ODM for production configuration parameters

Configuration parameters are used to install ODM for production on Kubernetes. The installation is done from the Helm or Kubectl command line.

Mandatory configuration parameters

The following table shows the mandatory configuration parameters and their descriptions.

If necessary, hide the left pane to see more of the table or scroll to the right.

Table 1. Mandatory configuration parameters
Parameters Description Default values Example
license This parameter is required for the deployment to run. Accept the license agreement by setting this parameter to true. false 
license: true
usersPassword This parameter is required to use the default user access. It is ignored if customization.authSecretRef is defined. empty 
usersPassword: odmAdmin

Optional configuration parameters

The following table shows the optional configuration parameters and their descriptions.

If necessary, hide the left pane to see more of the table or scroll to the right.

Table 2. Optional configuration parameters. Table lists parameters.
Parameters Description Default values Example
customization.annotations Specify the annotations to add to all decision pods (New since version 9.0.0.1). empty  
customization.authSecretRef Customizes user authentication and management by overriding the default basic registry or by using an LDAP connection. You must create a Kubernetes secret and set the name of the secret for this parameter. empty 
customization:
  authSecretRef: my-auth-secret
customization.baiEmitterSecretRef Enables Operational Decision Manager to emit events to a Kafka server used by IBM Business Automation Insights. Create a Kubernetes secret, and then set this secret as the value for the customization.baiEmitterSecretRef parameter when you configure the Helm release. empty 
customization:
  baiEmitterSecretRef: mybaieventsecret
customization.cp4baLicense Specify whether to use an IBM Cloud Pak® for Business Automation license for an installation of Operational Decision Manager on Certified Kubernetes. Set to true if you want to install the software with the license. false 
customization:
  cp4baLicense: true
customization.dedicatedNodeLabel Specify the label attached to some nodes that have NoSchedule taint effect. All ODM pods are scheduled to these nodes with this label. This works only for NoSchedule taint effect. empty 
customization:
  dedicatedNodeLabel: myLabel
customization.deployForProduction Specify whether the instance is deployed with a production license. If set to false, the instance is deployed with the non-production license. true 
customization:
  deployForProduction: false
customization.downloadUrl Specify the url of download. You can specify a list of urls. Files with .zip, .tar.gz, .tar.bz2, .tgz extensions will be automatically unarchived after their downloads {} 
customization:
  downloadUrl:
  - http://<host>:<port>/file1.zip
  - http://<host>:<port>/file2.jar
customization.enabledCiphers Specify the ciphers that are enabled to establish a secure connection. When empty, the Liberty server uses the following cipher list:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
TLS_RSA_WITH_AES_256_GCM_SHA384 
TLS_RSA_WITH_AES_128_GCM_SHA256
 empty 
customization:
  enabledCiphers: "MY_CIPHER1 MY_CYPHER_2"
To override existing ciphers with a command line, separate the ciphers by a space:
--set customization.enabledCiphers="MY_CIPHER1 MY_CYPHER_2"
customization.enableFips Specify whether the instance is deployed with the FIPS certified cryptography. If set to false, the instance is not FIPS compliant. false 
customization:
  enableFips: true
customization.enablePodMonitor Enable the PodMonitor creation when enabling the monitoring. false  
customization.labels Provide custom labels for all Operational Decision Manager Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation. {} 
customization: 
  labels: 
    key: value
    isSomething: "true"
To add labels with a command line, use the following syntax:
--set customization.labels.key=value
To add a label name that includes dots:
--set customization.labels."label\.with\.dot"=value
To remove a label, set it to null with the following command:
$ helm get values RELEASE_NAME > get-values.yaml 
$ helm upgrade RELEASE_NAME -f get-values.yaml \
   --set customization.labels.key=null \
   charts/ibm-odm-prod-CHART_VERSION.tgz
customization.libertyHookRef Specify the name of the secret to configure the Liberty start and/or end. If left empty, there is no custom Liberty start/end. empty  
customization.logstashCollectorRef Specify the name of the secret to configure the logstash collector. If left empty, there is no logstash collector configuration. empty  
customization.meteringServerUrl Specify the URL to access the metering server. empty 
customization: 
  meteringServerUrl: http://my-odm-metering-service.com/
customization.monitorRef Specify the name of the secret to configure the mpMetrics monitoring. If left empty, there is no mpMetric monitoring. empty  
customization.nodeAffinity Specify the node selector term match expression list to manage node affinity. empty 
customization:
  nodeAffinity:
  - key: topology.kubernetes.io/zone
    operator: In
    values:
      - eu-west-3b
customization.readOnlyRootFilesystem Enables the security context readOnlyRootFilesystem so that the root filesystem of the containers is accessible in read-only mode. true 
customization:
  readOnlyRootFilesystem: false
customization.runAsUser Specify the user ID to run the Operational Decision Manager containers. Must be set to empty if you want to use the restricted scc on OpenShift.

For more information, see Installing containerized ODM.

 1001 
customization:
  runAsUser: ““
In command line:
--set customization.runAsUser=
customization.seccompProfile.type Specify the type of seccomp profile to be used by the pods. Possible values are: Unconfined, RuntimeDefault, Localhost. For more information about seccomp profile, see the Kubernetes documentation. If this parameter is left empty, RuntimeDefault is used by default for Kubernetes version 1.24 or later. empty 
customization:
  seccompProfile:
    type: RuntimeDefault
customization.seccompProfile.localhostProfile Specify the local path of the seccomp profile file. This parameter is required if seccompProfile.type is set to Localhost. empty 
customization:
  seccompProfile:
    type: Locahost
    localhostProfile: : profiles/audit.json
customization.securitySecretRef Replaces the default certificate. You must create a Kubernetes secret and set the name of the secret for this parameter.

For more information, see Defining the security certificate.

 empty 
customization:
  securitySecretRef: mysecuritysecret
customization.sidecar.enabled Enable Sidecar Container in all components (New since version 9.0.0.1). false  
customization.sidecar.image Specify the sidecar image to use (New since version 9.0.0.1). empty  
customization.sidecar.confSecretRef Specify the name of the secret to be used by the sidecar container (New since version 9.0.0.1). empty  
customization.sidecar.resources Specify the sidecar resources (New since version 9.0.0.1). empty  
customization.sidecar.probes Specify the sidecar probes (startupProbe,readinessProbe,livenessProbe) (New since version 9.0.0.1). empty  
customization.tolerations Specify tolerations to allow Kubernetes scheduler to schedule all ODM pods onto nodes with matching taints. empty 
customization:
  tolerations:
  - key: "odm"
    operator: "Exists"
    effect: "NoExecute"
customization.trustedCertificateList Specify a list of secrets that encapsulate certificates in PEM format to be included in the truststore.

