IBM Business Automation Navigator parameters

Update the custom YAML file to provide the details that are relevant to your IBM Business Automation Navigator and your decisions for the deployment of the container.

If you plan to use logging and monitoring with your IBM Business Automation Navigator, check the lists of parameters for those components to compile the required values:
Table 1. Business Automation Navigator datasource parameters: spec.datasource_configuration.dc_icn_datasource
Parameter name Description Default/Example Values Required
dc_use_postgres

CP4BA has the capability to automatically provision an EDB Postgres instance.

If you want EDB Postgres to be created for a Navigator database, set this parameter to true.

 dc_use_postgres: true No
dc_database_type

The database type from your infrastructure. The possible values are "db2", "db2HADR", "db2rds", "db2rdsHADR", "oracle", or "postgresql". This should be the same as the GCD and object store configuration.

 dc_database_type: "db2" Yes
dc_common_icn_datasource_name

The ICN datasource name. The default value is "ECMClientDS".

 dc_common_icn_datasource_name: "ECMClientDS" No
database_servername

The server name of the database.

 database_servername: "ICNDBServerName" Yes
database_port

The database server port. For Db2®, the default is "50000". As Oracle configuration requires a JDBC URL, set the parameter to no value or comment out the parameter.

 database_port: "50000" Yes
database_name

The name of the database for ICN (Navigator). For example, "ICNDB". As Oracle configuration requires a JDBC URL, set the parameter to no value or comment out the parameter.

 database_name: "ICNDB" Yes
database_ssl_secret_name

The name of the secret that contains the Db2/Oracle/PostgreSQL SSL certificate. The secret can contain multiple certificates in a single tls.crt field.

 database_ssl_secret_name: "MySecret" Yes
dc_oracle_icn_jdbc_url

If the database type is Oracle, provide the Oracle DB connection string.

 dc_oracle_icn_jdbc_url: "jdbc:oracle:thin:@//<oracle_server>:1521/orcl" Yes

dc_hadr_validation_timeout

dc_hadr_standby_servername

dc_hadr_standby_port

dc_hadr_retry_interval_for_client_reroute

dc_hadr_max_retries_for_client_reroute
If the database type is "Db2HADR", then use the dc_hadr parameters.
  • The validation timeout. If no preference, keep the default value.
  • The name of the standby server name.
  • The standby database server port. For Db2, the default is "50000".
  • The retry interval. If no preference, keep the default value.
  • The max number of retries. If no preference, keep the default value.
  • dc_hadr_validation_timeout: 15
  • dc_hadr_standby_servername: "ICNDBStandby"
  • dc_hadr_standby_port: "50000"
  • dc_hadr_retry_interval_for_client_reroute: 15
  • dc_hadr_max_retries_for_client_reroute: 3
 Yes
Table 2. Business Automation Navigator configuration parameters: spec.navigator_configuration
Parameter name Description Default/Example Values Required
ban_secret_name

Contains the information about the LDAP usernames and password, database usernames and passwords, LTPA password, and keystore password for components. For more information, see Creating secrets to protect sensitive Navigator configuration data.

If FIPS is enabled, the keystore password must be more than 16 characters long.

 ibm-ban-secret No
route_ingress_annotations If needed, use to create a custom annotation. An example of an Ingress route: - haproxy.router.openshift.io/balance: roundrobin No
ban_ext_tls_secret_name Optional: Use an existing certificate for automatic creation of OpenShift® routes. Set this key if you have an external TLS certificate. Leave this empty if you don't have an external TLS certificate and the operator generates one for you. None No
ban_auth_ca_secret_name Optional. The Certificate Authority (CA) used to sign the external TLS secret for automatic creation of OpenShift routes. Set this key if you have a CA to sign the external TLS certificate. Leave this parameter empty if you don't have the CA of your external TLS certificate. None No
audit_logging.enabled Enable or disable audit logging for BAN. false No
audit_logging.audit_log_dir_size The audit log directory size. ​The value must be in the format of <number><unit>. The valid units are Ki, Mi, Gi, Ti, Pi, and Ei. The directory is mounted as an ephemeral storage volume in the BAN pods. '150Mi' No
audit_logging. rolling_max_files The number of audit log files to keep. Increasing this value, increases the number of audit log files kept. You might need to increase the audit_log_dir_size if you increase this value. 5 No
audit_logging.rolling_max_size The maximum size of each audit log file. ​The value must be in the format of <number><unit>. The valid units are: Ki, Mi, Gi, Ti, Pi, Ei. You might need to increase the audit_log_dir_size if you increase this value. '10Mi' No
audit_logging.events The types of events to log. Valid values include: configuration, authentication, and authorization. all No
audit_logging.configs The types of configs to log. Valid values include: desktop, repository, settings, sync, plugin, viewer, menus, labels, themes, icons, system. all No
arch.amd64 The architecture of the cluster. This value is the default for Linux® on x86. Do not change it. "3 - Most preferred" No

