IBM Business Automation Workflow Runtime and Workstream Services parameters

Shared configuration parameters

See Shared configuration parameters. The pattern configuration parameters, LDAP configuration parameters, and all mandatory shared configuration parameters (including sc_deployment_baw_license) are required.

Resource Registry configuration parameters

For Resource Registry parameters, see the Resource Registry table in Application Engine parameters.

Business Automation Navigator configuration parameters

See IBM Business Automation Navigator parameters.

FileNet Content Manager configuration parameters

See IBM FileNet Content Manager parameters.

Business Automation Insights configuration parameters

See IBM Business Automation Insights parameters.

Application Engine configuration parameters

See Application Engine parameters.

Business Automation Workflow configuration parameters

Provide the details that are relevant to your Business Automation Workflow environment and your decisions for the deployment of the container.

The following tables list the parameters for configuring Business Automation Workflow:

• Workflow Services configuration parameters
• Java Message Service (JMS) configuration parameters
• BPM event emitter configuration parameters
• Case event emitter configuration parameters
• Machine Learning Server configuration parameters
  • Intelligent Task Prioritization configuration parameters
  • Workforce Insights configuration parameters

Workflow Server configuration parameters

You can deploy multiple instances of Workflow Server and assign different configurations for each instance. For each instance, baw_configuration.name and baw_configuration.name.hostname must have different values. Keep the instance name as short as possible to avoid running into line length problems.

The following table lists the parameters for configuring Workflow Server. The Required column shows the parameters that are required.

Table 1. Workflow Server configuration parameters: spec.baw_configuration[x]

