IBM B2BI/SFG and Global Mailbox integrated values.yaml File
You can refer the default values.yaml file to define your own custom
values.yaml file for specifying required values and overriding default
configurations while installing the Sterling B2B Integrator application using
Certified Container.
The following section provides sample values.yaml file:
Sample values.yaml file for integrated IBM B2BI/SFG and Global Mailbox
# (C) Copyright 2019-2021 Syncsort Incorporated. All rights reserved.
# Default values for b2bi.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
image:
repository: "cp.icr.io/cp/ibm-b2bi/b2bi"
# Provide the tag value in double quotes
tag: "6.2.0.0"
# If digest is specified, it takes precedence over tag
digest:
pullPolicy: IfNotPresent
pullSecret: ""
networkPolicies:
ingress:
enabled: true
customPolicies:
#- name:
# fromSelectors:
# - namespaceSelector:
# matchLabels:
# name: my-source-namespace
# podSelector:
# matchLabels:
# app.kubernetes.io/name: my-consumer-pod
# - podSelector:
# matchLabels:
# role: frontend
# - ipBlock:
# cidr: <IP Address>/<block size>
# except:
# - <IP Address>/<block size>
# ports:
# - protocol: TCP
# port: 8443
# endPort: 8450
egress:
enabled: true
customPolicies:
#- name:
# toSelectors:
# - namespaceSelector:
# matchLabels:
# name: my-source-namespace
# podSelector:
# matchLabels:
# app.kubernetes.io/name: my-consumer-pod
# - podSelector:
# matchLabels:
# role: frontend
# - ipBlock:
# cidr: <IP Address>/<block size>
# except:
# - <IP Address>/<block size>
# ports:
# - protocol: TCP
# port: 8443
# endPort: 8450
# Specify architecture (amd64, ppc64le, s390x) and weight to be used for scheduling as follows :
# # 0 - Do not use
# # 1 - Least preferred
# # 2 - No Preference
# # 3 - Most preferred
arch:
amd64: "3 - Most preferred"
ppc64le: "2 - No Preference"
s390x: "2 - No Preference"
serviceAccount:
name: default
resourcesInit:
enabled: false
image:
repository:
name:
tag:
digest:
pullPolicy: "IfNotPresent"
command:
persistence:
enabled: true
useDynamicProvisioning: false
appResourcesPVC:
enabled: true
name: resources
storageClassName: ""
selector:
label: "intent"
value: "resources"
accessMode: ReadOnlyMany
size: 100Mi
appLogsPVC:
name: logs
storageClassName: ""
selector:
label: "intent"
value: "logs"
accessMode: ReadWriteMany
size: 500Mi
appDocumentsPVC:
enabled: false
name: documents
storageClassName: ""
selector:
label: "intent"
value: "documents"
accessMode: ReadWriteMany
size: 500Mi
extraPVCs: []
#- name:
# storageClassName:
# selector:
# label:
# value:
# accessMode:
# size:
# mountPath:
security:
supplementalGroups: [65534]
fsGroup:
runAsUser:
runAsGroup:
ingress:
enabled: true
controller: "nginx"
annotations: {}
port:
dataSetup:
enabled: true
upgrade: false
image:
repository: "cp.icr.io/cp/ibm-b2bi/b2bi-dbsetup"
# Provide the tag value in double quotes
tag: "6.2.0.0"
pullPolicy: IfNotPresent
pullSecret: ""
env:
tz: "UTC"
license: "accept"
upgradeCompatibilityVerified: false
debugMode: false
extraEnvs: []
#- name: FOO
# valueFrom:
# secretKeyRef:
# name: secret-name
# key: FOO
#- name: BAR
# valueFrom:
# configMapKeyRef:
# name: configmap-name
# key: BAR
#- name: FOOBAR
# value: foobar
logs:
# true if user wish to redirect the application logs to console else false. If provided value is true , then application logs will reside inside containers. No volume mapping will be used.
enableAppLogOnConsole: true
# In standalone kubernetes environment, if PodSecurityPolicy is enabled and no default PSPs are present then change the value below to true.
