This is the Experimental version (Latest). It is under active development and may change. For the most reliable documentation, use the version selector in the top-right to switch to Stable, or click here to go to the Stable version's homepage.

Setup Shell Variable Values

Last updated: Mar 2, 2026

Create Shell Varaible Values helps you store all of the necessary values that required in installation process.

Global Shell Variable Values

These values should be determined during the Planning Phase.

Example:

Information	Your Value	Note
Organization Name	`foobar`	Short name
Keycloak Realm Name	`foobar-opstella`	Realm name
Domain Name	`example.com`	Base domain
Storage Service	`seaweedfs`	S3 compatible storage service
TLS Certificate	`example.com`	Wildcard certificate & key for domains

Create Variable Files

Store any globally applicated variables in the following directory.

$HOME/opstella-installation/shell-values/global.vars.sh

Define your organization name and base domain first to ensure they are correctly populated in the file.

export ORGANIZATION_NAME="foobar"
export BASE_DOMAIN="example.com"

cat <<EOF > $HOME/opstella-installation/shell-values/global.vars.sh
export ORGANIZATION_NAME="${ORGANIZATION_NAME}"
export BASE_DOMAIN="${BASE_DOMAIN}"

export KEYCLOAK_DOMAIN="idp.${BASE_DOMAIN}"

export GITLAB_DOMAIN="gitlab.${BASE_DOMAIN}"

export SONARQUBE_DOMAIN="sonarqube.${BASE_DOMAIN}"
export HARBOR_DOMAIN="harbor.${BASE_DOMAIN}"
export DEFECTDOJO_DOMAIN="defectdojo.${BASE_DOMAIN}"
export VAULT_DOMAIN="vault.${BASE_DOMAIN}"

export GRAFANA_DASHBOARD_DOMAIN="grafana.${BASE_DOMAIN}"
export GRAFANA_MIMIR_DOMAIN="mimir.${BASE_DOMAIN}"
export GRAFANA_LOKI_DOMAIN="loki.${BASE_DOMAIN}"
export GRAFANA_TEMPO_DOMAIN="tempo.${BASE_DOMAIN}"

export KEYCLOAK_REALM="foobar-opstella"

export ARGOCD_DOMAIN="argocd.${BASE_DOMAIN}"


EOF

By Kubernetes Cluster(s) Shell Variable Values

Store any by Kubernetes Cluster(s) variables in the following directory.

$HOME/opstella-installation/shell-values/kubernetes/**.vars.sh

🟢 Management

Create $HOME/opstella-installation/shell-values/kubernetes/management_cluster.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/kubernetes/management_cluster.vars.sh

export K8S_INTERNAL_DOMAIN="cluster.local"
export K8S_INGRESSCLASS_NAME="nginx"
export K8S_STORAGECLASS_NAME="longhorn"
export K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME="wildcard-${BASE_DOMAIN}-tls"

export KUBECONFIG="$HOME/opstella-installation/kubeconfigs/management_cluster.yaml"
EOF

🟦 Non-Production Workload

Create $HOME/opstella-installation/shell-values/kubernetes/nonprod_cluster.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/kubernetes/nonprod_cluster.vars.sh

export ARGOCD_DOMAIN="argocd-nonprod.${BASE_DOMAIN}"
export ARGOCD_OIDC_CLIENT_SECRET="CHANGEME"
export HEADLAMP_DOMAIN="headlamp-nonprod.${BASE_DOMAIN}"

export K8S_INTERNAL_DOMAIN="cluster.local"
export K8S_INGRESSCLASS_NAME="nginx"
export K8S_STORAGECLASS_NAME="longhorn"
export K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME="wildcard-${BASE_DOMAIN}-tls"

export KUBECONFIG="$HOME/opstella-installation/kubeconfigs/nonprod_cluster.yaml"
EOF

🟥 Production Workload

Create $HOME/opstella-installation/shell-values/kubernetes/prod_cluster.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/kubernetes/prod_cluster.vars.sh

export ARGOCD_DOMAIN="argocd-prod.${BASE_DOMAIN}"
export ARGOCD_OIDC_CLIENT_SECRET="CHANGEME"
export HEADLAMP_DOMAIN="headlamp-prod.${BASE_DOMAIN}"

export K8S_INTERNAL_DOMAIN="cluster.local"
export K8S_INGRESSCLASS_NAME="nginx"
export K8S_STORAGECLASS_NAME="longhorn"
export K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME="wildcard-${BASE_DOMAIN}-tls"

export KUBECONFIG="$HOME/opstella-installation/kubeconfigs/prod_cluster.yaml"
EOF

Tools-oriented Shell Variable Values

Store any by Tools-oriented applicated variables in the following directory.