Parameter name	Description	Example values	Required
name	Name of the instance. The name for each item in the array must be different. The name can consist of lowercase alphanumeric characters or '-', and must start and end with an alphanumeric character. Keep the instance name short. The default value is instance1.	instance1	Yes
host_federated_portal	For Workflow only: Whether the Business Automation Workflow instance hosts federated Process Portal and integrates with Intelligent Task Prioritization. The host_federated_portal is valid only if IBM Process Federation Server is configured. Only one Business Automation Workflow Runtime server connected to the Process Federation Server can host federated Process Portal. The default value is false.	false	No
federated_portal.content_security_policy_additional_origins	For Workflow only: Content security policy has additional origins for federating Business Automation Workflow traditional systems. For example, ["https://on-prem-baw1","https://on-prem-baw2"].	[]	No
process_federation_server.hostname	Hostname of Process Federation Server.	cpd-baw-cpfs.apps.x700.cp.fyre.ibm.com	Yes
process_federation_server.port	Port of Process Federation Server. The default value is 443.	443	No
process_federation_server.context_root_prefix	Context root prefix of Process Federation Server.	/pfs	Yes
service_type	Workflow Server service type. The default value is Route.	Route	No
port	Workflow Server port. The default value is 443.	443	No
nodeport	Workflow Server node port. The default value is 30026.	30026	No
env_type	Workflow Server environment type. The default value is Production.	Production, Staging, Test, Development	No
capabilities	Workflow Server capability. Valid values are workflow, workstreams, and workflow,workstreams.	workflow	Yes
replicas	Workflow Server replica count. The default value is 1.	1	No
admin_user	Designate an existing LDAP user to be given Workflow Server admin rights.		Yes
admin_secret_name	The name of Workflow Server admin secret. This secret name is optional. If the secret name is null, a default secret named <name>-<instance_name>-baw-admin-secret is generated, where <name> is the name of the custom resource that is used to generate the deployment environment.	<name>-<instance-name>-baw-admin-secret	No
monitor_enabled	Whether to use the built-in monitoring capability. The default value is false.	false	No
full_text_search.enable	Whether to enable the data collector and data indexer function. You must also add opensearch in shared_configuration.sc_optional_components and specify the elasticsearch.endpoint. The default value is false.	false	No
elasticsearch.endpoint	Endpoint of external Elasticsearch or OpenSearch, such as https://<external_es_host>:<external_es_port>. This parameter is required if you want to use external Elasticsearch or OpenSearch for the data collector and data index function.		No
elasticsearch.admin_secret_name	The external Elasticsearch or OpenSearch administrative secret that contains the username and password keys. If your instance does not have basic authentication, leave this parameter empty.		No
customized_portal_endpoint	For Workflow only: Required if you implemented your own portal. For example, https://portal.mycompany.com.	false	No
external_connection_timeout	External connection timeout. The default value is 60s.	60s	No
tls.tls_secret_name	Workflow Server TLS secret that contains the tls.key and tls.crt keys. If you want to use a customized Workflow Server TLS certificate, ensure that it is signed by the CA in shared_configuration.root_ca_secret and that each instance has a different value. If you do not want to use a customized certificate, leave it empty, and the operator creates one automatically.	<cr_name>-<instance_name>-baw-tls-secret	No
tls.tls_trust_list	Workflow Server TLS trust list.		No
tls.tls_trust_store	Secret to store your custom trusted keystore (optional). The type for the keystore must be JKS or PKCS12. All certificates from the keystore are imported into the trust keystore of the Workflow server. You cannot use this parameter when FIPS mode is enabled. External sourced trust stores are also not supported. You might run the following sample command to create the secret: kubectl create secret generic baw_custom_trust_keystore_secret --from-file=truststorefile=./trust.jks --from-literal=type=JKS --from-literal=password=WebAS		No
image.repository	Workflow Server (Process Server) image repository URL. By default, the path points to the URL and location in the IBM® Entitled Registry. The default value is <path>/workflow-server where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value.	<path>/workflow-server	No
image.tag	Image tag for Workflow Server container. If you want to use a specific image version, you can override the default tag or digest.	25.0.0	No
image.pullPolicy	Pull policy for Workflow Server container. The default value is IfNotPresent.	IfNotPresent, Always	No
seccomp_profile.type	The type of seccomp profile to be used by the pods. You can also define the seccomp profile globally at shared_configuration.sc_seccomp_profile. Supported values are: Unconfined, RuntimeDefault, and Localhost. For more information about seccomp profile, see Restrict a Container's Syscalls with seccomp . The default value is RuntimeDefault on OpenShift® Container Platform 4.11 and later. On other platforms, the default value is empty.	Localhost	No