applyPolicyToKubeSystem: false
integrations:
seasIntegration:
isEnabled: false
seasVersion: "1.0"
documentService:
readBufferSize: 32768
enabled: false
ssl:
type: two-way
shouldVerifyHostname: false
keyStoreType: PKCS12
keyStoreSecretName:
trustStoreType: PKCS12
trustStoreSecretName:
protocolVersion: TLSv1.2
connect:
host:
port:
#setup.cfg configuration starts here. Property names must follow camelCase format.
setupCfg:
#Upgrade
#upgrade: false
basePort: 50000
#License - specify values as true/false
licenseAcceptEnableSfg: true
licenseAcceptEnableEbics: true
licenseAcceptEnableFinancialServices: true
licenseAcceptEnableFileOperation: true
# Name of system passphrase secret if available
systemPassphraseSecret: b2b-system-passphrase-secret
#FIPS compliance mode. specify values as true/false
enableFipsMode: false
# NIST 800-131a compliance mode. Please enter one of these values - strict/transition/"off"
nistComplianceMode: "off"
# Provide the DB attributes
dbVendor: DB2
dbHost: <DB IP>
dbPort: 50000
dbData: mydbdata
dbDrivers: db2jcc4.jar
dbCreateSchema: true
oracleUseServiceName: false
# Values can be either true or false
usessl: false
# Name of DB secret
dbSecret: b2b-db-secret
# Specify DB truststore file name including it's path relative to the mounted resources volume location, if applicable. Required when usessl is true.
# When dbTruststoreSecret is mentioned, provide the name of the key holding the certificate data.
dbTruststore:
# Name of the DB truststore secret containing the certificate, if applicable
dbTruststoreSecret:
# Specify DB keystore file name including it's path relative to the mounted resources volume location, if applicable
# When dbKeystoreSecret is mentioned, provide the name of the key holding the certificate data.
dbKeystore:
# Name of the DB keystore secret containing the certificate, if applicable
dbKeystoreSecret:
#Provide the admin email address
adminEmailAddress: test@syncsort.com
# Provide the SMTP host details
smtpHost: localhost
#Provide the soft stop timeout. Only numeric value is accepted.
softStopTimeout: 30
#WMQ
#JMS properties are optional if jmsVendor is empty
#To use IBMMQ for communication between ASI & AC, change property to jmsVendor: IBMMQ
# and provide other connection details
jmsVendor:
# Provide the name of connection factory class.
jmsConnectionFactory:
jmsConnectionFactoryInstantiator:
jmsQueueName:
jmsHost:
jmsPort:
jmsConnectionNameList:
# Applicable for IBMMQ
jmsChannel:
jmsEnableSsl:
# Name of JMS secret if available
jmsSecret:
# Specify JMS keystore file name including it's path relative to the mounted resources volume location, if applicable.
# When jmsKeystoreSecret is mentioned, provide the name of the key holding the certificate data.
jmsKeystorePath:
# Name of the JMS keystore secret containing the certificate, if applicable
jmsKeystoreSecret:
# Specify JMS truststore file name including it's path relative to the mounted resources volume location, if applicable.
# When jmsTruststoreSecret is mentioned, provide the name of the key holding the certificate data.
jmsTruststorePath:
# Name of the JMS truststore secret containing the certificate, if applicable
jmsTruststoreSecret:
# Applicable for IBMMQ
jmsCiphersuite:
# Applicable for IBMMQ
jmsProtocol: TLSv1.2
# Liberty Profile SSL Config. Specify Liberty keystore file name including it's path relative to the mounted resources volume location, if applicable.
