Production configuration parameters

Configuration parameters are used to install Operational Decision Manager for production on Kubernetes. The installation is done from the Helm or Kubectl command line.

Mandatory configuration parameters

The following table shows the mandatory configuration parameters and their descriptions.

If necessary, hide the left pane to see more of the table or scroll to the right.

Table 1. Mandatory configuration parameters
Parameters	Description	Default values	Example
license	This parameter is required for the deployment to run. Accept the license agreement by setting this parameter to `true`.	false	`license: true`
usersPassword	This parameter specifies the default password for the odmAdmin user. This parameter is required unless you define the customization.authSecretRef parameter, which allows you to use a custom authentication secret instead.	empty	`usersPassword: odmAdmin`

Optional configuration parameters

The following table shows the optional configuration parameters and their descriptions.

If necessary, hide the left pane to see more of the table or scroll to the right.

Table 2. Optional configuration parameters
Parameters	Description	Default values	Example
customization.annotations	Specify the annotations to add to all decision pods (New since version 9.0.0.1).	empty
customization.authSecretRef	Customizes user authentication and management by overriding the default basic registry or by using an LDAP connection. You must create a Kubernetes secret and set the name of the secret for this parameter.	empty	`customization: authSecretRef: my-auth-secret`
customization.baiEmitterSecretRef	Enables Operational Decision Manager to emit events to a Kafka server used by IBM Business Automation Insights. Create a Kubernetes secret, and then set this secret as the value for the `customization.baiEmitterSecretRef` parameter when you configure the Helm release.	empty	`customization: baiEmitterSecretRef: mybaieventsecret`
customization.cp4baLicense	Specify whether to use an IBM Cloud Pak for Business Automation license for an installation of Operational Decision Manager on Certified Kubernetes. Set to `true` if you want to install the software with the license.	false	`customization: cp4baLicense: true`
customization.dedicatedNodeLabel	Specify the label attached to some nodes that have NoSchedule taint effect. All ODM pods are scheduled to these nodes with this label. This works only for `NoSchedule` taint effect.	empty	`customization: dedicatedNodeLabel: myLabel`
customization.deployForProduction	Specify whether the instance is deployed with a production license. If set to false, the instance is deployed with the non-production license.	true	`customization: deployForProduction: false`
customization.downloadUrl	Specify the URL of download. You can specify a list of urls. Files with .zip, .tar.gz, .tar.bz2, .tgz extensions will be automatically unarchived after their downloads	{}	`customization: downloadUrl: - http://<host>:<port>/file1.zip - http://<host>:<port>/file2.jar`
customization.enabledCiphers	Specify the ciphers that are enabled to establish a secure connection. When empty, the Liberty server uses the following ciphers list (in non-FIPS mode): `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256`	empty	`customization: enabledCiphers: "MY_CIPHER1 MY_CYPHER_2"` To override existing ciphers with a command line, separate the ciphers by a space: `--set customization.enabledCiphers="MY_CIPHER1 MY_CYPHER_2"`
customization.enableFips	Specify whether the instance is deployed with the FIPS certified cryptography. If set to false, the instance is not FIPS compliant.	false	`customization: enableFips: true`
customization.enablePodMonitor	Enable the PodMonitor creation when enabling the monitoring.	false
customization.ephemeralStorage.capacity	Specify the capacity of the ephemeral storage for all components.	10GB
customization.ephemeralStorage.className	Specify the class name of the ephemeral storage for all components.	empty
customization.labels	Provide custom labels for all Operational Decision Manager Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation .	{}	`customization: labels: key: value isSomething: "true"` To add labels with a command line, use the following syntax: `--set customization.labels.key=value` To add a label name that includes dots: `--set customization.labels."label\.with\.dot"=value` To remove a label, set it to `null` with the following command: `$ helm get values RELEASE_NAME > get-values.yaml $ helm upgrade RELEASE_NAME -f get-values.yaml \ --set customization.labels.key=null \ charts/ibm-odm-prod-CHART_VERSION.tgz`
customization.libertyHookRef	Specify the name of the secret to configure the Liberty start and/or end. If left empty, there is no custom Liberty start/end.	empty
customization.logstashCollectorRef	Specify the name of the secret to configure the logstash collector. If left empty, there is no logstash collector configuration.	empty
customization.meteringServerUrl	Specify the URL to access the metering server.	empty	`customization: meteringServerUrl: http://my-odm-metering-service.com/`
New in 9.6.0.0 customization.usageMeteringService.enabled	Enables or disables the IBM Usage Metering Service integration. When enabled, Operational Decision Manager reports usage metrics to the service via a CronJob.	true	`customization.usageMeteringService: enabled: true`
New in 9.6.0.0 customization.usageMeteringService.debug	Enables the debugging mode for Usage Metering Service. When enabled, it creates a deployment pod that runs continuously for seven days, allowing manual execution and troubleshooting of the metering script.	false	`customization.usageMeteringService: debug: true`
New in 9.6.0.0 customization.usageMeteringService.schedule	Specifies the cron schedule for collecting data for usage metering. It uses the standard cron format.	"0 /2 * *" (every two hours)	`customization.usageMeteringService: schedule: "0 /2 * *"` (every hour)
