ODM for production configuration parameters

Configuration parameters are used to install ODM for production on Kubernetes. The installation is done from the Helm or Kubectl command line.

Mandatory configuration parameters

The following table shows the mandatory configuration parameters and their descriptions.

If necessary, hide the left pane to see more of the table or scroll to the right.

Table 1. Mandatory configuration parameters
Parameters Description Default values
license This parameter is required for the deployment to run. Accept the license agreement by setting this parameter to true. false
name The name of the instance of the chart. The name is used as a prefix in all services and deployments that are created by the chart. A deterministic naming scheme is best, as it helps to look up a service name. empty
namespace The namespace to install the release into. Namespaces are a logical partitioning capability that enables one Kubernetes cluster to be used by multiple users without undesired interaction. Defaults to the current kube config namespace.
usersPassword This parameter is required to use the default user access. It is ignored if customization.authSecretRef is defined. empty

Optional configuration parameters

The following table shows the optional configuration parameters and their descriptions.

If necessary, hide the left pane to see more of the table or scroll to the right.

Table 2. Optional configuration parameters
Parameters Description Default values
customization.authSecretRef Customizes user authentication and management by overriding the default basic registry or by using an LDAP connection. You must create a Kubernetes secret and set the name of the secret for this parameter. empty
customization.baiEmitterSecretRef Enables ODM to emit events to a Kafka server used by IBM Business Automation Insights. Create a Kubernetes secret, and then set this secret as the value for the customization.baiEmitterSecretRef parameter when you configure the Helm release. empty
customization.dedicatedNodeLabel Applies a node affinity property to the ODM pods. The toleration label is also applied to pods, and restricts the pods to schedule onto nodes with matching taints. Nodes must be labeled and tainted independently of the ODM deployments. Nodes do not accept pods that do not tolerate the taints. empty
customization.deployForProduction Specify whether the instance is deployed with a production license. If set to false, the instance is deployed with the non-production license. true
customization.labels Provide custom labels for all Operational Decision Manager Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation.

You can add labels with a command line by using the following syntax:

--set customization.labels.key=value

To add a label name that includes dots:

--set customization.labels."label\.with\.dot"=value

To remove a label, set it to null with the following command:

$ helm get values RELEASE_NAME > get-values.yaml 
$ helm upgrade RELEASE_NAME -f get-values.yaml \
--set customization.labels.key=null \ 
charts/ibm-odm-prod-CHART_VERSION.tgz
 {}

Example:

customization: 
  labels: 
    key: value
    isSomething: "true"
customization.meteringServerUrl Specify the URL to access the metering server. empty
customization.nodeAffinity Specify the node selector term match expression list to manage node affinity. Example:
customization:
  nodeAffinity:
  - key: topology.kubernetes.io/zone
    operator: In
    values:
      - eu-west-3b
customization.readOnlyRootFilesystem Enables the security context readOnlyRootFilesystem so that the root filesystem of the containers is accessible in read-only mode. true
customization.runAsUser Specify the user ID to run the ODM containers. Must be set to empty if you want to use the restricted scc on OpenShift. 1001
customization.securitySecretRef Replaces the default certificate. You must create a Kubernetes secret and set the name of the secret for this parameter. empty
customization.trustedCertificateList Specify a list of secrets that encapsulate certificates in PEM format to be included in the truststore.

Example: {"service1-secret"\, "service2-secret"}

 empty

decisionCenter.autoscaling.enabled

decisionCenter.autoscaling.minReplicas

decisionCenter.autoscaling.maxReplicas

decisionCenter.autoscaling.targetAverageUtilization

Enable and configure autoscaling for Decision Center.

For more information, see Autoscaling

false

2

3

75
decisionCenter.contextRoot Specify the context root of Decision Center. The context root is an extra path that is used to access the Decision Center component. empty
decisionCenter.customlibPvc Specify the name of the persistent volume claim (PVC) that locates the customized Decision Center JAR files. empty
decisionCenter.disableAllAuthenticatedUser By default, all authenticated users have the rtsUsers role. To restrict the rtsUsers role, set this parameter to true. false
decisionCenter.enabled To enable Decision Center. true
decisionCenter.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. empty
decisionCenter.labels Provide custom labels for the Decision Center Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation.

