External Share parameters
Update the custom YAML file to provide the details that are relevant to your External Share configuration and your decisions for the deployment of the container. Parameters marked with (External users) are in the LDAP section of the custom YAML file, and apply only for environments that are using the 2-LDAP method for supporting External Share.
| Parameters | Description | Default or Example Values | Required |
|---|---|---|---|
| arch.amd64 | The architecture for your environment. This is the default for Linux on x86 and should not be changed. | 3 - Most preferred | Yes, leave default |
| replica_count | How many replicas or pods to deploy. | 2 | No |
| image.repository | The image repository that corresponds to the image registry, where the image is pulled. The default repository is the IBM Entitled Registry. | cp.icr.io/cp/cp4a/fncm/extshare | No |
| image.tag | The tag that corresponds to the image registry, where the image is pulled. | ga-30x-es | No |
| image.pull_policy | Specify your pull policy. If specified, this value overrides the image pull policy in the shared_configuration. | IfNotPresent | No |
| resources.requests.cpu | Specifies a CPU request for the container. | 500m | No |
| resources.requests.memory | Specify a memory request for the container. | 512Mi | No |
| resources.requests.cpu | Specify a CPU limit for the container. | 1 | No |
| resources.limits.memory | Specify a memory limit for the container. | 1536Mi | No |
| auto_scaling.enabledenabled | Specify whether to enable auto scaling. | false | No |
| auto_scaling.max_replicas | The upper limit for the number of pods that can be set by the autoscaler. Required. | 3 | No |
| auto_scaling.min_replicas | The lower limit for the number of pods that can be set by the autoscaler. If it is not specified or negative, the server will apply a default value. | 2 | No |
| auto_scaling.target_cpu_utilization_percentage | The target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it is not specified or negative, a default autoscaling policy is used. | 80 | No |
| es_production_setting.time_zone | The time zone for the container deployment. | Etc/UTC | No |
| es_production_setting.jvm_initial_heap_percentage | The initial use of available memory. | 40 | No |
| es_production_setting.jvm_max_heap_percentage | The maximum percentage of available memory to use. | 66 | No |
| es_production_setting.jvm_customize_options | Optionally specify JVM arguments using comma separation. For example: jvm_customize_options="-Dmy.test.jvm.arg1=123,-Dmy.test.jvm.arg2=abc,-XX:+SomeJVMSettings,XshowSettings:vm" If needed, you can use DELIM to change the character that is used to separate multiple JVM arguments. In this example, a semi-colon is used to separate the JVM arguments: jvm_customize_options="DELIM=;-Dcom.filenet.authentication.wsi.AutoDetectAuthToken=true;-Dcom.filenet.authentication.providers=ExShareUmsInternal,ExShareIbmId,ExShareGID" |
None | No |
| es_production_setting.license_model | Choose the licensing model. Required. The expected values are ICF.PVUNonProd, ICF.PVUProd, ICF.UVU, ICF.CU, FNCM.PVUNonProd, FNCM.PVUProd, FNCM.UVU, or FNCM.CU. |
FNCM.PVUNonProd |
No |
| es_production_setting.license | The value must be set to accept to deploy. | accept | Yes |
| es_production_setting.allowed_origins | Add a comma-delimited list of URLs that are allowed to access a share. | None | No |
| monitor_enabled | Specify whether to use the built-in monitoring capability. | false | No |
| logging_enabled | Specify whether to use the built-in logging capability. | false | No |
| collectd_enable_plugin_write_graphite | If you use Graphite database for metrics or use IBM Cloud® monitoring, set to true. | false | No |
| data_volume.existing _pvc_for_es_cfgstore | The persistent volume claim for External Share configuration. | es-cfgstore | No |
| data_volume.existing _pvc_for_es_logstore | The persistent volume claim for External Share logs. | es-logstore | No |
| probe.readiness initial_delay_seconds period_seconds timeout_seconds failure_threshold |
The behavior of readiness probes to know when the containers are ready to start accepting traffic. |
180 10 10 6 |
No |
| probe.liveness initial_delay_seconds period_seconds timeout_seconds failure_threshold |
The behavior of liveness probes to know when to restart a container. |
600 10 5 6 |
No |
| image_pull_secrets.name | The secrets to be able to pull images. | admin.registrykey | No |
External LDAP settings
If you want to use a second directory server for your external users, you uncomment and add the values for this second LDAP to the LDAP section of the custom resource YAML.
| Parameters | Description | Default or Example Values | Required |
|---|---|---|---|
| lc_selected_ldap_type: | The type of the directory service provider you are using for your container environment. Choices are IBM Security Directory Server or Microsoft Active Directory | IBM Security Directory Server | Yes |
| lc_ldap_server | The host name for the LDAP server that you are using for the environment. | <hostname> | Yes |
| lc_ldap_port | The port number for the LDAP server that you are using. | "<port>" | Yes |
| lc_bind_secret | ldap-bind-secret | No | |
| c_ldap_base_dn | The base distinguished name (DN) of an LDAP user who is allowed to search the LDAP directory if the LDAP server does not allow anonymous access. | dc=hqpsidcdom,dc=com | |
| lc_ldap_ssl_enabled | Specify whether SSL is enabled. | false | Yes |
| lc_ldap_ssl_secret_name | Provide the name of the SSL secret that you created. | Yes | |
| lc_ldap_user_name_attribute | Provide the format of the user name. | *:cn | Yes |
| lc_ldap_user_display_name_attr | Provide the format of the display name. | cn | No |
| lc_ldap_group_base_dn | The base DN subtree that is used when searching for group entries on the LDAP server. | dc=hqpsidcdom,dc=com | Yes |
| lc_ldap_group_name_attribute | Provide the format of the group name. | *:cn | Yes |
| lc_ldap_group_display_name_attr | Provide the format of the group display name. | cn | No |
| lc_ldap_group_membership_search_filter | Filter for finding entries in the LDAP base DN (groups) subtree that match the group name. |
(|(&(objectclass=groupofnames)
(member={0})) (&(objectclass=groupofuniquenames) (uniquemember={0}))) |
Yes |
| lc_ldap_group_member_id_map | The group id is a filter that is used to determine the group name. | groupofnames:member | Yes |
| lc_ldap_max_search_results | Maximum number of search results to return. | 4500 | |
| lc_ad_gc_host | Active Directory host. | <hostname> | Yes |
| lc_ad_gc_port | Active Directory port. | "<port>" | Yes |
| lc_user_filter | Active Directory user filter. | (&(cn=%v)(objectclass=person)) | No |
| lc_group_filter | Active Directory group filter. |
(&(cn=%v)
(|(objectclass=groupofnames) (objectclass=groupofuniquenames) (objectclass=groupofurls))) |
No |
| lc_user_filter | IBM® Security user filter | (&(cn=%v)(objectclass=person)) | No |
| lc_group_filter | IBM Security group filter. |
(&(cn=%v)
(|(objectclass=groupofnames) (objectclass=groupofuniquenames) (objectclass=groupofurls))) |
No |