For more information, see Importing the certificate of an external service.

 empty 
customization:
  trustedCertificateList:
  - service1-secret
  - service2-secret
In command line:
--set customization.trustedCertificateList={"service1-secret"\, "service2-secret"}
customization.watcher.debug Specify whether to launch a debug watcher container. false  
customization.watcher.enabled Specify whether to enable Watcher. false  
customization.watcher.schedule Specify the watcher CronJob Schedule. every minute

See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#schedule-syntax / '* * * * *' /.
decisionCenter.annotations Specify the annotations to add to Decision Center pods (New since version 9.0.0.1). empty  

decisionCenter.autoscaling.enabled

decisionCenter.autoscaling.minReplicas

decisionCenter.autoscaling.maxReplicas

decisionCenter.autoscaling.targetAverageUtilization

Enable and configure autoscaling for Decision Center.

For more information, see Autoscaling

false

2

3

75

 
decisionCenter:
  autoscaling:
    enabled: true
    minReplicas: 1
    maxReplicas: 4
    targetAverageUtilization: 80
decisionCenter.contextRoot Specify the context root of Decision Center. The context root is an extra path that is used to access the Decision Center component.

For more information, see Configuring external access.

 empty 
decisionCenter:
  contextRoot: “/dev-dc"
decisionCenter.customlibPvc Specify the name of the persistent volume claim (PVC) that locates the customized Decision Center JAR files.

For more information, see Persisting the Decision Center ruleset cache and (Deprecated) Customizing the Decision Center Business console.

 empty 
decisionCenter:
  customlibPvc: my-custom-dc-libs-pvc
decisionCenter.disableAllAuthenticatedUser By default, all authenticated users have the rtsUsers role. To restrict the rtsUsers role, set this parameter to true.

For more information, see Synchronizing users and groups in Decision Center.

 false 
decisionCenter:
  disableAllAuthenticatedUser: true
decisionCenter.disableDbDump Specify whether to disable the Decision Center dbdump application. false 
decisionCenter:
  disableDbDump: true
decisionCenter.downloadUrl Specify the url of download. You can specify a list of urls. Files with .zip, .tar.gz, .tar.bz2, .tgz extensions will be automatically unarchived after their downloads {} 
decisionCenter:
  downloadUrl:
  - http://<host>:<port>/file1.zip
  - http://<host>:<port>/file2.jar
decisionCenter.enabled To enable Decision Center. true 
decisionCenter:
  enabled: false
decisionCenter.extendRoleMapping Enable the role mapping extension feature to map an Operational Decision Manager role to one or several groups (basic or LDAP registry) when their names are different.

Ignored if oidc.enabled is set to true.

For more information, see Migrating your LDAP connection.

 false  
decisionCenter.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used.

See an example in Persisting the Decision Center ruleset cache.

 empty 
decisionCenter:
  jvmOptionsRef: my-dc-jvm-options-configmap
decisionCenter.libertyHookRef Specify the name of the secret to configure the Liberty start and/or end. If left empty, there is no custom Liberty start/end. empty  
decisionCenter.lifecycleHooksSecretRef Specify the name of the Kubernetes Secret that contains scripts for the container lifecycle hooks. The secret might have start.sh, stop.sh keys to be run in the postStart, preStop lifecycle. empty 
decisionCenter:
  lifecycleHooksSecretRef: my-dc-hooks-secret
decisionCenter.labels Provide custom labels for the Decision Center Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation. {} 
decisionCenter: 
  labels: 
    key: value
    isSomething: "true"

You can add labels with a command line by using the following syntax:

--set decisionCenter.labels.key=value

To add a label name that includes dots:

--set decisionCenter.labels."label\.with\.dot"=value

To remove a label, set it to null with the following command:

$ helm get values RELEASE_NAME > get-values.yaml
$ helm upgrade RELEASE_NAME -f get-values.yaml \ 
--set decisionCenter.labels.key=null \ 
charts/ibm-odm-prod-CHART_VERSION.tgz
decisionCenter.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used.

For more information, see Customizing log levels.

empty 
decisionCenter:
  loggingRef: my-dc-logging-configmap
decisionCenter.logstashCollectorRef Specify the name of the secret to configure the logstash collector. If left empty, there is no logstash collector configuration. empty  
decisionCenter.monitorRef Specify the name of the secret to configure the mpMetrics monitoring. If left empty, there is no mpMetric monitoring. empty  
decisionCenter.networkPolicy.egress Specify the egress network policy to apply to Decision Center. empty 
decisionCenter: 
  networkPolicy: 
    egress:
    - ports:
        - protocol: TCP
          port: <DC_DATABASE_PORT>
        - protocol: TCP
          port: 9443   # DS service port
      to:
        - ipBlock:
            cidr: <DC_DATABASE_IP>/32
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: <RELEASE_NAME>-ibm-odm-prod
decisionCenter.networkPolicy.ingress Specify the ingress network policy to apply to Decision Center. empty 
decisionCenter: 
  networkPolicy: 
    ingress:
      - ports:
          - protocol: TCP
            port: 9453
decisionCenter.nodeAffinity Specify the node selector term match expression list to manage node affinity.

For more information, see Configuring multi-zone support.

 empty 
decisionCenter:
  nodeAffinity:
  - key: topology.kubernetes.io/zone
    operator: In
    values:
      - eu-west-3c
decisionCenter.persistenceLocale The persistence locale for Decision Center. en_US 
decisionCenter:
  persistenceLocale: “en_GB”
decisionCenter.replicaCount The number of Decision Center pods.

This parameter is ignored if decisionCenter.autoscaling.enabled is set to true.

For more information, see Manual scaling.

 1 
decisionCenter:
  replicaCount: 2

decisionCenter.resources.limits.cpu

decisionCenter.resources.limits.memory

decisionCenter.resources.limits.ephemeral-storage

decisionCenter.resources.requests.cpu

decisionCenter.resources.requests.memory

decisionCenter.resources.requests.ephemeral-storage

The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Center.

For more information, see Managing Resources for Containers.

