Document Service Configuration Properties
Sterling B2B Integrator integration with Document Service is configured using the properties in the values.yaml file for Document Service sub-charts.
You must create Kubernetes secrets for secret-key/access-key. If you are using custom keystore/truststore, then kubernetes secret is required for the keystore/truststore files.
Document Services Properties for Sterling B2B Integrator Integration
| Parameter | Default value | Description |
|---|---|---|
| documentService.enabled | true | Enable integration with Document Service. |
| documentService.useGrpc | true | Using gRPC connection with Document Service. |
| documentService.readBufferSize | 32768 | Read buffer size for Document Service. Note: The buffer limit can be set to a maximum value of 1048576 (1 MB).
|
| documentService.keepAliveGrpc | 300 | Keep-alive time for gRPC connections in Document Service (in seconds). |
| documentService.grpcPoolSize | 150 | Size of the gRPC connection pool for Document Service. |
| documentService.connectionPoolConfig.maxTotalConnections | 250 | Maximum total connections allowed for the Document Service connection pool. Used for REST endpoint. |
| documentService.connectionPoolConfig.maxConnectionsPerRoute | 100 | Maximum connections per route in Document Service connection pool. Used for REST endpoint. |
| documentService.connectionPoolConfig.connectTimeout | 10000 | Connection timeout for Document Service connection pool (in milliseconds). Used for REST endpoint. |
| documentService.connectionPoolConfig.readTimeout | 60000 | Read timeout for Document Service connection pool (in milliseconds). Used for REST endpoint. |
| documentService.connectionPoolConfig.idleTimeout | 60000 | Idle timeout for connections in Document Service connection pool (in milliseconds). Used for REST endpoint. |
| documentService.connectionPoolConfig.idleMonitorThread | true | Thread interval to monitor idle connections in Document Service connection pool. Used for REST endpoint. |
| documentService.connectionPoolConfig.waitTimeout | 30000 | Maximum time to wait for a connection from the pool in Document Service connection pool (in milliseconds). Used for REST endpoint. |
| documentService.connectionPoolConfig.keepAlive | 300000 | Keep-alive time for connections in Document Service connection pool (in milliseconds). Used for REST endpoint. |
| documentService.connectionPoolConfig.retryCount | 2 | Number of retry attempts for failed connections in Document Service connection pool. Used for REST endpoint. |
| documentService.connectionPoolConfig.disableContentCompression | true | Disables content compression in Document Service connection pool. Used for REST endpoint. |
Document Service Properties for Partial Configuration
| Parameter | Default value | Description |
|---|---|---|
| documentService.license | false | Document Service license agreement. |
| documentService.replicaCount | 1 | Number of replicas for the Document Service. |
| documentService.image.repository | Document Service image repository. | |
| documentService.image.pullPolicy | Document Service Image pull policy. | |
| documentService.image.tag | Document Service image tag. | |
| documentService.digest | Document Service image digest. | |
| documentService.image.pullSecret | Secret used to pull image from repositories. | |
| documentService.serviceAccount.name | default | Use existing service account name. |
| documentService.application.server.ssl.enabled | true | Enabling client SSL on Document Service. |
| documentService.application.server.ssl.tlsSecretName |
TLS secret name for communication between Sterling B2B Integrator and Document Service. For more information, see Requirements for Document Service |
|
| documentService.application.server.ssl.trustStoreSecretName |
Trust store secret name for communication between Sterling B2B Integrator and Document Service.
Note: Sterling B2B Integrator certificate will be part of the truststore. If Sterling B2B Integrator is using auto generated certificates, then the value for the parameter can be empty.
