This section describes how to install the components required to host and manage deployed Business Services in the runtime environment:

BAMOE Management Console

for monitoring and administration,

BAMOE MCP Server

to enable AI agents to connect to Business Services.

The Runtime environment Helm chart

The recommended way of installing BAMOE Management Console and BAMOE MCP Server is to install the pre-configured Helm charts for the BAMOE offering that you have purchases licenses for, IBM Decision Manager Open Edition or IBM Process Automation Manager Open Edition:

  • pamoe-9.5.0-runtime-environment-helm-chart

  • dmoe-9.5.0-runtime-environment-helm-chart

These Helm charts include the necessary licensing annotations and do not require any manual configuration, as was the case in previous releases. Required annotations are injected into all deployed containers, ensuring accurate license tracking from deployment, and simplifying the installation process. The charts are pre-configured with the correct product IDs, product names, and metrics for each BAMOE offering.

The charts integrate Management Console configuration via Helm parameters, enabling centralized configuration in a single values.yaml, version-controlled settings, and automatic conversion to environment variables during deployment, eliminating manual configuration, see Configuration reference for Runtime Helm Charts

Each Dev Helm chart contains two sub-charts:

The only difference between the PAMOE and DMOE Dev environment Helm chart is the License Service annotations which contain different productID and productName. All sub-charts receive License Service annotations automatically through the global configuration of the parent chart. The annotations are applied to every pod deployment, ensuring complete license tracking coverage for all BAMOE containers.

The BAMOE Runtime Helm charts are architecture-agnostic and work for both:

  • Linux/s390x architecture which runs on the IBM Z platform

  • Linux/x86_64 architecture

All BAMOE container images are available as multi-architecture images on Quay.io, and the host machine architecture is automatically resolved when you pull the container images. You can use the following command to specify a platform if required:

`docker pull --platform linux/s390x quay.io/bamoe/management-console:{IMAGE_VERSION}`

If you prefer to install the Runtime environment components individually using OpenShift CLI and Docker this can be done using the same container images.

For more information on the product distribution see What’s New → Download Documentation.

The Helm chart provides a simple way to deploy BAMOE Management Console and BAMOE MCP Server in Kubernetes, OpenShift, and Minikube with pre-configured licensing depending on your licensed product (see License Guide). For more information on using the Helm tool, see Helm Docs.

Choose the required helm chart based on your licensed product:

  • pamoe-9.5.0-runtime-environment-helm-chart

  • dmoe-9.5.0-runtime-environment-helm-chart

OpenShift Install

To install on OpenShift, first get the default OpenShift domain for your routes using the following command:

oc get ingresses.config cluster --output jsonpath={.spec.domain}

You can then install the Helm chart with the following commands:

helm pull oci://quay.io/bamoe/dmoe-runtime-environment-helm-chart --version=9.5.0-ibm-0005 --untar
helm install my-bamoe-runtime-environment ./dmoe-runtime-environment-helm-chart --values ./dmoe-runtime-environment-helm-chart/values-openshift.yaml --set global.openshiftRouteDomain="<YOUR_OCP_ROUTE_DOMAIN>"

Replace dmoe-runtime-environment-helm-chart with pamoe-runtime-environment-helm-chart when using IBM Process Automation Manager Open Edition, and replace <YOUR_OCP_ROUTE_DOMAIN>` with your OpenShift Route domain. You can customize the installation name by replacing my-bamoe-runtime-environment with your preferred name.

Generic Kubernetes install

To install BAMOE Management Console directly on a Kubernetes cluster, you will need to get the default Kubernetes cluster domain for your Ingress (see Kubernetes Documentation for more information). This can vary depending on your cluster configuration.

Once you have the domain information, you can run the following helm commands:

helm pull oci://quay.io/bamoe/dmoe-runtime-environment-helm-chart --version=9.5.0-ibm-0005 --untar
helm install my-bamoe-runtime-environment ./dmoe-runtime-environment-helm-chart --values ./dmoe-runtime-environment-helm-chart/values-kubernetes.yaml --set global.kubernetesClusterDomain="<YOUR_KUBERNETES_CLUSTER_DOMAIN>" --set global.kubernetesIngressClass="<YOUR_KUBERNETES_INGRESS_CLASS>"

Where you replace dmoe-runtime-environment-helm-chart with pamoe-runtime-environment-helm-chart if you are working with IBM Process Automation Manager Open Edition, <YOUR_KUBERNETES_CLUSTER_DOMAIN> with the domain of your cluster and <YOUR_KUBERNETES_INGRESS_CLASS> with the ingress class of your cluster. You can customize the installation name by replacing my-bamoe-runtime-environment with your preferred name.