You can add labels with a command line by using the following syntax:

--set decisionCenter.labels.key=value

To add a label name that includes dots:

--set decisionCenter.labels."label\.with\.dot"=value

To remove a label, set it to null with the following command:

$ helm get values RELEASE_NAME > get-values.yaml
$ helm upgrade RELEASE_NAME -f get-values.yaml \ 
--set decisionCenter.labels.key=null \ 
charts/ibm-odm-prod-CHART_VERSION.tgz
 {}

Example:

decisionCenter: 
  labels: 
    key: value
    isSomething: "true"
decisionCenter.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. empty
decisionCenter.nodeAffinity Specify the node selector term match expression list to manage node affinity. Example:
decisionCenter:
  nodeAffinity:
  - key: topology.kubernetes.io/zone
    operator: In
    values:
      - eu-west-3c
decisionCenter.persistenceLocale The persistence locale for Decision Center. en_US
decisionCenter.replicaCount The number of Decision Center pods.

This parameter is ignored if decisionCenter.autoscaling.enabled is set to true.

 1

decisionCenter.resources.limits.cpu

decisionCenter.resources.limits.memory

decisionCenter.resources.requests.cpu

decisionCenter.resources.requests.memory

decisionCenter.resources.limits.ephemeral-storage

decisionCenter.resources.requests.ephemeral-storage

The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Center.

For more information, see Managing Resources for Containers.

2

4096Mi

500m

1500Mi

2G

1G
decisionCenter.extendRoleMapping Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. false
decisionCenter.tagOrDigest Specify the tag or digest for the Decision Center docker image. If left empty, the image.tag parameter is used. empty
decisionCenter.webConfigRef Specify the name of the configMap that customizes the context-param properties in the web.xml file. If left empty, the default context-param properties are used. empty

decisionRunner.autoscaling.enabled

decisionRunner.autoscaling.minReplicas

decisionRunner.autoscaling.maxReplicas

decisionRunner.autoscaling.targetAverageUtilization

Enable and configure autoscaling for Decision Runner.

For more information, see Autoscaling

false

2

3

75
decisionRunner.contextRoot Specify the context root of the Decision Runner. The context root is an extra path that is used to access the Decision Runner component. empty
decisionRunner.enabled To enable Decision Runner. true
decisionRunner.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. empty
decisionRunner.labels Provide custom labels for the Decision Runner Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation.

You can add labels with a command line by using the following syntax:

--set decisionRunner.labels.key=value

To add a label name that includes dots:

--set decisionRunner.labels."label\.with\.dot"=value

To remove a label, set it to null with the following command:

$ helm get values RELEASE_NAME > get-values.yaml
$ helm upgrade RELEASE_NAME -f get-values.yaml \ 
--set decisionRunner.labels.key=null \ 
charts/ibm-odm-prod-CHART_VERSION.tgz
 {}

Example:

decisionRunner: 
  labels: 
    key: value
    isSomething: "true"
decisionRunner.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. empty
decisionRunner.nodeAffinity Specify the node selector term match expression list to manage node affinity. Example:
decisionRunner:
  nodeAffinity:
  - key: topology.kubernetes.io/zone
    operator: In
    values:
      - eu-west-3c
decisionRunner.replicaCount The number of Decision Runner pods.

This parameter is ignored if decisionRunner.autoscaling.enabled is set to true.

 1

decisionRunner.resources.limits.cpu

decisionRunner.resources.limits.memory

decisionRunner.resources.requests.cpu

decisionRunner.resources.requests.memory

decisionRunner.resources.limits.ephemeral-storage

decisionRunner.resources.requests.ephemeral-storage

The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Runner.

For more information, see Managing Resources for Containers.

2

4096Mi

500m

512Mi

200Mi

1G
decisionRunner.extendRoleMapping Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. false
decisionRunner.resURL The Decision Server console URL that is used to deploy the XOM. Can be modified.  
decisionRunner.tagOrDigest Specify the tag or digest for the Decision Runner docker image. If left empty, the image.tag parameter is used. empty
decisionServerConsole.contextRoot Specify the context root of the Decision Server console. The context root is an additional path that is used to access the Decision Server console component. empty
decisionServerConsole.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. empty
decisionServerConsole.labels Provide custom labels for the Decision Server console Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation.