# If libertyKeystoreSecret is mentioned, provide the name of the key holding the certificate data.
libertyKeystoreLocation:
# Name of Liberty keystore secret containing the certificate, if applicable
libertyKeystoreSecret:
libertyProtocol: TLSv1.2
# Name of Liberty secret if available
libertySecret:
#jvm options
libertyJvmOptions:
#JCE update parameters
#Set value true to update JCE
updateJcePolicyFile: false
#Name of JCE file. This file should be present in mapped folder
jcePolicyFile:
# Default document storage option. Can be set to one of the below values
# DB - Database (default)
# FS - File System
# OS - Object Store
defaultDocumentStorageType: DB
asi:
replicaCount: 3
env:
jvmOptions:
#Refer to global env.extraEnvs for sample values
extraEnvs: []
frontendService:
type: ClusterIP
ports:
http:
name: http
port: 31000
targetPort: http
nodePort: 31000
protocol: TCP
https:
name: https
port: 31001
targetPort: https
nodePort: 31001
protocol: TCP
soa:
name: soa
port: 31002
targetPort: soa
nodePort: 31002
protocol: TCP
soassl:
name: soassl
port: 31003
targetPort: soassl
nodePort: 31003
protocol: TCP
restHttpAdapter:
name: rest-adapter
port: 31007
targetPort: rest-adapter
nodePort: 31007
protocol: TCP
gmHttpAdapter:
name: gm-adapter
port: 31008
targetPort: gm-adapter
nodePort: 31008
protocol: TCP
extraPorts: []
#-name: http-1
# port: 46000
# targetPort: http
# nodePort: 30100
# protocol: TCP
loadBalancerIP:
annotations: {}
backendService:
type: NodePort
ports: []
#- name: adapter-1
# port: 30201
# targetPort: 30201
# nodePort: 30201
# protocol: TCP
portRanges:
- name: adapters
portRange: 31301-31310
targetPortRange: 31301-31310
nodePortRange: 31301-31310
protocol: TCP
loadBalancerIP:
annotations: {}
livenessProbe:
initialDelaySeconds: 60
timeoutSeconds: 30
periodSeconds: 60
readinessProbe:
initialDelaySeconds: 120
timeoutSeconds: 5
periodSeconds: 60
internalAccess:
enableHttps: true
httpsPort:
externalAccess:
protocol: http
address:
port:
ingress:
internal:
host: "asi.apps.openshift.in.dev"
tls:
enabled: true
secretName: ""
extraPaths: []
# - routePrefix: "hello"
# path: "/hello"
# servicePort: "my-http"
# enableHttps: false
external:
host:
tls:
enabled: true
secretName: ""
extraPaths: []
# - routePrefix: "hello"
# path: "/hello"
# servicePort: "my-http"
# enableHttps: false
# access: "internal"
extraPVCs: []
#- name:
# storageClassName:
# selector:
# label:
# value:
# accessMode:
# size:
# mountPath:
## Additional init containers, e. g. for providing custom themes
extraInitContainers: []
#- name: wait-for-postgresql
# image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
# imagePullPolicy: {{ .Values.init.image.pullPolicy }}
# command:
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
cpu: 4000m
memory: 8Gi
ephemeral-storage: "4Gi"
requests:
cpu: 2000m
memory: 4Gi
ephemeral-storage: "2Gi"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 60
defaultPodDisruptionBudget:
enabled: false
minAvailable: 1
# for pod Affinity and podAntiAffinity
extraLabels: {}
#asiLabel: asiValue
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
topologySpreadConstraints: []
#- maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
#- maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: ScheduleAnyway
# for Taints and Tolerations
tolerations: []
#- key: "key1"
# operator: "Equal"
# value: "value1"
# effect: "NoExecute"
# tolerationSeconds: 3600
#- key: "key2"
# operator: "Exists"
# effect: "NoSchedule"
#To provide additional secrets inside application. If mountAsVolume is set to true, secret will be mounted as volume under /ibm/resources/<secretName> directory
#else it will exposed as environment variable
extraSecrets: []
#- mountAsVolume: true
# secretName: jms-truststore
#- mountAsVolume: true
# secretName: db-truststore
#To provide additional configmaps inside application. If mountAsVolume is set to true, configmap will be mounted as volume under /ibm/resources/<configMapName> directory
#else it will exposed as environment variable
extraConfigMaps: []
#- mountAsVolume: true
# configMapName: my-configmap-1
#- mountAsVolume: false
# configMapName: my-configmap-2
#If myFG is hosted on HTTP Server adapter on ASI server, provide the internal port/protocol details used while configuring that.
myFgAccess:
myFgPort:
myFgProtocol:
hostAliases: []
#- ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
#- ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
# - "bar.remote"
#Configure basic tuning parameters for Performance tuning settings.