Minikube install

To install BAMOE Management Console Helm chart on a Minikube cluster, you will need:

Once you have the domain information, you can run the following helm commands to do a Minikube specific install:

helm pull oci://quay.io/bamoe/dmoe-runtime-environment-helm-chart --version=9.5.0-ibm-0005 --untar
helm install my-bamoe-runtime-environment ./dmoe-runtime-environment-helm-chart --values ./dmoe-runtime-environment-helm-chart/values-minikube-nginx.yaml

Where dmoe-runtime-environment-helm-chart is replaced by pamoe-runtime-environment-helm-chart if you are working with IBM Process Automation Manager Open Edition.

Uninstalling the chart

To uninstall the bamoe-management-console deployment:

helm uninstall bamoe-management-console

MCP Server

The BAMOE MCP Server is deployed and configured by default during the Runtime environment installation.

You can disable the installation of the MCP Server in the Helm chart deployment using this command:

helm install my-bamoe-runtime-environment ./dmoe-runtime-environment-helm-chart --set mcp.server.enabled=false

To run the BAMOE MCP Server, complete the setup and launch the server image in a Docker environment using the following command:

docker run -it --rm \
  -p 8084:8080 \
  --name mcp-server \
  -e MCP_SERVER_OPENAPI_URLS=<your_business_services_OpenAPIv3_path> \
  quay.io/bamoe/mcp-server:9.5.0-ibm-0005

Passing Environment variables

This chart uses default environmental variables from values.yaml file. You can override the variables by passing them through the command line. See Runtime Helm Chart configuration reference for all options.

helm install my-bamoe-runtime-environment ./dmoe-runtime-environment-helm-chart --set management_console.image.registry=quay.io

Where dmoe-runtime-environment-helm-chart is replaced by pamoe-runtime-environment-helm-chart if you are working with IBM Process Automation Manager Open Edition.

Deploy directly on OpenShift (using oc CLI)

If you have an OpenShift cluster and are authenticated through the oc CLI tool, follow these steps to deploy the BAMOE Management Console. Note that you will need to add licensing annotations manually if you follow this procedure rather than using the Dev Helm chart.

Note
Labeling the resources is optional, but it will make organizing and identifying your deployed resources significantly easier.
  1. Create the Deployment

    oc new-app quay.io/bamoe/management-console:9.5.0-ibm-0005 --name=bamoe-management-console-app
  2. Expose the Service

    This will create an OpenShift *Route* so the {MANAGEMENT_CONSOLE} can be accessed externally.
    oc create route edge --service=bamoe-management-console-app
  3. Optionally add labels to easily identify the resources.

    oc label services/bamoe-management-console-app app.kubernetes.io/part-of=bamoe-management-console-app
    oc label routes/bamoe-management-console-app app.kubernetes.io/part-of=bamoe-management-console-app
    oc label deployments/bamoe-management-console-app app.kubernetes.io/part-of=bamoe-management-console-app
    oc label deployments/bamoe-management-console-app app.openshift.io/runtime=js
  4. Configure Environment Variables

    You can configure the {MANAGEMENT_CONSOLE} by using the environment variables in the Deployment:
    oc set env deployment/bamoe-management-console-app <ENV_VAR>="<VALUE>"
    Note
    For a list of environment variables, check the Available Environment Variables section.

Running locally with Docker

Note that you will need to add licensing annotations manually if you follow this procedure rather than using the Dev Helm chart.

Start the container with:

docker run -p <EXTERNAL_PORT>:8080 quay.io/bamoe/management-console:9.5.0-ibm-0005

If necessary, pass the environment variables with the -e flag:

docker run -p <EXTERNAL_PORT>:8080 -e <ENV_VAR>="<VALUE>" quay.io/bamoe/management-console:9.5.0-ibm-0005

The BAMOE Management Console will be running at http://localhost:<EXTERNAL_PORT>;

Configuring Runtime containers with Passthrough Transport Layer Security (TLS)

BAMOE container images can now optionally serve traffic directly over HTTPS using a TLS certificate and a key provided by the customer. This enables end-to-end encryption between the user browser and the container on OpenShift, through a passthrough Route. By default TLS not active and your existing deployment behavior is maintained.

In the Runtime environment the following containers support this:

Container Certificate environment variable Key environment variable

Management Console

RUNTIME_TOOLS_MANAGEMENT_CONSOLE_TLS_CERTIFICATE_PATH

RUNTIME_TOOLS_MANAGEMENT_CONSOLE_TLS_KEY_PATH

MCP Server

MCP_SERVER_TLS_CERTIFICATE_PATH

MCP_SERVER_TLS_KEY_PATH

When both variables are set, the container serves HTTPS on port 8443 (Management Console, MCP Server). When the variables are unset, the container behaves exactly as before, serving HTTP only.

