Workflow Process Service parameters
Workflow Process Service needs a set of values for its configuration parameters to create a Kubernetes deployment.
The following tables list the configurable parameters and their default values. Complete the custom resource YAML file for your deployment by supplying values for your environment and configuration. All properties are mandatory, unless they have a default value or are explicitly optional. Although Workflow Process Service might seem to install correctly when some parameters are omitted, this kind of configuration is not supported.
Workflow Process Service configuration parameters
The following table lists the parameters for configuring Workflow Process Service.
| Parameter name | Description | Example values |
|---|---|---|
| admin.username | The user that is entered for this parameter is configured as the administrator of Workflow Process Service. This user must be a valid user in Business Teams Service. After the first configuration of this value, it can no longer be updated. | admin |
| appVersion | The version at which the operator is reconciled. | 21.0.3 |
| authoringServer.heartbeatInterval | Heartbeat interval in seconds to connect to Workflow Process Service Authoring server. The
default value is 60. |
30 |
| authoringServer.secretName | The secret name of Workflow Process Service Authoring server that contains the username and password fields for connecting to Workflow Process Service Authoring server. If you are not connecting to the authoring server, this parameter is optional. | authoring-secret |
| authoringServer.url | The URL of Workflow Process Service Authoring server. If you are not connecting to the authoring server, this parameter is optional. | [https://authoring_server_name:port/bas/ProcessCenter] |
| capabilities.federate.enable | Option to enable Workflow Process Service to be federated by Process Federation Server. This parameter is optional. | true |
| capabilities.federate.encryption_key_secret | Name of the secret containing the encryption key used by Process Federation Server. This parameter is optional. If it is not set, the secret will be dynamically resolved. | |
| capabilities.fullTextSearch.adminGroups | Configures a list of IBM Cloud Pak Platform UI (Zen) permissions for the
administrator, adminSavedSearch, and
adminSharedSavedSearch security roles from Process Federation Server. If
capabilities.fullTextSearch.enable is set to false, you can ignore
this parameter. |
example_group |
| capabilities.fullTextSearch.enable | Option to enable or disable the full text search. By default, the option is disabled and the
value is false. |
false |
| capabilities.fullTextSearch.esSnapshotStorage.size | The storage size for persisting Elasticsearch snapshot data. The default value is
10Gi. |
10Gi |
| capabilities.fullTextSearch.esSnapshotStorage.storageClassName | StorageClass name for Elasticsearch snapshot data. The StorageClass should create the storage type of the Persistent Volumes in block mode rather than file system mode. | rook-cephfs |
| capabilities.fullTextSearch.esStorage.size | The storage size for persisting Elasticsearch data. The default value is
50Gi. |
50Gi |
| capabilities.fullTextSearch.esStorage.storageClassName | StorageClass name for Elasticsearch data. The StorageClass should create the storage type of the Persistent Volumes in block mode rather than file system mode. | rook-cephfs |
| capabilities.fullTextSearch.resources.limits | Maximum number of compute resources allowed for Elasticsearch. For more information, see Resource Management for Pods and Containers. | |
| capabilities.fullTextSearch.resources.requests | Minimum number of compute resources required for Elasticsearch. If this parameter is not set
for a container, it defaults to capabilities.fullTextSearch.resources.limits if it
is set. Otherwise, the default implementation value is used. For more information, see Resource Management for Pods and Containers. |
|
| database.external.databaseName | Database instance name. | wfpsdb |
| database.external.dbCredentialSecret | Database secret name that has the database username and password. The secret key should include the username and password. | example_secret_06 |
| database.external.dbServerCertSecret | Secret name for storing the database TLS certificate when SSL connections are enabled for the
database. This value is required only when enable_ssl is true. To
create the secret, run the command: kubectl create secret generic wfps-db-cacert-secret
--from-file=ca.crt=./cert.crt |
example_secret_07 |
| database.external.enableSSL | Parameter to enable Secure Sockets Layer (SSL) support for the database connection. The
default value is true. |
true |
| database.external.jdbcUrl | The JDBC URL if database parameters ServerName,
DatabaseName, and Port are not configured. |
jdbc:postgresql://<postgresql_server>:5432/your_database |
| database.external.port | Database port. For PostgreSQL, the default value is
5432. |
5432 |
| database.external.serverName | Database server name in the form of either a fully qualified domain name (FQDN) or an IP address. | example.postgre.com |
| database.external.type | Database type. Only PostgreSQL is supported and it is the default value. | postgresql |
