pair secret. This parameter is applicable when useCustomizedCert is set to false.

caPairSecretName: ca-key-pair
# certSecretName

Specifies the name of the secret that stores the SSL certificates. This parameter is applicable when useCustomizedCert is set to false.

certSecretName: ${product.short.name}-certificate
# certExtAgtSecretName

Specifies the name of the secret that stores the external agent’s certificates. This parameter is applicable when useCustomizedCert is set to true.

certExtAgtSecretName: ${product.short.name}-certificate-ext-agt
#caDuration

The validity period of the CA certificates before expiry. This parameter is applicable when useCustomizedCert parameter is set to false.

caDuration: 3y
#caRenewBefore Specifies the time before the expiry of CA certificates when the certificate manager initiates renewal attempts. This parameter is applicable when useCustomizedCert parameter is set to false.

caRenewBefore: 2y350d
# duration

Defines the validity period of the certificates before they expire. This parameter is applicable when useCustomizedCert is set to false.

duration: 2160h
# renewBefore

Specifies the time period before the certificate's expiration when the certificate management service begins renewal attempts. This parameter is applicable when useCustomizedCert is set to false.

renewBefore: 360h
# organization

Defines the organization label included in the certificates. This parameter is applicable when useCustomizedCert is set to false.

organization: ${brand}
# additionalCASecrets

Contains the names of secrets for additional Certificate Authorities (CAs), which can be used to trust certificates from services such as MongoDB, Kafka, or OIDC.

additionalCASecrets: - ca-secret-1; - ca-secret-2
The primary components to configure in UnO AI Pilot are as follows:
  • To configure the messaging channels, modify the following parameters under deployment:global: hclaipilot

    • slackToken

    • slackSigningSecret

    • slackChannel

    • googleProjectId

    • botframeworkAppId

    • botframeworkAppPassword