The matching Helm subcharts for each container expose a new tls block that wires this up automatically:

tls:
  enabled: false        # set to true to turn on in-container TLS
  secretName: ""        # name of an existing kubernetes.io/tls Secret (required when enabled)
  mountPath: /etc/tls
  certPath: /etc/tls/tls.crt
  keyPath: /etc/tls/tls.key
  httpsPort: 8443

When tls.enabled=true, the chart mounts the TLS Secret into the container, sets the TLS environment variables, exposes the HTTPS port on the Service, and the OpenShift Route is configured for Passthrough termination using openshiftRoute.tls.termination=passthrough.

When installing through the Helm chart the procedure is:

  1. Create a Kubernetes TLS Secret in the target namespace:

    oc create secret tls bamoe-tls \
         --cert=path/to/tls.crt \
         --key=path/to/tls.key
  2. In the Helm values file for the BAMOE component, enable TLS and reference the Secret:

    tls:
      enabled: true
      secretName: bamoe-tls
    openshiftRoute:
      enabled: true
      tls:
        termination: passthrough
        insecureEdgeTerminationPolicy: Redirect
  3. Run helm install (or helm upgrade) as usual.

The Secret must be of type kubernetes.io/tls and contain both tls.crt and tls.key keys. If tls.enabled=true is set without a secretName, the chart aborts with a clear error message before reaching the cluster.

Available Environment Variables

Name Description Default

RUNTIME_TOOLS_MANAGEMENT_CONSOLE_APP_NAME

Management Console app name.

BAMOE Management Console

RUNTIME_TOOLS_MANAGEMENT_CONSOLE_OIDC_CLIENT_CLIENT_ID

OpenID Connect client ID for connecting to Identity Providers.

bamoe-management-console

RUNTIME_TOOLS_MANAGEMENT_CONSOLE_OIDC_CLIENT_DEFAULT_SCOPES

OpenID Connect default scopes.

openid email profile

RUNTIME_TOOLS_MANAGEMENT_CONSOLE_OIDC_CLIENT_DEFAULT_AUDIENCE

OpenID Connect default audience.

Empty

RUNTIME_TOOLS_MANAGEMENT_CONSOLE_MANAGED_BUSINESS_SERVICES

List of Business Services automatically connected to the BAMOE Management Console.

Empty

RUNTIME_TOOLS_MANAGEMENT_CONSOLE_BASE_PATH

Base path used for all routes.

Empty

RUNTIME_TOOLS_MANAGEMENT_CONSOLE_USE_APACHE_HTTPD_BASE_PATH_ALIAS

Set to "true" if Apache HTTPD should serve files under an alias prefixed by the base path.

Empty

Configuration reference for Runtime Helm Charts

The following table lists the configurable parameters of the BAMOE Runtime Environment chart and their default values.

Global Configuration

Key

Type

Default

Description

global.ingressSource

string

""

Which ingress source is being used (none/"minikube"/"kubernetes"/"openshift") For NOTES generation only

global.kubernetesClusterDomain

string

""

If using Minikube or Kubernetes, set the cluster domain

global.kubernetesIngressClass

string

""

If using Minikube or Kubernetes, set the Ingress class (i.e: nginx)

global.openshiftRouteDomain

string

""

If using OpenShift Routes, set the Route domain

global.chargedProductValues.productID

string

"46b14c7f2f894218a7879b3f6416024f" (DMOE) / "72984f114b54496a8a44be139154a988" (PAMOE)

Product ID for License tracking

global.chargedProductValues.productMetric

string

"VIRTUAL_PROCESSOR _CORE"

Product metric for License tracking

global.chargedProductValues.productName

string

"IBM Decision Manager Open Edition" (DMOE) / "IBM Process Automation Manager Open Edition" (PAMOE)

Product name for License tracking

nameOverride

string

""

Overrides chart name

fullnameOverride

string

""

Overrides chart full name

Management Console Configuration

Key Type Default Description

management_console.enabled

bool

TRUE

Enable or disable Management Console installation

management_console.name

string

"management-console"

Component name

management_console.appNameOverride

string

""

Overrides the deployed application name

MCP Server Configuration

Key Type Default Description

mcp_server.enabled

bool

TRUE

Enable or disable MCP Server installation

mcp_server.name

string

"mcp-server"

The MCP Server application name

mcp_server.env

object

{}

Env variables for BAMOE MCP Server deployment

BAMOE Management Console pre-configured Business Services connections

The BAMOE Management Console supports a pre-defined list of Business Services that will be automatically connected when opening the application in the browser for the first time.

