IBM Business Automation Studio parameters

Provide the details that are relevant to your IBM Business Automation Studio environment and your decisions for the deployment of the container.

The following tables list the configurable parameters and their default values. All properties are required, unless they have a default value or are explicitly optional. Although Business Automation Studio might seem to install correctly when some parameters are omitted, this kind of configuration is not supported.

All the configuration options under application_engine_configuration[*] defined in the Application Engine configuration parameters can be used under bastudio_configuration.playback_server in the Application Engine playback server; however, the Application Engine playback server can only be one instance. For example, application_engine_configuration[*].hostname maps to bastudio_configuration.playback_server.hostname.

The following tables list the parameters for configuring Business Automation Studio.

Shared configuration
Business Automation Studio parameters
Resource Registry parameters

Business Automation Studio parameters

The following table lists the parameters for configuring Business Automation Studio. The Required column shows the parameters that are required.

Table 1. Business Automation Studio parameters: spec.bastudio_configuration
Parameter name	Description	Example values	Required
use_walkme	Whether to use the WalkMe Java™ scripts for Business Automation Studio. The default value is `true`.	`true`	No
max_cached_objects_during_refactoring	Maximum cache object size for refactoring operations (such as cloning, copying, and moving) in Business Automation Studio. The default value is 256.	256	No
admin_secret_name	Business Automation Studio administrative secret for sensitive configuration data. The default value is `<CR name>-bas-admin-secret`.	`<CR name>-bas-admin-secret`	No
admin_user	Designate an LDAP user for the Business Automation Studio admin user.		Yes
hostname	Business Automation Studio external hostname		No
port	Business Automation Studio port		No
external_tls_secret	The secret that contains the Transport Layer Security (TLS) key and certificate for external `https` visits. You can enter the secret name here. If you don't want to use the customized external TLS certificate, leave it empty.		No
external_tls_ca_secret	Certificate authority (CA) used to sign the external TLS secret. It is stored in the secret with the TLS key and certificate. You can enter the secret name here. If you don't want to use the customized CA to sign the external TLS certificate, leave it empty.		No
tls.tlsTrustList	Existing TLS trust secret. The default value is `[]`.	`[]`	No
database.dc_use_postgres	CP4BA has the capability to automatically provision an EDB Postgres instance. If you want EDB Postgres to be created for a Business Automation Studio database, set this parameter to true.	dc_use_postgres: true	No
database.host	(Only for Db2®, PostgreSQL, or Microsoft SQL Server) Business Automation Studio database host. It must be an accessible address, such as an IP, hostname, or Kubernetes service name.		Yes
database.port	(Only for Db2, PostgreSQL, or SQL Server) Business Automation Studio database port.		Yes
database.name	(Only for Db2, PostgreSQL, or SQL Server) Business Automation Studio database name. The database that is provided must be created by the BAStudio SQL script template.		Yes
database.alternative_host	(Only for Db2, PostgreSQL, or SQL Server) Business Automation Studio database alternative host for database automatic client reroute (ACR) with high availability disaster recovery (HADR). If you want to enable the database ACR and HADR, configure both alternative_host and alternative_port.		No
database.alternative_port	(Only for Db2, PostgreSQL, or SQL Server) Business Automation Studio database alternative port for database ACR with HADR. If you want to enable the database ACR and HADR, configure both alternative_host and alternative_port.		No
database.type	Business Automation Studio database type. Db2, Oracle, PostgreSQL, and SQL Server are supported. The default value is `db2`.	`db2`	No