#allocateMemToBI - Allocate memory for BI Listeners, default is false.
#allocateMemToSAP - Allocate memory for SAP adapters, default is false.
#allocateMemToCLA - Allocate memory for CLA adapters, default is false.
#threadsPerCore - Number of threads per core which usually helps in calculating Desired Global Threads and Distribution Cache Minimum.
#override - To override the suggested value by the system.
performanceTuning:
allocateMemToBI: false
allocateMemToSAP: false
allocateMemToCLA: false
threadsPerCore: 4
override: []
#- NOAPP.INITIAL_CYCLES_7=53
#- NOAPP.EXEC_CYCLE_7=53
#- NOAPP.MIN_POOL_SIZE_7=0
#- NOAPP.MAX_POOL_SIZE_7=13
#- NOAPP.RESOURCE_ALLOCATION_7=93
networkPolicies:
ingress:
customPolicies:
#- name:
# fromSelectors:
# - namespaceSelector:
# matchLabels:
# name: my-source-namespace
# podSelector:
# matchLabels:
# app.kubernetes.io/name: my-consumer-pod
# - podSelector:
# matchLabels:
# role: frontend
# - ipBlock:
# cidr: <IP Address>/<block size>
# except:
# - <IP Address>/<block size>
# ports:
# - protocol: TCP
# port: 8443
# endPort: 8450
egress:
customPolicies:
#- name:
# toSelectors:
# - namespaceSelector:
# matchLabels:
# name: my-source-namespace
# podSelector:
# matchLabels:
# app.kubernetes.io/name: my-consumer-pod
# - podSelector:
# matchLabels:
# role: frontend
# - ipBlock:
# cidr: <IP Address>/<block size>
# except:
# - <IP Address>/<block size>
# ports:
# - protocol: TCP
# port: 8443
# endPort: 8450
ac:
replicaCount: 3
env:
jvmOptions:
#Refer to global env.extraEnvs for sample values
extraEnvs: []
frontendService:
type: ClusterIP
ports:
http:
name: http
port: 31004
targetPort: http
nodePort: 31004
protocol: TCP
extraPorts: []
#-name: http-1
# port: 37000
# targetPort: http
# nodePort: 30200
# protocol: TCP
loadBalancerIP:
annotations: {}
backendService:
type: NodePort
ports: []
#- name: adapter-1
# port: 30401
# targetPort: 30401
# nodePort: 30401
# protocol: TCP
portRanges:
- name: adapters
portRange: 31501-31510
targetPortRange: 31501-31510
nodePortRange: 31501-31510
protocol: TCP
loadBalancerIP:
annotations: {}
livenessProbe:
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 60
readinessProbe:
initialDelaySeconds: 120
timeoutSeconds: 5
periodSeconds: 60
ingress:
internal:
host: "ac.apps.openshift.in.dev"
tls:
enabled: true
secretName: ""
extraPaths: []
# - routePrefix: "hello"
# path: "/hello"
# servicePort: "my-http"
# enableHttps: false
external:
host:
tls:
enabled: true
secretName: ""
extraPaths: []
# - routePrefix: "hello"
# path: "/hello"
# servicePort: "my-http"
# enableHttps: false
# access: "internal"
extraPVCs: []
#- name:
# storageClassName:
# selector:
# label:
# value:
# accessMode:
# size:
# mountPath:
## Additional init containers, e. g. for providing custom themes
extraInitContainers: []
#- name: wait-for-postgresql
# image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
# imagePullPolicy: {{ .Values.init.image.pullPolicy }}
# command:
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
cpu: 4000m
memory: 8Gi
ephemeral-storage: "4Gi"
requests:
cpu: 2000m
memory: 3Gi
ephemeral-storage: "2Gi"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 60
defaultPodDisruptionBudget:
enabled: false
minAvailable: 1
# for pod Affinity and podAntiAffinity
extraLabels: {}
#acLabel: acValue
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
topologySpreadConstraints: []
#- maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
#- maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: ScheduleAnyway
# for Taints and Tolerations
tolerations: []
#- key: "key1"
# operator: "Equal"
# value: "value1"
# effect: "NoExecute"
# tolerationSeconds: 3600
#- key: "key2"
# operator: "Exists"
# effect: "NoSchedule"
#To provide additional secrets inside application. If mountAsVolume is set to true, secret will be mounted as volume under /ibm/resources/<secretName> directory
#else it will exposed as environment variable
extraSecrets: []
#- mountAsVolume: true
# secretName: jms-truststore
#- mountAsVolume: true
# secretName: db-truststore
#To provide additional configmaps inside application. If mountAsVolume is set to true, configmap will be mounted as volume under /ibm/resources/<configMapName> directory
#else it will exposed as environment variable
extraConfigMaps: []
#- mountAsVolume: true
# configMapName: my-configmap-1
#- mountAsVolume: false
# configMapName: my-configmap-2
#If myFG is hosted on HTTP Server adapter on AC server, provide the internal port/protocol details used while configuring that.