This is achieved by configuring the RUNTIME_TOOLS_MANAGEMENT_CONSOLE_MANAGED_BUSINESS_SERVICES environment variable (or the management-console.managedBusinessServices value in the Helm chart) with a list of the specifications for the desired Business Services in the following format:

{
  "name": "string",
  "businessServiceUrl": "string",
  "clientId": "string", // Optional
  "scope": "string", // Optional
  "audience": "string" // Optional
}

Where:

  • name: is the alias given to the Business Service in the BAMOE Management Console; [required]

  • businessServiceUrl: the URL of the Business Service, where the API is served from; [required]

  • clientId: is the Client ID used during OIDC authentication. Needs to be set only if the Identity Provider used by the Business Service needs an OIDC Client ID different from the one defined by the RUNTIME_TOOLS_MANAGEMENT_CONSOLE_OIDC_CLIENT_CLIENT_ID environment variable; [optional]

  • scope: space-separated list of the scopes used during OIDC authentication. Needs to be set only if the Identity Provider used by the Business Service needs a list of scopes different from the one defined by the RUNTIME_TOOLS_MANAGEMENT_CONSOLE_OIDC_CLIENT_DEFAULT_SCOPES environment variable; [optional]

  • audience: is the Audience parameter used during OIDC authentication. Needs to be set only if the Identity Provider used by the Business Service requires a value different from the one defined by the RUNTIME_TOOLS_MANAGEMENT_CONSOLE_OIDC_CLIENT_DEFAULT_AUDIENCE environment variable. [optional]

Example:

[
  {
    "name": "My Business Service 1",
    "businessServiceUrl": "http://my-business-service-1.url",
  },
  {
    "name": "My Business Service 2",
    "businessServiceUrl": "http://my-business-service-2.url",
    "clientId": "custom-client-id",
    "scope": "custom scopes for openid",
    "audience": "business-service-audience"
  },
  ...
]

Serving the BAMOE Management Console from a custom subpath

By default, the BAMOE Management Console is served from the root path (/) on its web server, either when running directly from the container image or deployed to a Kubernetes/OpenShift cluster. This means that the web application is served through an URL that looks like https://my.domain.com/.

In some cases, you may want to serve the application from a subpath for example, /bamoe-management-console, with the final URL looking like https://my.domain.com/bamoe-management-console.

To achieve this, the BAMOE Management Console container image accepts two environment variables that are used to configure the subpath:

  • RUNTIME_TOOLS_MANAGEMENT_CONSOLE_BASE_PATH: The target subpath where the web application will be served from (for example, /bamoe-management-console). Empty by default, which means that the web application is served from the root (/) path. Obs.: The subpath should not include the leading /.

  • RUNTIME_TOOLS_MANAGEMENT_CONSOLE_USE_APACHE_HTTPD_BASE_PATH_ALIAS: Whether or not the Apache HTTP Server should define an Alias in the /etc/httpd/conf/httpd.conf inside the container image during runtime. The alias will look like: Alias /$RUNTIME_TOOLS_MANAGEMENT_CONSOLE_BASE_PATH /var/www/html.

There are two different scenarios for running the BAMOE Management Console: behind a reverse proxy (be it an Ingress in a Kubernetes cluster, a Route in an OpenShift cluster, or an Nginx instance in a Docker Compose, for example) or served directly from the container image (by running it via Docker locally, for example).

Behind a reverse proxy (Kubernetes / OpenShift / Nginx)

In this scenario, only the RUNTIME_TOOLS_MANAGEMENT_CONSOLE_BASE_PATH environment variable needs to be set, while RUNTIME_TOOLS_MANAGEMENT_CONSOLE_USE_APACHE_HTTPD_BASE_PATH_ALIAS should remain empty or set to "false".

If you are installing by using the Helm chart, this can be set by using the management-console.applicationSubpath value and appending --set management-console.applicationSubpath=your-subpath to the helm install command.

But if installed by using the oc CLI, the Deployment resource can be updated with oc set env deployment/bamoe-management-console-app RUNTIME_TOOLS_MANAGEMENT_CONSOLE_BASE_PATH=your-subpath.

Container image running locally using Docker

In this case, if running on a different port is not an option, both environment variables need to be set. RUNTIME_TOOLS_MANAGEMENT_CONSOLE_BASE_PATH with the subpath value and RUNTIME_TOOLS_MANAGEMENT_CONSOLE_USE_APACHE_HTTPD_BASE_PATH_ALIAS with "true".

Example:

docker run -d -p 8080:8080 -e RUNTIME_TOOLS_MANAGEMENT_CONSOLE_BASE_PATH=bamoe-management-console -e RUNTIME_TOOLS_MANAGEMENT_CONSOLE_USE_APACHE_HTTPD_BASE_PATH_ALIAS=true quay.io/bamoe/management-console:9.5.0-ibm-0005