| database.managed.managementState | Whether the operator should manage the EDB PostgreSQL cluster. Possible values
include Managed or Unmanaged. |
Managed |
| database.managed.replicas | Managed database pod replica count. The default value is 1. |
1 |
| database.managed.storage.size | The storage size for persisted and managed database data. The default value is
1Gi. |
1Gi |
| database.managed.storage.storageClassName | StorageClass for the EDB PostgreSQL database. If this value is
not set, the value of persistent.storageClassName is used. |
rook-cephfs |
| database.managed.resources.requests.cpu | Minimum number of compute resource CPUs required. The default value is
1. |
1 |
| database.managed.resources.requests.memory | Minimum amount of compute resource memory required. The default value is
2Gi. |
2Gi |
| database.managed.resources.limits.cpu | Maximum number of compute resource CPUs allowed. The default value is
1. |
1 |
| database.managed.resources.limits.memory | Maximum amount of compute resource memory allowed. The default value is
2Gi. |
2Gi |
| database.client.customJDBCPVC | Persistent volume claim (PVC) name which has the custom JDBC driver files stored. Use the
embedded PostgreSQL driver name if it is not set. Custom JDBC driver files are mounted at
/shared/resources/jdbc/postgresql. |
pvc-name |
| database.client.jdbcDriverFiles | This value only needs to be set if you have set customJDBCPVC. Values
include custom JDBC driver file names, separated with a space. The default value is
postgresql.jar. |
postgresql-42.2.15.jar |
| database.client.maxConnectionPoolSize | Database connect pool maximum number of physical connections. The default value is
200. |
50 |
| database.client.minConnectionPoolSize | Database connect pool minimum number of physical connections. The default value is
1. |
1 |
| deploymentLicense | License type of the Cloud Pak for Business Automation deployment. The
possible values are non-production and production. |
production |
| image.imagePullPolicy | Image pull policy. The default value is IfNotPresent. |
IfNotPresent |
| image.imagePullSecrets | Image pull secrets. | - pullSecret_01 |
| image.repository | Image repository URL. | example.repository.com/workflow/workflow-server-ps-mini |
| image.tag | Image tag. | 21.0.3-latest-amd64 |
| license.accept | License accept parameter. This value can either be true or
false. |
false |
| managementState | Indicates whether the custom resources are monitored and managed by the Workflow Process Service operator. Possible
values are Managed and Unmanaged. The default value is
Managed. |
Managed |
| node.autoScaling.enabled | If you set this value to true, pods are automatically scaled within the
specified range. The default value is false. |
false |
| node.autoScaling.minReplicas | Minimum number of pods that the Horizontal Pod Autoscaler can scale to. The default value is
1. |
1 |
| node.autoScaling.maxReplicas | Maximum number of pods that the Horizontal Pod Autoscaler can scale to. This value must be
greater than node.autoScaling.maxReplicas. The default value is
5. |
5 |
| node.autoScaling.targetAverageUtilization | Percentage threshold of average CPU usage by pods for triggering horizontal scaling. The
default value is 80. |
80 |
| node.customFilePVC | The persistent volume claim (PVC) containing custom files which is mounted at
/opt/ibm/bawfile. The AccessMode of the PVC should be
ROX or RWX. RWO is not recommended. It has an
adverse effect on high availability because all pods must be allocated to the same node. |
example-pvc-name |
| node.customize.jvmOptions | Java Virtual Machine (JVM) options, separated with a space. For example: -Dtest1=test
-Dtest2=test2. You need to update this value to restart the Workflow Process Service server pod
manually. |
-Dtest1=test -Dtest2=test2 |
| node.customize.libertyXML | Server custom plain XML snippet. The libertyXMLSecret is also used for
Workflow Server customization. You can set this configuration either in libertyXML
or libertyXMLSecret. Do not set the configuration value in both locations. When you
update this value, the Workflow Process Service server pod restarts
automatically. |
<server><!--add your configuration here. --></server> |
| node.customize.libertyXMLSecret | Server custom XML secret name. libertyXML is also used for Workflow Server
customization. You can set this configuration either in libertyXML or
libertyXMLSecret. Do not set the same configuration value in both locations. Create
a customized secret using the command: kubectl create secret generic custom-xml-secret-name
--from-file=sensitiveCustomConfig=./custom.xml. When you update this value, the Workflow Process Service server pod restarts
automatically. |
example_secret_06 |
| node.customize.lombardiXML | Server Lombardi custom XML. This contains custom configuration that usually might be in
100Custom.xml. When you add or delete this value for the first time, the Workflow Process Service server pod restarts
automatically. If this value is already set and you want to update it, you need to restart the
Workflow Process Service pod
manually. To restart the pod, run the command: oc delete pod
<cr-name>wfps-runtime-server<x>. |
<properties><!--add your configuration here.
