ODM for production configuration parameters
Configuration parameters are used to install ODM for production on Kubernetes. The installation is done from the Helm or Kubectl command line.
Mandatory configuration parameters
Table shows the mandatory configuration parameters and their descriptions.
Parameters | Description | Default values |
---|---|---|
license | This parameter is required for the deployment to run. Accept the license agreement by setting
this parameter to true . |
false |
name | The name of the instance of the chart. The name is used as a prefix in all services and deployments that are created by the chart. A deterministic naming scheme is best, as it helps to look up a service name. | empty |
namespace | The namespace to install the release into. Namespaces are a logical partitioning capability that enables one Kubernetes cluster to be used by multiple users without undesired interaction. | Defaults to the current kube config namespace. |
usersPassword | This parameter is required to use the default user access. It is ignored if customization.authSecretRef is defined. | empty |
Optional configuration parameters
Table shows the optional configuration parameters and their descriptions.
Parameters | Description | Default values |
---|---|---|
customization.authSecretRef | Customizes user authentication and management by overriding the default basic registry or by using an LDAP connection. You must create a Kubernetes secret and set the name of the secret for this parameter. | empty |
customization.baiEmitterSecretRef | Enables ODM to emit events to a Kafka server used by IBM Business Automation Insights. Create a Kubernetes secret, and then
set this secret as the value for the customization.baiEmitterSecretRef parameter
when you configure the Helm release. |
empty |
customization.dedicatedNodeLabel | Applies a node affinity property to the ODM pods. The toleration label is also applied to pods, and restricts the pods to schedule onto nodes with matching taints. Nodes must be labeled and tainted independently of the ODM deployments. Nodes do not accept pods that do not tolerate the taints. | empty |
customization.deployForProduction | Specify whether the instance is deployed with a production license. If set to false, the instance is deployed with the non-production license. | true |
customization.meteringServerUrl | Specify the URL to access the metering server. | empty |
customization.runAsUser | Specify the user ID to run the ODM containers. Must be set to empty if you want to use the
restricted scc on OpenShift. |
1001 |
customization.securitySecretRef | Replaces the default certificate. You must create a Kubernetes secret and set the name of the secret for this parameter. | empty |
customization.trustedCertificateList | Specify a list of secrets that encapsulate certificates in PEM format to be included in the
truststore. Example: {"service1-secret"\, "service2-secret"} |
empty |
decisionCenter.contextRoot | Specify the context root of Decision Center. The context root is an extra path that is used to access the Decision Center component. | empty |
decisionCenter.customlibPvc | Specify the name of the persistent volume claim (PVC) that locates the customized Decision Center JAR files. | empty |
decisionCenter.disableAllAuthenticatedUser | By default, all authenticated users have the rtsUsers role. To restrict the
rtsUsers role, set this parameter to true . |
false |
decisionCenter.enabled | To enable Decision Center. | true |
decisionCenter.jvmOptionsRef | Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. | empty |
decisionCenter.loggingRef | Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. | empty |
decisionCenter.persistenceLocale | The persistence locale for Decision Center. | en_US |
decisionCenter.replicaCount | The number of Decision Center pods. | 1 |
decisionCenter.resources.limits.cpu decisionCenter.resources.limits.memory decisionCenter.resources.requests.cpu decisionCenter.resources.requests.memory decisionCenter.resources.limits.ephemeral-storage decisionCenter.resources.requests.ephemeral-storage |
The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Center. For more information, see Managing Resources for Containers. |
2 4096Mi 500m 1500Mi 500Mi 50Mi |
decisionCenter.extendRoleMapping | Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. | false |
decisionCenter.tagOrDigest | Specify the tag or digest for the Decision Center docker image. If left empty, the image.tag parameter is used. | empty |