You can add labels with a command line by using the following syntax:

--set decisionServerConsole.labels.key=value

To add a label name that includes dots:

--set decisionServerConsole.labels."label\.with\.dot"=value

To remove a label, set it to null with the following command:

$ helm get values RELEASE_NAME > get-values.yaml 
$ helm upgrade RELEASE_NAME -f get-values.yaml \ 
--set decisionServerConsole.labels.key=null \ 
charts/ibm-odm-prod-CHART_VERSION.tgz
 {}

Example:

decisionServerConsole: 
  labels: 
    key: value
    isSomething: "true"
decisionServerConsole.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. empty
decisionServerConsole.nodeAffinity Specify the node selector term match expression list to manage node affinity. Example:
decisionServerConsole:
  nodeAffinity:
  - key: topology.kubernetes.io/zone
    operator: In
    values:
      - eu-west-3c

decisionServerConsole.resources.limits.cpu

decisionServerConsole.resources.limits.memory

decisionServerConsole.resources.requests.cpu

decisionServerConsole.resources.requests.memory

decisionServerConsole.resources.limits.ephemeral-storage

decisionServerConsole.resources.requests.ephemeral-storage

The CPU/Memory/Ephemeral Storage resource requests/limits for the Decision Server console.

For more information, see Managing Resources for Containers.

2

1024Mi

500m

512Mi

1G

200Mi
decisionServerConsole.extendRoleMapping Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. false
decisionServerConsole.runtime.webConfigRef Specify the name of the configMap that customizes the context-param properties in the web.xml of the Decision Server Console runtime. If left empty, it uses the configMap defined for the Decision Server runtime. empty
decisionServerConsole.title Specify the title for the Decision Server console web page. If left empty, the default title Rule Execution Server is used. empty
decisionServerConsole.description Specify a description for the Decision Server console. If left empty, the default description Console is used. empty
decisionServerConsole.tagOrDigest Specify the tag or digest for the Decision Server console docker image. If left empty, the image.tag parameter is used. empty

decisionServerRuntime.autoscaling.enabled

decisionServerRuntime.autoscaling.minReplicas

decisionServerRuntime.autoscaling.maxReplicas

decisionServerRuntime.autoscaling.targetAverageUtilization

Enable and configure autoscaling for Decision Server Runtime.

For more information, see Autoscaling

false

2

3

75
decisionServerRuntime.contextRoot Specify the context root of the Decision Server Runtime. The context root is an extra path that is used to access the Decision Server Runtime component. empty
decisionServerRuntime.enabled To enable Decision Server Runtime. true
decisionServerRuntime.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. empty
decisionServerRuntime.labels Provide custom labels for the Decision Server console Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation.

You can add labels with a command line by using the following syntax:

--set decisionServerRuntime.labels.key=value

To add a label name that includes dots:

--set decisionServerRuntime.labels."label\.with\.dot"=value

To remove a label, set it to null with the following command:

$ helm get values RELEASE_NAME > get-values.yaml
$ helm upgrade RELEASE_NAME -f get-values.yaml \ 
--set decisionServerRuntime.labels.key=null \ 
charts/ibm-odm-prod-CHART_VERSION.tgz
 {}

Example:

decisionServerRuntime: 
  labels: 
    key: value
    isSomething: "true"
decisionServerRuntime.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. empty
decisionServerRuntime.nodeAffinity Specify the node selector term match expression list to manage node affinity. Example:
decisionServerRuntime:
  nodeAffinity:
  - key: topology.kubernetes.io/zone
    operator: In
    values:
      - eu-west-3c
decisionServerRuntime.replicaCount The number of Decision Server Runtime pods.

This parameter is ignored if decisionServerRuntime.autoscaling.enabled is set to true.

 1

decisionServerRuntime.resources.limits.cpu

decisionServerRuntime.resources.limits.memory

decisionServerRuntime.resources.requests.cpu

decisionServerRuntime.resources.requests.memory

decisionServerRuntime.resources.limits.ephemeral-storage

decisionServerRuntime.resources.requests.ephemeral-storage

The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Server Runtime.

For more information, see Managing Resources for Containers.