--></properties> |
| node.customize.lombardiXMLSecret | Server Lombardi custom XML secret name. The secret contains custom configuration usually in
100Custom.xml. Create a customized secret using the following command:
kubectl create secret generic custom-lombardi-xml-secret-name
--from-file=sensitiveCustomConfig=./100Custom.xml. When you add or delete this value for
the first time, the Workflow Process Service server pod restarts
automatically. If this value is already set and you want to update it, you need to restart the
Workflow Process Service pod
manually. To restart the pod, run the command: oc delete pod
<cr-name>wfps-runtime-server<x>. |
example_secret_06 |
| node.deploymentProfileSize | Deployment profile size. The profile size should be based on your cluster requirement.
Possible values include small, medium or
large. |
small |
| node.environmentConfig.authorizationEnabledForOrgInfo | Option for enabling authorization to user management APIs. The default value is
true. |
true |
| node.environmentConfig.contentSecurityPolicyAdditionalConnectSrc | Additional hostnames for Content Security Policy connect-src. |
['https://hostname1','https://hostname2'] |
| node.environmentConfig.contentSecurityPolicyAdditionalDefaultSrc | Additional hostnames for Content Security Policy default-src. |
['https://hostname1','https://hostname2'] |
| node.environmentConfig.contentSecurityPolicyAdditionalFontSrc | Additional hostnames for Content Security Policy font-src. |
['https://hostname1','https://hostname2'] |
| node.environmentConfig.contentSecurityPolicyAdditionalFrameAncestor | Additional hostnames for Content Security Policy frame-ancestor. |
['https://hostname1','https://hostname2'] |
| node.environmentConfig.contentSecurityPolicyAdditionalFrameSrc | Additional hostnames for Content Security Policy frame-src. |
['https://hostname1','https://hostname2'] |
| node.environmentConfig.contentSecurityPolicyAdditionalImgSrc | Additional hostnames for Content Security Policy img-src. |
['https://hostname1','https://hostname2'] |
| node.environmentConfig.contentSecurityPolicyAdditionalObjectSrc | Additional hostnames for Content Security Policy object-src. |
['https://hostname1','https://hostname2'] |
| node.environmentConfig.contentSecurityPolicyAdditionalScriptSrc | Additional hostnames for Content Security Policy script-src. |
['https://hostname1','https://hostname2'] |
| node.logging.consoleFormat | Format for printing logs on the console. Possible values include dev,
simple, and json. The default value is
json. |
json |
| node.logging.consoleLogLevel | Configuration for printing logs on the console. Possible values are INFO,
AUDIT, WARNING, ERROR, and OFF.
The default value is INFO. |
INFO |
| node.logging.consoleSource | Source of the logs for printing on the console. The default value is
message,trace,accessLog,ffdc,audit. |
message,trace,accessLog,ffdc,audit |
| node.logging.enableFilebeat | Configuration to enable sending the log file to standard output, with JSON format by default.
When this value is changed, the update is dynamically reflected at the container, but causes pods to
rolling update. The default value is false. |
false |
| node.logging.filebeatOutputSecret | Secret containing the filebeat configuration. If node.logging.enableFilebeat
is set to true, you must set this value. The secret must contain the
filebeat-output.yml key. |
|
| node.logging.maxFileSize | The maximum size that a log file can reach before it is rolled. This value is measured in MB.