database.ssl_enabled	Whether to enable Secure Sockets Layer (SSL) support for the database connection. If this parameter is enabled, you must add a certificate in the `database.certificate_secret_name` parameter. The default value is `false`.	`false`	No
database.certificate_secret_name	Existing TLS secret that contains tls.crt with SSL certificate when SSL support for the database connection is enabled. This parameter is required if `database.ssl_enabled` is enabled.		No
database.jdbc_url	If you use Oracle, enter the Oracle database connection URL here. This parameter is required. Two formats of URL are supported. If you don't need to supply any other Oracle-specific connection properties, the format is `jdbc:oracle:thin:@//<your-oracle-database-hostname>:<your-oracle-database-port>/<your-oracle-database-system-identifier>` If you need to supply other Oracle-specific connection properties, you must use the long TNSNAMES style. The format is `jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<your-oracle-database-hostname>)(PORT=<your-oracle-database-port>))(CONNECT_DATA=(SERVICE_NAME=<your-oracle-database-service-name>)))` Note: `PROTOCOL=TCP` for non-SSL, and `PROTOCOL=TCPS` for SSL. If you use PostgreSQL or SQL Server, enter the database connection URL here if you don't enter values for `database.host`, `database.port`, and `database.name`.		No
database.cm_max_pool_size	Database connection pool maximum size. The default value is 50.	50	No
database.cm_min_pool_size	Database connection pool minimum size. The default value is 2.	2	No
database.use_custom_jdbc_drivers	Whether to use a custom JDBC driver for the Db2 database instead of the embedded one. If you don't want to use a custom driver, keep the default. The default value is `false`. If you use an Oracle, a PostgreSQL, or an SQL Server database, make sure that the value is set to `true`.	`false`	No
database.jdbc_driver_files	File names for the custom JDBC driver when a custom JDBC driver is enabled. The default value is `db2jcc4.jar db2jcc_license_cisuz.jar db2jcc_license_cu.jar`. If you use an Oracle database, replace the default value with the filename of the Oracle JDBC driver (for example: `ojdbc8.jar`). If you use a PostgreSQL database, replace the default value with the filename of the PostgreSQL JDBC driver (for example: `postgresql-42.2.16.jar`) If you use an SQL Server database, replace the default value with the filename of the SQL Server JDBC driver (for example: `mssql-jdbc-9.2.1.jre8.jar`).	`db2jcc4.jar db2jcc_license_cisuz.jar db2jcc_license_cu.jar`	No
database.current_schema	Business Automation Studio database schema. Customization of database schema names are supported only for Db2 and PostgreSQL. For Db2, the schema name is case-sensitive, and must be specified in uppercase characters. If you use an Oracle or SQL Server database, leave the database schema name empty. For more information, see IBM Data Server Driver for JDBC and SQLJ configuration properties.		No
external_connection_timeout	Connection timeout for external services. The default value is `60s`.	`60s`	No
images.bastudio.repository	Repository and name of the Business Automation Studio image. By default, the path points to the URL and location in the IBM Entitled Registry. The default value is `<path>/bastudio` where `<path>` is `cp.icr.io/cp/cp4a/bas/`. If `sc_image_repository` has a value, the path is that value.	`bastudio`	No
images.bastudio.tag	Tag name of the Business Automation Studio image. If you want to use a specific image version, you can override the default tag or digest.	`24.0.1`	No
images.pull_policy	Pull policy applied for Business Automation Studio deployment		No
custom_xml	Liberty custom settings for Business Automation Studio server in XML format		No
custom_secret_name	Sensitive liberty custom settings for Business Automation Studio server. Enter the name of the secret where they are stored.		No
bastudio_custom_xml	Business Automation Studio custom settings in XML format		No
csrf_referrer.allowlist	Custom allowlist for Cross-Site Request Forgery (CSRF) protection		No
environment_config.authorization_enabled_for_org_info	Authorization modes provided for the REST APIs that grant access to user, group, and team information. Two authorization modes are provided: `false` mode is a mode that provides limited authorization control. `true` mode is an enhanced mode that extends the authorization control to all the required APIs.	`true`	No