2

4096Mi

2G

500m

1500Mi

1G

 
decisionCenter:
  resources:
    requests:
      cpu: 500m
      memory: 1500Mi
      ephemeral-storage: 1G
    limits:
      cpu: 2
      memory: 4096Mi
      ephemeral-storage: 2G
decisionCenter.sidecar.enabled Enable Sidecar Container in Decision Center (New since version 9.0.0.1). false 
decisionCenter:
  sidecar:
    enabled: true
decisionCenter.sidecar.image Specify the sidecar image to use (New since version 9.0.0.1). empty 
decisionCenter:
  sidecar:
    image: <IMAGE_NAME>:<IMAGE_TAG>
decisionCenter.sidecar.confSecretRef Specify the name of the secret to be used by the sidecar container (New since version 9.0.0.1). empty Create a script named sidecar-start.sh
#!/bin/bash
# Add your script logic or service 
while true
do
  echo "dummy script"
  sleep 10
done
Create a secret
kubectl create secret generic my-sidecar-secret --from-file=sidecar-start.sh
Set the confSecretRef parameter
decisionCenter:
  sidecar:
    confSecretRef: my-sidecar-secret
decisionCenter.sidecar.resources Specify the sidecar resources (New since version 9.0.0.1). empty 
decisionCenter:
  sidecar:
    resources:
      requests:
        cpu: 500m
        memory: 1500Mi
        ephemeral-storage: 1G
      limits:
        cpu: 2
        memory: 4096Mi
        ephemeral-storage: 2G
decisionCenter.sidecar.probes Specify the sidecar probes (startupProbe,readinessProbe,livenessProbe) (New since version 9.0.0.1). empty 
decisionCenter:
  sidecar:
    probes:
      startupProbe:
        exec:
          command: ["/bin/sh","-c","/script/sidecar-startup-probe.sh"]
        failureThreshold: 20
        initialDelaySeconds: 5
        periodSeconds: 30
        timeoutSeconds: 5
        successThreshold: 1
      readinessProbe:
        exec:
          command: ["/bin/sh","-c","/script/sidecar-readiness-probe.sh"]
        failureThreshold: 20
        initialDelaySeconds: 5
        periodSeconds: 30
        timeoutSeconds: 5
        successThreshold: 1
      livenessProbe:
        exec:
          command: ["/bin/sh","-c","/script/sidecar-liveness-probe.sh"]
        failureThreshold: 20
        initialDelaySeconds: 5
        periodSeconds: 30
        timeoutSeconds: 5
        successThreshold: 1
decisionCenter.extendRoleMapping Enable the role mapping extension feature to map an Operational Decision Manager role to one or several groups (basic or LDAP registry) when their names are different.

Ignored if oidc.enabled is set to true.

For more information, see Migrating your LDAP connection.

 false 
decisionCenter:
  extendRoleMapping: true
decisionCenter.tagOrDigest Specify the tag or digest for the Decision Center docker image. If left empty, the image.tag parameter is used. empty 
decisionCenter:
  tagOrDigest: my-custom-tag
decisionCenter.tolerations Specify tolerations to allow Kubernetes scheduler to schedule Decision Center pods onto nodes with matching taints. empty 
decisionCenter:
  tolerations:
  - key: "dc"
    operator: "Exists"
    effect: "NoSchedule"
decisionCenter.webConfigRef Specify the name of the configMap that customizes the context-param properties in the web.xml file. If left empty, the default context-param properties are used.

For more information, see Customizing Decision Center.

 empty 
decisionCenter:
  webConfigRef: my-odm-dc-web-configmap
decisionRunner.annotations Specify the annotations to add to Decision Runner pods (New since version 9.0.0.1). empty  

decisionRunner.autoscaling.enabled

decisionRunner.autoscaling.minReplicas

decisionRunner.autoscaling.maxReplicas

decisionRunner.autoscaling.targetAverageUtilization

Enable and configure autoscaling for Decision Runner.

For more information, see Autoscaling

false

2

3

75

 
decisionRunner:
  autoscaling:
    enabled: true
    minReplicas: 1
    maxReplicas: 4
    targetAverageUtilization: 80
decisionRunner.contextRoot Specify the context root of the Decision Runner. The context root is an extra path that is used to access the Decision Runner component.

For more information, see Configuring external access.

 empty 
decisionRunner:
  contextRoot: “/dev-dr"
decisionRunner.downloadUrl Specify the url of download. You can specify a list of urls. Files with .zip, .tar.gz, .tar.bz2, .tgz extensions will be automatically unarchived after their downloads {} 
decisionRunner:
  downloadUrl:
  - http://<host>:<port>/file1.zip
  - http://<host>:<port>/file2.jar
decisionRunner.enabled To enable Decision Runner. true 
decisionRunner:
  enabled: false
decisionRunner.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used.

See an example in Persisting the Decision Center ruleset cache.

 empty 
decisionRunner:
  jvmOptionsRef: my-dr-jvm-options-configmap
decisionRunner.lifecycleHooksSecretRef Specify the name of the Kubernetes Secret that contains scripts for the container lifecycle hooks. The secret might have start.sh, stop.sh keys to be run in the postStart, preStop lifecycle. empty 
decisionRunner:
  lifecycleHooksSecretRef: my-dr-hooks-secret
decisionRunner.labels Provide custom labels for the Decision Runner Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation. {} 
decisionRunner: 
  labels: 
    key: value
    isSomething: "true"

You can add labels with a command line by using the following syntax:

--set decisionRunner.labels.key=value

To add a label name that includes dots:

--set decisionRunner.labels."label\.with\.dot"=value

To remove a label, set it to null with the following command:

$ helm get values RELEASE_NAME > get-values.yaml
$ helm upgrade RELEASE_NAME -f get-values.yaml \ 
--set decisionRunner.labels.key=null \ 
charts/ibm-odm-prod-CHART_VERSION.tgz
decisionRunner.libertyHookRef Specify the name of the secret to configure the Liberty start and/or end. If left empty, there is no custom Liberty start/end. empty  
decisionRunner.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used.

For more information, see Customizing log levels.

empty 
decisionRunner:
  loggingRef: my-dr-logging-configmap
decisionRunner.logstashCollectorRef Specify the name of the secret to configure the logstash collector. If left empty, there is no logstash collector configuration. empty  
decisionRunner.monitorRef Specify the name of the secret to configure the mpMetrics monitoring. If left empty, there is no mpMetric monitoring. empty  
decisionRunner.networkPolicy.egress Specify the egress network policy to apply to Decision Runner. empty 
decisionRunner: 
  networkPolicy: 
    egress:
    - ports:
        - protocol: TCP
          port: 9443   # DS service port
        - protocol: TCP
          port: 9453   # DC service port
      to:
        - ipBlock:
          cidr: <DS_DATABASE_IP>/32
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: <RELEASE_NAME>-ibm-odm-prod
decisionRunner.networkPolicy.ingress Specify the ingress network policy to apply to Decision Runner. empty 
decisionRunner:
  networkPolicy:
    ingress:
    - ports:
        - protocol: TCP
          port: 9443
    - from:
        - podSelector:
            matchLabels:
              run: <RELEASE>-odm-decisioncenter
        - podSelector:
            matchLabels:
              run: <RELEASE>-odm-decisionserverconsole
decisionRunner.nodeAffinity Specify the node selector term match expression list to manage node affinity.