myFgAccess:
myFgPort:
myFgProtocol:
hostAliases: []
#- ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
#- ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
# - "bar.remote"
#Configure basic tuning parameters for Performance tuning settings.
#allocateMemToSAP - Allocate memory for SAP adapters, default is false.
performanceTuning:
allocateMemToSAP: false
networkPolicies:
ingress:
customPolicies:
#- name:
# fromSelectors:
# - namespaceSelector:
# matchLabels:
# name: my-source-namespace
# podSelector:
# matchLabels:
# app.kubernetes.io/name: my-consumer-pod
# - podSelector:
# matchLabels:
# role: frontend
# - ipBlock:
# cidr: <IP Address>/<block size>
# except:
# - <IP Address>/<block size>
# ports:
# - protocol: TCP
# port: 8443
# endPort: 8450
egress:
customPolicies:
#- name:
# toSelectors:
# - namespaceSelector:
# matchLabels:
# name: my-source-namespace
# podSelector:
# matchLabels:
# app.kubernetes.io/name: my-consumer-pod
# - podSelector:
# matchLabels:
# role: frontend
# - ipBlock:
# cidr: <IP Address>/<block size>
# except:
# - <IP Address>/<block size>
# ports:
# - protocol: TCP
# port: 8443
# endPort: 8450
api:
replicaCount: 1
env:
jvmOptions:
#Refer to global env.extraEnvs for sample values
extraEnvs: []
frontendService:
type: ClusterIP
ports:
http:
name: http
port: 31005
targetPort: http
nodePort: 31005
protocol: TCP
https:
name: https
port: 31006
targetPort: https
nodePort: 31006
protocol: TCP
extraPorts: []
#-name: http-1
# port: 35000
# targetPort: http
# nodePort: 30300
# protocol: TCP
loadBalancerIP:
annotations: {}
livenessProbe:
initialDelaySeconds: 120
timeoutSeconds: 5
periodSeconds: 60
readinessProbe:
initialDelaySeconds: 120
timeoutSeconds: 5
periodSeconds: 60
internalAccess:
enableHttps: true
externalAccess:
protocol: http
address:
port:
ingress:
internal:
host: "api.apps.gmopenshift.in.dev"
tls:
enabled: true
secretName: ""
extraPVCs: []
#- name:
# storageClassName:
# selector:
# label:
# value:
# accessMode:
# size:
# mountPath:
## Additional init containers, e. g. for providing custom themes
extraInitContainers: []
#- name: wait-for-postgresql
# image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
# imagePullPolicy: {{ .Values.init.image.pullPolicy }}
# command:
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
cpu: 4000m
memory: 4Gi
ephemeral-storage: "4Gi"
requests:
cpu: 2000m
memory: 2Gi
ephemeral-storage: "2Gi"
defaultPodDisruptionBudget:
enabled: false
minAvailable: 1
# for pod Affinity and podAntiAffinity
extraLabels: {}
#apiLabel: apiValue
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
topologySpreadConstraints: []
#- maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
#- maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: ScheduleAnyway
# for Taints and Tolerations
tolerations: []
#- key: "key1"
# operator: "Equal"
# value: "value1"
# effect: "NoExecute"
# tolerationSeconds: 3600
#- key: "key2"
# operator: "Exists"
# effect: "NoSchedule"
#To provide additional secrets inside application. If mountAsVolume is set to true, secret will be mounted as volume under /ibm/resources/<secretName> directory
#else it will exposed as environment variables
extraSecrets: []
#- mountAsVolume: true
# secretName: jms-truststore
#- mountAsVolume: true