customization.monitorRef	Specify the name of the secret to configure the mpMetrics monitoring. If left empty, there is no mpMetric monitoring.	empty
customization.nodeAffinity	Specify the node selector term match expression list to manage node affinity.	empty	`customization: nodeAffinity: - key: topology.kubernetes.io/zone operator: In values: - eu-west-3b`
customization.readOnlyRootFilesystem	Enables the security context readOnlyRootFilesystem so that the root filesystem of the containers is accessible in read-only mode.	true	`customization: readOnlyRootFilesystem: false`
customization.runAsUser	Specify the user ID to run the Operational Decision Manager containers. Must be set to empty if you want to use the `restricted` scc on OpenShift®. For more information, see Installing containerized ODM.	1001	`customization: runAsUser: ““` In command line: `--set customization.runAsUser=`
customization.seccompProfile.type	Specify the type of seccomp profile to be used by the pods. Possible values are: `Unconfined`, `RuntimeDefault`, `Localhost`. For more information about seccomp profile, see the Kubernetes documentation . If this parameter is left empty, `RuntimeDefault` is used by default for Kubernetes version 1.24 or later.	empty	`customization: seccompProfile: type: RuntimeDefault`
customization.seccompProfile.localhostProfile	Specify the local path of the seccomp profile file. This parameter is required if seccompProfile.type is set to `Localhost`.	empty	`customization: seccompProfile: type: Locahost localhostProfile: : profiles/audit.json`
customization.securitySecretRef	Replaces the default certificate. You must create a Kubernetes secret and set the name of the secret for this parameter. For more information, see Defining the security certificate.	empty	`customization: securitySecretRef: mysecuritysecret`
customization.sidecar.enabled	Enable Sidecar Container in all components (New since version 9.0.0.1).	false
customization.sidecar.image	Specify the sidecar image to use (New since version 9.0.0.1).	empty
customization.sidecar.confSecretRef	Specify the name of the secret to be used by the sidecar container (New since version 9.0.0.1).	empty
customization.sidecar.resources	Specify the sidecar resources (New since version 9.0.0.1).	empty
customization.sidecar.probes	Specify the sidecar probes (startupProbe,readinessProbe,livenessProbe) (New since version 9.0.0.1).	empty
customization.tolerations	Specify tolerations to allow Kubernetes scheduler to schedule all ODM pods onto nodes with matching taints.	empty	`customization: tolerations: - key: "odm" operator: "Exists" effect: "NoExecute"`
customization.trustedCertificateList	Specify a list of secrets that encapsulate certificates in PEM format to be included in the truststore. For more information, see Importing the certificate of an external service.	empty	`customization: trustedCertificateList: - service1-secret - service2-secret` In command line: `--set customization.trustedCertificateList={"service1-secret"\, "service2-secret"}`
customization.watcher.debug	Specify whether to launch a debug watcher container.	false
customization.watcher.enabled	Specify whether to enable Watcher.	false
customization.watcher.schedule	Specify the watcher CronJob Schedule.	every minute	See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#schedule-syntax / '* * * * *' / .
decisionCenter.annotations	Specify the annotations to add to Decision Center pods (New since version 9.0.0.1).	empty
decisionCenter.autoscaling.enabled decisionCenter.autoscaling.minReplicas decisionCenter.autoscaling.maxReplicas (Deprecated) decisionCenter.autoscaling.targetAverageUtilization decisionCenter.autoscaling.targetAverageCpuUtilization decisionCenter.autoscaling.targetAverageMemoryUtilization decisionCenter.autoscaling.behavior	Enable and configure autoscaling for Decision Center. For more information, see Autoscaling Note: targetAverageUtilization is deprecated and replaced by targetAverageCpuUtilization	false 2 3 300 300 200	`decisionCenter: autoscaling: enabled: true minReplicas: 1 maxReplicas: 2 targetAverageCpuUtilization: 250 behavior: scaleDown: stabilizationWindowSeconds: 3000 scaleUp: stabilizationWindowSeconds: 120`
decisionCenter.contextRoot	Specify the context root of Decision Center. The context root is an extra path that is used to access the Decision Center component. For more information, see Configuring external access.	empty	`decisionCenter: contextRoot: “/dev-dc"`
decisionCenter.customlibPvc	Specify the name of the persistent volume claim (PVC) that locates the customized Decision Center JAR files. For more information, see Persisting the Decision Center ruleset cache and (Deprecated) Customizing the Decision Center Business console.	empty	`decisionCenter: customlibPvc: my-custom-dc-libs-pvc`
decisionCenter.customPodAntiAffinity	Specify your custom pod anti-affinity definitions if you want to override the default setting. For more information, see “Configuring custom Pod Anti-Affinity on Operational Decision Manager pods”.	`preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: run operator: In values: - <release_name>-odm-decisioncenter topologyKey: "kubernetes.io/hostname"`	`decisionCenter: replicaCount: 3 customPodAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: run operator: In values: - <release_name>-odm-decisioncenter topologyKey: "kubernetes.io/hostname"`
decisionCenter.disableAllAuthenticatedUser	By default, all authenticated users have the `rtsUsers` role. To restrict the `rtsUsers` role, set this parameter to `true`. For more information, see Synchronizing users and groups in Decision Center.	false	`decisionCenter: disableAllAuthenticatedUser: true`