For more information, see Requirements for Document Service |
|
| documentService.application.server.ssl.clientAuth | want | Specify client authentication is required by the application server for SSL/TLS connections. |
| documentService.application.logging.level | ERROR | Control the verbosity and detail of log messages generated by the application. |
| documentService.objecstore.name | Name of the object store. | |
| documentService.objecstore.endpoint | Endpoint of the cloud provider. | |
| documentService.objecstore.namespace | Interact with objects specifically within the namespace (bucket). | |
| documentService.objecstore.region | Specify the region corresponding to the Object Store. | |
| documentService.objecstore.secretName | Holds the Access key and Secret key required to connect to the Object Store account. For more information, see Requirements for Document Service. |
|
| documentService.objecstore.useKeysFromSecrets | false | Flag determines if the Object Store authentication is based on the objectstore.secretName or other methods such as IAM roles or environment variables. |
Document Service Properties for Manual Configuration
| Parameter | Default value | Description |
|---|---|---|
| license | false | Document Service license agreement. |
| replicaCount | 1 | Number of replicas for the Document Service. |
| image.repository | cp.icr.io/cp/ibm-b2bi/b2bi-documentservice | Document Service image repository. |
| image.pullPolicy | IfNotPresent | Document Service Image pull policy. |
| image.tag | 1.0.0.0 | Document Service image tag. |
| image.digest | Document Service image digest. | |
| image.pullSecret | Secret used for pulling image from repositories. | |
| arch.amd64 | 2 - No Preference | Specify weight to be used for scheduling for architecture amd64 . |
| arch.ppc64le | 2 - No Preference | Specify weight to be used for scheduling for architecture ppc64le. |
| arch.s390x | 2 - No Preference | Specify weight to be used for scheduling for architecture s390x. |
| serviceAccount.name | default | User wishes to use own/already created service account. |
| persistence.enabled | true | Enable storage access to persistent volumes. |
| persistence.useDynamicProvisioning | false | Enable dynamic provisioning of persistent volumes. |
| appLogsPVC.enabled | false | Enable the app logging on shared volumes. |
| appLogsPVC.storageClassName | Logs persistent volume storage class name. | |
| appLogsPVC.selector.label | intent | Logs persistent volume selector label. |
| appLogsPVC.selector.value | logs | Logs persistent volume selector value. For more information, see Requirements for Document Service. |
| appLogsPVC.accessMode | ReadWriteMany | Logs persistent volume access mode. |
| appLogsPVC.size | 500 Mi | Logs persistent volume storage size. |
| extraPVCs | Extra volume claims shared across all deployments. | |
| logs.enableAppLogOnConsole | true | Enable application logs redirection to pod console. |
| security.supplementalGroups | [65534] | Supplemental group id to access the persistent volume. |
| security.fsGroup | File system group id to access the persistent volume. | |
| security.runAsUser | The User ID that needs to be run as by all containers. | |
| security.runAsGroup | The Group ID that needs to be run as by all containers. | |
| livenessProbe.initialDelaySeconds | 30 | Liveness probe initial delay (in seconds). |
| livenessProbe.timeoutSeconds | 5 | Liveness probe timeout (in seconds). |
| livenessProbe.periodSeconds | 60 | Liveness probe interval (in seconds). |
| readinessProbe.initialDelaySeconds | 30 | Readiness Probe initial delay (in seconds). |
| readinessProbe.timeoutSeconds | 5 | Readiness Probe timeout (in seconds). |
| readinessProbe.periodSeconds | 60 | Readiness Probe interval (in seconds). |
| service.type | ClusterIP | Service type. |
| service.externalport | 443 | Service external port. |
| service.externalGrpcPort | 8044 | External gRPC for this service. |
| ingress.enabled | false | Ingress enabled. |
| ingress.hosts | document-svc.local | Host to route requests based on. |
| ingress.annotations | nil | Meta data to drive ingress class used, etc. |
| ingress.tls.secretName | nil | TLS secret to secure channel from client/host. |
| ingress.controller |
nginx
|
Ingress controller. |
| ingress.labels | {} | Additional labels for ingress/routes resource. |
| affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution | k8s PodSpec.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution. Refer section "Affinity". | |
| affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution | k8s PodSpec.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution. Refer section "Affinity". | |
| affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution | k8s PodSpec.podAffinity.requiredDuringSchedulingIgnoredDuringExecution. Refer section "Affinity". | |
| affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution | k8s PodSpec.podAffinity.preferredDuringSchedulingIgnoredDuringExecution. Refer section "Affinity". | |
| affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution | k8s PodSpec.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution. Refer section "Affinity". | |
| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution | k8s PodSpec.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution. Refer section "Affinity". | |
| topologySpreadConstraints | Topology spread constraints to control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains. | |
| tolerations | Toleration to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints. | |
| autoscaling.enabled |
For Sterling B2B Integrator v6200 - false |
Enable autoscaling. |
| autoscaling.minReplicas | 1 | Minimum replicas for autoscaling. |
| autoscaling.maxReplicas | 10 | Maximum replicas for autoscaling. |
| autoscaling.targetCPUUtilizationPercentage | 80 | Target CPU utilization. |
| env.tz | UTC | Time zone for application runtime. |
| env.extraEnvs | Provide extra global environment variables. | |
| resources.requests.memory | 1000m | Memory resource requests. |
| resources.requests.cpu | 4Gi | CPU resource requests. |
| resources.requests.ephemeral-storage | 2Gi | Using ephemeral-storage. |
| resources.limits.memory | 2000m | Memory resource limits. |
| resources.limits.cpu | 8Gi | CPU resource limits. |
| resources.limits.ephemeral-storage | 4Gi | Requested ephemeral-storage. |
