WebSphereSecure custom resource

The WebSphereSecure custom resource represents an instance of WebSphere Secure that is installed into a Kubernetes namespace. The resource is created with the default configuration when the instance is created. The CR can be used later to update the configuration.

WebSphereSecure YAML structure

The WebSphereSecure definition has the following structure:
apiVersion: automation.websphere.ibm.com/v1
kind: WebSphereSecure
metadata:
  name: wsa-secure
spec:
  apis:
    image: ...
    replicas: ...
    resources:
      limits: ...
      requests: ...
  cveMonitor:
    activeDeadlineSeconds: ...
    env:
      - name: ...
        value: ...
        valueFrom: ...
    failedJobsHistoryLimit: ...
    image: ...
    resources: ...
      limits: ...
      requests: ...
    schedule: ...
    successfulJobsHistoryLimit: ...
    suspend: ...
  fileStore:
    storage:
      class: ...
      selector:
        matchExpressions: ...
        matchLabels: ...
      size: ...
  fixManager:
    env:
      - name: ...
        value: ...
        valueFrom: ...
    fixCentral:
      url: ...
      urlPriority: ...
    fixRefreshMonitorSchedule: ...
    image: ...
    maxDownloadThreads: ...
    maxQueryThreads: ...
    maxQueueDepth: ...
    replicas: ...
    resources:
      limits: ...
      requests: ...
  installationManager:
    image: ...
    replicas: ...
    resources:
      limits: ...
      requests: ...
    timeouts:
      installTimeoutMinutes: ...
      monitorScheduleRateMinutes: ...
      pendingTimeoutMinutes: ...
      prepareTimeoutMinutes: ...
  license:
    accept: ...
  pullPolicy: ...
  pullSecret: ...
  replicas: ...
  repository: ...
  serverRegistrationProcessor:
    image: ...
    replicas: ...
    resources:
      limits: ...
      requests: ...
  ui:
    image: ...
    replicas: ...
    resources:
      limits: ...
      requests: ...
    trace:
      level: ...
  usageMeteringAPIs:
    image: ...
    replicas: ...
    resources:
      limits: ...
      requests: ...
  vulnerabilityManager:
    image: ...
    replicas: ...
    resources:
      limits: ...
      requests: ...
  vulnerabilityNotifier:
    image: ...
    replicas: ...
    resources:
      limits: ...
      requests: ...
status:
  conditions: ...
  cveMonitor:
    cronJobStatus:
      active: ...
      lastScheduleTime: ...
    schedule: ...
  references:
  endpoints:
    automationUI: ...
  versions:
    reconciled: ...