decisionCenter.disableDbDump	Specify whether to disable the Decision Center dbdump application.	false	`decisionCenter: disableDbDump: true`
decisionCenter.downloadUrl	Specify the url of download. You can specify a list of urls. Files with .zip, .tar.gz, .tar.bz2, .tgz extensions will be automatically unarchived after their downloads	{}	`decisionCenter: downloadUrl: - http://<host>:<port>/file1.zip - http://<host>:<port>/file2.jar`
decisionCenter.enabled	To enable Decision Center.	true	`decisionCenter: enabled: false`
decisionCenter.jvmOptionsRef	Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. See an example in Persisting the Decision Center ruleset cache.	empty	`decisionCenter: jvmOptionsRef: my-dc-jvm-options-configmap`
decisionCenter.libertyHookRef	Specify the name of the secret to configure the Liberty start and/or end. If left empty, there is no custom Liberty start/end.	empty
decisionCenter.lifecycleHooksSecretRef	Specify the name of the Kubernetes Secret that contains scripts for the container lifecycle hooks. The secret might have start.sh, stop.sh keys to be run in the postStart, preStop lifecycle.	empty	`decisionCenter: lifecycleHooksSecretRef: my-dc-hooks-secret`
decisionCenter.labels	Provide custom labels for the Decision Center Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation .	{}	`decisionCenter: labels: key: value isSomething: "true"` You can add labels with a command line by using the following syntax: `--set decisionCenter.labels.key=value` To add a label name that includes dots: `--set decisionCenter.labels."label\.with\.dot"=value` To remove a label, set it to `null` with the following command: `$ helm get values RELEASE_NAME > get-values.yaml $ helm upgrade RELEASE_NAME -f get-values.yaml \ --set decisionCenter.labels.key=null \ charts/ibm-odm-prod-CHART_VERSION.tgz`
decisionCenter.loggingRef	Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. For more information, see Customizing log levels.	empty	`decisionCenter: loggingRef: my-dc-logging-configmap`
decisionCenter.logstashCollectorRef	Specify the name of the secret to configure the logstash collector. If left empty, there is no logstash collector configuration.	empty
decisionCenter.monitorRef	Specify the name of the secret to configure the mpMetrics monitoring. If left empty, there is no mpMetric monitoring.	empty
decisionCenter.networkPolicy.egress	Specify the egress network policy to apply to Decision Center.	empty	`decisionCenter: networkPolicy: egress: - ports: - protocol: TCP port: <DC_DATABASE_PORT> - protocol: TCP port: 9443 # DS service port to: - ipBlock: cidr: <DC_DATABASE_IP>/32 - namespaceSelector: matchLabels: kubernetes.io/metadata.name: <RELEASE_NAME>-ibm-odm-prod`
decisionCenter.networkPolicy.ingress	Specify the ingress network policy to apply to Decision Center.	empty	`decisionCenter: networkPolicy: ingress: - ports: - protocol: TCP port: 9453`
decisionCenter.nodeAffinity	Specify the node selector term match expression list to manage node affinity. For more information, see Configuring multi-zone support.	empty	`decisionCenter: nodeAffinity: - key: topology.kubernetes.io/zone operator: In values: - eu-west-3c`
decisionCenter.persistenceLocale	The persistence locale for Decision Center.	en_US	`decisionCenter: persistenceLocale: “en_GB”`
decisionCenter.podDisruptionBudget	Specify either maxUnavailable and minAvailable pertaining to the podDisruptionBudget. The value can be either an absolute number or a percentage. Note: podDisruptionBudget should only be activated if the component has two or more replicas. For more information, see Configuring pod disruption budget on ODM deployments.	empty	`decisionCenter: replicaCount: 3 podDisruptionBudget: maxUnavailable: 1`
decisionCenter.replicaCount	The number of Decision Center pods. This parameter is ignored if decisionCenter.autoscaling.enabled is set to true. For more information, see Manual scaling.	1	`decisionCenter: replicaCount: 2`
decisionCenter.resources.limits.cpu decisionCenter.resources.limits.memory decisionCenter.resources.limits.ephemeral-storage decisionCenter.resources.requests.cpu decisionCenter.resources.requests.memory decisionCenter.resources.requests.ephemeral-storage	The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Center. For more information, see Managing Resources for Containers .	2 4096Mi 2G 500m 1500Mi 1G	`decisionCenter: resources: requests: cpu: 500m memory: 1500Mi ephemeral-storage: 1G limits: cpu: 2 memory: 4096Mi ephemeral-storage: 2G`
decisionCenter.rollingUpdate.maxSurge decisionCenter.rollingUpdate.maxUnavailable	The properties that are used to control the rolling updates of a deployment. For more information, see Rolling updates for ODM deployments.	1 0	`decisionCenter: rollingUpdate: maxSurge: 1 maxUnavailable: 0`
decisionCenter.sidecar.enabled	Enable Sidecar Container in Decision Center (New since version 9.0.0.1).	false	`decisionCenter: sidecar: enabled: true`
decisionCenter.sidecar.image	Specify the sidecar image to use (New since version 9.0.0.1).	empty	`decisionCenter: sidecar: image: <IMAGE_NAME>:<IMAGE_TAG>`
decisionCenter.sidecar.confSecretRef	Specify the name of the secret to be used by the sidecar container (New since version 9.0.0.1).	empty	Create a script named sidecar-start.sh `#!/bin/bash # Add your script logic or service while true do echo "dummy script" sleep 10 done` Create a secret `kubectl create secret generic my-sidecar-secret --from-file=sidecar-start.sh` Set the confSecretRef parameter `decisionCenter: sidecar: confSecretRef: my-sidecar-secret`
decisionCenter.sidecar.resources	Specify the sidecar resources (New since version 9.0.0.1).	empty	`decisionCenter: sidecar: resources: requests: cpu: 500m memory: 1500Mi ephemeral-storage: 1G limits: cpu: 2 memory: 4096Mi ephemeral-storage: 2G`