seccomp_profile.localhost_profile	The local path of the seccomp profile file. This parameter is required if seccomp_profile.type is set to Localhost. The value of seccomp_profile.localhost_profile is ignored if seccomp_profile.type is set to anything other than Localhost.	profiles/audit.json	Only if seccomp_profile.type is set to Localhost.
kafka_services.enable	Option to enable or disable the Kafka services. By default, kafka_services.enable is disabled and its value is false. When the Kafka component is configured in shared_configuration.sc_optional_components, the value of kafka_services.enable is true. For more information about Kafka services, see Creating a Kafka service.	false	No
upgrade_job.repository	Workflow Server database handling image repository URL. The default value is <path>/workflow-server-dbhandling where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value.	<path>/workflow-server-dbhandling	No
upgrade_job.tag	Workflow Server database handling image repository tag. If you want to use a specific image version, you can override the default tag or digest.	25.0.0	No
upgrade_job.pullPolicy	Pull policy for database handling. The default value is IfNotPresent.	IfNotPresent, Always	No
upgrade_job.trace_specification	Trace specification for the Workflow Server database handling job. The default value is *=info.	*=info:WLE.wle=fine:com.ibm.workflow.*=finest	No
bas_auto_import_job.repository	Workflow Server Business Automation Studio toolkit init image repository URL. The default value is <path>/toolkit_installer where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value.	<path>/toolkit_installer	No
bas_auto_import_job.tag	Workflow Server Business Automation Studio toolkit init image repository tag. If you want to use a specific image version, you can override the default tag or digest.	25.0.0	No
bas_auto_import_job.pullPolicy	Pull policy for Business Automation Studio toolkit init image.		No
database.dc_use_postgres	Set this parameter to true, if you want PostgreSQL database to be created for a Business Automation Workflow database. If you set the value of database.dc_use_postgres to true, make sure that database.enable_ssl is also set to true and database.db_cert_secret_name, database.server_name, database.database_name, database.port, and database.secret_name are left empty because the operator automatically sets the values of these parameters with the values of the EDB Postgres instance.	false	No
database.enable_ssl	Whether to enable Secure Sockets Layer (SSL) support for the Workflow Server database connection. The default value is false.	false	No
database.db_cert_secret_name	Secret name for storing the database TLS certificate when an SSL connection is enabled.		Yes
database.type	Workflow Server database type. A "db2", "db2HADR", "db2rds", "db2rdsHADR", "oracle", "postgresql", or "sqlserver" database is supported. The default value is "db2".	db2	Yes
database.server_name	Workflow Server database server name. It must be an accessible address, such as an IP, hostname, or Kubernetes service name.		Yes
database.database_name	Workflow Server database name.		Yes, but not required by Oracle
database.port	Workflow Server database port.	For Db2, the default is 50000. For Oracle, the default is 1521.	Yes
database.secret_name	Workflow Server database secret name.		Yes
database.current_schema	Workflow Server database schema name. If it is not set, the schema name is the same as the database username. Only Db2 and PostgreSQL support this parameter. For Db2, the schema name is case-sensitive, and must be specified in uppercase characters.		No
database.jdbc_url	Oracle and PostgreSQL database connection string. This parameter is not required for PostgreSQL if you enter server_name, database_name, and port.	For Oracle: jdbc:oracle:thin:@//<oracle_server>:1521/orcl For PostgreSQL: jdbc:postgresql://<postgresql_server>:5432/<your_database>	Yes
database.use_custom_jdbc_drivers	Whether to use custom JDBC drivers. Set to true if you are using Oracle, PostgreSQL, or a special Db2 driver. The default value is false.	false	No
database.custom_jdbc_pvc	Name of the persistent volume claim (PVC) that binds to the persistent volume (PV) where the custom JDBC driver files are stored.		Yes
database.jdbc_driver_files	The set of JDBC driver files. The default value is: db2jcc4.jar db2jcc_license_cisuz.jar db2jcc_license_cu.jar	db2jcc4.jar db2jcc_license_cisuz.jar db2jcc_license_cu.jar	No
database.cm_max_pool_size	Workflow server database connect pool maximum number of physical connections. The default value is 200.	200	No
database.dbcheck.wait_time	The maximum wait time (in seconds) to check the database initialization status. The default value is 900.	900	No
database.dbcheck.interval_time	The interval time (in seconds) to check that the database initialization status before thedatabase is ready and bootstrapped with system data. The default value is 15.	15	No
database.hadr.standbydb_host	Database standby host for high availability disaster recovery (HADR). To enable database HADR, configure both standby host and port.		No
database.hadr.standbydb_port	Database standby port for HADR. To enable database HADR, configure both standby host and port.		No
database.hadr.retryinterval	Retry interval for HADR.		No
database.hadr.maxretries	Maximum retries for HADR.		No