WebSphereSecure details

metadata (required)
Refer to the Kubernetes API documentation for the fields of the metadata External link icon field.
spec
Defines the wanted state of WebSphereSecure.
apis
Configuration of the WebSphere Secure APIs. Optional.
image
The container image for the WebSphere Secure APIs. Defaults to the image from cp.icr.io/cp/ repository.
replicas
The number of wanted pods for the WebSphere Secure APIs. Defaults to 3. Maximum is 10.
resources
Describes the computational resource requirements. The CPU defaults to 500m with a limit of 1 core. The memory defaults to 256Mi, with a limit of 1Gi.
limits
Describes the maximum amount of compute resources allowed. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon
requests
Describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon
cveMonitor
Configuration of the CVE/PSIRT monitor. Runs every hour by default to check for new or updated security bulletins for WebSphere servers at ibm.com. Optional.
activeDeadlineSeconds
Specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it. Defaults to 3000.
env
List of environment variables to pass to the CVE/PSIRT monitor pod.
name
Name of the environment variable. Must be a C_IDENTIFIER.
value
Variable references $(VAR_NAME) are expanded by using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references are never expanded, regardless of whether the variable exists or not. Defaults to "".
valueFrom
Source for the value of the environment variable. Cannot be used if value is not empty.
configMapKeyRef
Selects a key of a ConfigMap.
fieldRef
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
resourceFieldRef
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
secretKeyRef
Selects a key of a secret in the pod's namespace.
failedJobsHistoryLimit
The number of failed finished jobs to retain. Defaults to 10.
image
The container image for the CVE/PSIRT monitor. Defaults to the image from cp.icr.io/cp/ repository.
resources
ResourceRequirements describes the computational resource requirements. The CPU defaults to 500m with a limit of 1 core. The memory defaults to 256Mi, with a limit of 512Mi.
limits
Describes the maximum amount of compute resources allowed. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon
requests
Describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon
schedule
The schedule in Cron format. Runs every hour by default.
successfulJobsHistoryLimit
The number of successful finished jobs to retain. Defaults to 3.
suspend
Suspend subsequent executions. Defaults to false. Set to true in an air gap environment to import the CVE/PSIRT information from a file shipped with the operator.
fileStore
Configuration of the file store for WebSphere Secure. Optional.
storage
Configuration of the storage for WebSphere Secure. Optional.
class
Name of the StorageClass resource. Defaults to the StorageClass resource of the cluster. The name cannot be specified or updated after WebSphere Secure is created.
selector
A label query of persistent volumes (PVs) to match when the volume for the data store is selected.
matchExpressions
A list of label selector requirements. The requirements are ANDed.
matchLabels
A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
size
Size of the storage for the data store. Defaults to 50 Gi.
fixManager
Configuration of the fix manager. Optional.
env
List of environment variables to pass to the fix manager pod.
name
Name of the environment variable. Must be a C_IDENTIFIER.
value
Variable references $(VAR_NAME) are expanded by using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string is unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, for example: $$(VAR_NAME). Escaped references are never expanded, regardless of whether the variable exists or not. Defaults to "".
valueFrom
Source for the value of the environment variable. Cannot be used if value is not empty.
configMapKeyRef
Selects a key of a ConfigMap.
fieldRef
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
resourceFieldRef
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
secretKeyRef
Selects a key of a secret in the pod's namespace.
fixCentral
Configuration of the Fix Central client. Optional.
url
Fix Central API endpoint. Defaults to https://esupport.ibm.com/connect/api/v1.
urlPriority
Defines whether the URLs that are returned by the Fix Central API for downloading files are routed to Edge or to a Content Delivery Network (CDN). Defaults to edge. Other option: cdn
fixRefreshMonitorSchedule
The fix refresh interval in hours. Defaults to 24. Minimum is 1. Maximum is 24.
image
The container image for the fix manager. Defaults to the image from cp.icr.io/cp/ repository.
maxDownloadThreads
The maximum number of download threads. Defaults to 8. Minimum is 4. Maximum is 32.
maxQueryThreads
The maximum number of query threads. Defaults to 16. Minimum is 8. Maximum is 128.
maxQueueDepth
The maximum queue depth. Defaults to 32768. Minimum is 2048. Maximum is 65536.
replicas
Number of wanted pods for the fix manager. Defaults to 3. Maximum is 10.
resources
ResourceRequirements describes the computational resource requirements. The CPU defaults to 200m with a limit of 400m. The memory defaults to 256Mi, with a limit of 512Mi.
limits
Describes the maximum amount of compute resources allowed. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon
requests
Describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon
installationManager
Configuration of the installation manager. Optional.
image
The container image for the installation manager. Defaults to the image from cp.icr.io/cp/ repository.
replicas
Number of wanted pods for the fix manager. Defaults to 3. Maximum is 10.
resources
ResourceRequirements describes the computational resource requirements. The CPU defaults to 200m with a limit of 400m. The memory defaults to 256Mi, with a limit of 512Mi.