node_affinity.custom_node_selector_match_expression

node_affinity.deploy_arch

 Specify the node selector term match expression list to manage node affinity. 
- key: kubernetes.io/hostname
  operator: In
  values:
    - worker0
    - worker1
    - worker3
deploy_arch:
    - amd64
    - s390x
    - ppc64le
 No
replica_count The number of IBM Business Automation Navigator replicas to deploy. The default is 1 replica. For high availability in a production environment, 2 or more replicas are recommended. 2 No
image.repository Specifies the image to be used. The image default repository, IBM® Entitled Registry, that corresponds to the image registry, which is where the image is pulled. cp.icr.io/cp/cp4a/ban/navigator No
image.tag The image tag that corresponds to the image registry. ga-309-icn No
image.pull_policy This pull policy overrides the image pull policy in the shared_configuration. IfNotPresent No
log.format The format for workload logging. json No
resources.requests.cpu Specifies a CPU request for the container. 500m No
resources.requests.memory Specify a memory request for the container. 512Mi No
resources.limits.cpu Specify a CPU limit for the container. 1 No
resources.limits.memory Specify a memory limit for the container. 3072Mi No
resources.requests.ephemeral_storage Specifies an ephemeral storage request for the container. 1 Gi No
resources.limits.ephemeral_storage Specifies an ephemeral storage limit for the container. 2.5 Gi No
auto_scaling.enabled Specify whether to enable auto scaling. false No
auto_scaling.max_replicas The upper limit for the number of pods that can be set by the autoscaler. The maximum allowed is 3. 3 No
auto_scaling.min_replicas The lower limit for the number of pods is 1. If it is not specified or negative, the server will apply a default value of 1. 2 No
auto_scaling.target_cpu_utilization_percentage The target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it is not specified or negative, a default autoscaling policy is used. 80 No
java_mail.host Specify the host of the mail session. "fncm-exchange1.ibm.com" No
java_mail.port Specify the port to use with the mail session host. 25 No
java_mail.sender For sender, enter a user that has access to the email server to log on. "MailAdmin@fncmexchange.com" No
java_mail.ssl_enabled Specify whether SSL is enabled. false No
security_context.supplemental_groups supplemental_groups is an array of group IDs that are defined for the pod. Multiple group IDs are comma-separated. An example:

supplemental_groups: [1000620001,1000620002]

   No
security_context.selinux_options Enter an array of key value pairs to assign SELinux labels to a container. An example:
selinux_options:
  level: "s0:c123,c456"
  type: "spc_t"
   No
icn_production_setting.time_zone The time zone for the container deployment. Etc/UTC No
icn_production_setting.gdfontpath

Customized font path for multi-language support. After you include it in the CR, log in to the OCP portal and switch to target project and copy the default fonts under /opt/ibm/java/jre/lib/fonts and custom fonts to ICN container.

 /opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides/fonts No
icn_production_setting.jvm_initial_heap_percentage The initial use of available memory. 40 No
icn_production_setting.jvm_max_heap_percentage The maximum percentage of available memory to use. 66 No
icn_production_setting.jvm_customize_options Optionally specify JVM arguments using comma separation. For example:
jvm_customize_options="-Dmy.test.jvm.arg1=123,-Dmy.test.jvm.arg2=abc,-XX:+SomeJVMSettings,XshowSettings:vm"

If needed, you can use DELIM to change the character that is used to separate multiple JVM arguments. In this example, a semi-colon is used to separate the JVM arguments:

jvm_customize_options="DELIM=;-Dcom.filenet.authentication.wsi.AutoDetectAuthToken=true;-Dcom.filenet.authentication.providers=ExShareUmsInternal,ExShareIbmId,ExShareGID"

If you want to configure the SSO logout URL on ROKS, you can set the JVM arguments to any URL that you want to set.