environment_config.csrf.user_agent_keyword_allow_list_for_old_restapi_csrf_check	Comma-separated list of user agents. For the REST API requests with the path pattern `/rest/bpm/wle/v1/*` that is sent by the agents in the list, the server will not validate the `XSRF-TOKEN` cookie. The value of this property must be a comma-separated list, for example, `agentkeyworkd1, agentkeyworkd2`.	`java,wink client,httpclient,curl,jersey,httpurlconnection`	No
environment_config.csrf.check_xsrf_for_old_restapi	Whether to validate the `XSRF-TOKEN` cookie against incoming REST API requests (POST/PUT/DELETE) with the path pattern `/rest/bpm/wle/v1/*`. The default value is `true`.	`true`	No
additional_csp_folders.all	Content security policy additional directive for all. It accepts array list inputs as shown in the example.	`["https://hostname1", "https://hostname2"]`	No
additional_csp_folders.default_src	Content security policy additional directive for default-src. It accepts array list inputs as shown in the example.	`["https://hostname1", "https://hostname2"]`	No
additional_csp_folders.script_src	Content security policy additional directive for script-src. It accepts array list inputs as shown in the example.	`["https://hostname1", "https://hostname2"]`	No
additional_csp_folders.frame_src	Content security policy additional directive for frame-src. It accepts array list inputs as shown in the example.	`["https://hostname1", "https://hostname2"]`	No
additional_csp_folders.object_src	Content security policy additional directive for object-src. It accepts array list inputs as shown in the example.	`["https://hostname1", "https://hostname2"]`	No
additional_csp_folders.connect_src	Content security policy additional directive for connect-src. It accepts array list inputs as shown in the example.	`["https://hostname1", "https://hostname2"]`	No
additional_csp_folders.frame_ancestors	Content security policy additional directive for frame-ancestor. It accepts array list inputs as shown in the example.	`["https://hostname1", "https://hostname2"]`	No
additional_csp_folders.img_src	Content security policy additional directive for img-src. It accepts array list inputs as shown in the example.	`["https://hostname1", "https://hostname2"]`	No
additional_csp_folders.font_src	Content security policy additional directive for font-src. It accepts array list inputs as shown in the example.	`["https://hostname1", "https://hostname2"]`	No
logs.console_format	Format for printing logs on the console. The default value is `json`. You can find all possible options for this section in the Liberty documentation.	`json`	No
logs.console_log_level	Log level for printing logs on the console. The default value is `INFO`. You can find all possible options for this section in the Liberty documentation.	`INFO`	No
logs.console_source	Source of the logs for printing on the console. The default value is `message,trace,accessLog,ffdc,audit`. You can find all possible options for this section in the Liberty documentation.	`message,trace,accessLog,ffdc,audit`	No
logs.trace_format	Format for printing trace logs. The default value is `ENHANCED`. You can find all possible options for this section in the Liberty documentation.	`ENHANCED`	No
logs.trace_specification	Specification for printing trace logs. The default value is `*=info`. You can find all possible options for this section in the Liberty documentation.	`*=info`	No
logs.messageFormat	Format for the messages.log file. The default value is `SIMPLE`. You can find all possible options for this section in the Liberty documentation.	`SIMPLE`	No
logs.max_files	Maximum number of log files that are kept before the oldest file is removed. The default value is `2`.	`2`	No
logs.max_file_size	Maximum size in MBs for a log file before it is rolled. The default value is `20`.	`20`	No
audit_log.enable	Whether to enable the audit log for Process Admin Console. The default value is `false`.	`false`	No
audit_log.pvc_name	Persistent volume claim (PVC) for audit logs. If it is not specified, audit logs are stored in the log PVC.		No
audit_log.pvc_size	Size of the persistent volume (PV) that is mounted as the audit log store. The default value is `2Gi`.	`2Gi`	No