workflow_center.url	For Workflow only: The URL of Workflow Center.		No
workflow_center.secret_name	For Workflow only: The secret name of Workflow Center that contains the username and password.		No
workflow_center.heartbeat_interval	For Workflow only: Heartbeat interval (seconds) to connect to Workflow Center. The default value is 30.	30	No
workflow_center.webpd_url	For Workflow only: URL that is used by Workflow Center to link to the web Process Designer. For example, https://hostname:port/WebPD.		No
appengine.hostname	Hostname of Application Engine. The value must be the same as application_engine_configuration[x].hostname.		No
appengine.admin_secret_name	Secret name of Application Engine. The value must be the same as application_engine_configuration[x].admin_secret_name.		No
content_integration.init_job_image.repository	Image name for content integration container. By default, the path points to the URL and location in the IBM Entitled Registry. The default value is <path>/iaws-ps-content-integration where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value.	<path>/iaws-ps-content-integration	No
content_integration.init_job_image.tag	Image tag for content integration container. If you want to use a specific image version, you can override the default tag or digest.	25.0.0	No
content_integration.init_job_image.pull_policy	Pull policy for content integration container. The default value is IfNotPresent.	IfNotPresent, Always	No
content_integration.domain_name	Domain name for content integration. The value must be the same as initialize_configuration.ic_domain_creation.domain_name. The default value is P8DOMAIN.	P8DOMAIN	No
content_integration.object_store_name	Object Store name for content integration.		No
content_integration.cpe_admin_secret	Admin secret for connecting to the Content Platform Engine (CPE). This parameter is optional. If not set, it will autodetect Content Platform Engine's admin secret in the same namespace.		No
case.init_job_image.repository	For Workflow only: Image name for CASE init job container. By default, the path points to the URL and location in the IBM Entitled Registry. The default value is <path>/workflow-server-case-initialization where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value.	<path>/workflow-server-case-initialization	No
case.init_job_image.tag	For Workflow only: Image tag for CASE init job container. If you want to use a specific image version, you can override the default tag or digest.	25.0.0	No
case.init_job_image.pull_policy	For Workflow only: Pull policy for CASE init job container. The default value is IfNotPresent.	IfNotPresent, Always	No
case.domain_name	For Workflow only: Domain name for CASE. The value must be the same as initialize_configuration.ic_domain_creation.domain_name. The default value is P8DOMAIN.	P8DOMAIN	No
case.object_store_name_dos	For Workflow only: Design Object Store name of CASE. The value must be the same as the oc_cpe_obj_store_symb_name value of one of the object stores defined in initialize_configuration.ic_obj_store_creation.object_stores. The default value is DOS.	DOS	No
case.tos_list	For Workflow only: The tos_list is a list of Target Object Stores.		No
case.tos_list.object_store_name	For Workflow only: Target Object Store name of CASE. For each Target Object Store, the object_store_name value must be the same as the oc_cpe_obj_store_symb_name value of one of the object stores defined in initialize_configuration.ic_obj_store_creation.object_stores.		Yes
case.tos_list.connection_point_name_tos	For Workflow only: Connection point name for Target Object Store. See initialize_configuration.ic_obj_store_creation.object_stores[x].oc_cpe_obj_store_workflow_pe_conn_point_name. If oc_cpe_obj_store_workflow_pe_conn_point_name is not specified explicitly, the default value is pe_conn_<TOS_OS_DB_NAME>. For example, pe_conn_BAWINS1TOS.	cpe_conn_tos	Required if the Target Object Store does not exist in initialize_configuration.ic_obj_store_creation.object_stores.
case.tos_list.desktop_id	For Workflow only: Navigator desktop name for Target Object Store. The default value is baw. There is no default value for other target object stores.	BAWINS1TOS	No
case.tos_list.target_environment_name	For Workflow only: Name of the target environment or project area to register with the case components and associate with an IBM Content Navigator desktop. The default value of case.tos_list.target_environment_name for the default target object store is target_env. The default value of case.tos_list.target_environment_name for other target object stores is the object store name.	target_env	No
case.tos_list.is_default	For Workflow only: Whether to use the Target Object Store as the default Target Object Store. If none of the Target Object Stores is set as default, the first one in the tos_list is set as the default Target Object Store.	false	No
case.network_shared_directory_pvc	For Workflow only: Persistent volume claim (PVC) name for case network shared directory. If navigator_configuration.datavolume.existing_pvc_for_icn_pluginstore is not specified explicitly, the default value is icn-pluginstore. See IBM Business Automation Navigator parameters.	icn_pluginstore	No
case.custom_package_names	For Workflow only: Custom package names for installing custom packages, where the value format is similar to package1.zip, package2.zip.		No