jvm_customize_options="-Dsettings.navigator.default=ssoLogOutURL=https://any-url-that-you-want-to-set"
 No
icn_production_setting.icn_jndids_name Name for the Navigator JNDI datasource. ECMClientDS No
icn_production_setting.icn_schema Schema for IBM Business Automation Navigator. If you plan to use Task Manager with Business Automation Navigator, this value must be ICNDB. ICNDB No
icn_production_setting.icn_table_space Table space for IBM Business Automation Navigator. ICNDB No
icn_production_setting.allow_remote_plugins_via_http It is recommended not to change this setting. false No
icn_production_setting.copy_files_to_war You can enable and use this setting to add files to the Navigator WAR file. This might be needed for a customization, such as a workflow step processor. custom-dir/navigator_war_filesources.xml No
icn_production_setting.custom_configmap.name The name of the custom configmap. custom-navigator-config-files Yes
icn_production_setting.custom_configmap.volume_path The location you want to hold files in.   No
icn_production_setting.custom_configmap.is_env Specify whether the config map holds environment variables. false No
monitor_enabled Specify whether to use the built-in monitoring capability. false No
logging_enabled Specify whether to use the built-in logging capability. false No
datavolume.existing_pvc_for_icn_cfgstore.name The persistent volume claim for IBM Business Automation Navigator configuration. "icn-cfgstore" Yes if you want to use existing PVC
datavolume.existing_pvc_for_icn_cfgstore.size The persistent volume claim size for IBM Business Automation Navigator configuration. 1Gi No
datavolume.existing_pvc_for_icn_logstore.name The persistent volume claim for IBM Business Automation Navigator logs. "icn-logstore" Yes if you want to use existing PVC
datavolume.existing_pvc_for_icn_logstore.size The persistent volume claim size for IBM Business Automation Navigator logs. 1Gi No
datavolume.existing_pvc_for_icn_pluginstore.name The persistent volume claim for the plug-ins. "icn-pluginstore" Yes if you want to use existing PVC
datavolume.existing_pvc_for_icn_pluginstore.size The persistent volume claim size for the plug-ins. 1Gi No
datavolume.existing_pvc_for_icnvw_cachestore.name The persistent volume claim for the viewer cache. "icn-vw-cachestore" Yes if you want to use existing PVC
datavolume.existing_pvc_for_icnvw_cachestore.size The persistent volume claim size for the viewer cache. 1Gi No
datavolume.existing_pvc_for_icnvw_logstore.name The persistent volume claim for the viewer log. "icn-vw-logstore" Yes if you want to use existing PVC
datavolume.existing_pvc_for_icnvw_logstore.size The persistent volume claim size for the viewer log. 1Gi No
datavolume.existing_pvc_for_icn_aspera.name The persistent volume claim for Aspera®. "icn-asperastore" Yes if you want to use existing PVC
datavolume.existing_pvc_for_icn_aspera.size The persistent volume claim size for Aspera. 1Gi No
probe.readiness.period_seconds The period of the readiness probe. 5 No
probe.readiness.timeout_seconds The timeout of the readiness probe. 10 No
probe.readiness.failure_threshold The failure threshold of the readiness probe. 6 No
probe.liveness.period_seconds The period of the liveness probe. 5 No
probe.liveness.timeout_seconds The timeout of the liveness probe. 5 No
probe.liveness.failure_threshold The failure threshold of the liveness probe. 6 No
probe.startup.initial_delay_seconds The behavior of startup probes to know when the container is started. 120 No
probe.startup.period_seconds The period in seconds. 10 No
probe.startup.timeout_seconds The timeout setting in seconds. 10 No
probe.startup.failure_threshold The threshold number for failures. 6 No
image_pull_secrets.name The secrets to be able to pull images. Use this parameter if you want to override the image_pull_secrets setting in the shared_configuration. "admin.registrykey" No
zen_performance.proxy_connect_timeout

Timeout for establishing a connection with a proxy server. For more information, see Tuning NGINX for Performance External link opens a new window or tab.

 300 No
zen_performance.proxy_send_timeout

Timeout for transmitting a request to the proxy server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the proxy server does not receive anything within this time, the connection is closed. For more information, see Tuning NGINX for Performance External link opens a new window or tab.

 300 No
zen_performance.proxy_read_timeout

Timeout for reading a response from the proxy server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the proxy server does not transmit anything within this time, the connection is closed. For more information, see Tuning NGINX for Performance External link opens a new window or tab.

 300 No