audit_log.file_name	Audit log file name. The default value is `bawaudit.log`.	`bawaudit.log`	No
audit_log.rollover_size	Maximum size (in MB) that the log file can reach before it is closed and a new one is created. The default value is `100`.	`100`	No
audit_log.verbose	Whether to enable verbose mode. The default value is true. `true`.	`true`	No
audit_log.max_historical_files	Maximum number of historical files that are kept. The default value is `5`.	`5`	No
replica_size	Number of Business Automation Studio nodes in the cluster. The default value is `1`.	`1`	No
autoscaling.enabled	Whether to enable the Horizontal Pod Autoscaler for Business Automation Studio. The default value is `false`.	`false`	No
autoscaling.minReplicas	Minimum number of pods for Business Automation Studio when autoscaling is enabled. The default value is `1`.	`1`	No
autoscaling.maxReplicas	Maximum number of pods for Business Automation Studio when autoscaling is enabled. The default value is `3`.	`3`	No
autoscaling.targetAverageUtilization	Target average utilization rate for Business Automation Studio when autoscaling is enabled. The default value is `80`.	`80`	No
resources.bastudio.limits.cpu	CPU limit for Business Automation Studio configuration. The default value is `2`.	`2`	No
resources.bastudio.limits.memory	Memory limit for Business Automation Studio configuration. The default value is `3072Mi`.	`3072Mi`	No
resources.bastudio.limits.ephemeral_storage	Ephemeral storage limit for Business Automation Studio configuration. The default value is `2Gi`.	`2Gi`	No
resources.bastudio.requests.cpu	Requested amount of CPU for Business Automation Studio configuration. The default value is `1100m`.	`1100m`	No
resources.bastudio.requests.memory	Requested amount of memory for Business Automation Studio configuration. The default value is `1Gi`.	`1752Mi`	No
resources.bastudio.requests.ephemeral_storage	Requested amount of ephemeral storage for Business Automation Studio configuration. The default value is `1Gi`.	`1Gi`	No
resources.init_process.limits.cpu	CPU limit for Business Automation Studio init process. The default value is `500m`.	`500m`	No
resources.init_process.limits.memory	Memory limit for Business Automation Studio init process. The default value is `512Mi`.	`512Mi`	No
resources.init_process.limits.ephemeral_storage	Ephemeral storage limit for Business Automation Studio init process. The default value is `2Gi`.	`2Gi`	No
resources.init_process.requests.cpu	Requested amount of CPU for Business Automation Studio init process. The default value is `100m`.	`100m`	No
resources.init_process.requests.memory	Requested amount of memory for Business Automation Studio init process". The default value is `128Mi`.	`128Mi`	No
resources.init_process.requests.ephemeral_storage	Requested amount of ephemeral storage for Business Automation Studio init process". The default value is `1Gi`.	`1Gi`	No
liveness_probe.initial_delay_seconds	Number of seconds after the container starts before the liveness probe is initiated. The default value is `5`.	`5`	No
liveness_probe.period_seconds	How often (in seconds) to perform the probe. The default value is `30`.	`30`	No
liveness_probe.timeout_seconds	Number of seconds after which the probe times out. The default value is `20`.	`20`	No
liveness_probe.failure_threshold	When a pod starts and the probe fails, Kubernetes tries this number of times before giving up. Minimum value is `1`. The default value is `3`.	`3`	No
liveness_probe.success_threshold	Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is `1`. The default value is `1`.	`1`	No
readiness_probe.initial_delay_seconds	Number of seconds after the container starts before the readiness probe is initiated. The default value is `5`.	`5`	No
readiness_probe.period_seconds	How often (in seconds) to perform the probe. The default value is `10`.	`10`	No
readiness_probe.timeout_seconds	Number of seconds after which the probe times out. The default value is `20`.	`20`	No
readiness_probe.failure_threshold	When a pod starts and the probe fails, Kubernetes tries this number of times before giving up. Minimum value is `1`. The default value is `4`.	`4`	No
readiness_probe.success_threshold	Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is `1`. The default value is `1`.	`1`	No