limits
Describes the maximum amount of compute resources allowed. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon
requests
Describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon
timeouts
Configuration of timeout monitor values. Optional.
installTimeoutMinutes
Timeout period for installing installations in minutes. Defaults to 24 hours (1440 minutes).
monitorScheduleRateMinutes
Describes how often the timeout monitor runs in minutes. Defaults to 1 hour (60 minutes).
pendingTimeoutMinutes
Timeout period for pending installations in minutes. Defaults to 30 minutes.
prepareTimeoutMinutes
Timeout period for preparing installations in minutes. Defaults to 7 days (10080 minutes).
license
The license must be reviewed and accepted before WebSphere Automation can be deployed.
accept
I accept the terms of the license agreement corresponding to the applicable IBM program: IBM WebSphere Automation (WSA) or IBM Cloud Pak for Applications (CP4Apps Advanced). For WSA, read the license: https://ibm.biz/WSALicense. For CP4Apps Advanced, read the license: https://ibm.biz/WSACP4AppsAdvLicense. For more information, see Licensing for WebSphere Automation.
pullPolicy
Policy for pulling container images. Defaults to IfNotPresent.
pullSecret
Name of the Secret to use to pull images from the specified repository. It is not required if the cluster is configured with a global image pull secret.
replicas
Number of wanted pods for each WebSphere Secure component. Replicas that are specified at each component-level take precedence over this value. Defaults to 3. Maximum is 10.
repository
Repository that contains the images for the WebSphere Secure components. Defaults to cp.icr.io/cp/.
serverRegistrationProcessor
Configuration of the server registration processor. Optional.
image
The container image for the server registration processor. Defaults to the image from cp.icr.io/cp/ repository.
replicas
Number of wanted pods for the server registration processor. Defaults to 3. Maximum is 10.
resources
Describes the computational resource requirements. The CPU defaults to 200m with a limit of 400m. The memory defaults to 256Mi, with a limit of 512Mi.
limits
Describes the maximum amount of compute resources allowed. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon.
requests
Describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon.
ui
Configuration of the WebSphere Secure UI. Optional.
image
The container image for the WebSphere Secure UI. Defaults to the image from cp.icr.io/cp/ repository.
replicas
Number of wanted pods for the WebSphere Secure UI. Defaults to 3. Maximum is 10.
resources
Describes the computational resource requirements. The CPU defaults to 100m with a limit of 1 core. The memory defaults to 128Mi, with a limit of 256Mi.
limits
Describes the maximum amount of compute resources allowed. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon.
requests
Describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon.
trace
Logging specifications.
level
Trace level.
usageMeteringAPIs
Configuration of the usage metering APIs. Optional.
image
The container image for the usage metering APIs. Defaults to the image from cp.icr.io/cp/ repository.
replicas
Number of wanted pods for the usage metering APIs. Defaults to 3. Maximum is 10.
resources
Describes the computational resource requirements. The CPU defaults to 500m with a limit of 1 core. The memory defaults to 256Mi, with a limit of 1Gi.
limits
Describes the maximum amount of compute resources allowed. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon.
requests
Describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon.
vulnerabilityManager
Configuration of the vulnerability manager. Optional.
image
The container image for the vulnerability manager. Defaults to the image from cp.icr.io/cp/ repository.
replicas
Number of wanted pods for the vulnerability manager. Defaults to 3. Maximum is 10.
resources
Describes the computational resource requirements. The CPU defaults to 200m with a limit of 400m. The memory defaults to 256Mi, with a limit of 512Mi.
limits
Describes the maximum amount of compute resources allowed. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon.
requests
Describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon.
vulnerabilityNotifier
Configuration of the vulnerability notifier. Optional.
image
The container image for the vulnerability notifier. Defaults to the image from cp.icr.io/cp/ repository.
replicas:
Number of wanted pods for the vulnerability notifier. Defaults to 3. Maximum is 10.
resources
Describes the computational resource requirements. The CPU defaults to 100m with a limit of 400m. The memory defaults to 256Mi, with a limit of 512Mi.
limits
Describes the maximum amount of compute resources allowed. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon.
requests
Describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. For more information, see https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ External link icon.
status
Defines the observed state of the WebSphereSecure kind.
conditions
Describes the status of various conditions.
cveMonitor
Defines the observed state of CVE/PSIRT monitor.
cronJobStatus
Represents the current state of cron job for CVE/PSIRT monitor.
active
A list of pointers to currently running jobs.
lastScheddleTime
Information about the last time the job was successfully scheduled.
schedule
The schedule used by the cron job for CVE/PSIRT monitor.
endpoints
Information about various endpoints.
automationUI
Link to the IBM Automation UI
references
Internal information about processed resources for the WebSphereSecure kind.
versions
Information about operator and operand versions.