decisionCenter.sidecar.probes	Specify the sidecar probes (startupProbe,readinessProbe,livenessProbe) (New since version 9.0.0.1).	empty	decisionCenter: sidecar: probes: startupProbe: exec: command: ["/bin/sh","-c","/script/sidecar-startup-probe.sh"] failureThreshold: 20 initialDelaySeconds: 5 periodSeconds: 30 timeoutSeconds: 5 successThreshold: 1 readinessProbe: exec: command: ["/bin/sh","-c","/script/sidecar-readiness-probe.sh"] failureThreshold: 20 initialDelaySeconds: 5 periodSeconds: 30 timeoutSeconds: 5 successThreshold: 1 livenessProbe: exec: command: ["/bin/sh","-c","/script/sidecar-liveness-probe.sh"] failureThreshold: 20 initialDelaySeconds: 5 periodSeconds: 30 timeoutSeconds: 5 successThreshold: 1
automountServiceAccountToken	Specify whether the kubelet should automatically mount the ServiceAccount's API credentials to enable scripts running in a pod to send authenticated requests to the API server	false	`decisionCenter: automountServiceAccountToken: true`
decisionCenter.extendRoleMapping	Enable the role mapping extension feature to map an Operational Decision Manager role to one or several groups (basic or LDAP registry) when their names are different. Ignored if oidc.enabled is set to `true`. For more information, see Migrating your LDAP connection.	false	`decisionCenter: extendRoleMapping: true`
decisionCenter.tagOrDigest	Specify the tag or digest for the Decision Center docker image. If left empty, the image.tag parameter is used.	empty	`decisionCenter: tagOrDigest: my-custom-tag`
decisionCenter.tolerations	Specify tolerations to allow Kubernetes scheduler to schedule Decision Center pods onto nodes with matching taints.	empty	`decisionCenter: tolerations: - key: "dc" operator: "Exists" effect: "NoSchedule"`
decisionCenter.topologySpreadConstraints	Specify topology spread constraints to allow Kubernetes scheduler to distribute Decision Center pods across your cluster among failure domains such as regions, zones, and nodes. For more information, see Configuring topology spread constraints on Operational Decision Manager pods.	empty	`decisionCenter: replicaCount: 2 topologySpreadConstraints: - maxSkew: 1 topologyKey: "kubernetes.io/hostname" whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app.kubernetes.io/component: decisionCenter matchLabelKeys: - pod-template-hash`
decisionCenter.webConfigRef	Specify the name of the configMap that customizes the `context-param` properties in the web.xml file. If left empty, the default `context-param` properties are used. For more information, see Customizing Decision Center.	empty	`decisionCenter: webConfigRef: my-odm-dc-web-configmap`
decisionRunner.annotations	Specify the annotations to add to Decision Runner pods (New since version 9.0.0.1).	empty
decisionRunner.autoscaling.enabled decisionRunner.autoscaling.minReplicas decisionRunner.autoscaling.maxReplicas (Deprecated) decisionRunner.autoscaling.targetAverageUtilization decisionRunner.autoscaling.targetAverageCpuUtilization decisionRunner.autoscaling.targetAverageMemoryUtilization decisionRunner.autoscaling.behavior	Enable and configure autoscaling for Decision Runner. For more information, see Autoscaling Note: targetAverageUtilization is deprecated and replaced by targetAverageCpuUtilization	false 2 3 300 300 600	`decisionRunner: autoscaling: enabled: true minReplicas: 1 maxReplicas: 4 targetAverageCpuUtilization: 350 targetAverageMemoryUtilization: 700 behavior: scaleDown: stabilizationWindowSeconds: 3000 scaleUp: stabilizationWindowSeconds: 120`
decisionRunner.contextRoot	Specify the context root of the Decision Runner. The context root is an extra path that is used to access the Decision Runner component. For more information, see Configuring external access.	empty	`decisionRunner: contextRoot: “/dev-dr"`
decisionRunner.customPodAntiAffinity	Specify your custom pod anti-affinity definitions if you want to override the default setting. For more information, see “Configuring custom Pod Anti-Affinity on Operational Decision Manager pods”.	`preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: run operator: In values: - <release_name>-odm-decisionrunner topologyKey: "kubernetes.io/hostname"`	`decisionRunner: replicaCount: 3 customPodAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: run operator: In values: - <release_name>-odm-decisionrunner topologyKey: "kubernetes.io/hostname"`
decisionRunner.downloadUrl	Specify the url of download. You can specify a list of urls. Files with .zip, .tar.gz, .tar.bz2, .tgz extensions will be automatically unarchived after their downloads	{}	`decisionRunner: downloadUrl: - http://<host>:<port>/file1.zip - http://<host>:<port>/file2.jar`
decisionRunner.enabled	To enable Decision Runner.	true	`decisionRunner: enabled: false`
decisionRunner.jvmOptionsRef	Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. See an example in Persisting the Decision Center ruleset cache.	empty	`decisionRunner: jvmOptionsRef: my-dr-jvm-options-configmap`
decisionRunner.lifecycleHooksSecretRef	Specify the name of the Kubernetes Secret that contains scripts for the container lifecycle hooks. The secret might have start.sh, stop.sh keys to be run in the postStart, preStop lifecycle.	empty	`decisionRunner: lifecycleHooksSecretRef: my-dr-hooks-secret`
decisionRunner.labels	Provide custom labels for the Decision Runner Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation .	{}	`decisionRunner: labels: key: value isSomething: "true"` You can add labels with a command line by using the following syntax: `--set decisionRunner.labels.key=value` To add a label name that includes dots: `--set decisionRunner.labels."label\.with\.dot"=value` To remove a label, set it to `null` with the following command: `$ helm get values RELEASE_NAME > get-values.yaml $ helm upgrade RELEASE_NAME -f get-values.yaml \ --set decisionRunner.labels.key=null \ charts/ibm-odm-prod-CHART_VERSION.tgz`