For more information, see Configuring multi-zone support.

 empty 
decisionRunner:
  nodeAffinity:
  - key: topology.kubernetes.io/zone
    operator: In
    values:
      - eu-west-3c
decisionRunner.replicaCount The number of Decision Runner pods.

This parameter is ignored if decisionRunner.autoscaling.enabled is set to true.

For more information, see Manual scaling.

 1 
decisionRunner:
  replicaCount: 2

decisionRunner.resources.limits.cpu

decisionRunner.resources.limits.memory

decisionRunner.resources.limits.ephemeral-storage

decisionRunner.resources.requests.cpu

decisionRunner.resources.requests.memory

decisionRunner.resources.requests.ephemeral-storage

The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Runner.

For more information, see Managing Resources for Containers.

2

4096Mi

200Mi

500m

512Mi

1G

 
decisionRunner:
  resources:
    requests:
      cpu: 500m
      memory: 512Mi
      ephemeral-storage: 200Mi
    limits:
      cpu: 2
      memory: 4096Mi
      ephemeral-storage: 1G
decisionRunner.extendRoleMapping Enable the role mapping extension feature to map an Operational Decision Manager role to one or several groups (basic or LDAP registry) when their names are different.

Ignored if oidc.enabled is set to true.

For more information, see Migrating your LDAP connection.

 false 
decisionRunner:
  extendRoleMapping: true
decisionRunner.resURL The Decision Server console URL that is used to deploy the XOM. Can be modified.

For more information, see Customizing Decision Runner.

 empty 
decisionRunner:
  resURL: "https://my_desination_cluster.domain.com/res,https://<project_name>-odm-decisionserverconsole:9443/<context_root>/res"
decisionRunner.sidecar.enabled Enable Sidecar Container in Decision Runner (New since version 9.0.0.1). false  
decisionRunner.sidecar.image Specify the sidecar image to use (New since version 9.0.0.1). empty  
decisionRunner.sidecar.confSecretRef Specify the name of the secret to be used by the sidecar container (New since version 9.0.0.1). empty  
decisionRunner.sidecar.resources Specify the sidecar resources (New since version 9.0.0.1). empty  
decisionRunner.sidecar.probes Specify the sidecar probes (startupProbe,readinessProbe,livenessProbe) (New since version 9.0.0.1). empty  
decisionRunner.tagOrDigest Specify the tag or digest for the Decision Runner docker image. If left empty, the image.tag parameter is used. empty
Example with a docker tag:
decisionRunner:
  tagOrDigest: my-custom-tag
Example with a digest:
decisionRunner:
  tagOrDigest: sha256:xxxxxxxxxx
decisionRunner.tolerations Specify tolerations to allow Kubernetes scheduler to schedule Decision Runner pods onto nodes with matching taints. empty 
decisionRunner:
  tolerations:
  - key: "dr"
    operator: "Exists"
    effect: "NoSchedule"
decisionServerConsole.annotations Specify the annotations to add to Decision Server Console pod (New since version 9.0.0.1). empty  
decisionServerConsole.contextRoot Specify the context root of the Decision Server console. The context root is an additional path that is used to access the Decision Server console component.

For more information, see Configuring external access.

 empty 
decisionServerConsole:
  contextRoot: “/dev-res"
decisionServerConsole.downloadUrl Specify the url of download. You can specify a list of urls. Files with .zip, .tar.gz, .tar.bz2, .tgz extensions will be automatically unarchived after their downloads {} 
decisionServerConsole:
  downloadUrl:
  - http://<host>:<port>/file1.zip
  - http://<host>:<port>/file2.jar
decisionServerConsole.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used.

See an example in Persisting the Decision Center ruleset cache.

 empty 
decisionServerConsole:
  jvmOptionsRef: my-dsc-jvm-options-configmap
decisionServerConsole.lifecycleHooksSecretRef Specify the name of the Kubernetes Secret that contains scripts for the container lifecycle hooks. The secret might have start.sh, stop.sh keys to be run in the postStart, preStop lifecycle. empty 
decisionServerConsole:
  lifecycleHooksSecretRef: my-dsc-hooks-secret
decisionServerConsole.labels Provide custom labels for the Decision Server console Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation. {} 
decisionServerConsole: 
  labels: 
    key: value
    isSomething: "true"

You can add labels with a command line by using the following syntax:

--set decisionServerConsole.labels.key=value

To add a label name that includes dots:

--set decisionServerConsole.labels."label\.with\.dot"=value

To remove a label, set it to null with the following command:

$ helm get values RELEASE_NAME > get-values.yaml 
$ helm upgrade RELEASE_NAME -f get-values.yaml \ 
--set decisionServerConsole.labels.key=null \ 
charts/ibm-odm-prod-CHART_VERSION.tgz
decisionServerConsole.libertyHookRef Specify the name of the secret to configure the Liberty start and/or end. If left empty, there is no custom Liberty start/end. empty  
decisionServerConsole.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used.

For more information, see Customizing log levels.

empty 
decisionServerConsole:
  loggingRef: my-dsc-logging-configmap
decisionServerConsole.logstashCollectorRef Specify the name of the secret to configure the logstash collector. If left empty, there is no logstash collector configuration. empty  
decisionServerConsole.monitorRef Specify the name of the secret to configure the mpMetrics monitoring. If left empty, there is no mpMetric monitoring. empty  
decisionServerConsole.networkPolicy.egress Specify the egress network policy to apply to the Decision Server console. empty 
decisionServerConsole: 
  networkPolicy: 
    egress:
    - ports:
          port: 9443   # DS service port
        - protocol: TCP
          port: 9453   # DC service port
      to:
        - ipBlock:
          cidr: <DS_DATABASE_IP>/32
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: <RELEASE_NAME>-ibm-odm-prod
decisionServerConsole.networkPolicy.ingress Specify the ingress network policy to apply to the Decision Server console. empty 
decisionServerConsole:
  networkPolicy:
    ingress:
    - ports:
        - protocol: TCP
          port: 9443
        - protocol: TCP
          port: 1883
    - from:
        - podSelector:
            matchLabels:
              run: <RELEASE>-odm-decisioncenter
        - podSelector:
            matchLabels:
              run: <RELEASE>-odm-decisionrunner
        - podSelector:
            matchLabels:
              run: <RELEASE>-odm-decisionserverruntime
decisionServerConsole.nodeAffinity Specify the node selector term match expression list to manage node affinity.

