External Share parameters
Update the custom YAML file to provide the details that are relevant to your External Share configuration and your decisions for the deployment of the container. Parameters marked with (External users) are in the LDAP section of the custom YAML file, and apply only for environments that are using the 2-LDAP method for supporting External Share.
Parameters | Description | Default or Example Values | Required |
---|---|---|---|
resources.requests.ephemeral_storage | Specifies an ephemeral storage request for the container. | No | |
resources.limits.ephemeral_storage | Specifies an ephemeral storage limit for the container. | No | |
arch.amd64 | The architecture for your environment. This is the default for Linux on x86 and should not be changed. | 3 - Most preferred | Yes, leave default |
replica_count | How many replicas or pods to deploy. | 2 | No |
image.repository | The image repository that corresponds to the image registry, where the image is pulled. The default repository is the IBM Entitled Registry. | cp.icr.io/cp/cp4a/fncm/extshare | No |
image.tag | The tag that corresponds to the image registry, where the image is pulled. | ga-310-es | No |
image.pull_policy | Specify your pull policy. If specified, this value overrides the image pull policy in the shared_configuration. | IfNotPresent | No |
resources.requests.cpu | Specifies a CPU request for the container. | 500m | No |
resources.requests.memory | Specify a memory request for the container. | 512Mi | No |
resources.limits.cpu | Specify a CPU limit for the container. | 1 | No |
resources.limits.memory | Specify a memory limit for the container. | 1536Mi | No |
auto_scaling.enabled | Specify whether to enable auto scaling. | false | No |
auto_scaling.max_replicas | The upper limit for the number of pods that can be set by the autoscaler. Required. | 3 | No |
auto_scaling.min_replicas | The lower limit for the number of pods that can be set by the autoscaler. If it is not specified or negative, the server will apply a default value. | 2 | No |
auto_scaling.target_cpu_utilization_percentage | The target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it is not specified or negative, a default autoscaling policy is used. | 80 | No |
es_production_setting.time_zone | The time zone for the container deployment. | Etc/UTC | No |
es_production_setting.jvm_initial_heap_percentage | The initial use of available memory. | 40 | No |
es_production_setting.jvm_max_heap_percentage | The maximum percentage of available memory to use. | 66 | No |
es_production_setting.jvm_customize_options | Optionally specify JVM arguments using comma separation. For example: jvm_customize_options="-Dmy.test.jvm.arg1=123,-Dmy.test.jvm.arg2=abc,-XX:+SomeJVMSettings,XshowSettings:vm" If needed, you can use DELIM to change the character that is used to separate multiple JVM arguments. In this example, a semi-colon is used to separate the JVM arguments: jvm_customize_options="DELIM=;-Dcom.filenet.authentication.wsi.AutoDetectAuthToken=true;-Dcom.filenet.authentication.providers=ExShareUmsInternal,ExShareIbmId,ExShareGID" |
None | No |
es_production_setting.license_model | Choose the licensing model. Required. The expected values are ICF.PVUNonProd, ICF.PVUProd, ICF.UVU, ICF.CU, FNCM.PVUNonProd, FNCM.PVUProd, FNCM.UVU, or FNCM.CU. |
FNCM.PVUNonProd |
No |
es_production_setting.license | The value must be set to accept to deploy. | accept | Yes |
es_production_setting.allowed_origins | Add a comma-delimited list of URLs that are allowed to access a share. | None | No |
es_production_setting.custom_configmap.name | The name of the custom configmap. Note that, a configmap can hold files or environment data but it cannot a mix of both. The volume_path is optional for a configmap that holds files as its data. If a volume_path is not specified, the files is mounted to the Liberty configuration (cfgstore) mapped location. If the configmap data holds environment variables then must set is_env to true. |
custom-navigator-config-files | Yes |
es_production_setting.custom_configmap.volume_path | The location you want to hold files in. | No | |
es_production_setting.custom_configmap.is_env | Specify whether the config map holds environment variables. | false | No |
monitor_enabled | Specify whether to use the built-in monitoring capability. | false | No |
logging_enabled | Specify whether to use the built-in logging capability. | false | No |
collectd_enable_plugin_write_graphite | If you use Graphite database for metrics or use IBM Cloud® monitoring, set to true. | false | No |
data_volume.existing _pvc_for_es_cfgstore
|
The name and size of persistent volume claim for External Share configuration. |
|
|
data_volume.existing _pvc_for_es_logstore
|
The name and size of persistent volume claim for External Share logs. |
|
|
probe.readiness
|
The behavior of readiness probes to know when the containers are ready to start accepting traffic. |
|
No |
probe.liveness
|
The behavior of liveness probes to know when to restart a container. |
|
No |
probe.startup
|
The behavior of startup probes to know when the container is started. |
|
No |
image_pull_secrets.name | The secrets to be able to pull images. | ibm-entitlement-key | Yes, only if you want to override the comparable setting in the shared configuration section. |
External LDAP settings
If you want to use a second directory server for your external users, you uncomment and add the values for this second LDAP to the LDAP section of the custom resource YAML.