case.custom_extension_names	For Workflow only: Custom extension names for installing custom packages, where the value format is similar to extension1.zip, extension2.zip.		No
case.cpe_metadata_cache_time_to_live	For Workflow only: Number of seconds before a newly added or modified asset will take effect in the Case Client. The value must be an integer. A default value is used at run time if this parameter is not set.	100	No
case.jvm_customize_options	For Workflow only: JVM options for the case init job, separated with spaces. For example, -Dtest1=test -Dtest2=test2.		No
resources.limits.cpu	CPU limit for Workflow Server. The default value is 2.	2	No
resources.limits.memory	Memory limit for Workflow Server. The default value is 2096Mi.	2096Mi	No
resources.requests.cpu	Requested amount of CPU for Workflow Server. The default value is 500m.	500m	No
resources.requests.memory	Requested amount of memory for Workflow Server. The default value is 1048Mi.	1048Mi	No
probe.ws.liveness_probe.initial_delay_seconds	Number of seconds after the Workflow Server container starts before the liveness probe is initiated. The default value is 360.	360	No
probe.ws.liveness_probe.period_seconds	Number of seconds to wait before the next probe. The default value is 10.	10	No
probe.ws.liveness_probe.timeout_seconds	Number of seconds after which the probe times out. The default value is 10.	10	No
probe.ws.liveness_probe.failure_threshold	When a probe fails, number of times that Kubernetes tries before it gives up and restarts the container. The default value is 3.	3	No
probe.ws.liveness_probe.success_threshold	Minimum consecutive successes for the probe to be considered successful after it failed. The default value is 1.	1	No
probe.ws.readinessProbe.initial_delay_seconds	Number of seconds after the Workflow Server container starts before the readiness probe is initiated. The default value is 360.	360	No
probe.ws.readiness_probe.period_seconds	Number of seconds to wait before the next probe. The default value is 5.	5	No
probe.ws.readiness_probe.timeout_seconds	Number of seconds after which the probe times out. The default value is 5.	5	No
probe.ws.readiness_probe.failure_threshold	When a probe fails, number of times that Kubernetes tries before it marks the pod as unready. The default value is 6.	6	No
probe.ws.readiness_probe.success_threshold	Minimum consecutive successes for the probe to be considered successful after it failed. The default value is 1.	1	No
probe.ws.startup_probe.period_seconds	Number of seconds to wait before the next probe. The default value is 10.	10	No
probe.ws.startup_probe.timeout_seconds	Number of seconds after which the probe times out. The default value is 10.	10	No
probe.ws.startup_probe.failure_threshold	When a probe fails, number of times that Kubernetes tries before it marks the pod as unready. The default value is 20.	20	No
probe.ws.startup_probe.success_threshold	Minimum consecutive successes for the probe to be considered successful after it failed. The default value is 1.	1	No
logs.console_format	Format for printing logs on the console. The default value is json.	json	No
logs.console_log_level	Log level for printing logs on the console. The default value is INFO.	INFO	No
logs.console_source	Source of the logs for printing on the console. The default values are message, trace, accessLog, ffdc, audit.	message, trace, accessLog, ffdc, audit	No
logs.message_format	Required format for the messages.log file. The default value is SIMPLE.	SIMPLE, JSON	No
logs.trace_format	Format of the trace log. The default value is ENHANCED.	BASIC, ADVANCED, ENHANCED	No
logs.trace_specification	Specification for printing trace logs. The default value is *=info|.	*=info|	No
logs.max_files	Maximum number of log files that are kept before the oldest file is removed. The default value is 10.	10	No
logs.max_filesize	Maximum size (in MB) that a log file can reach before it is rolled. The default value is 50.	50	No
audit_log.enable	Whether to enable the audit log for Process Admin Console. The default value is false. Note: If you enable audit_log, you cannot enable audit_logging. Only one of the parameters, audit_log.enable or audit_logging.enabled, can be set to true at a time.	false	No
audit_log.pvc_name	Persistent volume claim (PVC) for audit logs. If it is not specified, audit logs are stored in the log PVC.		No
audit_log.pvc_size	Size of the persistent volume (PV) that is mounted as the audit log store. The default value is 2Gi.	2Gi	No
audit_log.file_name	Audit log file name. The default value is bawaudit.log.	bawaudit.log	No
audit_log.rollover_size	Maximum size (in MB) that the log file can reach before it is closed and a new one is created. The default value is 100.	100	No
audit_log.verbose	Whether to enable verbose mode. The default value is true. true.	true	No
audit_log.max_historical_files	Maximum number of historical files that are kept. The default value is 5.	5	No
audit_logging.enabled	Whether to enable the Audit Logging service. The default value is true. This overrides the sc_audit_logging.enabled of the CP4BACluster CR. Note: If you enable audit_logging, you cannot enable audit_log. Only one of the parameters, audit_logging.enabled or audit_log.enable, can be set to true at a time.	true
audit_logging.log_dir_size	The maximum size of the audit log directory. The default value is 150Mi.	150Mi