startup_probe.period_seconds	How often (in seconds) to perform the probe. The default value is `20`.	`20`	No
startup_probe.timeout_seconds	Number of seconds after which the probe times out. the default value is `10`.	`10`	No
startup_probe.failure_threshold	When a pod starts and the probe fails, Kubernetes tries this number of times before giving up. Minimum value is `1`. The default value is `30`.	`30`	No
startup_probe.success_threshold	Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is 1. The default value is `1`.	`1`	No
storage.enabled	Whether to enable the Business Automation Studio data persistence. The default value is `true`.	`true`	No
storage.existing_pvc_for_logstore	Persistent volumes for storing the Business Automation Studio server log. The default value is `cp4a-shared-log-pvc`.	`cp4a-shared-log-pvc`	No
storage.size_for_logstore	Size of the persistent volume to store the Business Automation Studio server log. The default value is `10Gi`.	`10Gi`	No
storage.existing_pvc_for_dumpstore	Persistent volume for storing the Business Automation Studio server dump files. The default value is `<name>-bastudio-dump-pvc`.	`<name>-bastudio-dump-pvc`	No
storage.size_for_dumpstore	Size of the persistent volume to store the Business Automation Studio server dump files. The default value is `10Gi`.	`10Gi`	No
storage.storage_class	Storage class name used for the PVC when not available. The default value is `{{ shared_configuration.storage_configuration.sc_fast_file_storage_classname }}`.	`{{ shared_configuration.storage_configuration.sc_fast_file_storage_classname }}`	No
storage.size_for_index	Size of the persistent volume to store the Business Automation Studio server index files. The default value is `10Gi`.	`10Gi`	No
storage.block_storage_class	Storage class name used for the Business Automation Studio server index PVC. The default value is `{{ shared_configuration.storage_configuration.sc_block_storage_classname}}`.	`{{ shared_configuration.storage_configuration.sc_block_storage_classname }}`	No
jms_server.storage.persistent	Whether to enable JMS persistent storage. The default value is `false`.	`false`	No
jms_server.storage.use_dynamic_provisioning	Whether to enable dynamic provisioning for JMS persistent storage. The default value is `false`.	`false`	No
jms_server.storage.storage_class	Storage class name for JMS persistent storage		No
jms_server.storage.access_modes	Access modes for JMS persistent storage. The default value is `ReadWriteOnce`.	`ReadWriteOnce`	No
jms_server.storage.size	Size for JMS persistent storage. The default value is `1Gi`.	`1Gi`	No
node_affinity.deploy_arch	Values in this field are used as `kubernetes.io/arch` selector values. The valid values are `amd64`, `s390x`, and `ppc64le`.
node_affinity.custom_node_selector_match_expression	Added in node selector match expressions. It accepts array list inputs. You can assign multiple selector match expressions except `(kubernetes.io/arch)`.	`- key: kubernetes.io/hostname operator: In values: - worker0 - worker1 - worker3`	No
custom_annotations	Values in this field are used as annotations in all generated pods. They must be valid annotation key-value pairs.	`customAnnotationKey: customAnnotationValue`	No
custom_labels	Values in this field are used as labels in all generated pods. They must be valid label key-value pairs.	`customLabelKey: customLabelValue`	No
seccomp_profile	Setting for secure computing mode (seccomp) profile in CP4A containers. You can also define the seccomp profile globally at `shared_configuration.sc_seccomp_profile`. Supported values are: `Unconfined`, `RuntimeDefault`, and `Localhost`. The default value is `RuntimeDefault` on OpenShift® Container Platform 4.11 (Kubernetes 1.24) and later. Seccomp profile is not created on OpenShift Container Platform 4.10 (Kubernetes 1.23) or earlier. For more information about seccomp profile, see Restrict a Container's Syscalls with seccomp and Restrict seccomp profiles. Note: Defining a custom, `Localhost` seccomp profile that is stricter than the default `RuntimeDefault` profile may cause the pods to fail to start.	`RuntimeDefault`	No
localhost_profile	The local path of the seccomp profile file. This parameter is required if `sc_seccomp_profile` is set to `Localhost`. The custom profile must be accessible by the pod.	`/profiles/fine-grained.json` if `seccomp_profile` is `Localhost`	No