2

4096Mi

500m

512Mi

1G

200Mi
decisionServerRuntime.extendRoleMapping Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. false
decisionServerRuntime.tagOrDigest Specify the tag or digest for the Decision Server Runtime docker image. If left empty, the image.tag parameter is used. empty
decisionServerRuntime.webConfigRef Specify the name of the configMap that customizes the context-param properties in the web.xml of the runtime. If left empty, the default context-param properties are used. empty
externalCustomDatabase.datasourceRef The data source secret reference. empty
externalCustomDatabase.driverPvc The Persistent Volume Claim to access the JDBC Database Driver. empty
externalDatabase.databaseName The name of the external database that is used for ODM. If this parameter is empty, odmdb is used by default. empty
externalDatabase.decisionCenter.databaseName The name of the Decision Center external database that is used for ODM. If this parameter is empty, odmdb is used by default. empty
externalDatabase.decisionCenter.driversUrl Specify the URL of the Decision Center database driver. You can specify a list of URLs. empty
externalDatabase.decisionCenter.port The port that is exposed to connect to the Decision Center external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle. empty
externalDatabase.decisionCenter.secretCredentials The name of the secret that contains the credentials to connect to the Decision Center external database. empty
externalDatabase.decisionCenter.serverName The name of the server that runs the database for Decision Center. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external databases. empty
externalDatabase.decisionCenter.sslSecretRef Specify the name of the secret which contains the TLS certificate that you want to use for the secure Decision Center database. This parameter is left empty for a non-secured database. empty
externalDatabase.decisionCenter.type The type of the Decision Center external database. This parameter can be set to postgresql for a PostgreSQL database, to db2 for a Db2 database, to sqlserver for a Microsoft SQL Server, or to oracle for an Oracle database. If this parameter is empty, postgresql is used by default. empty
externalDatabase.decisionCenter.url The URL of the Decision Center external database (currently only with Oracle) that is used for ODM. If defined, it is used in replacement of databaseName/port/serverName

Example: "jdbc:oracle:thin:@serverName:port:databaseName"

 empty
externalDatabase.decisionServer.databaseName The name of the Decision Server external database that is used for ODM. If this parameter is empty, odmdb is used by default. empty
externalDatabase.decisionServer.driversUrl Specify the URL of the Decision Server database driver. You can specify a list of URLs. empty
externalDatabase.decisionServer.port The port that is exposed to connect to the Decision Server external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle. empty
externalDatabase.decisionServer.secretCredentials The name of the secret that contains the credentials to connect to the Decision Server external database. empty
externalDatabase.decisionServer.serverName The name of the server that runs the database for Decision Server. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external databases. empty
externalDatabase.decisionServer.sslSecretRef Specify the name of the secret which contains the TLS certificate that you want to use for the secure Decision Server database. This parameter is left empty for a non-secured database. empty
externalDatabase.decisionServer.type The type of the Decision Server external database. This parameter can be set to postgresql for a PostgreSQL database, to db2 for a Db2 database, to sqlserver for a Microsoft SQL Server, or to oracle for an Oracle database. If this parameter is empty, postgresql is used by default. empty
externalDatabase.decisionServer.url The URL of the Decision Server external database (currently only with Oracle) that is used for ODM. If defined, it is used in replacement of databaseName/port/serverName

Example: "jdbc:oracle:thin:@serverName:port:databaseName"

 empty
externalDatabase.driversUrl Specify the URL of the database driver. You can specify a list of URLs. empty
externalDatabase.port The port that is exposed to connect to the external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle. empty
externalDatabase.secretCredentials The name of the secret that contains the credentials to connect to the external database. empty
externalDatabase.serverName The name of the server that runs the database for ODM. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external database. empty
externalDatabase.sslSecretRef Specify the name of the secret which contains the TLS certificate that you want to use for the secure database. This parameter is left empty for a non-secured database. empty
externalDatabase.type The type of the external database. This parameter can be set to postgresql for a PostgreSQL database, to db2 for a Db2 database, to sqlserver for a Microsoft SQL Server, or to oracle for an Oracle database. If this parameter is empty, postgresql is used by default. empty
externalDatabase.url The URL of the external database (currently only with Oracle) that is used for ODM. If defined, it is used in replacement of databaseName/port/serverName

Example: "jdbc:oracle:thin:@serverName:port:databaseName"

 empty
image.arch The worker node architecture. empty

The architecture is automatically detected. The options are amd64, ppc64le, and s390x.

  • amd64 (or x86_64) refers to the 64-bit edition for Linux® x86.
  • ppc64le is the little-endian version of ppc64 for Linux Power®.
  • s390x is a 64-bit Linux on z kernel architecture.
image.pullPolicy The image pull policy. IfNotPresent. The most recent downloaded docker image is used.