For more information, see Configuring multi-zone support.

 empty 
decisionServerConsole:
  nodeAffinity:
  - key: topology.kubernetes.io/zone
    operator: In
    values:
      - eu-west-3c

decisionServerConsole.resources.limits.cpu

decisionServerConsole.resources.limits.memory

decisionServerConsole.resources.limits.ephemeral-storage

decisionServerConsole.resources.requests.cpu

decisionServerConsole.resources.requests.memory

decisionServerConsole.resources.requests.ephemeral-storage

The CPU/Memory/Ephemeral Storage resource requests/limits for the Decision Server console.

For more information, see Managing Resources for Containers.

2

1024Mi

1G

500m

512Mi

200Mi

 
decisionServerConsole:
  resources:
    requests:
      cpu: 500m
      memory: 512Mi
      ephemeral-storage: 200Mi
    limits:
      cpu: 2
      memory: 1024Mi
      ephemeral-storage: 1G
decisionServerConsole.extendRoleMapping Enable the role mapping extension feature to map an Operational Decision Manager role to one or several groups (basic or LDAP registry) when their names are different.

Ignored if oidc.enabled is set to true.

For more information, see Migrating your LDAP connection.

 false 
decisionServerConsole:
  extendRoleMapping: true
decisionServerConsole.runtime.webConfigRef Specify the name of the configMap that customizes the context-param properties in the web.xml of the Decision Server console runtime. If left empty, it uses the configMap defined for the Decision Server runtime. For more information, see Customizing the Decision Server Runtime. empty 
decisionServerConsole:
  runtime:
    webConfigRef: my-dsc-web-configmap
decisionServerConsole.sidecar.enabled Enable Sidecar Container in Decision Server Console (New since version 9.0.0.1). false  
decisionServerConsole.sidecar.image Specify the sidecar image to use (New since version 9.0.0.1). empty  
decisionServerConsole.sidecar.confSecretRef Specify the name of the secret to be used by the sidecar container (New since version 9.0.0.1). empty  
decisionServerConsole.sidecar.resources Specify the sidecar resources (New since version 9.0.0.1). empty  
decisionServerConsole.sidecar.probes Specify the sidecar probes (startupProbe,readinessProbe,livenessProbe) (New since version 9.0.0.1). empty  
decisionServerConsole.title Specify the title for the Decision Server console web page. If left empty, the default title Rule Execution Server is used. empty 
decisionServerConsole:
  title: “ODM Console”
decisionServerConsole.description Specify a description for the Decision Server console. If left empty, the default description Console is used. empty 
decisionServerConsole:
  description: “Decision Server Console”
decisionServerConsole.tagOrDigest Specify the tag or digest for the Decision Server console docker image. If left empty, the image.tag parameter is used. empty
Example with a docker tag:
decisionServerConsole:
  tagOrDigest: my-custom-tag
Example with a digest:
decisionServerConsole:
  tagOrDigest: sha256:xxxxxxxxxx
decisionServerConsole.tolerations Specify tolerations to allow Kubernetes scheduler to schedule Decision Console pods onto nodes with matching taints. empty 
decisionServerConsole:
  tolerations:
  - key: "dsc"
    operator: "Exists"
    effect: "NoSchedule"
decisionServerRuntime.annotations Specify the annotations to add to Decision Server Runtime pods (New since version 9.0.0.1). empty  

decisionServerRuntime.autoscaling.enabled

decisionServerRuntime.autoscaling.minReplicas

decisionServerRuntime.autoscaling.maxReplicas

decisionServerRuntime.autoscaling.targetAverageUtilization

Enable and configure autoscaling for Decision Server runtime.

For more information, see Autoscaling

false

2

3

75

 
decisionServerRuntime:
  autoscaling:
    enabled: true
    minReplicas: 1
    maxReplicas: 4
    targetAverageUtilization: 80
decisionServerRuntime.contextRoot Specify the context root of the Decision Server runtime. The context root is an extra path that is used to access the Decision Server runtime component.

For more information, see Configuring external access.

 empty 
decisionServerRuntime:
  contextRoot: “/dev-dsr"
decisionServerRuntime.downloadUrl Specify the url of download. You can specify a list of urls. Files with .zip, .tar.gz, .tar.bz2, .tgz extensions will be automatically unarchived after their downloads {} 
decisionServerRuntime:
  downloadUrl:
  - http://<host>:<port>/file1.zip
  - http://<host>:<port>/file2.jar
decisionServerRuntime.enabled To enable Decision Server runtime. true 
decisionServerRuntime:
  enabled: false
decisionServerRuntime.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used.

See an example in Persisting the Decision Center ruleset cache.

 empty 
decisionServerRuntime:
  jvmOptionsRef: my-dsr-jvm-options-configmap
decisionServerRuntime.libertyHookRef Specify the name of the secret to configure the Liberty start and/or end. If left empty, there is no custom Liberty start/end. empty  
decisionServerRuntime.lifecycleHooksSecretRef Specify the name of the Kubernetes Secret that contains scripts for the container lifecycle hooks. The secret might have start.sh, stop.sh keys to be run in the postStart, preStop lifecycle. empty 
decisionServerRuntime:
  lifecycleHooksSecretRef: my-dsr-hooks-secret
decisionServerRuntime.labels Provide custom labels for the Decision Server console Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation. {} 
decisionServerRuntime: 
  labels: 
    key: value
    isSomething: "true"

You can add labels with a command line by using the following syntax:

--set decisionServerRuntime.labels.key=value

To add a label name that includes dots:

--set decisionServerRuntime.labels."label\.with\.dot"=value

To remove a label, set it to null with the following command:

$ helm get values RELEASE_NAME > get-values.yaml
$ helm upgrade RELEASE_NAME -f get-values.yaml \ 
--set decisionServerRuntime.labels.key=null \ 
charts/ibm-odm-prod-CHART_VERSION.tgz
decisionServerRuntime.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used.