audit_logging.rolling_max_files	The maximum number of rolling files for audit log. The default value is 5.	5
audit_logging.rolling_max_size	The maximum size of one audit log file. The default value is 20Mi.	20Mi
storage.use_dynamic_provisioning	Set to true to use dynamic storage provisioning. If set to false, you must set existing_pvc_for_logstore and existing_pvc_for_dumpstore. The default value is true.	true	No
storage.existing_pvc_for_logstore	Persistent volume claim (PVC) for logs.		No
storage.size_for_logstore	Minimum size of the persistent volume (PV) that is mounted as the log store. The default value is 1Gi.	1Gi	No
storage.existing_pvc_for_dumpstore	PVC for dump files.		No
storage.size_for_dumpstore	Minimum size of the PV that is mounted as the dump store. The default value is 5Gi.	5Gi	No
storage.existing_pvc_for_filestore	PVC for files. This includes temporary files that are created by the SQL integration facility. See Invoking SQL Integration service flows.		No
storage.size_for_filestore	Minimum size of the PV that is mounted as the file store. The default value is 1Gi.	1Gi	No
autoscaling.enabled	Whether to enable automatically scaling the number of pods. The default value is false.	false	No
autoscaling.max_replicas	Upper limit for the number of pods that can be set by the autoscaler. If it is not specified or negative, the server uses the default value. The default value is 3.	3	No
autoscaling.min_replicas	Lower limit for the number of pods that can be set by the autoscaler. If it is not specified or negative, the server uses the default value. The default value is 2.	2	No
autoscaling.target_cpu_utilization_percentage	Target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it is not specified or negative, the default is used. The default value is 80.	80	No
environment_config.timezone	Timezone of the Workflow server. The default value is Etc/UTC.	Etc/UTC	No
environment_config.show_task_prioritization_service_toggle	For Workflow only: Whether to show the Intelligent Task Prioritization service toggle button in the web user interface to allow the user to enable or disable this service. This parameter is valid only for the first Workflow instance. The default value is false. Note: The Intelligent Task Prioritization service is available only on x86 operating systems. For Linux® on IBM Z® or Linux on Power® (ppc64le) systems, the value of this parameter must be false.	false	No
environment_config.always_run_task_prioritization_service	For Workflow only: Whether to display the Intelligent Task Prioritization service toggle button. If this parameter is set to true, the previous parameter is ignored. This parameter is valid only for the first Workflow instance. The default value is false. Note: The Intelligent Task Prioritization service is available only on x86 operating systems. For Linux on IBM Z or Linux on Power (ppc64le) systems, the value of this parameter must be false.	false	No
environment_config.csrf.origin_allowlist	Security-hardening property that protects against Cross-Site Request Forgery (CSRF) attacks. Specify the values that are acceptable in the origin header field of an incoming request. The value of this property must be a comma-separated list of prefixes.	https://example.com, http://example2.com:8080	No
environment_config.csrf.referer_allowlist	Security-hardening property that protects against CSRF attacks. Specify the values that are acceptable in the referer header field of an incoming request. The value of this property must be a comma-separated list of fully qualified host names.	example1.com, example2.com	No
environment_config.csrf.user_agent_keyword_allow_list_for_old_restapi_csrf_check	Comma-separated list of user agents. For the REST API requests with the path pattern /rest/bpm/wle/v1/* that is sent by the agents in the list, the server will not validate the XSRF-TOKEN cookie. The value of this property must be a comma-separated list, for example, agentkeyworkd1, agentkeyworkd2.	java,wink client,httpclient,curl,jersey,httpurlconnection	No
environment_config.csrf.check_xsrf_for_old_restapi	Whether to validate the XSRF-TOKEN cookie against incoming REST API requests (POST/PUT/DELETE) with the path pattern /rest/bpm/wle/v1/*. The default value is true.	true	No
environment_config.content_security_policy_additional_default_src	Content security policy additional directive for default-src. It accepts array list inputs as shown in the example.	["https://hostname1", "https://hostname2"]	No
environment_config.content_security_policy_additional_script_src	Content security policy additional directive for script-src. It accepts array list inputs as shown in the example.	["https://hostname1", "https://hostname2"]	No
environment_config.content_security_policy_additional_frame_src	Content security policy additional directive for frame-src. It accepts array list inputs as shown in the example.	["https://hostname1", "https://hostname2"]	No
environment_config.content_security_policy_additional_object_src	Content security policy additional directive for object-src. It accepts array list inputs as shown in the example.	["https://hostname1", "https://hostname2"]	No
environment_config.content_security_policy_additional_connect_src	Content security policy additional directive for connect-src. It accepts array list inputs as shown in the example.	["https://hostname1", "https://hostname2"]	No