Set the policy to always on to pull the latest version of the docker image.
image.pullSecrets The image pull secrets. empty

Does not add image pull secrets to deployed pods.
image.tag The image tag version. 8.11.1.0
image.repository The repository. empty
internalDatabase.persistence.enabled To enable the use of a Persistent Volume Claim (PVC) to persist data. true
internalDatabase.persistence.resources.requests.storage The requested storage size for Persistent Volume. 5Gi
internalDatabase.persistence.storageClassName The storage class name for Persistent Volume. empty
internalDatabase.persistence.useDynamicProvisioning To use dynamic provisioning for Persistent Volume Claim. If this parameter is set to false, the Kubernetes binding process selects a pre-existing volume. Ensure, in this case, that a volume is not already bound before you install the chart. false
internalDatabase.populateSampleData Specify whether to provide sample data in the internal database. Only if the persistence locale for Decision Center is set to English (US). false

internalDatabase.resources.limits.cpu

internalDatabase.resources.limits.memory

internalDatabase.resources.requests.cpu

internalDatabase.resources.requests.memory

internalDatabase.resources.limits.ephemeral-storage

internalDatabase.resources.requests.ephemeral-storage

 The CPU/Memory resource requests/limits for the internal database.

2

4096Mi

500m

512Mi

500Mi

1G
internalDatabase.runAsUser Specify the user ID to run the internal database container. Must be set to empty if you want to use the restricted scc on OpenShift. 26
internalDatabase.secretCredentials The name of the secret that contains the credentials to connect to the internal database. empty
internalDatabase.tagOrDigest Specify the tag or digest for the internal database docker image. If left empty, the image.tag parameter is used. empty

livenessProbe.failureThreshold

livenessProbe.initialDelaySeconds

livenessProbe.periodSeconds

livenessProbe.timeoutSeconds

 The behavior of liveness probes to know when to restart a container.

10

300

10

5
oidc.enabled Set to true to enable OpenID authentication. false
oidc.serverUrl The URL of the OpenID server is mandatory. empty
oidc.adminRef A secret for the OpenID administrator. The administrator secret is used to call the OpenID REST API to register the URLs of the ODM services. empty
oidc.redirectUrisRef The configmap containing the list of redirect URLs (separated by commas) to access ODM. empty
oidc.clientRef The secret reference name that contains the client id and password to use the OpenID REST API. If not provided, a default secret is created. empty
oidc.provider The name of the provider used to build the endpoints for OpenID REST API calls. If not provided, the ums provider name is used. ums
oidc.allowedDomains A list of domain names (separated by commas) to avoid Cross-Site Request Forgery (CSRF) attacks on the Decision Server console. *

readinessProbe.failureThreshold

readinessProbe.initialDelaySeconds

readinessProbe.periodSeconds

readinessProbe.timeoutSeconds

 The behavior of readiness probes to know when the containers are ready to start accepting traffic.

45

5

5

5
serviceAccountName Customize the serviceAccount that is used by the pods that are created by the Helm chart. If left empty, a serviceAccount named <release_name>-ibm-odm-prod-service-account is automatically created. For more information about the concept of service account, see the Kubernetes documentation. empty
service.enableRoute Specify whether to create OpenShift routes automatically. If true, the routes are created for all ODM components. false
service.enableTLS To enable Transport Layer Security (TLS). If this parameter is set to true, the web applications are accessed through HTTPS. If this parameter is set to false, the web applications are accessed through HTTP. true
service.hostname Specify the hostname that is used by the created routes. This parameter is only used if the creation of the routes is enabled with the service.enableRoute parameter.

empty

If empty, OpenShift automatically generates a hostname of the form <route-name>.<suffix>, where the generated hostname suffix is the default routing subdomain of your cluster according to the OpenShift documentation.

service.ingress.enabled

service.ingress.annotations

service.ingress.tlsHosts

service.ingress.tlsSecretRef

service.ingress.host

Specify whether an Ingress is created automatically. If true, an Ingress is created for each ODM component.

Specify the Ingress annotations.

Specify the TLS domains of the Ingress.

Specify the name of the secret that contains the TLS certificate that you want to use for the Ingress Domain.

Specify the name of the Ingress Domain.

false

empty

empty

empty

empty
service.type The Kubernetes Service type. You can set it to ClusterIP if you define an Ingress controller manually. If the service.enableRoute parameter is set to true, service.type is automatically set to ClusterIP.

NodePort

ClusterIP (if service.enableRoute is set to true)