For more information, see Customizing log levels.

empty 
decisionServerRuntime:
  loggingRef: my-dsr-logging-configmap
decisionServerRuntime.logstashCollectorRef Specify the name of the secret to configure the logstash collector. If left empty, there is no logstash collector configuration. empty  
decisionServerRuntime.monitorRef Specify the name of the secret to configure the mpMetrics monitoring. If left empty, there is no mpMetric monitoring. empty  
decisionServerRuntime.networkPolicy.egress Specify the egress network policy to apply to the Decision Server runtime. empty 
decisionServerRuntime: 
  networkPolicy: 
    egress:
    - ports:
        - protocol: TCP
          port: <DS_DATABASE_PORT>
        - protocol: TCP
          port: 9443   # DS service port
        - protocol: TCP
          port: 9453   # DC service port
      to:
        - ipBlock:
            cidr: <DS_DATABASE_IP>/32
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: <RELEASE_NAME>-ibm-odm-prod
decisionServerRuntime.networkPolicy.ingress Specify the ingress network policy to apply to the Decision Server runtime. empty 
decisionServerRuntime:
  networkPolicy:
    ingress:
    - ports:
        - protocol: TCP
          port: 9443
    - from:
        - podSelector:
            matchLabels:
              run: <RELEASE>-odm-decisionserverconsole
decisionServerRuntime.nodeAffinity Specify the node selector term match expression list to manage node affinity.

For more information, see Configuring multi-zone support.

 empty 
decisionServerRuntime:
  nodeAffinity:
  - key: topology.kubernetes.io/zone
    operator: In
    values:
      - eu-west-3c
decisionServerRuntime.replicaCount The number of Decision Server runtime pods.

This parameter is ignored if decisionServerRuntime.autoscaling.enabled is set to true.

For more information, see Manual scaling.

 1 
decisionServerRuntime:
  replicaCount: 2

decisionServerRuntime.resources.limits.cpu

decisionServerRuntime.resources.limits.memory

decisionServerRuntime.resources.limits.ephemeral-storage

decisionServerRuntime.resources.requests.cpu

decisionServerRuntime.resources.requests.memory

decisionServerRuntime.resources.requests.ephemeral-storage

The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Server runtime.

For more information, see Managing Resources for Containers.

2

4096Mi

1G

500m

512Mi

200Mi

 
decisionServerRuntime:
  resources:
    requests:
      cpu: 500m
      memory: 512Mi
      ephemeral-storage: 200Mi
    limits:
      cpu: 2
      memory: 4096Mi
      ephemeral-storage: 1G
decisionServerRuntime.sidecar.enabled Enable Sidecar Container in Decision Server Runtime (New since version 9.0.0.1). false  
decisionServerRuntime.sidecar.image Specify the sidecar image to use (New since version 9.0.0.1). empty  
decisionServerRuntime.sidecar.confSecretRef Specify the name of the secret to be used by the sidecar container (New since version 9.0.0.1). empty  
decisionServerRuntime.sidecar.resources Specify the sidecar resources (New since version 9.0.0.1). empty  
decisionServerRuntime.sidecar.probes Specify the sidecar probes (startupProbe,readinessProbe,livenessProbe) (New since version 9.0.0.1). empty  
decisionServerRuntime.extendRoleMapping Enable the role mapping extension feature to map an Operational Decision Manager role to one or several groups (basic or LDAP registry) when their names are different.

Ignored if oidc.enabled is set to true.

For more information, see Migrating your LDAP connection.

 false 
decisionServerRuntime:
  extendRoleMapping: true
decisionServerRuntime.tagOrDigest Specify the tag or digest for the Decision Server runtime docker image. If left empty, the image.tag parameter is used. empty
Example with a docker tag:
decisionServerRuntime:
  tagOrDigest: my-custom-tag
Example with a digest:
decisionServerRuntime:
  tagOrDigest: sha256:xxxxxxxxxx
decisionServerRuntime.tolerations Specify tolerations to allow Kubernetes scheduler to schedule Decision Server Runtime pods onto nodes with matching taints. empty 
decisionServerRuntime:
  tolerations:
  - key: "dsr"
    operator: "Exists"
    effect: "NoSchedule"
decisionServerRuntime.webConfigRef Specify the name of the configMap that customizes the context-param properties in the web.xml of the runtime. If left empty, the default context-param properties are used.

For more information, see Customizing the Decision Server Runtime.

 empty 
decisionServerRuntime:
  webConfigRef: my-odm-web-configmap
externalCustomDatabase.datasourceRef The data source secret reference.

For more information, see Configuring a custom external database.

 empty 
externalCustomDatabase:
  datasourceRef:customdatasource-secret
externalDatabase.databaseName The name of the external database that is used for Operational Decision Manager. If this parameter is empty, odmdb is used by default. empty 
externalDatabase:
  databaseName: odmdb
  port: 5432
  secretCredentials: odm-prod-secret-psql
  serverName: postgresql.odm-restricted.svc.cluster.local
  type: postgresql
externalDatabase.port The port that is exposed to connect to the external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle. empty
externalDatabase.secretCredentials The name of the secret that contains the credentials to connect to the external database. empty
externalDatabase.serverName The name of the server that runs the database for Operational Decision Manager. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external database. empty
externalDatabase.type The type of the external database. This parameter can be set to postgresql for a PostgreSQL database, to db2 for a Db2 database, to sqlserver for a Microsoft SQL Server, or to oracle for an Oracle database. If this parameter is empty, postgresql is used by default.

For more information, see Configuring an external database.

 empty
externalDatabase.driversUrl Specify the URL of the database driver. You can specify a list of URLs.

For more information, see Configuring an external database.

 [] 
externalDatabase:
  driversUrl:
  - https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.49/mysql-connector-java-5.1.49.jar
  - url2
In command line:
--set externalDatabase.driversUrl="{url1,url2}"
externalDatabase.sslSecretRef Specify the name of the secret which contains the TLS certificate that you want to use for the secure database. This parameter is left empty for a non-secured database.

For more information, see Configuring an external database.

 empty 
externalDatabase:
  sslSecretRef: db2-ssl-secret
externalDatabase.url The URL of the external database (currently only with Oracle) that is used for Operational Decision Manager. If defined, it is used in replacement of databaseName/port/serverName

For more information, see Configuring an external database.

 empty 
externalDatabase:
  url: "jdbc:oracle:thin:@serverName:port:databaseName"
externalDatabase.decisionCenter.databaseName The name of the Decision Center external database that is used for Operational Decision Manager. If this parameter is empty, odmdb is used by default. empty 
externalDatabase:
  decisionCenter:
    databaseName: dcdb
    port: 5432
    secretCredentials: odm-prod-secret-psql-dc
    serverName: postgresqldc.odm-restricted.svc.cluster.local
    type: postgresql
externalDatabase.decisionCenter.port The port that is exposed to connect to the Decision Center external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle. empty
externalDatabase.decisionCenter.secretCredentials The name of the secret that contains the credentials to connect to the Decision Center external database. empty
externalDatabase.decisionCenter.serverName The name of the server that runs the database for Decision Center. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external databases. empty
externalDatabase.decisionCenter.type The type of the Decision Center external database. This parameter can be set to postgresql for a PostgreSQL database, to db2 for a Db2 database, to sqlserver for a Microsoft SQL Server, or to oracle for an Oracle database. If this parameter is empty, postgresql is used by default.