decisionCenter.webConfigRef | Specify the name of the configMap that customizes the context-param
properties in the web.xml file. If left empty, the default
context-param properties are used. |
empty |
decisionRunner.contextRoot | Specify the context root of the Decision Runner. The context root is an extra path that is used to access the Decision Runner component. | empty |
decisionRunner.enabled | To enable Decision Runner. | true |
decisionRunner.jvmOptionsRef | Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. | empty |
decisionRunner.loggingRef | Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. | empty |
decisionRunner.replicaCount | The number of Decision Runner pods. | 1 |
decisionRunner.resources.limits.cpu decisionRunner.resources.limits.memory decisionRunner.resources.requests.cpu decisionRunner.resources.requests.memory decisionRunner.resources.limits.ephemeral-storage decisionRunner.resources.requests.ephemeral-storage |
The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Runner. For more information, see Managing Resources for Containers. |
2 4096Mi 500m 512Mi 500Mi 50Mi |
decisionRunner.extendRoleMapping | Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. | false |
decisionRunner.resURL | The Decision Server console URL that is used to deploy the XOM. Can be modified. | |
decisionRunner.tagOrDigest | Specify the tag or digest for the Decision Runner docker image. If left empty, the image.tag parameter is used. | empty |
decisionServerConsole.contextRoot | Specify the context root of the Decision Server console. The context root is an additional path that is used to access the Decision Server console component. | empty |
decisionServerConsole.jvmOptionsRef | Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. | empty |
decisionServerConsole.loggingRef | Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. | empty |
decisionServerConsole.resources.limits.cpu decisionServerConsole.resources.limits.memory decisionServerConsole.resources.requests.cpu decisionServerConsole.resources.requests.memory decisionServerConsole.resources.limits.ephemeral-storage decisionServerConsole.resources.requests.ephemeral-storage |
The CPU/Memory/Ephemeral Storage resource requests/limits for the Decision Server console. For more information, see Managing Resources for Containers. |
2 1024Mi 500m 512Mi 500Mi 50Mi |
decisionServerConsole.extendRoleMapping | Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. | false |
decisionServerConsole.title | Specify the title for the Decision Server console web page. If left empty, the default title Rule Execution Server is used. | empty |
decisionServerConsole.description | Specify a description for the Decision Server console. If left empty, the default description Console is used. | empty |
decisionServerConsole.tagOrDigest | Specify the tag or digest for the Decision Server console docker image. If left empty, the image.tag parameter is used. | empty |
decisionServerRuntime.contextRoot | Specify the context root of the Decision Server Runtime. The context root is an extra path that is used to access the Decision Server Runtime component. | empty |
decisionServerRuntime.enabled | To enable Decision Server Runtime. | true |
decisionServerRuntime.jvmOptionsRef | Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. | empty |
decisionServerRuntime.loggingRef | Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. | empty |
decisionServerRuntime.replicaCount | The number of Decision Server Runtime pods. | 1 |
decisionServerRuntime.resources.limits.cpu decisionServerRuntime.resources.limits.memory decisionServerRuntime.resources.requests.cpu decisionServerRuntime.resources.requests.memory decisionServerRuntime.resources.limits.ephemeral-storage decisionServerRuntime.resources.requests.ephemeral-storage |
The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Server Runtime. For more information, see Managing Resources for Containers. |
2 4096Mi 500m 512Mi 500Mi 50Mi |
decisionServerRuntime.extendRoleMapping | Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. | false |
decisionServerRuntime.tagOrDigest | Specify the tag or digest for the Decision Server Runtime docker image. If left empty, the image.tag parameter is used. | empty |
decisionServerRuntime.webConfigRef | Specify the name of the configMap that customizes the context-param
properties in the web.xml of the runtime. If left empty, the default