$HOME/opstella-installation/shell-values/tools/**.vars.sh

This file still empty, you can create an empty file to avoid errors in scripts that might source all files in this directory.

touch $HOME/opstella-installation/shell-values/tools/sonarqube.vars.sh

GitLab

Domain: GITLAB_DOMAIN

$HOME/opstella-installation/shell-values/tools/gitlab.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/gitlab.vars.sh
export GITLAB_DOMAIN="gitlab.${BASE_DOMAIN}"
EOF

Harbor

$HOME/opstella-installation/shell-values/tools/harbor.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/harbor.vars.sh
export HARBOR_DOMAIN="harbor.${BASE_DOMAIN}"
export HARBOR_ADMIN_USERNAME="admin"
export HARBOR_ADMIN_PASSWORD="CHANGEME"

export HARBOR_POSTGRES_SUPERUSER_PASSWORD="CHANGEME"
export HARBOR_POSTGRES_USER_PASSWORD="CHANGEME"
export REGISTRY_PASSWORD="CHANGEME"
EOF

SeaweedFS (S3 / Object Storage)

$HOME/opstella-installation/shell-values/tools/seaweedfs.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/seaweedfs.vars.sh
export SEAWEEDFS_BOOTSTRAP_ADMIN_PASSWORD="CHANGEME"
export SEAWEEDFS_HA_S3_POSTGRES_BACKUP_PASSWORD="CHANGEME"
export SEAWEEDFS_HA_S3_HARBOR_PASSWORD="CHANGEME"
export SEAWEEDFS_HA_S3_OPSTELLA_PASSWORD="CHANGEME"
export SEAWEEDFS_HA_S3_GITLAB_CI_PASSWORD="CHANGEME"
export SEAWEEDFS_HA_S3_VAULT_PASSWORD="CHANGEME"
EOF

MinIO (Alternative S3 / Object Storage)

$HOME/opstella-installation/shell-values/tools/minio.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/minio.vars.sh
export MINIO_DSO_PASSWORD="CHANGEME"
export MINIO_DSO_ACCESS_KEY="CHANGEME"
export MINIO_DSO_ACCESS_SECRET="CHANGEME"
EOF

SonarQube

$HOME/opstella-installation/shell-values/tools/sonarqube.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/sonarqube.vars.sh
export SONARQUBE_DOMAIN="sonarqube.${BASE_DOMAIN}"
export SONARQUBE_ADMIN_USERNAME="admin"
export SONARQUBE_ADMIN_PASSWORD="CHANGEME"

export SONARQUBE_POSTGRES_SUPERUSER_PASSWORD="CHANGEME"
export SONARQUBE_POSTGRES_USER_PASSWORD="CHANGEME"
EOF

DefectDojo

$HOME/opstella-installation/shell-values/tools/defectdojo.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/defectdojo.vars.sh
export DEFECTDOJO_DOMAIN="defectdojo.${BASE_DOMAIN}"
export DEFECTDOJO_ADMIN_USERNAME="defectdojo"
export DEFECTDOJO_ADMIN_PASSWORD="CHANGEME"
export DEFECTDOJO_ADMIN_EMAIL="admin@\${DEFECTDOJO_DOMAIN}"

export DEFECTDOJO_POSTGRES_SUPERUSER_PASSWORD="CHANGEME"
export DEFECTDOJO_POSTGRES_USER_PASSWORD="CHANGEME"
EOF

Hashicorp Vault

Domain: VAULT_DOMAIN

$HOME/opstella-installation/shell-values/tools/vault.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/vault.vars.sh
export VAULT_DOMAIN="vault.${BASE_DOMAIN}"
EOF

