External Share parameters

Update the custom YAML file to provide the details that are relevant to your External Share configuration and your decisions for the deployment of the container. Parameters marked with (External users) are in the LDAP section of the custom YAML file, and apply only for environments that are using the 2-LDAP method for supporting External Share.

Table 1. External share configuration parameters: es
Parameters Description Default or Example Values Required
resources.requests.ephemeral_storage Specifies an ephemeral storage request for the container.   No
resources.limits.ephemeral_storage Specifies an ephemeral storage limit for the container.   No
arch.amd64 The architecture for your environment. This is the default for Linux on x86 and should not be changed. 3 - Most preferred Yes, leave default
replica_count How many replicas or pods to deploy. 2 No
image.repository The image repository that corresponds to the image registry, where the image is pulled. The default repository is the IBM Entitled Registry. cp.icr.io/cp/cp4a/fncm/extshare No
image.tag The tag that corresponds to the image registry, where the image is pulled. ga-310-es No
image.pull_policy Specify your pull policy. If specified, this value overrides the image pull policy in the shared_configuration. IfNotPresent No
resources.requests.cpu Specifies a CPU request for the container. 500m No
resources.requests.memory Specify a memory request for the container. 512Mi No
resources.limits.cpu Specify a CPU limit for the container. 1 No
resources.limits.memory Specify a memory limit for the container. 1536Mi No
auto_scaling.enabled Specify whether to enable auto scaling. false No
auto_scaling.max_replicas The upper limit for the number of pods that can be set by the autoscaler. Required. 3 No
auto_scaling.min_replicas The lower limit for the number of pods that can be set by the autoscaler. If it is not specified or negative, the server will apply a default value. 2 No
auto_scaling.target_cpu_utilization_percentage The target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it is not specified or negative, a default autoscaling policy is used. 80 No
es_production_setting.time_zone The time zone for the container deployment. Etc/UTC No
es_production_setting.jvm_initial_heap_percentage The initial use of available memory. 40 No
es_production_setting.jvm_max_heap_percentage The maximum percentage of available memory to use. 66 No
es_production_setting.jvm_customize_options Optionally specify JVM arguments using comma separation. For example:

jvm_customize_options="-Dmy.test.jvm.arg1=123,-Dmy.test.jvm.arg2=abc,-XX:+SomeJVMSettings,XshowSettings:vm"

If needed, you can use DELIM to change the character that is used to separate multiple JVM arguments. In this example, a semi-colon is used to separate the JVM arguments:

jvm_customize_options="DELIM=;-Dcom.filenet.authentication.wsi.AutoDetectAuthToken=true;-Dcom.filenet.authentication.providers=ExShareUmsInternal,ExShareIbmId,ExShareGID"

None No
es_production_setting.license_model Choose the licensing model. Required. The expected values are ICF.PVUNonProd, ICF.PVUProd, ICF.UVU, ICF.CU, FNCM.PVUNonProd, FNCM.PVUProd, FNCM.UVU, or FNCM.CU.

FNCM.PVUNonProd

No
es_production_setting.license The value must be set to accept to deploy. accept Yes
es_production_setting.allowed_origins Add a comma-delimited list of URLs that are allowed to access a share. None No
es_production_setting.custom_configmap.name The name of the custom configmap.

Note that, a configmap can hold files or environment data but it cannot a mix of both. The volume_path is optional for a configmap that holds files as its data. If a volume_path is not specified, the files is mounted to the Liberty configuration (cfgstore) mapped location. If the configmap data holds environment variables then must set is_env to true.