# secretName: db-truststore
#To provide additional configmaps inside application. If mountAsVolume is set to true, configmap will be mounted as volume under /ibm/resources/<configMapName> directory
#else it will exposed as environment variables
extraConfigMaps: []
#- mountAsVolume: true
# configMapName: my-configmap-1
#- mountAsVolume: false
# configMapName: my-configmap-2
hostAliases: []
#- ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
#- ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
# - "bar.remote"
networkPolicies:
ingress:
customPolicies:
#- name:
# fromSelectors:
# - namespaceSelector:
# matchLabels:
# name: my-source-namespace
# podSelector:
# matchLabels:
# app.kubernetes.io/name: my-consumer-pod
# - podSelector:
# matchLabels:
# role: frontend
# - ipBlock:
# cidr: <IP Address>/<block size>
# except:
# - <IP Address>/<block size>
# ports:
# - protocol: TCP
# port: 8443
# endPort: 8450
egress:
customPolicies:
#- name:
# toSelectors:
# - namespaceSelector:
# matchLabels:
# name: my-source-namespace
# podSelector:
# matchLabels:
# app.kubernetes.io/name: my-consumer-pod
# - podSelector:
# matchLabels:
# role: frontend
# - ipBlock:
# cidr: <IP Address>/<block size>
# except:
# - <IP Address>/<block size>
# ports:
# - protocol: TCP
# port: 8443
# endPort: 8450
nameOverride: ""
fullnameOverride: ""
# Test container
test:
image:
repository: 'cp.icr.io/cp'
name: 'opencontent-common-utils'
tag: '1.1.4'
digest: sha256:45fbb199f046eb939ebfaf08fa6fb29da1583ac18f92c97333b3940eb236e005
pullPolicy: 'IfNotPresent'
purge:
enabled: false
image:
repository: "cp.icr.io/cp/ibm-b2bi/b2bi-purge"
# Provide the tag value in double quotes
tag: "6.1.1"
digest: sha256:b513a8533d6deab9d5cf6e9968c81a873dd947b0e31f514b6967954626e9bd36
pullPolicy: IfNotPresent
pullSecret: ""
# Provide a schedule for the purge job as a cron expression. For example "0 0 * * *" will run the purge job at 00:00 every day
schedule:
startingDeadlineSeconds: 60
activeDeadlineSeconds: 3600
concurrencyPolicy: Forbid
suspend: false
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 1
env:
jvmOptions:
#Refer to global env.extraEnvs for sample values
extraEnvs: []
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
cpu: 500m
memory: 1Gi
ephemeral-storage: "1Gi"
requests:
cpu: 100m
memory: 500Mi
ephemeral-storage: "500Mi"
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
# globalmailbox values.yaml file
globalMailbox:
enabled: true
gmHost: <gm host if ingress is disabled else blank>
gmPort: <gm port>
serviceAccounts:
namespaceAdministration: ibm-gm-sa
#Cluster service account is needed just for Replication Job to fetch the worker nodes list.
clusterAdministration: default-ibm-gm-cluster-sa
security:
supplementalGroups: [65534]
fsGroup:
runAsUser:
runAsGroup:
env:
license: "accept"
licLang: "en"
jobs:
#By default Jobs are deleted after successful completion. Setting keepJobs to true will not delete the job once they are completed and can be used to check their console output later.
keepJobs: false
#Schema setup job. Run once for the entire application, i.e. just once for all DCs
dataSetup:
#Flag to enable the data setup job. Set it to false, when once DB setup is sucessfully completed.