Observability

$HOME/opstella-installation/shell-values/tools/observability.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/observability.vars.sh
export GRAFANA_DASHBOARD_DOMAIN="grafana.${BASE_DOMAIN}"
export GRAFANA_DASHBOARD_ADMIN_USERNAME="admin"
export GRAFANA_DASHBOARD_ADMIN_PASSWORD="CHANGEME"

export GRAFANA_DASHBOARD_POSTGRES_USER_PASSWORD="CHANGEME"
export GRAFANA_DASHBOARD_POSTGRES_SUPERUSER_PASSWORD="CHANGEME"
export GRAFANA_DASHBOARD_PASSWORD="CHANGEME"
export GRAFANA_DASHBOARD_OIDC_CLIENT_SECRET="CHANGEME"

export GRAFANA_MIMIR_DOMAIN="mimir.${BASE_DOMAIN}"

export GRAFANA_LOKI_DOMAIN="loki.${BASE_DOMAIN}"

export GRAFANA_TEMPO_DOMAIN="tempo.${BASE_DOMAIN}"
EOF

PostgreSQL

PostgreSQL Superuser Password: OPSTELLA_POSTGRES_SUPERUSER_PASSWORD
PostgreSQL User Password: OPSTELLA_POSTGRES_USER_PASSWORD

$HOME/opstella-installation/shell-values/tools/postgresql.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/postgresql.vars.sh
export OPSTELLA_POSTGRES_SUPERUSER_PASSWORD="CHANGEME"
export OPSTELLA_POSTGRES_USER_PASSWORD="CHANGEME"
EOF

Redis

Redis Password: REDIS_PASSWORD

$HOME/opstella-installation/shell-values/tools/redis.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/redis.vars.sh
export REDIS_PASSWORD="CHANGEME"
EOF

Keycloak

$HOME/opstella-installation/shell-values/tools/keycloak.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/keycloak.vars.sh
export KEYCLOAK_ADMIN_PASSWORD="CHANGEME"
export KEYCLOAK_POSTGRES_SUPERUSER_PASSWORD="CHANGEME"
export KEYCLOAK_POSTGRES_USER_PASSWORD="CHANGEME"
export KEYCLOAK_REALM_ADMIN_PASSWORD="CHANGEME"
EOF

Opstella Platform

These variables include both static passwords and dynamically generated tokens (such as Vault Root Tokens and API Access tokens). Since these tokens are generated during the installation of their respective tools, you will need to replace CHANGEME with the actual token once you retrieve it.

$HOME/opstella-installation/shell-values/tools/opstella-platform.vars.sh

cat <<EOF > $HOME/opstella-installation/shell-values/tools/opstella-platform.vars.sh
export OPSTELLA_CORE_ADMIN_PASSWORD="CHANGEME"
export OPSTELLA_CORE_DATABASE_PASSWORD="CHANGEME"
export OPSTELLA_WORKER_VERSION="vX.Y.Z"

export OK8S_INTGR_POSTGRES_SUPERUSER_PASSWORD="CHANGEME"
export OK8S_INTGR_POSTGRES_USER_PASSWORD="CHANGEME"

export VAULT_ROOT_TOKEN="CHANGEME"
export DEFECTDOJO_ACCESS_TOKEN="CHANGEME"
export GITLAB_ACCESS_TOKEN="CHANGEME"
export GITLAB_CLIENT_ID="CHANGEME"
export GITLAB_CLIENT_SECRET="CHANGEME"

export K8S_DEV_API_ENDPOINT="https://CHANGEME:6443"
export K8S_DEV_API_CERT="CHANGEME"
export K8S_DEV_API_KEY="CHANGEME"

export K8S_PRD_API_ENDPOINT="https://CHANGEME:6443"
export K8S_PRD_API_CERT="CHANGEME"
export K8S_PRD_API_KEY="CHANGEME"

export K8S_DSO_API_ENDPOINT="https://CHANGEME:6443"
export K8S_DSO_API_CERT="CHANGEME"
export K8S_DSO_API_KEY="CHANGEME"
EOF

Load Environment

Load your Global Shell Variables and all Tool Variables in your shell session.

source $HOME/opstella-installation/shell-values/global.vars.sh
for file in $HOME/opstella-installation/shell-values/tools/*.vars.sh; do source "$file"; done

Finished?

Use the below navigation to proceed

Previous
Setup Working Environment Next
Prepare Access to Kubernetes Cluster(s)