For more information, see Configuring an external database.

 empty
externalDatabase.decisionCenter.driversUrl Specify the URL of the Decision Center database driver. You can specify a list of URLs.

For more information, see Configuring an external database.

 empty 
externalDatabase:
  decisionCenter:
    driversUrl:
    - url1
    - url2
In command line:
--set externalDatabase.decisionCenter.driversUrl="{url1,url2}"
externalDatabase.decisionCenter.sslSecretRef Specify the name of the secret which contains the TLS certificate that you want to use for the secure Decision Center database. This parameter is left empty for a non-secured database.

For more information, see Configuring an external database.

 empty 
externalDatabase:
  decisionCenter:
    sslSecretRef: db2-ssl-secret
externalDatabase.decisionCenter.url The URL of the Decision Center external database (currently only with Oracle) that is used for Operational Decision Manager. If defined, it is used in replacement of databaseName/port/serverName

For more information, see Configuring an external database.

 empty 
externalDatabase:
  decisionCenter:
    url: "jdbc:oracle:thin:@serverName:port:databaseName"
externalDatabase.decisionServer.databaseName The name of the Decision Server external database that is used for Operational Decision Manager. If this parameter is empty, odmdb is used by default. empty 
externalDatabase:
  decisionServer:
    databaseName: dsdb
    port: 5432
    secretCredentials: odm-prod-secret-psql-ds
    serverName: postgresqlds.odm-restricted.svc.cluster.local
    type: postgresql
externalDatabase.decisionServer.port The port that is exposed to connect to the Decision Server external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle. empty
externalDatabase.decisionServer.secretCredentials The name of the secret that contains the credentials to connect to the Decision Server external database. empty
externalDatabase.decisionServer.serverName The name of the server that runs the database for Decision Server. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external databases. empty
externalDatabase.decisionServer.type The type of the Decision Server external database. This parameter can be set to postgresql for a PostgreSQL database, to db2 for a Db2 database, to sqlserver for a Microsoft SQL Server, or to oracle for an Oracle database. If this parameter is empty, postgresql is used by default.

For more information, see Configuring an external database.

 empty
externalDatabase.decisionServer.driversUrl Specify the URL of the Decision Server database driver. You can specify a list of URLs.

For more information, see Configuring an external database.

 [] 
externalDatabase:
  decisionServer:
    driversUrl:
    - url1
    - url2
In command line:

--set externalDatabase.decisionServer.driversUrl="{url1,url2}"
externalDatabase.decisionServer.sslSecretRef Specify the name of the secret which contains the TLS certificate that you want to use for the secure Decision Server database. This parameter is left empty for a non-secured database.

For more information, see Configuring an external database.

 empty 
externalDatabase:
  decisionServer:
    sslSecretRef: db2-ssl-secret
externalDatabase.decisionServer.url The URL of the Decision Server external database (currently only with Oracle) that is used for Operational Decision Manager. If defined, it is used in replacement of databaseName/port/serverName

For more information, see Configuring an external database.

 empty 
externalDatabase:
  decisionServer:
    url: "jdbc:oracle:thin:@serverName:port:databaseName"
image.pullPolicy The image pull policy. By default, the most recent downloaded docker image is used.

Set the policy to Always to pull the latest version of the docker image.

 IfNotPresent 
image:
  pullPolicy: Always
image.pullSecrets The image pull secrets. [] 
image:
  pullSecrets: 
  - admin.registrykey
  - admin.registrykey
image.tag The image tag version. 9.0.0.1 
image:
  tag: 9.0.0.1-IF00n
image.repository The repository. empty 
image:
  repository: your.private.registry.example.com
internalDatabase.persistence.enabled To enable the use of a Persistent Volume Claim (PVC) to persist data. true 
internalDatabase:
  persistence:
    enabled: true
    resources:
      requests:
        storage: 5Gi
    storageClassName: my-storage-class
    useDynamicProvisioning: true
internalDatabase.persistence.resources.requests.storage The requested storage size for the Persistent Volume. 5Gi
internalDatabase.persistence.storageClassName The storage class name for the Persistent Volume. empty
internalDatabase.persistence.useDynamicProvisioning To use dynamic provisioning for Persistent Volume Claim. If this parameter is set to false, the Kubernetes binding process selects a pre-existing volume. Ensure, in this case, that a volume is not already bound before you install the chart.

For more information, see Configuring the internal database.

 false
internalDatabase.populateSampleData Specify whether to provide sample data in the internal database. Only if the persistence locale for Decision Center is set to English (US). false 
internalDatabase:
  populateSampleData: true

internalDatabase.resources.limits.cpu

internalDatabase.resources.limits.memory

internalDatabase.resources.limits.ephemeral-storage

internalDatabase.resources.requests.cpu

internalDatabase.resources.requests.memory

internalDatabase.resources.requests.ephemeral-storage

 The CPU/Memory resource requests/limits for the internal database.

2

4096Mi

1G

500m

512Mi

500Mi

 
internalDatabase:
  resources:
    requests:
      cpu: 500m
      memory: 512Mi
      ephemeral-storage: 500Mi
    limits:
      cpu: 2
      memory: 4096Mi
      ephemeral-storage: 1G
internalDatabase.runAsUser Specify the user ID to run the internal database container. Must be set to empty if you want to use the restricted scc on OpenShift.

For more information, see Preparing to install Operational Decision Manager.

 26 
internalDatabase:
  runAsUser: ““
In command line:
--set internalDatabase.runAsUser=
internalDatabase.secretCredentials The name of the secret that contains the credentials to connect to the internal database.

For more information, see Configuring the internal database.

 empty 
internalDatabase:
  secretCredentials: my-secret
internalDatabase.tagOrDigest Specify the tag or digest for the internal database docker image. If left empty, the image.tag parameter is used. empty 
internalDatabase:
  tagOrDigest: my-custom-tag

livenessProbe.failureThreshold

livenessProbe.initialDelaySeconds

livenessProbe.periodSeconds

livenessProbe.timeoutSeconds

 The behavior of liveness probes to know when to restart a container.