enabled: true
upgrade: false
version: 6.1.2.0
image:
repository: "cp.icr.io/cp/ibm-gm/gm-db-setup"
# Provide the tag value in double quotes
tag: "6.2.0.0"
digest: ""
pullPolicy: IfNotPresent
pullSecret: my-secret
#Masterpassphrase setup job. Run once for the entire application, i.e. just once for all DCs
masterPassphraseSetup:
#A flag to enable the MasterPassphrase job.Set it to false when the MasterPassphrase job is sucessfully completed.
enabled: true
#Specify master passphrase secret name.
masterPassphrase: gm-master-passphrase-secret
#Set it to true to run the storage configuration utility when installing a DC. Must be set to false once configured.
storageSetup:
enabled: true
#Specify storage passphrase secret name.
storagePassphrase: gm-storage-passphrase-secret
#Set it to true to run dcConfigUtility when installing a DC. Must be set to false once configured.
dcConfigSetup:
enabled: true
#Set it to true to run dcConfigUtility to configure MQ when installing a DC. Must be set to false unless it is required to change MQ configuration
mqConfigSetup:
enabled: true
#Set it to true to run replicationSetup utility when installing a new DC. This leads to creation of NP service per GM replica.
#This utility should re-run when any one of below criteria is met.
#To be on safer side, specify a initialSvcPort which is no where in use by B2B/SFG services.
#1. Any change in existing worker nodes IP
#2. Addition/deletion of wokernodes.
#3. If user needs to change the initialSvcPort
#4. Any change in replicaCount
replicationSetup:
enabled: true
initialSvcPort: 31880
#Set it to true to run appConfigUtility to register B2Bi application when installing a DC. Must be set to false once configured.
appRegisterSetup:
enabled: true
#GM Admin node image details
image:
repository: "cp.icr.io/cp/ibm-gm/gm"
tag: "6.2.0.0"
digest: ""
pullPolicy: IfNotPresent
pullSecret: testmm
replicaCount: 2
logs:
# set to true if you wish to redirect the application logs to console. If provided value is true , then application logs will reside inside containers. No volume mapping will be used.
enableAppLogOnConsole: false
config:
internal:
#set to "true" for 1st DC setup and "false" for other DCs. Setting it to false will not execute dataSetup and masterPassphraseSetup jobs on other DCs.
initialDC: true
#set the admin password for the first run but if password has been modified later through GM UI, you must update or provide the password secret.
adminPassword: gm-admin-password-secret
global:
replicationType: ASYNCHRONOUS
ccExternalSystems: false
ccHeartbeats: false
ccMbxActivities: false
ccHeartbeatsMinutes: 5
ccEventBatchSize: 100
ccEventMaxPostInterval: 10
maxAllowedInlineStorageLimit: 10240
replicationSegmentSize: 100
extraProperties: []
#- com.ibm.mailbox.database.zookeeper.session.timeout=60
dataCenter:
name: DC1
extraProperties: []
#- com.ibm.mailbox.replication.hang.threshold=3000
mailboxUI:
#Provide semi-colon separated JVM arguments. Example: -Xms2048m;-Xmx4096m
jvmOptions:
logConfig:
tlsProtocol: TLSv1.2
keyStoreName:
secrets:
certificate:
credentials:
external:
mq:
endpoints:
- host: "<Hostname or IP of MQ>"
port: "1250"
channelName: SYSTEM.DEF.SVRCONN
queueManagerName: AUTO179_DC1
queueName: QUEUE6
useSSL: false
keyStoreName:
trustStoreName:
secrets:
certificate:
credentials: gm-mq-credentials-secret
cassandra:
#comma separated host list
hostList: "<Comma separated hostnames or IPs of Cassandra>"
port: 9042
useSSL: false
sslProtocol:
sslCiphers:
ssltrustAny:
sslTrustoreType:
keyStoreName:
trustStoreName:
secrets:
certificate:
credentials:
zookeeper:
endPoints:
- host: "zookeeper-host1"
port: "2181"
- host: "zookeeper-host2"
port: "2181"
useSSL: false
keyStoreName:
trustStoreName:
secrets:
certificate:
credentials:
controlCenter:
host: <Control Center host>
port: 58082
protocol: http
secret:
credentials: gm-cc-credentials-secret
#This was required to pass the asi details for REST calls from GM to ASI as sub-chart cannot access the parent chart fields.