context-param properties are used. |
empty |
externalCustomDatabase.datasourceRef | The data source secret reference. | empty |
externalCustomDatabase.driverPvc | The Persistent Volume Claim to access the JDBC Database Driver. | empty |
externalDatabase.databaseName | The name of the external database that is used for ODM. If this parameter is empty,
odmdb is used by default. |
empty |
externalDatabase.decisionCenter.databaseName | The name of the Decision Center external database that is used for ODM. If this parameter is
empty, odmdb is used by default. |
empty |
externalDatabase.decisionCenter.driversUrl | Specify the URL of the Decision Center database driver. You can specify a list of URLs. | empty |
externalDatabase.decisionCenter.port | The port that is exposed to connect to the Decision Center external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle. | empty |
externalDatabase.decisionCenter.secretCredentials | The name of the secret that contains the credentials to connect to the Decision Center external database. | empty |
externalDatabase.decisionCenter.serverName | The name of the server that runs the database for Decision Center. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external databases. | empty |
externalDatabase.decisionCenter.sslSecretRef | Specify the name of the secret which contains the TLS certificate that you want to use for the secure Decision Center database. This parameter is left empty for a non-secured database. | empty |
externalDatabase.decisionCenter.type | The type of the Decision Center external database. This parameter can be set to
postgresql for a PostgreSQL database, to db2 for a Db2 database,
to sqlserver for a Microsoft SQL Server, or to oracle for an Oracle database. If
this parameter is empty, postgresql is used by default. |
empty |
externalDatabase.decisionServer.databaseName | The name of the Decision Server external database that is used for ODM. If this parameter is
empty, odmdb is used by default. |
empty |
externalDatabase.decisionServer.driversUrl | Specify the URL of the Decision Server database driver. You can specify a list of URLs. | empty |
externalDatabase.decisionServer.port | The port that is exposed to connect to the Decision Server external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle. | empty |
externalDatabase.decisionServer.secretCredentials | The name of the secret that contains the credentials to connect to the Decision Server external database. | empty |
externalDatabase.decisionServer.serverName | The name of the server that runs the database for Decision Server. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external databases. | empty |
externalDatabase.decisionServer.sslSecretRef | Specify the name of the secret which contains the TLS certificate that you want to use for the secure Decision Server database. This parameter is left empty for a non-secured database. | empty |
externalDatabase.decisionServer.type | The type of the Decision Server external database. This parameter can be set to
postgresql for a PostgreSQL database, to db2 for a Db2 database,
to sqlserver for a Microsoft SQL Server, or to oracle for an Oracle database. If
this parameter is empty, postgresql is used by default. |
empty |
externalDatabase.driversUrl | Specify the URL of the database driver. You can specify a list of URLs. | empty |
externalDatabase.port | The port that is exposed to connect to the external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle. | empty |
externalDatabase.secretCredentials | The name of the secret that contains the credentials to connect to the external database. | empty |
externalDatabase.serverName | The name of the server that runs the database for ODM. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external database. | empty |
externalDatabase.sslSecretRef | Specify the name of the secret which contains the TLS certificate that you want to use for the secure database. This parameter is left empty for a non-secured database. | empty |
externalDatabase.type | The type of the external database. This parameter can be set to postgresql
for a PostgreSQL database, to db2 for a Db2
database, to sqlserver for a Microsoft SQL Server, or to oracle
for an Oracle database. If this parameter is empty, postgresql is used by
default. |
empty |
image.arch | The worker node architecture. | empty The architecture is automatically detected. The options are amd64, ppc64le, and s390x.