decisionRunner.libertyHookRef	Specify the name of the secret to configure the Liberty start and/or end. If left empty, there is no custom Liberty start/end.	empty
decisionRunner.loggingRef	Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. For more information, see Customizing log levels.	empty	`decisionRunner: loggingRef: my-dr-logging-configmap`
decisionRunner.logstashCollectorRef	Specify the name of the secret to configure the logstash collector. If left empty, there is no logstash collector configuration.	empty
decisionRunner.monitorRef	Specify the name of the secret to configure the mpMetrics monitoring. If left empty, there is no mpMetric monitoring.	empty
decisionRunner.networkPolicy.egress	Specify the egress network policy to apply to Decision Runner.	empty	`decisionRunner: networkPolicy: egress: - ports: - protocol: TCP port: 9443 # DS service port - protocol: TCP port: 9453 # DC service port to: - ipBlock: cidr: <DS_DATABASE_IP>/32 - namespaceSelector: matchLabels: kubernetes.io/metadata.name: <RELEASE_NAME>-ibm-odm-prod`
decisionRunner.networkPolicy.ingress	Specify the ingress network policy to apply to Decision Runner.	empty	`decisionRunner: networkPolicy: ingress: - ports: - protocol: TCP port: 9443 - from: - podSelector: matchLabels: run: <RELEASE>-odm-decisioncenter - podSelector: matchLabels: run: <RELEASE>-odm-decisionserverconsole`
decisionRunner.nodeAffinity	Specify the node selector term match expression list to manage node affinity. For more information, see Configuring multi-zone support.	empty	`decisionRunner: nodeAffinity: - key: topology.kubernetes.io/zone operator: In values: - eu-west-3c`
decisionRunner.podDisruptionBudget	Specify either maxUnavailable and minAvailable pertaining to the podDisruptionBudget. The value can be either an absolute number or a percentage. Note: podDisruptionBudget should only be activated if the component has two or more replicas. For more information, see Configuring pod disruption budget on ODM deployments.	empty	`decisionRunner: replicaCount: 3 podDisruptionBudget: maxUnavailable: 1`
decisionRunner.replicaCount	The number of Decision Runner pods. This parameter is ignored if decisionRunner.autoscaling.enabled is set to true. For more information, see Manual scaling.	1	`decisionRunner: replicaCount: 2`
decisionRunner.resources.limits.cpu decisionRunner.resources.limits.memory decisionRunner.resources.limits.ephemeral-storage decisionRunner.resources.requests.cpu decisionRunner.resources.requests.memory decisionRunner.resources.requests.ephemeral-storage	The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Runner. For more information, see Managing Resources for Containers .	2 4096Mi 200Mi 500m 512Mi 1G	`decisionRunner: resources: requests: cpu: 500m memory: 512Mi ephemeral-storage: 200Mi limits: cpu: 2 memory: 4096Mi ephemeral-storage: 1G`
decisionRunner.extendRoleMapping	Enable the role mapping extension feature to map an Operational Decision Manager role to one or several groups (basic or LDAP registry) when their names are different. Ignored if oidc.enabled is set to `true`. For more information, see Migrating your LDAP connection.	false	`decisionRunner: extendRoleMapping: true`
decisionRunner.resURL	The Decision Server console URL that is used to deploy the XOM. Can be modified. For more information, see Customizing Decision Runner.	empty	`decisionRunner: resURL: "https://my_desination_cluster.domain.com/res,https://<project_name>-odm-decisionserverconsole:443/<context_root>/res"`
decisionRunner.rollingUpdate.maxSurge decisionRunner.rollingUpdate.maxUnavailable	The properties that are used to control the rolling updates of a deployment. For more information, see Rolling updates for ODM deployments.	1 0	`decisionRunner: rollingUpdate: maxSurge: 1 maxUnavailable: 0`
decisionRunner.sidecar.enabled	Enable Sidecar Container in Decision Runner (New since version 9.0.0.1).	false
decisionRunner.sidecar.image	Specify the sidecar image to use (New since version 9.0.0.1).	empty
decisionRunner.sidecar.confSecretRef	Specify the name of the secret to be used by the sidecar container (New since version 9.0.0.1).	empty
decisionRunner.sidecar.resources	Specify the sidecar resources (New since version 9.0.0.1).	empty
decisionRunner.sidecar.probes	Specify the sidecar probes (startupProbe,readinessProbe,livenessProbe) (New since version 9.0.0.1).	empty
automountServiceAccountToken	Specify whether the kubelet should automatically mount the ServiceAccount's API credentials to enable scripts running in a pod to send authenticated requests to the API server.	false	`decisionRunner: automountServiceAccountToken: true`
decisionRunner.tagOrDigest	Specify the tag or digest for the Decision Runner docker image. If left empty, the image.tag parameter is used.	empty	Example with a docker tag: `decisionRunner: tagOrDigest: my-custom-tag` Example with a digest: `decisionRunner: tagOrDigest: sha256:xxxxxxxxxx`
decisionRunner.tolerations	Specify tolerations to allow Kubernetes scheduler to schedule Decision Runner pods onto nodes with matching taints.	empty	`decisionRunner: tolerations: - key: "dr" operator: "Exists" effect: "NoSchedule"`
decisionRunner.topologySpreadConstraints	Specify topology spread constraints to allow Kubernetes scheduler to distribute Decision Runner pods across your cluster among failure domains such as regions, zones, and nodes. For more information, see Configuring topology spread constraints on Operational Decision Manager pods.	empty	`decisionRunner: replicaCount: 2 topologySpreadConstraints: - maxSkew: 1 topologyKey: "topology.kubernetes.io/zone" whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app.kubernetes.io/component: decisionRunner matchLabelKeys: - pod-template-hash`
decisionServerConsole.annotations	Specify the annotations to add to Decision Server Console pod (New since version 9.0.0.1).	empty