asi:
restHttpAdapterPort: <port on ASI backend service to access the rest http server adapter>
gmHttpAdapterPort: <port on ASI backend service to access the gm http server adapter>
#Service to serve the mailbox UI
frontendService:
type: ClusterIP
ports:
https:
name: https
port: 31196
targetPort: https
nodePort: 31196
protocol: TCP
#Provide a static IP to Loadbalancer. Set it when service.type is Loadbalancer
loadBalancerIP:
#Extra annotations of Loadbalancer. Helpful in cloud deployments to specify characteristic of a LB like a private vs public LB
annotations: {}
livenessProbe:
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 60
readinessProbe:
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
ingress:
#Setting it to true, creates the routes on OCP and ingress on non-OCP kubernetes cluster over HTTPS
enabled: true
controller: "nginx"
annotations: {}
host: "gm.apps.openshift.in.dev"
tls:
secretName: ""
#PVC for application logs
appLogsPVC:
name: logs
storageClassName: "thin"
useDynamicProvisioning: false
selector:
label: "intent"
value: "gm-logs"
accessMode: ReadWriteMany
size: 500Mi
#PVC for payload
appDocumentsPVC:
enabled: true
name: documents
useDynamicProvisioning: false
storageClassName: "thin"
selector:
label: "intent"
value: "gm-documents"
accessMode: ReadWriteMany
size: 500Mi
stagingPVC:
enabled: true
name: staging
useDynamicProvisioning: false
storageClassName: "thin"
selector:
label: "intent"
value: "gm-staging"
accessMode: ReadWriteMany
size: 500Mi
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
cpu: 4000m
memory: 2Gi
ephemeral-storage: 1000Mi
requests:
cpu: 2000m
memory: 1Gi
ephemeral-storage: 100Mi
defaultPodDisruptionBudget:
enabled: false
minAvailable: 1
#Specify extra lables on mailboxui pod for pod Affinity and podAntiAffinity.
extraLabels: {}
#newLabel: newValue
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: []
preferredDuringSchedulingIgnoredDuringExecution: []
topologySpreadConstraints: []
#- maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
#- maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: ScheduleAnyway
# for Taints and Tolerations
tolerations: []
#- key: "key1"
# operator: "Equal"
# value: "value1"
# effect: "NoExecute"
# tolerationSeconds: 3600
#- key: "key2"
# operator: "Exists"
# effect: "NoSchedule"
networkPolicies:
ingress:
enabled: true
customPolicies:
#- name:
# fromSelectors:
# - namespaceSelector:
# matchLabels:
# name: my-source-namespace
# podSelector:
# matchLabels:
# app.kubernetes.io/name: my-consumer-pod
# - podSelector:
# matchLabels:
# role: frontend
# - ipBlock:
# cidr: <IP Address>/<block size>
# except:
# - <IP Address>/<block size>
# ports:
# - protocol: TCP
# port: 8443
# endPort: 8450
egress:
enabled: true
customPolicies:
#- name:
# toSelectors:
# - namespaceSelector:
# matchLabels:
# name: my-source-namespace
# podSelector:
# matchLabels:
# app.kubernetes.io/name: my-consumer-pod
# - podSelector:
# matchLabels:
# role: frontend
# - ipBlock:
# cidr: <IP Address>/<block size>
# except:
# - <IP Address>/<block size>
# ports:
# - protocol: TCP
# port: 8443
# endPort: 8450
# Test container
test:
image:
repository: 'cp.icr.io/cp'
name: 'opencontent-common-utils'
tag: '1.1.4'
pullPolicy: 'IfNotPresent'
digest: sha256:45fbb199f046eb939ebfaf08fa6fb29da1583ac18f92c97333b3940eb236e005