|
image.pullPolicy | The image pull policy. | IfNotPresent. The most recent downloaded docker image is used. Set the policy to always on to pull the latest version of the docker image. |
image.pullSecrets | The image pull secrets. | empty Does not add image pull secrets to deployed pods. |
image.tag | The image tag version. | 8.11.0 |
image.repository | The repository. | empty |
internalDatabase.persistence.enabled | To enable the use of a Persistent Volume Claim (PVC) to persist data. | true |
internalDatabase.persistence.resources.requests.storage | The requested storage size for Persistent Volume. | 5Gi |
internalDatabase.persistence.storageClassName | The storage class name for Persistent Volume. | empty |
internalDatabase.persistence.useDynamicProvisioning | To use dynamic provisioning for Persistent Volume Claim. If this parameter is set to false, the Kubernetes binding process selects a pre-existing volume. Ensure, in this case, that a volume is not already bound before you install the chart. | false |
internalDatabase.populateSampleData | Specify whether to provide sample data in the internal database. Only if the persistence locale for Decision Center is set to English (US). | false |
internalDatabase.resources.limits.cpu internalDatabase.resources.limits.memory internalDatabase.resources.requests.cpu internalDatabase.resources.requests.memory |
The CPU/Memory resource requests/limits for the internal database. |
2 4096Mi 500m 512Mi |
internalDatabase.runAsUser | Specify the user ID to run the internal database container. Must be set to empty if you want
to use the restricted scc on OpenShift. |
26 |
internalDatabase.secretCredentials | The name of the secret that contains the credentials to connect to the internal database. | empty |
internalDatabase.tagOrDigest | Specify the tag or digest for the internal database docker image. If left empty, the image.tag parameter is used. | empty |
livenessProbe.failureThreshold livenessProbe.initialDelaySeconds livenessProbe.periodSeconds livenessProbe.timeoutSeconds |
The behavior of liveness probes to know when to restart a container. |
10 300 10 5 |
oidc.enabled | Set to true to enable OpenID authentication. |
false |
oidc.serverUrl | The URL of the OpenID server is mandatory. | empty |
oidc.adminRef | A secret for the OpenID administrator. The administrator secret is used to call the OpenID REST API to register the URLs of the ODM services. | empty |
oidc.redirectUrisRef | The configmap containing the list of redirect URLs (separated by commas) to access ODM. | empty |
oidc.clientRef | The secret reference name that contains the client id and password to use the OpenID REST API. If not provided, a default secret is created. | empty |
oidc.provider | The name of the provider used to build the endpoints for OpenID REST API calls. If not
provided, the umsprovider name is used. |
ums |
oidc.allowedDomains | A list of domain names (separated by commas) to avoid Cross-Site Request Forgery (CSRF) attacks on the Decision Server console. | * |
readinessProbe.failureThreshold readinessProbe.initialDelaySeconds readinessProbe.periodSeconds readinessProbe.timeoutSeconds |
The behavior of readiness probes to know when the containers are ready to start accepting traffic. |
45 5 5 5 |
serviceAccountName | Customize the serviceAccount that is used by the pods that are created by
the Helm chart. If left empty, a serviceAccount named
<release_name>-ibm-odm-prod-service-account is
automatically created. For more information about the concept of service account, see the Kubernetes documentation. |
empty |
service.enableRoute | Specify whether to create OpenShift routes automatically. If true, the routes are created for all ODM components. | false |
service.enableTLS | To enable Transport Layer Security (TLS). If this parameter is set to true, the web applications are accessed through HTTPS. If this parameter is set to false, the web applications are accessed through HTTP. | true |
service.hostname | Specify the hostname that is used by the created routes. This parameter is only used if the creation of the routes is enabled with the service.enableRoute parameter. |
empty If empty, OpenShift automatically generates a hostname of the form <route-name>.<suffix>, where the generated hostname suffix is the default routing subdomain of your cluster according to the OpenShift documentation. |
service.ingress.enabled service.ingress.annotations service.ingress.tlsHosts service.ingress.tlsSecretRef service.ingress.host |
Specify whether an Ingress is created automatically. If true, an Ingress is created for each ODM component. Specify the Ingress annotations. Specify the TLS domains of the Ingress. Specify the name of the secret that contains the TLS certificate that you want to use for the Ingress Domain. Specify the name of the Ingress Domain. |
false empty empty empty empty |
service.type | The Kubernetes Service type. You can set it to ClusterIP if you define an Ingress controller manually. If the service.enableRoute parameter is set to true, service.type is automatically set to ClusterIP. |
NodePort ClusterIP (if service.enableRoute is set to true) |