zen_performance.keepalive	Number of idle keepalive connections to an upstream server that remain open for each worker process. This parameter is optional. The default value is 512.	512	No
zen_performance.keepalive_timeout	How long an idle keepalive connection remains open. This parameter is optional. The default value is 30s.	30s	No
zen_performance.keepalive_requests	Number of requests a client can make over a single keepalive connection. This parameter is optional. The default value is 500.	500	No
zen_performance.proxy_buffer_size	Size of the buffer used to read the first part of the response received from the proxied server. This parameter is optional. The default value is 256k.	256k	No
zen_performance.proxy_buffers	Number and size of the buffers used for reading a response from the proxied server, for a single connection. This parameter is optional. The default value is 8 512k.	8 512k	No
zen_performance.proxy_busy_buffers_size	When buffering of responses from the proxied server is enabled, this parameter limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read. This parameter is optional. The default value is 512k.	512k	No
zen_performance.proxy_connect_timeout	Timeout for establishing a connection with a proxied server. This parameter is optional. The default value is 300s.	300s	No
zen_performance.proxy_send_timeout	Timeout for transmitting a request to the proxied server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the proxied server does not receive anything within this time, the connection is closed. This parameter is optional. The default value is 300s.	300s	No
zen_performance.proxy_read_timeout	Timeout for reading a response from the proxied server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the proxied server does not transmit anything within this time, the connection is closed. This parameter is optional. The default value is 300s.	300s	No

Resource Registry parameters

The following table lists the parameters for configuring Resource Registry. All parameters are optional.

Table 2. Resource Registry parameters: spec.resource_registry_configuration
Parameter name	Description	Example values
admin_secret_name	Existing Resource Registry administrative secret for sensitive configuration data. The default value is `<CR name>-rr-admin-secret`.	`<CR name>-rr-admin-secret`
hostname	rr-route hostname. If the hostname is not set, a default hostname with the following format is used. `rr-<shared_configuration.sc_deployment_hostname_suffix>` This parameter is used only by stand-alone Business Automation Workflow on containers.
port	Resource Registry port for using the NodePort service. The default value is 443.	`443`
replica_size	Number of etcd nodes in the cluster. Always set it to an odd number, as explained in the etcd FAQ. The default value is `1`.	`1`
images.resource_registry.repository	Repository and name of the Resource Registry image. By default, the path points to the URL and location in the IBM Entitled Registry. The default value is `<path>/dba-etcd` where `<path>` is `cp.icr.io/cp/cp4a/aae/`. If `sc_image_repository` has a value, the path is that value.	`<path>/dba-etcd`
images.resource_registry.tag	Tag name of the Resource Registry image. .If you want to use a specific image version, you can override the default tag or digest.	`24.0.1`
tls.tls_secret	Existing TLS secret that contains tls.key and tls.crt
probe.liveness.initial_delay_seconds	Number of seconds after the container starts before the liveness probe is initiated. The default value is 60.	60
probe.liveness.period_seconds	How often (in seconds) to perform the probe. The default value is 10.	10
probe.liveness.timeout_seconds	Number of seconds after which the probe times out. The default value is 5.	5
probe.liveness.success_threshold	Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is 1. The default value is 1.	1
probe.liveness.failure_threshold	When a pod starts and the probe fails, Kubernetes tries this number of times before giving up. Minimum value is 1. The default value is 3.	3
probe.readiness.initial_delay_seconds	Number of seconds after the container starts before the readiness probe is initiated. The default value is 10.	10
probe.readiness.period_seconds	How often (in seconds) to perform the probe. The default value is 10.	10
probe.readiness.timeout_seconds	Number of seconds after which the probe times out. The default value is 5.	5
probe.readiness.success_threshold	Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is 1. The default value is 1.	1
probe.readiness.failure_threshold	When a pod starts and the probe fails, Kubernetes tries this number of times before giving up. Minimum value is 1. The default value is 3.	3
resources.limits.cpu	CPU limit for Resource Registry configuration. The default value is `500m`.	`500m`
resources.limits.memory	Memory limit for Resource Registry configuration. The default value is `512Mi`.	`512Mi`
resources.limits.ephemeral_storage	Ephemeral storage limit for Resource Registry configuration. The default value is `2Gi`.	`2Gi`
resources.requests.cpu	Requested CPU for Resource Registry configuration. The default value is `100m`.	`100m`
resources.requests.memory	Requested memory for Resource Registry configuration. The default value is `256Mi`.	`256Mi`
resources.requests.ephemeral_storage	Requested ephemeral storage for Resource Registry configuration. The default value is `128Mi`.	`128Mi`
auto_backup.enable	Whether to enable automatic backup for Resource Registry. If you enable automatic backup, you must create a persistent volume (PV). See Optional: Implementing storage. The default value is `true`.	`true`
auto_backup.minimal_time_interval	Minimal time interval for automatic backup. The default value is 300.	300
auto_backup.pvc_name	The name of the persistent volume claim (PVC) for automatic backup. The default value is `<name>-dba-rr-pvc`.	`<name>-dba-rr-pvc`
auto_backup.log_pvc_name	The name of the persistent volume claim (PVC) for log storage for automatic backup. The default value is `cp4a-shared-log-pvc`.	`cp4a-shared-log-pvc`
auto_backup.dynamic_provision.enable	Whether to enable dynamic provisioning to provision the PVs and PVCs. The default value is `true`.	`true`
auto_backup.dynamic_provision.size	Storage size for PVs. The default value is `3Gi`.	`3Gi`
auto_backup.dynamic_provision.size_for_logstore	Storage size for PVs of log store
auto_backup.dynamic_provision.storage_class	Dynamic storage class name to provision the PVs and PVCs. The default value is `{{ shared_configuration.storage_configuration.sc_fast_file_storage_classname }}`.	`{{ shared_configuration.storage_configuration.sc_fast_file_storage_classname }}`
node_affinity.deploy_arch	Values in this field are used as `kubernetes.io/arch` selector values. The valid values are `amd64`, `s390x`, and `ppc64le`.
node_affinity.custom_node_selector_match_expression	Added in node selector match expressions. It accepts array list inputs. You can assign multiple selector match expressions except `(kubernetes.io/arch)`.	`- key: kubernetes.io/hostname operator: In values: - worker0 - worker1 - worker3`
custom_annotations	Values in this field are used as annotations in all generated pods. They must be valid annotation key-value pairs.	`customAnnotationKey: customAnnotationValue`
custom_labels	Values in this field are used as labels in all generated pods. They must be valid label key-value pairs.	`customLabelKey: customLabelValue`
seccomp_profile	Setting for secure computing mode (seccomp) profile in CP4A containers. You can also define the seccomp profile globally at `shared_configuration.sc_seccomp_profile`. Supported values are: `Unconfined`, `RuntimeDefault`, and `Localhost`. The default value is `RuntimeDefault` on OpenShift Container Platform 4.11 (Kubernetes 1.24) and later. Seccomp profile is not created on OpenShift Container Platform 4.10 (Kubernetes 1.23) or earlier. For more information about seccomp profile, see Restrict a Container's Syscalls with seccomp and Restrict seccomp profiles. Note: Defining a custom, `Localhost` seccomp profile that is stricter than the default `RuntimeDefault` profile may cause the pods to fail to start.	`RuntimeDefault`
localhost_profile	The local path of the seccomp profile file. This parameter is required if `sc_seccomp_profile` is set to `Localhost`. The custom profile must be accessible by the pod.	`/profiles/fine-grained.json` if `seccomp_profile` is `Localhost`