custom-navigator-config-files Yes
es_production_setting.custom_configmap.volume_path The location you want to hold files in.   No
es_production_setting.custom_configmap.is_env Specify whether the config map holds environment variables. false No
monitor_enabled Specify whether to use the built-in monitoring capability. false No
logging_enabled Specify whether to use the built-in logging capability. false No
collectd_enable_plugin_write_graphite If you use Graphite database for metrics or use IBM Cloud® monitoring, set to true. false No
data_volume.existing _pvc_for_es_cfgstore
  • name
  • size
The name and size of persistent volume claim for External Share configuration.
  • es-cfgstore
  • 1Gi
  • Yes if you want to use existing PVC
  • No
data_volume.existing _pvc_for_es_logstore
  • name
  • size
The name and size of persistent volume claim for External Share logs.
  • es-logstore
  • 1Gi
  • Yes if you want to use existing PVC
  • No
probe.readiness
  • period_seconds
  • timeout_seconds
  • failure_threshold
The behavior of readiness probes to know when the containers are ready to start accepting traffic.
  • 10
  • 10
  • 6
No
probe.liveness
  • period_seconds
  • timeout_seconds
  • failure_threshold
The behavior of liveness probes to know when to restart a container.
  • 10
  • 5
  • 6
No
probe.startup
  • initial_delay_seconds
  • period_seconds
  • timeout_seconds
  • failure_threshold
The behavior of startup probes to know when the container is started.
  • 180
  • 10
  • 10
  • 6
No
image_pull_secrets.name The secrets to be able to pull images. ibm-entitlement-key Yes, only if you want to override the comparable setting in the shared configuration section.

External LDAP settings

If you want to use a second directory server for your external users, you uncomment and add the values for this second LDAP to the LDAP section of the custom resource YAML.

Table 2. External LDAP Parameters Configuration: ext_ldap_configuration
Parameters Description Default Values Required
ad.lc_ad_gc_host Active Directory host.   Yes
ad.lc_ad_gc_port Active Directory port.   Yes
ad.lc_group_filter Active Directory group filter. (&(cn=%v)(objectcategory=group)) No
ad.lc_user_filter Active Directory user filter. (&(sAMAccountName=%v)(objectcategory=user)) No
caet.lc_group_filter CA eTrust group filter (&(objectClass=group)(cn=%v)) No
caet.lc_user_filter CA eTrust user filter (&(objectClass=person)(cn=%v)) No
ed.lc_group_filter NetIQ eDirectory group filter (&(objectclass=groupOfNames)(cn=%v)) No
ed.lc_user_filter NetIQ eDirectory user filter &(objectclass=Person)(cn=%v)) No
lc_bind_secret User name and password for the bind user. The LDAP bind secret must have ldapUsername and ldapPassword keys. ldap-bind-secret  
lc_ldap_base_dn The base distinguished name (DN) of an LDAP user who is allowed to search the LDAP directory if the LDAP server does not allow anonymous access. dc=hqpsidcdom,dc=com Yes
lc_ldap_group_base_dn The base DN subtree that is used when searching for group entries on the LDAP server. dc=hqpsidcdom,dc=com Yes
lc_ldap_group_display_name_attr Provide the format of the group display name. cn Yes
lc_ldap_group_member_id_map The group id is a filter that is used to determine the group name. groupofnames:member Yes
lc_ldap_group_membership_search_filter Filter for finding entries in the LDAP base DN (groups) subtree that match the group name.
(|(&(objectclass=groupofnames)
(member={0}))
(&(objectclass=groupofuniquenames)
(uniquemember={0})))
Yes
lc_ldap_group_name_attribute Provide the format of the group name. *:cn Yes
lc_ldap_port The port number for the LDAP server that you are using. 389 Yes
lc_ldap_precheck If the value is true, the operator verifies the LDAP connection during the validation phase before deploying. Else, the operator skips the validation. true No
lc_ldap_server The host name for the LDAP server that you are using for the environment. <hostname> Yes
lc_ldap_ssl_enabled Specify whether SSL is enabled. true No
lc_ldap_ssl_secret_name Provide the name of the SSL secret that you created.   Yes
lc_ldap_user_display_name_attr Provide the format of the display name. cn Yes
lc_ldap_user_name_attribute Provide the format of the user name. *:cn Yes
lc_selected_ldap_type The type of the directory service provider you are using for your container environment. Choices are
  • IBM Security Directory Server
  • Microsoft Active Directory
  • NetIQ eDirectory
  • Oracle Internet Directory
  • Oracle Directory Server Enterprise Edition
  • Oracle Unified Directory
  • CA eTrust
  Yes
oracle.lc_group_filter Oracle Directory group filter (&(objectClass=group)(cn=%v)) No
oracle.lc_user_filter Oracle Directory user filter (&(objectClass=person)(cn=%v)) No
tds.lc_group_filter IBM Security group filter.
(&(cn=%v)
(|(objectclass=groupofnames)
(objectclass=groupofuniquenames)
(objectclass=groupofurls)))
No
tds.lc_user_filter IBM Security user filter (&(cn=%v)(objectclass=person)) No