environment_config.content_security_policy_additional_frame_ancestor	Content security policy additional directive for frame-ancestor. It accepts array list inputs as shown in the example.	["https://hostname1", "https://hostname2"]	No
environment_config.content_security_policy_additional_img_src	Content security policy additional directive for img-src. It accepts array list inputs as shown in the example.	["https://hostname1", "https://hostname2"]	No
environment_config.content_security_policy_additional_font_src	Content security policy additional directive for font-src. It accepts array list inputs as shown in the example.	["https://hostname1", "https://hostname2"]	No
federation_config.workflow_server.index_number_of_shards	Number of primary shards of the Elasticsearch index used to store Workflow server data. The default value is 3.	3	No
federation_config.workflow_server.index_number_of_replicas	Number of shard replicas of the Elasticsearch index used to store Workflow server data. The default value is 1.	1	No
federation_config.case_manager[x].object_store_name	For Workflow only: Case Manager object store name. The default value is TOS.	TOS	No
federation_config.case_manager[x].index_number_of_shards	For Workflow only: Number of primary shards of the Elasticsearch index used to store Case Manager object store data. The default value is 3.	3	No
federation_config.case_manager[x].index_number_of_replicas	For Workflow only: Number of shard replicas of the Elasticsearch index used to store Case Manager object store data. The default value is 1.	1	No
jvm_customize_options	JVM options separated with spaces. For example, -Dtest1=test -Dtest2=test2.		No
liberty_custom_xml	Workflow Server custom plain XML snippet. The custom_xml_secret_name is also used for Workflow Server customization. Put your configuration values either in liberty_custom_xml or custom_xml_secret_name. Do not set the configuration value in both places.		No
custom_xml_secret_name	Workflow Server custom XML secret name. The liberty_custom_xml is also used for Workflow Server customization. Put your configuration values either in liberty_custom_xml or custom_xml_secret_name. Do not set the same configuration value in both places.		No
lombardi_custom_xml_secret_name	Workflow Server Lombardi custom XML secret name.		No
node_affinity.deploy_arch	Values in this field are used as kubernetes.io/arch selector values. The valid values are amd64, s390x, and ppc64le.		No
node_affinity.custom_node_selector_match_expression	Added in node selector match expressions. It accepts array list inputs. You can assign multiple selector match expressions except (kubernetes.io/arch).	- key: kubernetes.io/hostname operator: In values: - worker0 - worker1 - worker3	No
custom_annotations	Values in this field are used as annotations in all generated pods. They must be valid annotation key-value pairs.	customAnnotationKey: customAnnotationValue	No
custom_labels	Values in this field are used as labels in all generated pods. They must be valid label key-value pairs.	customLabelKey: customLabelValue	No
security_context.selinux_options	Key value pair to assign SELinux labels to a container.	selinux_options: type: "spc_t"	No
security_context.fs_groupchangepolicy	Defines behavior for changing ownership and permission of the volume before being exposed inside a Pod. Possible values : Always OnRootMismatch	fs_groupchangepolicy:"OnRootMismatch"	No
zen_performance.keepalive	Number of idle keepalive connections to an upstream server that remain open for each worker process. This parameter is optional. The default value is 512.	512	No
zen_performance.keepalive_timeout	How long an idle keepalive connection remains open. This parameter is optional. The default value is 30s.	30s	No
zen_performance.keepalive_requests	The number of requests a client can make over a single keepalive connection. This parameter is optional. The default value is 500.	500	No
zen_performance.proxy_buffer_size	Size of the buffer used to read the first part of the response received from the proxied server. This parameter is optional. The default value is 256k.	256k	No
zen_performance.proxy_buffers	Number and size of the buffers that are used for reading a response from the proxied server, for a single connection. This parameter is optional. The default value is 8 512k.	8 512k	No
zen_performance.proxy_busy_buffers_size	When buffering of responses from the proxied server is enabled, this parameter limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read. This parameter is optional. The default value is 512k.	512k	No
zen_performance.proxy_connect_timeout	Timeout for establishing a connection with a proxied server. This parameter is optional. The default value is 300s.	300s	No
zen_performance.proxy_send_timeout	Timeout for transmitting a request to the proxied server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the proxied server does not receive anything within this time, the connection is closed. This parameter is optional. The default value is 300s.	300s	No
zen_performance.proxy_read_timeout	Timeout for reading a response from the proxied server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the proxied server does not transmit anything within this time, the connection is closed. This parameter is optional. The default value is 300s.	300s	No

