Shared configuration
The following tables list the configurable parameters. The parameters are either mandatory <Required> or optional in a custom resource file. If a parameter is absent or has no value, it means that the operator refers to the default value. You can overwrite the default value by entering a new value in your custom resource. Parameters that are mandatory must always be present and you must enter a valid value.
Parameter | Description | Example value | Required |
---|---|---|---|
appVersion | The version of the current release. | 24.0.0 | Yes |
content_optional_components | Specify which component to include (true) or omit (false). |
|
No |
license.accept | Must exist to accept the IBM license. The only valid value is "true". | true | Yes |
Parameters | Description | Default Values | Required |
---|---|---|---|
enable_fips | Enable/disable FIPS mode for the deployment. | false | No |
external_tls_certificate_secret | Shared custom TLS secret that is used to sign all external routes, if defined. If this is not defined, all external routes are signed with root_ca_secret. | No | |
image_pull_secrets | List of shared image pull secrets. | ibm-entitlement-key | No |
root_ca_secret | If you provide your own root certificate, enter the value. | fncm-root-ca | No |
sc_content_initialization |
Enable/disable If the parameter value is If the parameter value is |
false | No |
sc_content_verification |
Enable/disable the If the parameter value is If the parameter value is
false , the operator ignores the
verify_configuration section that is defined in the CR.Note: If you are
upgrading or migrating, set this parameter to false since the environment is already
verified.
|
false | No |
sc_deployment_context | Do not change this default setting. | FNCM | Yes |
sc_deployment_platform | Enter your certified Kubernetes platform type | OCP
|
Yes |
sc_deployment_profile_size |
For a production deployment type, the default is |
small | No |
sc_deployment_type | Do not change this default setting. | production | Yes |
sc_ecm_ltpa_secret_name | If you created a custom ltpa-secret name, specify the name here. The value is required for deploying geographically dispersed FNCM clusters. | {{ meta.name }}-ecm-ltpa | No |
sc_egress_configuration
|
To enable or disable egress access to external systems. The default is to restrict access to
external systems. Set the value of If set to Important: When the value
of
sc_restricted_internet_access is true , none of the pods can
access any external system other than the known addresses for databases, LDAPs, and federated
systems. For more information, see Configuring cluster security. |
|
No |
sc_fncm_license_model |
|
Yes | |
sc_image_repository | All components must use the same docker image repository. For IBM Entitlement Registry use
cp.icr.io . For a local docker image repository, set the parameter to the value of
the URL, for example, myimageregistry.com/project_name . For an air gap
installation, make sure that the parameter is set to the default value. |
cp.icr.io | No |
sc_ingress_enable | For ROKS and CNCF clusters, this is used to enable Ingress. The default value is "false" which creates routes instead of Ingress. | false | No |
sc_ingress_tls_secret_name | This secret provides TLS for the Ingress controller. | Empty | Yes |
sc_is_multiple_az | If a cluster is configured for multiple availability zones (AZ) and the parameter
sc_is_multiple_az is set to true, then the pods are spread across all the zones. By
default, the sc_is_multiple_az parameter is set to false. When the value is set to
true, the pods of the FNCM deployment are spread across your user-defined topology domains. The pod
API includes a spec.topologySpreadConstraints field, which is used by the operator
to configure it. For more information, see Controlling pod placement by using pod topology spread
constraints. |
false | No |
sc_run_as_user | Optional and only applicable for non-Open Shift Cloud Platform installations. Specify a RunAs user for the security of the pod. This is usually a numerical ID. | No | |
sc_seccomp_profile.localhost_profile | Specify the local path of the seccomp profile file. This parameter is required if
sc_seccomp_profile.type is set to Localhost . The value of
sc_seccomp_profile.localhost_profile is ignored if sc_seccomp_profile.type is set to anything other
than Localhost . For more information, see Configuring seccomp profiles. |
Example: profiles/audit.json |
Only if sc_seccomp_profile.type is set to Localhost |
sc_seccomp_profile.type | Specify the type of seccomp profile to be used by the pods. Possible values
are: Unconfined , RuntimeDefault , Localhost . For
more information about seccomp profile, see the Restrict a Container's Syscalls with seccomp. |
Default value:
Localhost |
No |
storage_configuration
|
Three storage classes are needed for slow, medium, and fast storage. If one storage class is defined, then you can use that one storage class for all three parameters. | None | Yes |
trusted_certificate_list | If connecting to an external service over SSL, use the certificate file to create a secret and then add the secret name for this parameter. | [] | No |
images.keytool_init_container.repository | Image name for TLS init container. | cp.icr.io/cp/cp4a/common/dba-keytool-initcontainer |
No |
images.keytool_init_container.tag | Image tag for TLS init container. |
24.0.0 |
No |