Parameters | Description | Default Values | Required |
---|---|---|---|
ad.lc_ad_gc_host | Active Directory host. | Yes | |
ad.lc_ad_gc_port | Active Directory port. | Yes | |
ad.lc_group_filter | Active Directory group filter. | (&(cn=%v)(objectcategory=group)) | No |
ad.lc_user_filter | Active Directory user filter. | (&(sAMAccountName=%v)(objectcategory=user)) | No |
caet.lc_group_filter | CA eTrust group filter | (&(objectClass=group)(cn=%v)) | No |
caet.lc_user_filter | CA eTrust user filter | (&(objectClass=person)(cn=%v)) | No |
ed.lc_group_filter | NetIQ eDirectory group filter | (&(objectclass=groupOfNames)(cn=%v)) | No |
ed.lc_user_filter | NetIQ eDirectory user filter | &(objectclass=Person)(cn=%v)) | No |
lc_bind_secret | User name and password for the bind user. The LDAP bind secret must have ldapUsername and ldapPassword keys. | ldap-bind-secret | |
lc_ldap_base_dn | The base distinguished name (DN) of an LDAP user who is allowed to search the LDAP directory if the LDAP server does not allow anonymous access. | dc=hqpsidcdom,dc=com | Yes |
lc_ldap_group_base_dn | The base DN subtree that is used when searching for group entries on the LDAP server. | dc=hqpsidcdom,dc=com | Yes |
lc_ldap_group_display_name_attr | Provide the format of the group display name. | cn | Yes |
lc_ldap_group_member_id_map | The group id is a filter that is used to determine the group name. | groupofnames:member | Yes |
lc_ldap_group_membership_search_filter | Filter for finding entries in the LDAP base DN (groups) subtree that match the group name. |
(|(&(objectclass=groupofnames)
(member={0})) (&(objectclass=groupofuniquenames) (uniquemember={0}))) |
Yes |
lc_ldap_group_name_attribute | Provide the format of the group name. | *:cn | Yes |
lc_ldap_port | The port number for the LDAP server that you are using. | 389 | Yes |
lc_ldap_precheck | If the value is true, the operator verifies the LDAP connection during the validation phase before deploying. Else, the operator skips the validation. | true | No |
lc_ldap_server | The host name for the LDAP server that you are using for the environment. | <hostname> | Yes |
lc_ldap_ssl_enabled | Specify whether SSL is enabled. | true | No |
lc_ldap_ssl_secret_name | Provide the name of the SSL secret that you created. | Yes | |
lc_ldap_user_display_name_attr | Provide the format of the display name. | cn | Yes |
lc_ldap_user_name_attribute | Provide the format of the user name. | *:cn | Yes |
lc_selected_ldap_type | The type of the directory service provider you are using for your container environment.
Choices are
|
Yes | |
oracle.lc_group_filter | Oracle Directory group filter | (&(objectClass=group)(cn=%v)) | No |
oracle.lc_user_filter | Oracle Directory user filter | (&(objectClass=person)(cn=%v)) | No |
tds.lc_group_filter | IBM Security group filter. |
(&(cn=%v)
(|(objectclass=groupofnames) (objectclass=groupofuniquenames) (objectclass=groupofurls))) |
No |
tds.lc_user_filter | IBM Security user filter | (&(cn=%v)(objectclass=person)) | No |