Java Message Service (JMS) configuration parameters

The following table lists the parameters for configuring JMS. All parameters are optional.

BPM event emitter configuration parameters

The following table lists the parameters for configuring BPM event emitter. All parameters are optional.

Table 3. BPM event emitter configuration parameters: spec.baw_configuration[x]

Parameter name	Description	Example values	Required
business_event.enable	Whether to enable event monitoring for Dynamic Event Framework events for the Workflow Services container. If Business Automation Insights and the Machine Learning Server parameters are configured, this parameter must be set to true. The default value is false.	false	No
business_event.enable_task_api	Whether to record additional task information in generated events. If Business Automation Insights and the Machine Learning Server parameters are configured, this parameter must be set to true. This parameter is equivalent to the enable_task_api_def parameter. See BPMN summary event formats. The default value is false.	false	No
business_event.enable_task_record	Whether to enable the task record in generated events. This optional parameter is equivalent to the task-record-enabled parameter. See BPMN summary event formats. The default value is true.	true	No
business_event.subscription	List of the subscription configurations. Each subscription attribute is listed in the rest of this table. [{'app_name': '*','version': '*','component_type': '*','component_name': '*','element_type': '*','element_name': '*','nature': '*'}] See Event point key and filter .		No
business_event.subscription[x].app_name	Name of the source application that has events to monitor. The default value is *, which means all applications are monitored.		No
business_event.subscription[x].component_name	Name of the component to monitor. The default value is *, which means all components are monitored.		No
business_event.subscription[x].component_type	Type of the component to monitor. The default value is *, which means all component types are monitored.		No
business_event.subscription[x].element_name	Name of the element to monitor. The default value is *, which means all elements are monitored.		No
business_event.subscription[x].element_type	Type of element to monitor. BPMN types include PROCESS, ACTIVITY, EVENT, and GATEWAY. The default value is *, which means all element types are monitored.		No
business_event.subscription[x].nature	Status of the event to monitor. Elements can send events of various statuses. The BPMN status types include STARTED, COMPLETED, TERMINATED, DELETED, FAILED, CAUGHT, THROWN, EXPECTED, ACTIVE, READY, RESOURCE_ASSIGNED, ACTIVE, LOOP_CONDITION_TRUE, LOOP_CONDITION_FALSE, and MULTIPLE_INSTANCES_STARTED. The default value is *, which means all status types are monitored.		No
business_event.subscription[x].version	Version of the source application that has events to monitor. The default value is *, which means all versions are monitored.		No

  baw_configuration:
    - name: instance1
      business_event:
	#The main switch 
        enable: true
	#Performance tuning switches. You must set these to true so the task-related events can be monitored.
        enable_task_api: true
        enable_task_record: true
	#Subscription related settings
        subscription:
        - app_name: '*'
          component_name: '*'
          component_type: '*'
          element_name: '*'
          element_type: '*'
          nature: '*'
          version: '*'

Case event emitter configuration parameters

The following table lists the parameters for configuring Case event emitter. By default, the Case event emitter is not enabled. If you enable it, the case.event_emitter.logical_unique_id parameter is required. Otherwise, all parameters are optional.

event_emitter:
  date_sql: 20200630T002840Z
  logical_unique_id: bawinst1
  solution_list: SampleSolution1,SampleSolution2

Case History emitter configuration parameters

The following table lists the parameters for configuring Case history emitter.

case_history_emitter:
        enable: true
        case_history_store_schema_name: CHSCHEMA
        dc_common_cpe_datasource_name: CASEHISTORYDS

Machine Learning Server configuration parameters

Intelligent Task Prioritization configuration parameters

bai_configuration:
    bpmn:
      install: true

amd64

- key: kubernetes.io/hostname
  operator: In
  values:
    - worker0
    - worker1
    - worker3

# ┌───────────── minute (0 - 59)
# │ ┌───────────── hour (0 - 23)
# │ │ ┌───────────── day of month (1 - 31)
# │ │ │ ┌───────────── month (1 - 12)
# │ │ │ │ ┌───────────── day of week (0 - 6) (Sunday to Saturday)
# │ │ │ │ │                                       
# │ │ │ │ │
# │ │ │ │ │
# * * * * * 

*/30 * * * * 

* 3 * * *

Workforce Insights configuration parameters

bai_configuration:
    bpmn:
      install: true
      force_elasticsearch_timeseries: true

- key: kubernetes.io/hostname
  operator: In
  values:
    - worker0
    - worker1
    - worker3