The default value is 50. |
50 |
| node.logging.maxFiles | Maximum number of log files that are kept before the oldest file is removed. The default
value is 10. |
10 |
| node.logging.messageFormat | Format for printing trace logs on the console. Possible values are simple
and json. The default Value is simple. |
simple |
| node.logging.traceFormat | Format for printing trace logs on the console. Possible values are
ENHANCED, BASIC and ADVANCED. The default value
is ENHANCED. |
false |
| node.logging.traceSpecification | Specification for printing trace logs. The default value is
'*=info'. |
'*=info' |
| node.replicas | Workflow Process Service
replica count. The default value is 2. |
1 |
| node.probe.livenessProbe.failureThreshold | Number of seconds to wait before the next probe. The default value is
6. |
6 |
| node.probe.livenessProbe.initialDelaySeconds | Number of seconds after the Workflow Server container
starts before the liveness probe is initiated. The default value is 5. |
5 |
| node.probe.livenessProbe.periodSeconds | Number of seconds to wait before the next probe. The default value is
10. |
10 |
| node.probe.livenessProbe.successThreshold | Number of seconds to wait before the next probe. The default value is
1. |
1 |
| node.probe.livenessProbe.timeoutSeconds | Number of seconds to wait before the next probe. The default value is
10. |
10 |
| node.probe.readinessProbeSpec.failureThreshold | Number of seconds to wait before the next probe. The default value is
6. |
6 |
| node.probe.readinessProbeSpec.initialDelaySeconds | Number of seconds after the Workflow Server container
starts before the readiness probe is initiated. The default value is 5. |
5 |
| node.probe.readinessProbeSpec.periodSeconds | Number of seconds to wait before the next probe. The default value is
5. |
5 |
| node.probe.readinessProbeSpec.timeoutSeconds | Number of seconds to wait before the next probe. The default value is
5. |
5 |
| node.probe.readinessProbeSpec.successThreshold | Number of seconds to wait before the next probe. The default value is
1. |
1 |
| node.probe.startupProbe.failureThreshold | Number of seconds to wait before the next probe. The default value is
30. |
30 |
| node.probe.startupProbe.periodSeconds | Number of seconds to wait before the next probe. The default value is
20. |
20 |
| node.probe.startupProbe.successThreshold | Number of seconds to wait before the next probe. The default value is
1. |
1 |
| node.probe.startupProbe.timeoutSeconds | Number of seconds to wait before the next probe. The default value is
10. |
10 |
| node.securityContext.runAsUser | Security configuration that applies to a container. This value must satisfy the uid-range in the namespace. | 1000740000 |
| node.resources.limits | Describes the maximum number of compute resources. For more information, see Managing Resources for Container. | |
| node.resources.requests | Describes the minimum number of computation resources required. If requests is omitted for a container, it defaults to the limits value if it is specified. If limits is not defined, it defaults to an implementation-defined value. For more information, see Managing Resources for Container. | |
| node.serverType | Server type. The possible values are Development, Test,
Staging, or Production. The default value is
Production. If you update this value, the change is dynamically reflected at the
container. |
Production |
| persistent.data.enable | Enable persisting runtime data including JMS messages. The default value is
false. |
false |
| persistent.data.size | The maximum storage capacity for the persisted object. | 1Gi |
| persistent.data.storageClassName | StorageClass for data. If this value is not set, the value of
persistent.storageClassName is used. |
rook-cephfs |
| persistent.dump.enable | Enable persisting runtime dump data. The default value is false. |
false |
| persistent.dump.size | The maximum storage capacity for the persisted object. | 1Gi |
| persistent.dump.storageClassName | StorageClass for runtime dump data. If this value is not set, the value of
persistent.storageClassName is used. |
rook-cephfs |
| persistent.storageClassName | The name of the storage class to use with creating persisted volume claim (PVC). For more information, see Storage Classes. | rook-cephfs |
| tls.serverTrustCertificateList | Server TLS trust list. You can enter a list of secrets, where every secret stores a trusted
certificate. To create a secret, run the following command: kubectl create secret generic
wfps-tls-secret --from-file=tls.crt=./cert.crt |
- example_secret_06 |
| tls.serverTrustKeyStore | Secret to store your custom trusted keystore. This parameter is optional. The type for the
keystore must be JKS or PKCS12. All certificates from the keystore are imported into the trust
keystore of the Workflow Process Service server. To create a
secret, run the following command: kubectl create secret generic
wfps_custom_trust_keystore_secret --from-file=truststorefile=./trust.jks --from-literal=type=JKS
--from-literal=password=WebAS |
example_secret_06 |
Workflow Process Service custom resource status properties
The following table lists the properties that show the installation status of the components in the custom resource instance that is used by the Workflow Process Service operator.
| Status property | Description | Possible values |
|---|---|---|
| RootCaStatus | Status of the integration with Root CA certificate | NotInstalled, NotReady, Ready, Failed |
| ResourceRegistryClusterStatus | Status of the integration with Resource Registry | NotInstalled, NotReady, Ready, Failed |
| WorkflowProcessServiceServerStatus | Status of Workflow Process Service | NotInstalled, NotReady, Ready, Failed |
| IBMAutomationFoundationStatus | Status of the integration with IBM Automation foundation | NotInstalled, NotReady, Ready, Failed |