decisionServerConsole.contextRoot	Specify the context root of the Decision Server console. The context root is an additional path that is used to access the Decision Server console component. For more information, see Configuring external access.	empty	`decisionServerConsole: contextRoot: “/dev-res"`
decisionServerConsole.downloadUrl	Specify the url of download. You can specify a list of urls. Files with .zip, .tar.gz, .tar.bz2, .tgz extensions will be automatically unarchived after their downloads	{}	`decisionServerConsole: downloadUrl: - http://<host>:<port>/file1.zip - http://<host>:<port>/file2.jar`
decisionServerConsole.jvmOptionsRef	Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. See an example in Persisting the Decision Center ruleset cache.	empty	`decisionServerConsole: jvmOptionsRef: my-dsc-jvm-options-configmap`
decisionServerConsole.lifecycleHooksSecretRef	Specify the name of the Kubernetes Secret that contains scripts for the container lifecycle hooks. The secret might have start.sh, stop.sh keys to be run in the postStart, preStop lifecycle.	empty	`decisionServerConsole: lifecycleHooksSecretRef: my-dsc-hooks-secret`
decisionServerConsole.labels	Provide custom labels for the Decision Server console Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation .	{}	`decisionServerConsole: labels: key: value isSomething: "true"` You can add labels with a command line by using the following syntax: `--set decisionServerConsole.labels.key=value` To add a label name that includes dots: `--set decisionServerConsole.labels."label\.with\.dot"=value` To remove a label, set it to `null` with the following command: `$ helm get values RELEASE_NAME > get-values.yaml $ helm upgrade RELEASE_NAME -f get-values.yaml \ --set decisionServerConsole.labels.key=null \ charts/ibm-odm-prod-CHART_VERSION.tgz`
decisionServerConsole.libertyHookRef	Specify the name of the secret to configure the Liberty start and/or end. If left empty, there is no custom Liberty start/end.	empty
decisionServerConsole.loggingRef	Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. For more information, see Customizing log levels.	empty	`decisionServerConsole: loggingRef: my-dsc-logging-configmap`
decisionServerConsole.logstashCollectorRef	Specify the name of the secret to configure the logstash collector. If left empty, there is no logstash collector configuration.	empty
decisionServerConsole.monitorRef	Specify the name of the secret to configure the mpMetrics monitoring. If left empty, there is no mpMetric monitoring.	empty
decisionServerConsole.networkPolicy.egress	Specify the egress network policy to apply to the Decision Server console.	empty	`decisionServerConsole: networkPolicy: egress: - ports: port: 9443 # DS service port - protocol: TCP port: 9453 # DC service port to: - ipBlock: cidr: <DS_DATABASE_IP>/32 - namespaceSelector: matchLabels: kubernetes.io/metadata.name: <RELEASE_NAME>-ibm-odm-prod`
decisionServerConsole.networkPolicy.ingress	Specify the ingress network policy to apply to the Decision Server console.	empty	`decisionServerConsole: networkPolicy: ingress: - ports: - protocol: TCP port: 9443 - protocol: TCP port: 1883 - from: - podSelector: matchLabels: run: <RELEASE>-odm-decisioncenter - podSelector: matchLabels: run: <RELEASE>-odm-decisionrunner - podSelector: matchLabels: run: <RELEASE>-odm-decisionserverruntime`
decisionServerConsole.nodeAffinity	Specify the node selector term match expression list to manage node affinity. For more information, see Configuring multi-zone support.	empty	`decisionServerConsole: nodeAffinity: - key: topology.kubernetes.io/zone operator: In values: - eu-west-3c`
decisionServerConsole.resources.limits.cpu decisionServerConsole.resources.limits.memory decisionServerConsole.resources.limits.ephemeral-storage decisionServerConsole.resources.requests.cpu decisionServerConsole.resources.requests.memory decisionServerConsole.resources.requests.ephemeral-storage	The CPU/Memory/Ephemeral Storage resource requests/limits for the Decision Server console. For more information, see Managing Resources for Containers .	2 1024Mi 1G 500m 512Mi 200Mi	`decisionServerConsole: resources: requests: cpu: 500m memory: 512Mi ephemeral-storage: 200Mi limits: cpu: 2 memory: 1024Mi ephemeral-storage: 1G`
decisionServerConsole.extendRoleMapping	Enable the role mapping extension feature to map an Operational Decision Manager role to one or several groups (basic or LDAP registry) when their names are different. Ignored if oidc.enabled is set to `true`. For more information, see Migrating your LDAP connection.	false	`decisionServerConsole: extendRoleMapping: true`
decisionServerConsole.rollingUpdate.maxSurge decisionServerConsole.rollingUpdate.maxUnavailable	The properties that are used to control the rolling updates of a deployment. For more information, see Rolling updates for ODM deployments.	1 0	`decisionServerConsole: rollingUpdate: maxSurge: 1 maxUnavailable: 0`
decisionServerConsole.runtime.webConfigRef	Specify the name of the configMap that customizes the `context-param` properties in the web.xml of the Decision Server console runtime. If left empty, it uses the configMap defined for the Decision Server runtime. For more information, see Customizing new Decision Server components.	empty	`decisionServerConsole: runtime: webConfigRef: my-dsc-web-configmap`
decisionServerConsole.sidecar.enabled	Enable Sidecar Container in Decision Server Console (New since version 9.0.0.1).	false
decisionServerConsole.sidecar.image	Specify the sidecar image to use (New since version 9.0.0.1).	empty
decisionServerConsole.sidecar.confSecretRef	Specify the name of the secret to be used by the sidecar container (New since version 9.0.0.1).	empty
decisionServerConsole.sidecar.resources	Specify the sidecar resources (New since version 9.0.0.1).	empty
decisionServerConsole.sidecar.probes	Specify the sidecar probes (startupProbe,readinessProbe,livenessProbe) (New since version 9.0.0.1).	empty
automountServiceAccountToken	Specify whether the kubelet should automatically mount the ServiceAccount's API credentials to enable scripts running in a pod to send authenticated requests to the API server.	false	`decisionServerConsole: automountServiceAccountToken: true`
decisionServerConsole.title	Specify the title for the Decision Server console web page. If left empty, the default title Rule Execution Server is used.	empty	`decisionServerConsole: title: “ODM Console”`
decisionServerConsole.description	Specify a description for the Decision Server console. If left empty, the default description Console is used.	empty	`decisionServerConsole: description: “Decision Server Console”`
decisionServerConsole.tagOrDigest	Specify the tag or digest for the Decision Server console docker image. If left empty, the image.tag parameter is used.	empty	Example with a docker tag: `decisionServerConsole: tagOrDigest: my-custom-tag` Example with a digest: `decisionServerConsole: tagOrDigest: sha256:xxxxxxxxxx`
decisionServerConsole.tolerations	Specify tolerations to allow Kubernetes scheduler to schedule Decision Console pods onto nodes with matching taints.	empty	`decisionServerConsole: tolerations: - key: "dsc" operator: "Exists" effect: "NoSchedule"`
decisionServerRuntime.annotations	Specify the annotations to add to Decision Server Runtime pods (New since version 9.0.0.1).	empty
decisionServerRuntime.autoscaling.enabled decisionServerRuntime.autoscaling.minReplicas decisionServerRuntime.autoscaling.maxReplicas (Deprecated) decisionServerRuntime.autoscaling.targetAverageUtilization decisionServerRuntime.autoscaling.targetAverageCpuUtilization decisionServerRuntime.autoscaling.targetAverageMemoryUtilization decisionServerRuntime.autoscaling.behavior decisionServerRuntime.dedicated.autoscaling.enabled decisionServerRuntime.dedicated.autoscaling.minReplicas decisionServerRuntime.dedicated.autoscaling.maxReplicas decisionServerRuntime.dedicated.autoscaling.targetAverageUtilization decisionServerRuntime.dedicated.autoscaling.targetAverageCpuUtilization decisionServerRuntime.dedicated.autoscaling.targetAverageMemoryUtilization decisionServerRuntime.dedicated.autoscaling.behavior	Enable and configure autoscaling for Decision Server runtime. For more information, see Autoscaling Note: targetAverageUtilization is deprecated and replaced by targetAverageCpuUtilization.	false 2 3 300 300 600 See example false <values inherited from decisionServerRuntime.autoscaling>	`decisionServerRuntime: autoscaling: enabled: true minReplicas: 1 maxReplicas: 4 targetAverageCpuUtilization: 350 targetAverageMemoryUtilization: 700 behavior: scaleDown: stabilizationWindowSeconds: 300 scaleUp: stabilizationWindowSeconds: 30 dedicated: - name: loan-validation paths: - /loan-validation/ autoscaling: enabled: true maxReplicas: 2 targetAverageMemoryUtilization: 600`
decisionServerRuntime.contextRoot	Specify the context root of the Decision Server runtime. The context root is an extra path that is used to access the Decision Server runtime component. For more information, see Configuring external access.	empty	`decisionServerRuntime: contextRoot: “/dev-dsr"`
decisionServerRuntime.customPodAntiAffinity	Specify your custom pod anti-affinity definitions if you want to override the default setting. For more information, see “Configuring custom Pod Anti-Affinity on Operational Decision Manager pods”.	`preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: run operator: In values: - <release_name>-odm-decisionserverruntime topologyKey: "kubernetes.io/hostname"`	`decisionServerRuntime: replicaCount: 3 customPodAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: run operator: In values: - <release_name>-odm-decisionserverruntime topologyKey: "kubernetes.io/hostname"`
decisionServerRuntime.dedicated	List of dedicated runtime pod configurations	[ ]	`decisionServerRuntime: dedicated: - name: miniloan # Required - Name of the dedicated runtime paths: # Required - Ruleset paths that will be deployed in this runtime - /miniloan/1.0 - /miniloan/2.0 resources: # Optional - Kubernetes resources requests: cpu: 1000m memory: 2048Mi limits: cpu: 2000m memory: 4096Mi`
decisionServerRuntime.dedicated[].name	Name identifier for the dedicated runtime pod configuration	N/A
decisionServerRuntime.dedicated[].paths	List of ruleset paths that are executed in this dedicated runtime pod	Should be ruleset path format
decisionServerRuntime.dedicated[].replicaCount	Number of pod replicas for this dedicated runtime	1
decisionServerRuntime.dedicated[].resources.requests.cpu	CPU resource request for the pod	500m
decisionServerRuntime.dedicated[].resources.requests.ephemeral-storage	Ephemeral storage resource request for the pod	200m
decisionServerRuntime.dedicated[].resources.requests.memory	Memory resource request for the pod	512Mi
decisionServerRuntime.dedicated[].resources.limits.cpu	CPU resource limit for the pod	2
decisionServerRuntime.dedicated[].resources.limits.ephemeral	Ephemeral storage resource limit for the pod	1G
decisionServerRuntime.dedicated[].resources.limits.memory	Memory resource limit for the pod	4096Mi
decisionServerRuntime.dedicated[].webConfigRef	`ConfigMap` reference for customizing Decision Server Runtime behavior	If not specified in the dedicated runtime pod configuration, the value from the parent `decisionServerRuntime` level is used if present.	`decisionServerRuntime: dedicated: - name: miniloan # Required - Name of the dedicated runtime paths: # Required - Ruleset paths that will be deployed in this runtime - /miniloan/1.0 webConfigRef: my-odm-web-configmap`
decisionServerRuntime.dedicated[].xuConfigRef	`ConfigMap` reference for optimizing the execution unit (XU)	If not specified in the dedicated runtime pod configuration, the value from the parent `decisionServerRuntime` level is used if present.