| application.server.port | 8043 | Specify the desired port number for document microservice application server. |
| application.server.grpcport | 8044 | Specify the desired port number for document microservice application gRPC service. |
| application.server.jetty.acceptors | 10 | Specifies the number of acceptor threads that Jetty should use. |
| application.server.jetty.maxHttpPostSize | 0 | Specifies the maximum allowed size for an HTTP POST request body that can be processed by the Jetty server. |
| application.server.jetty.selectors | 10 | Specifies the number of selector threads that Jetty should use. |
| application.server.ssl.enabled | true | Use SSL/TLS protocols to secure the communication between b2bi and the document microservice. |
| application.server.ssl.tlsSecretName | The application server can access the required certificate and private key information from the secret. | |
| application.server.ssl.trustStoreType | PKCS12 | Specify the type of trust store being used. |
| application.server.ssl.trustStoreSecretName | Specify the name of the secret that holds the trust store file associated with the application server. | |
| application.server.ssl.clientAuth | want | Specify client authentication is required by the application server for SSL/TLS connections. |
| application.server.ssl.ciphers | For the list of default ciphers, see Default Ciphers Supported in Document Service. | Cipher suites that the server is willing to use during SSL/TLS negotiation. Note:
|
| application.logging.level | ERROR | Control the verbosity and detail of log messages generated by the application. |
| application.logging.rolloverSize | 10MB | Specify this threshold size for log file rotation. |
| application.logging.numberOfFiles | 20 | Specify this maximum number of log files to retain. |
| application.spring.servlet.multipartMaxRequestSize | 10MB | Specify limit the size of the request payload. |
| application.spring.servlet.multipartMaxFileSize | 1MB | Specify the maximum allowed size for an individual file within a multipart/form-data request. |
| application.jvmOptions | Value containing one or more JVM options, separated by spaces. | |
| objectstore.name | Name of the object store. | |
| objectstore.endpoint | Endpoint of the cloud provider. | |
| objectstore.port | Port number which is using by cloud provider connection. | |
| objectstore.namespace | Interact with objects specifically within that namespace. | |
| objectstore.region | Specify the region that corresponds to object store. | |
| objectstore.accountName | Account name associated with the object store. | |
| objectstore.secretName | Holds the Access key and Secret key required to connect to the object store account. | |
| objectstore.filePrefix | doc | Specify a prefix or extension to be appended to the file name when uploading or storing objects. |
| objectstore.fileSuffix | files | Specify a suffix or extension to be appended to the file name when uploading or storing objects. |
| objectstore.filePartSize | 104857600 | Specify the size of these individual parts during file upload or download operations in an object store. |
| objectstore.partBufferSize | 10240 | Specify size of the buffer used for uploading or downloading parts of an object in an object store. |
| objectstore.serverSideEncryption | false | Indicates whether server-side encryption is enabled for an object store. |
| objectstore.useKeysFromSecrets | false | Flag determines if the Object Store authentication is based on the objectstore.secretName or other methods such as IAM roles or environment variables. |
| objectstore.sslEnabled | true | Indicates that SSL or TLS encryption is enabled for communication with the object store. |
| objectstore.proxyRequired | false | Specify whether a proxy server is necessary for accessing the object store. |
| objectstore.proxyHost | Specify the hostname or IP address of the proxy server to be used when accessing an object store. | |
| objectstore.proxyPort | 0 | Specify the port number to be used for connecting to a proxy server when accessing an object store. |
| objectstore.proxyCredentialRequired | false | Specify whether credentials are necessary to authenticate with the proxy server. |
| objectstore.proxyUsername | Specify username associated with the proxy server for authentication purposes. | |
| objectstore.proxyPasswordSecretName | Specify password associated with the proxy server for authentication purposes. | |
| objectstore.poolSizeTransferMgr | 150 | Specify the maximum number of concurrent transfers allowed in the transfer manager. |
| objectstore.connectionTimeout | 600 | Specify the maximum time allowed for establishing a connection with an object store. |
| objectstore.readTimeout | 600 | Specify the maximum time allowed for reading data from an object store. |
| objectstore.threadPoolType | fixed | Specify type executor service thread pool to be used for gRPC. |
| objectstore.poolSizeGrpc | 150 | Specify the number of threads in the thread pool used by the gRPC. |
| objectstore.bufferSizeGrpc | 65536 | Specify size of the buffer used for data transfer by the gRPC. |
Default Ciphers Supported in Document Service
The following is the list of default ciphers for the parameter application.server.ssl.ciphers that the server uses during SSL/TLS communication:
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384,
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256,
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256,
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256,
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,
SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384,
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256,
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384,
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA,
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_DHE_RSA_WITH_AES_256_CBC_SHA,
SSL_DHE_DSS_WITH_AES_256_CBC_SHA,
SSL_DHE_RSA_WITH_AES_128_CBC_SHA,
SSL_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA,
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_AES_256_GCM_SHA384,
SSL_RSA_WITH_AES_128_GCM_SHA2562,
SSL_RSA_WITH_AES_256_CBC_SHA256,
SSL_RSA_WITH_AES_128_CBC_SHA256,
SSL_RSA_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_AES_128_CBC_SHA,
TLS_AES_128_GCM_SHA256,
TLS_AES_256_GCM_SHA384,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV