IBM Content Navigator parameters

Update the custom YAML file to provide the details that are relevant to your IBM Content Navigator and your decisions for the deployment of the container.

Table 1. Configuration parameters: navigator_configuration
Parameters Description Default Values Required
ban_secret_name Contains the information about the LDAP user and password for components. "ibm-ban-secret" Yes
route_ingress_annotations By default all the components create ingress and routes with required annotations. In case any custom annotation is needed for the environment, use this parameter to specify the annotations. - haproxy.router.openshift.io/balance: roundrobin No
deployment_profile_size You can specify a profile size for Navigator if different from Shared Configuration (see shared_configuration.sc_deployment_profile_size). This overrides the shared configuration setting. The valid values are small, medium, large. small No
ban_ext_tls_secret_name If you create a tls secret, use this parameter to specify it for IBM Content Navigator. Otherwise the operator creates one for you. "{{ meta.name }}-ban-ext-tls-secret" No
ban_auth_ca_secret_name If you create a ca secret, use this parameter to specify it for IBM Content Navigator. Otherwise the operator creates one for you. "{{ meta.name }}-ban-auth-ca-secret" No
arch.amd64 The architecture for your environment. 3 - Most preferred Yes, leave default
replica_count How many Content Platform Engine replicas to deploy. 2 No
image.repository The repository to use. cp.icr.io/cp/cp4a/ban/navigator No
image.tag The specific tag for your release. ga-310-icn No
image.pull_policy The pull policy for the image. IfNotPresent No
log.format The format for workload logging. json No
tolerations Tolerations are specified in the pod specification to allow the pod to be scheduled on tainted nodes. For example, if you want to schedule the pod on a node with taints, you can add tolerations to the pod specification.
tolerations:
  - key: "component"
    operator: "Equal"
    value: "icn"
    effect: "NoSchedule"
 [] (empty list) No
resources.requests.cpu Specifies a CPU request for the container. 500m No
resource.requests.memory Specify a memory request for the container. 512Mi No
resources.requests.ephemeral_storage Specifies an ephemeral storage request for the container. 1Gi No
resource.limits.cpu Specify a CPU limit for the container. 1 No
resource.limits.memory Specify a memory limit for the container. 3072Mi No
resources.limits.ephemeral_storage Specifies an ephemeral storage limit for the container. 3Gi No
rolling_update.max_unavailable The maximum number of pods that can be unavailable during the update process. The value can be an absolute number (for example, 5) or a percentage of desired pods (for example, 10%). 25% No
rolling_update.max_surge The maximum number of pods that can be scheduled above the desired number of pods. The value can be an absolute number (for example, 5) or a percentage of desired pods (for example, 10%). 1 No
auto_scaling.enabled Specify whether to enable auto scaling. false No
auto_scaling.max_replicas The upper limit for the number of pods that can be set by the autoscaler. Required. 3 No
auto_scaling.min_replicas The lower limit for the number of pods that can be set by the autoscaler. If it is not specified or negative, the server will apply a default value. 2 No
auto_scaling.target_cpu_utilization_percentage The target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it is not specified or negative, a default autoscaling policy is used. 80 No
auto_scaling.target_memory_utilization_percentage The target average memory utilization (represented as a percent of requested memory) over all the pods. If it is not specified or negative, a default autoscaling policy is used. 80 No
auto_scaling.scaleup
  • policies_pods_value
  • policies_pods_period_seconds
  • stabilization_window_seconds
  • The maximum number of pods that the HPA is allowed to add during each periodSeconds interval.
  • Defines how often the HPA can apply a scaling action.
  • Cooldown window before applying scaleUp action.
  • 1
  • 15 (seconds)
  • 30 (seconds)
 No
auto_scaling.scaledown
  • policies_pods_value
  • policies_pods_period_seconds
  • stabilization_window_seconds
  • The maximum number of pods that the HPA is allowed to remove during each periodSeconds interval.
  • Defines how often the HPA can apply a scaling action.
  • Cooldown window before applying scaleDown action.
  • 1
  • 15 (seconds)
  • 300 (seconds)
 No
java_mail.host Specify the host of the mail session. fncm-exchange1.example.com No
node_affinity.custom_node_selector_match_expression Added in node selector match expressions. It accepts array list inputs. You can assign multiple selector match expressions except (kubernetes.io/arch).
Note: This can be overwritten by the component level definition, for example navigator_configuration.node_affinity.custom_node_selector_match_expression.
 
- key: kubernetes.io/hostname
  operator: In
  values:
    - worker0
    - worker1
    - worker3
 No
custom_annotations Values in this field are used as annotations in all generated pods. They must be valid annotation key-value pairs. customAnnotationKey: customAnnotationValue No
custom_labels Values in this field are used as labels in all generated pods. They must be valid label key-value pairs. customLabelKey: customLabelValue No
java_mail.port Specify the port to use with the mail session host. 25 No
java_mail.sender For sender, enter a user that has access to the email server to log on. MailAdmin@fncmexchange.com No
java_mail.ssl_enabled Specify whether SSL is enabled. false No
disable_fips Disable FIPS for the component (default value is false). Change it to true if you enable FIPS mode for the deployment with shared_configuration.enable_fips = true, but want to disable FIPS mode for the component. false No
security_context.supplemental_groups Controls which group IDs containers add. For example: supplemental_groups: [1000620001,1000620002] [] No
security_context.selinux_options This can take an array of key value pairs to assign SELinux labels to a Container. For example: selinux_options: level: "s0:c123,c456", type: "spc_t" None No
security_context.fs_groupchangepolicy Defines behavior for changing ownership and permission of the volume before being exposed inside a Pod. This field has two possible values: Always, OnRootMismatch. For example: fs_groupchangepolicy: "OnRootMismatch" None No
enable_pdb Enable or disable Pod Disruption Budget (PDB) creation for the Navigator component. This flag overrides the shared_configuration.sc_enable_pdb flag. A PDB for Navigator is created with minAvailable: 1 only if the replica count is greater than 1. Otherwise, the PDB has minAvailable: 0 if the replica is 1. true No
icn_production_setting.custom_configmap.name The name of the custom configmap.

Note that, a configmap can hold files or environment data but it cannot a mix of both. The volume_path is optional for a configmap that holds files as its data. If a volume_path is not specified, the files is mounted to the Liberty configuration (cfgstore) mapped location. If the configmap data holds environment variables then must set is_env to true.

 custom-navigator-config-files Yes
icn_production_setting.custom_configmap.volume_path The location you want to hold files in.   No
icn_production_setting.custom_configmap.is_env Specify whether the config map holds environment variables. false No
icn_production_setting.timezone The time zone for the container deployment. Etc/UTC No
icn_production_setting.gdfontpath Customized font path for multi-language support. You need to place all used font files into this path /opt/ibm/java/jre/lib/fonts No
icn_production_setting.jvm_initial_heap_percentage The initial use of available memory. 40 No
icn_production_setting.jvm_max_heap_percentage The maximum percentage of available memory to use. 66 No
icn_production_setting.jvm_customize_options Optionally specify JVM arguments using comma separation. For example:

jvm_customize_options: "-Dmy.test.jvm.arg1=123,-Dmy.test.jvm.arg2=abc,-XX:+SomeJVMSettings,XshowSettings:vm"

If needed, you can use DELIM to change the character that is used to separate multiple JVM arguments. In this example, a semi-colon is used to separate the JVM arguments:

jvm_customize_options: "DELIM=;-Dcom.filenet.authentication.wsi.AutoDetectAuthToken=true;-Dcom.filenet.authentication.providers=ExShareUmsInternal,ExShareIbmId,ExShareGID"

 None No
icn_production_setting.icn_jndids_name Name for the Navigator JNDI datasource. ECMClientDS No
icn_production_setting.icn_schema Schema for IBM Content Navigator. ICNDB No
icn_production_setting.icn_table_space Table space for IBM Content Navigator. ICNDB No
icn_production_setting.allow_remote_plugins_via_http It is recommended not to change this setting. true No
icn_production_setting.copy_files_to_war Uncomment this parameter to copy customized files into Navigator web application. The <custom-dir>/navigator_war_filesources.xml must be located in config volume mapping, which is /opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides <custom-dir>/navigator_war_filesources.xml No
icn_production_setting.walkme_url The WalkMe URL references a WalkMe snippet. This snippet is a piece of JavaScript code that allows WalkMe to be displayed in the application. Each WalkMe Editor account has a unique snippet code that can be accessed inside the Editor. https://cdn.walkme.com/users/4e7c687193414395aa0411837a9eee4b/test/walkme_4e7c687193414395aa0411837a9eee4b_https.js No
monitor_enabled Specify whether to use the built-in monitoring capability. false No
logging_enabled Specify whether to use the built-in logging capability. false No
collectd_enable_plugin_write_graphite Specify whether to enable the collectd write_graphite plugin for monitoring. When enabled, collectd metrics are sent to a Graphite server for visualization and analysis. false No
datavolume.existing _pvc_for_icn_cfgstore
  • name
  • size
 The persistent volume claim for IBM Content Navigator configuration.
  • icn-cfgstore
  • 1Gi
  • Yes, if you want to use existing PVC
  • No
datavolume.existing _pvc_for_icn_logstore
  • name
  • size
 The persistent volume claim for IBM Content Navigator logs.
  • icn-logstore
  • 1Gi
  • Yes, if you want to use existing PVC
  • No
datavolume.existing _pvc_for_icn_pluginstore
  • name
  • size
 The persistent volume claim for the plug-ins.
  • icn-pluginstore
  • 1Gi
  • Yes, if you want to use existing PVC
  • No
datavolume.existing _pvc_for_icnvw_cachestore
  • name
  • size
 The persistent volume claim for the viewer cache.
  • icn-vw-cachestore
  • 1Gi
  • Yes, if you want to use existing PVC
  • No
datavolume.existing _pvc_for_icnvw_logstore
  • name
  • size
 The persistent volume claim for the viewer log.
  • icn-vw-logstore
  • 1Gi
  • Yes, if you want to use existing PVC
  • No
datavolume.existing _pvc_for_icn_aspera
  • name
  • size
 The persistent volume claim for Aspera®.
  • icn-asperastore
  • 1Gi
  • Yes, if you want to use existing PVC
  • No
probe.startup
  • initial_delay_seconds
  • period_seconds
  • timeout_seconds
  • failure_threshold
 The behavior of startup probes to know when the container is started.
  • 120
  • 10
  • 10
  • 6
 No
probe.readiness
  • period_seconds
  • timeout_seconds
  • failure_threshold
 The behavior of readiness probes to know when the containers are ready to start accepting traffic.
  • 10
  • 10
  • 6
 No
probe.liveness
  • period_seconds
  • timeout_seconds
  • failure_threshold
 The behavior of liveness probes to know when the containers are ready to start accepting traffic.
  • 10
  • 5
  • 6
 No
image_pull_secrets.name The secrets to be able to pull images. ibm-entitlement-key Yes, only if you want to override the comparable setting in the shared configuration section.
enable_ldap Optional entry only if you have the open_id_connect_providers enabled. Enabling this will give the user the option to sign-in using the LDAP. false No