4

300

30

5

 
livenessProbe:
  failureThreshold: 4
  initialDelaySeconds: 300
  periodSeconds: 30
  timeoutSeconds: 5
networkPolicy.enabled Enable the creation of network policy resources. true 
networkPolicy:
  enable: false
networkPolicy.egress Specify the egress network policy to apply to all components. empty Example to restrict internet access:
networkPolicy:        
  egress:
  - ports:
      - protocol: TCP
        port: <DC_DATABASE_PORT>
      - protocol: TCP
        port: <DS_DATABASE_PORT>
      - protocol: TCP
        port: 9443   # DS service port
      - protocol: TCP
        port: 9453   # DC service port
    to:
      - ipBlock:
          cidr: <DC_DATABASE_IP>/32
      - ipBlock:
          cidr: <DS_DATABASE_IP>/32
      - namespaceSelector:
          matchLabels:
            kubernetes.io/metadata.name: <RELEASE_NAME>-ibm-odm-prod
networkPolicy.ingress Specify the ingress network policy to apply to all components. empty Example to allow all ingress communications:
networkPolicy:
  ingress:
  - {}
oidc.disableLoginPanel Allows you to disable the basic authentication login panel when Operational Decision Manager is configured with Open ID Connect (oidc.enabled=true). false 
oidc:
  disableLoginPanel: true
oidc.enabled Set to true to enable OpenID authentication. false 
oidc:
  enabled: true
  serverUrl: my-openid-serverUrl
  adminRef: my-openid-admin-secret
  allowedDomains: my-openid-allowed-domains
oidc.serverUrl The URL of the OpenID server is mandatory. empty
oidc.adminRef A secret for the OpenID administrator. The administrator secret is used to call the OpenID REST API to register the URLs of the Operational Decision Manager services. empty
oidc.allowedDomains A list of domain names (separated by commas) to avoid Cross-Site Request Forgery (CSRF) attacks on the Decision Server console.

For more information, see Configuring user access with OpenID.

 empty
oidc.clientRef The secret reference name that contains the client ID and password to use the OpenID REST API. If not provided, a default secret is created.

For more information, see Configuring user access with OpenID.

 empty 
oidc:
  clientRef: my_openid_clientid_secret
oidc.provider The name of the provider used to build the endpoints for OpenID REST API calls. If left empty, the ums provider name is used.

For more information, see Configuring user access with OpenID.

 empty 
oidc:
  provider: myopenidprovider
oidc.redirectUrisRef The configmap that contains the list of redirect URLs (separated by commas) to access Operational Decision Manager. empty 
oidc:
  redirectUrisRef: my-odm-oidc-redirect-uris-configmap

readinessProbe.failureThreshold

readinessProbe.initialDelaySeconds

readinessProbe.periodSeconds

readinessProbe.timeoutSeconds

 The behavior of readiness probes to know when the containers are ready to start accepting traffic.

45

5

5

5

 
readinessProbe:
  failureThreshold: 45
  initialDelaySeconds: 5
  periodSeconds: 5
  timeoutSeconds: 5
serviceAccountName Customize the service account that is used by the pods that are created by the Helm chart. If left empty, a service account named <release_name>-ibm-odm-prod-service-account is automatically created. For more information about the concept of service account, see the Kubernetes documentation.

For more information, see Preparing to install Operational Decision Manager.

 empty 
serviceAccountName: my-custom-sa
service.enableRoute Specify whether to create OpenShift routes automatically. If true, the routes are created for all Operational Decision Manager components.

For more information, see Configuring external access.

 false 
service:
  enableRoute: true
service.enableTLS To enable Transport Layer Security (TLS). If this parameter is set to true, the web applications are accessed through HTTPS. If this parameter is set to false, the web applications are accessed through HTTP.

For more information, see Configuring external access.

 true 
service:
  enableTLS: false
service.hostname Specify the hostname that is used by the created routes. This parameter is only used if the creation of the routes is enabled with the service.enableRoute parameter.

The following hostname is generated <component-name>.odm.<release-name>.<service.hostname>.

If empty, OpenShift automatically generates a hostname of the form <route-name>.<suffix>, where the generated hostname suffix is the default routing subdomain of your cluster according to the OpenShift documentation.

empty

 
service:
  hostname: my-custom-route.com

service.ingress.enabled

service.ingress.annotations

service.ingress.tlsHosts

service.ingress.tlsSecretRef

service.ingress.host

Specify whether an Ingress is created automatically. If true, an Ingress is created for each Operational Decision Manager component.

Specify the Ingress annotations. For an example, see odm-docker-kubernetes documentation.

Specify the TLS domains of the Ingress.

Specify the name of the secret that contains the TLS certificate that you want to use for the Ingress Domain.

Specify the name of the Ingress Domain.

For more information, see Configuring external access.

false

empty

[]

empty

empty

 
service:
  ingress:
    enabled: true
    annotations: 
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/scheme: internet-facing         
      alb.ingress.kubernetes.io/backend-protocol: "HTTPS"      
      alb.ingress.kubernetes.io/certificate-arn: "arn:aws:iam::<AWS-AccountId>:server-certificate/mycompany"
    tlsHosts: 
      - tls-host-1
      - tls-host-2
    tlsSecretRef: my-tls-secret
    host: mycompany.com
service.type The Kubernetes Service type. You can set it to ClusterIP if you define an Ingress controller manually. If the service.enableRoute parameter is set to true, service.type is automatically set to ClusterIP.

For more information, see Configuring external access.

NodePort

ClusterIP (if service.enableRoute is set to true)

 
service:
  type: ClusterIP
service.ipFamilyPolicy

Define how IP families (IPv4 and IPv6) are handled for the Service. This

setting becomes particularly relevant in dual-stack environments where

both IPv4 and IPv6 are enabled. Here are the options you can specify for ipFamilyPolicy: SingleStack , PreferDualStack , RequireDualStack (New since version 9.0.0.1)

 empty 
service:
  ipFamilyPolicy: RequireDualStack
service.ipFamilies The ipFamilies parameter is used to specify which IP families (IPv4 or IPv6) a Service should use. This parameter works in conjunction with the ipFamilyPolicy to define the IP addressing behaviors for the Service. (New since version 9.0.0.1) empty 
service:
  ipFamilies: 
   - IPv6

startupProbe.failureThreshold

startupProbe.initialDelaySeconds

startupProbe.periodSeconds

startupProbe.timeoutSeconds

 The behavior of startup probes to verify whether the application within a container is started. If needed, you can adjust the values of periodSeconds and failureThreshold to suit the application startup time in your cluster. The value of timeoutSeconds should be lower than the value of periodSeconds.

30

15

10

5

 
startupProbe:
  failureThreshold: 30
  initialDelaySeconds: 15
  periodSeconds: 20
  timeoutSeconds: 5
vault.enabled Specify whether to use an external secrets store. false 
vault:
  enabled: true
  type: spc
vault.type Specify how secrets are provided. When vault.enabled=true, vault.type must be either initcontainer or spc, which stants for Secret Provider Class. null 
vault:
  enabled: true
  type: spc