Skip to main content
Cysmiq self-hosted deployments are configured through the Replicated Admin Console. This page documents the available configuration options.

Configuration

Basic settings for your deployment.
OptionDescription
Organization NameYour organization’s display name
Application Domain NameThe domain where Cysmiq will be accessible (required)

Expose Services

Choose how to make Cysmiq accessible from outside the cluster.
ModeDescription
DIYManual configuration for custom setups
IngressStandard Kubernetes Ingress (default)
Contour HTTPProxyFor clusters using Contour
NodePortDirect NodePort access

Ingress options

When using Ingress mode:
OptionDescription
Ingress Class NameThe IngressClass cluster resource name
Admin Console HostnameHostname for the Admin Console (leave blank to disable)
Cysmiq HostnameHostname for the main application
Use TLS with IngressEnable TLS termination (default: enabled)
AnnotationsCustom annotations for your ingress controller

HTTPProxy options

When using Contour HTTPProxy mode:
OptionDescription
HTTPProxy HostnameThe fully qualified domain name
Use TLS with HTTPProxyEnable TLS termination (default: enabled)
AnnotationsCustom annotations (e.g., cert-manager settings)

NodePort options

When using NodePort mode:
OptionDescription
Admin Console NodePortPort for Admin Console (30000-32767)
Cysmiq HTTP NodePortPort for HTTP access (30000-32767)
Cysmiq HTTPS NodePortPort for HTTPS access (when BYO TLS enabled)
Caddy Service Custom LabelsCustom labels for the Caddy Service (YAML key value pairs)

Database

Choose between embedded or external MySQL.
TypeDescription
Embedded MySQLManaged MySQL instance within the cluster (default)
External DatabaseConnect to your own MySQL-compatible database

External database options

OptionDescription
Database ConnectionConnection type (default: mysql)
Database HostHostname or IP of your database server
Database PortConnection port (default: 3306)
Database NameDatabase name (default: guardrails)
Database UsernameDatabase user
Database PasswordDatabase password

Storage

Customize persistent storage settings. Storage fields appear after enabling Configure Storage Settings.
OptionDescriptionDefault
Configure Storage SettingsShow storage configuration fieldsDisabled
Storage Class NameCustom storage class for all PVCs(cluster default)
MinIO Storage SizeStorage for object storage10Gi
RabbitMQ Storage SizeStorage for message queue8Gi
Redis KVDB Storage SizeStorage for key-value store8Gi
MySQL Storage SizeStorage for embedded database8Gi

Analysis service storage

Each analysis service can use either temporary (EmptyDir) or persistent storage. Choose the volume type first, then size.
ServiceVolume Type OptionsDefault Size
Source ManagerEmptyDir / PVC10Gi
Code AnalysisEmptyDir / PVC10Gi
SBOM AnalysisEmptyDir / PVC10Gi

RabbitMQ

Choose between embedded or external RabbitMQ.
TypeDescription
Embedded RabbitMQManaged RabbitMQ within the cluster (default)
External RabbitMQConnect to your own RabbitMQ instance

External RabbitMQ options

OptionDescriptionDefault
RabbitMQ HostHostname or IP-
RabbitMQ PortConnection port5672
RabbitMQ UserUsername-
RabbitMQ PasswordPassword-
RabbitMQ Virtual HostVirtual host path-

Mail

Configure SMTP for email notifications. Mail fields appear after enabling Configure Mail.
OptionDescription
Configure MailShow SMTP configuration fields
MailerMail transport type (default: smtp)
Mail HostSMTP server hostname
Mail PortSMTP port (default: 1025)
Mail From AddressSender email address
Mail From NameSender display name
Mail UsernameSMTP authentication username
Mail PasswordSMTP authentication password
Mail EncryptionEncryption method (e.g., tls)

Resource Requests and Limits

Customize CPU and memory allocation for each service. These fields appear after enabling Configure resource requests and limits.
ServiceCPU RequestCPU LimitMemory RequestMemory Limit
Cysmiq100m500m128Mi1Gi
Cysmiq Horizon500m2000m4Gi8Gi
Cysmiq WS50m200m64Mi512Mi
Cysmiq Scheduler50m200m32Mi256Mi
Code Analysis50m1000m32Mi1Gi
SBOM Analysis50m200m32Mi1Gi
Source Manager50m200m64Mi1Gi
Embedded Database200m1000m512Mi2Gi
RabbitMQ256m1000m1Gi2Gi
Redis KVDB50m200m64Mi1Gi
Redis Cache50m200m64Mi1500Mi
MinIO200m1000m512Mi1Gi
Additional options:
  • Redis Cache Max Memory
  • MinIO Ephemeral Storage Requests
  • MinIO Ephemeral Storage Limits

Scaling

Configure replica counts for horizontal scaling. Fields appear after enabling Configure internal service scaling.
ServiceDefault Replicas
Cysmiq1
Cysmiq Horizon1
Cysmiq WS1
Cysmiq Scheduler1
Code Analysis1
SBOM Analysis1
Source Manager1
Cysmiq Caddy1

Networking

OptionDescriptionDefault
IP Stack ModeDual Stack (IPv4+IPv6) or IPv6 OnlyDual Stack

Proxy

Configure HTTP proxy for outbound connections. Fields appear after enabling Configure HTTP Proxy.
OptionDescription
HTTP_PROXYHTTP proxy URL
HTTPS_PROXYHTTPS proxy URL
NO_PROXYComma-separated hosts to exclude from proxying

Security

OptionDescriptionDefault
Enforce SSLRequire HTTPS connectionsEnabled
Enable Network PoliciesDeploy NetworkPolicy resourcesDisabled
Egress CIDRsAllowed egress CIDR blocks for analysis services10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7

BYO TLS Certificate

For direct access via LoadBalancer or NodePort:
OptionDescription
Enable HTTPS with BYO TLSEnable TLS termination at Caddy
TLS CertificatePEM-encoded certificate (with chain)
TLS Private KeyPEM-encoded private key

Telemetry

OptionDescription
Telemetry ModeSend error telemetry to Cysmiq or disable collection

Scanning Configuration

OptionDescriptionDefault
Enable Code-Analysis Memory SamplingMemory profiling for analysisDisabled
Code Analysis Process Pool WorkersNumber of process workers1
Code Analysis Thread Pool WorkersNumber of thread workers1
Enable GitHub ChecksPost check results to GitHubEnabled
Enable GitHub PR CommentsPost PR commentsEnabled
Scan Concurrency LimitMaximum concurrent scans(unlimited)