New in 9.6.0.0 decisionServerRuntime.disableAuthentication	Disable authentication on Decision Server Runtime calls.	false	`decisionServerRuntime: disableAuthentication: true`
decisionServerRuntime.downloadUrl	Specify the url of download. You can specify a list of urls. Files with .zip, .tar.gz, .tar.bz2, .tgz extensions will be automatically unarchived after their downloads	{}	`decisionServerRuntime: downloadUrl: - http://<host>:<port>/file1.zip - http://<host>:<port>/file2.jar`
decisionServerRuntime.enabled	To enable Decision Server runtime.	true	`decisionServerRuntime: enabled: false`
decisionServerRuntime.jvmOptionsRef	Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. See an example in Persisting the Decision Center ruleset cache.	empty	`decisionServerRuntime: jvmOptionsRef: my-dsr-jvm-options-configmap`
decisionServerRuntime.libertyHookRef	Specify the name of the secret to configure the Liberty start and/or end. If left empty, there is no custom Liberty start/end.	empty
decisionServerRuntime.lifecycleHooksSecretRef	Specify the name of the Kubernetes Secret that contains scripts for the container lifecycle hooks. The secret might have start.sh, stop.sh keys to be run in the postStart, preStop lifecycle.	empty	`decisionServerRuntime: lifecycleHooksSecretRef: my-dsr-hooks-secret`
decisionServerRuntime.labels	Provide custom labels for the Decision Server console Kubernetes resources. The values must meet the Kubernetes labels requirements. For more information, see this documentation .	{}	`decisionServerRuntime: labels: key: value isSomething: "true"` You can add labels with a command line by using the following syntax: `--set decisionServerRuntime.labels.key=value` To add a label name that includes dots: `--set decisionServerRuntime.labels."label\.with\.dot"=value` To remove a label, set it to `null` with the following command: `$ helm get values RELEASE_NAME > get-values.yaml $ helm upgrade RELEASE_NAME -f get-values.yaml \ --set decisionServerRuntime.labels.key=null \ charts/ibm-odm-prod-CHART_VERSION.tgz`
decisionServerRuntime.loggingRef	Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. For more information, see Customizing log levels.	empty	`decisionServerRuntime: loggingRef: my-dsr-logging-configmap`
decisionServerRuntime.logstashCollectorRef	Specify the name of the secret to configure the logstash collector. If left empty, there is no logstash collector configuration.	empty
decisionServerRuntime.monitorRef	Specify the name of the secret to configure the mpMetrics monitoring. If left empty, there is no mpMetric monitoring.	empty
decisionServerRuntime.networkPolicy.egress	Specify the egress network policy to apply to the Decision Server runtime.	empty	`decisionServerRuntime: networkPolicy: egress: - ports: - protocol: TCP port: <DS_DATABASE_PORT> - protocol: TCP port: 9443 # DS service port - protocol: TCP port: 9453 # DC service port to: - ipBlock: cidr: <DS_DATABASE_IP>/32 - namespaceSelector: matchLabels: kubernetes.io/metadata.name: <RELEASE_NAME>-ibm-odm-prod`
decisionServerRuntime.networkPolicy.ingress	Specify the ingress network policy to apply to the Decision Server runtime.	empty	`decisionServerRuntime: networkPolicy: ingress: - ports: - protocol: TCP port: 9443 - from: - podSelector: matchLabels: run: <RELEASE>-odm-decisionserverconsole`
decisionServerRuntime.nodeAffinity	Specify the node selector term match expression list to manage node affinity. For more information, see Configuring multi-zone support.	empty	`decisionServerRuntime: nodeAffinity: - key: topology.kubernetes.io/zone operator: In values: - eu-west-3c`
decisionServerRuntime.podDisruptionBudget	Specify either maxUnavailable and minAvailable pertaining to the podDisruptionBudget. The value can be either an absolute number or a percentage. Note: podDisruptionBudget should only be activated if the component has two or more replicas. For more information, see “Configuring Pod Disruption Budget on ODM deployments”	empty	`decisionServerRuntime: replicaCount: 3 podDisruptionBudget: maxUnavailable: 1`
decisionServerRuntime.replicaCount	The number of Decision Server runtime pods. This parameter is ignored if decisionServerRuntime.autoscaling.enabled is set to true. For more information, see Manual scaling.	1	`decisionServerRuntime: replicaCount: 2`
decisionServerRuntime.resources.limits.cpu decisionServerRuntime.resources.limits.memory decisionServerRuntime.resources.limits.ephemeral-storage decisionServerRuntime.resources.requests.cpu decisionServerRuntime.resources.requests.memory decisionServerRuntime.resources.requests.ephemeral-storage	The CPU/Memory/Ephemeral Storage resource requests/limits for Decision Server runtime. For more information, see Managing Resources for Containers .	2 4096Mi 1G 500m 512Mi 200Mi	`decisionServerRuntime: resources: requests: cpu: 500m memory: 512Mi ephemeral-storage: 200Mi limits: cpu: 2 memory: 4096Mi ephemeral-storage: 1G`
decisionServerRuntime.rollingUpdate.maxSurge decisionServerRuntime.rollingUpdate.maxUnavailable	The properties that are used to control the rolling updates of a deployment. For more information, see Rolling updates for ODM deployments.	1 0	`decisionServerRuntime: rollingUpdate: maxSurge: 1 maxUnavailable: 0`
decisionServerRuntime.sidecar.enabled	Enable Sidecar Container in Decision Server Runtime (New since version 9.0.0.1).	false
decisionServerRuntime.sidecar.image	Specify the sidecar image to use (New since version 9.0.0.1).	empty
decisionServerRuntime.sidecar.confSecretRef	Specify the name of the secret to be used by the sidecar container (New since version 9.0.0.1).	empty
decisionServerRuntime.sidecar.resources	Specify the sidecar resources (New since version 9.0.0.1).	empty
decisionServerRuntime.sidecar.probes	Specify the sidecar probes (startupProbe,readinessProbe,livenessProbe) (New since version 9.0.0.1).	empty
automountServiceAccountToken	Specify whether the kubelet should automatically mount the ServiceAccount's API credentials to enable scripts running in a pod to send authenticated requests to the API server.	false	`decisionServerRuntime: automountServiceAccountToken: true`
decisionServerRuntime.extendRoleMapping	Enable the role mapping extension feature to map an Operational Decision Manager role to one or several groups (basic or LDAP registry) when their names are different. Ignored if oidc.enabled is set to `true`. For more information, see Migrating your LDAP connection.	false	`decisionServerRuntime: extendRoleMapping: true`
decisionServerRuntime.tagOrDigest	Specify the tag or digest for the Decision Server runtime docker image. If left empty, the image.tag parameter is used.	empty	Example with a docker tag: `decisionServerRuntime: tagOrDigest: my-custom-tag` Example with a digest: `decisionServerRuntime: tagOrDigest: sha256:xxxxxxxxxx`
decisionServerRuntime.tolerations	Specify tolerations to allow Kubernetes scheduler to schedule Decision Server Runtime pods onto nodes with matching taints.	empty	`decisionServerRuntime: tolerations: - key: "dsr" operator: "Exists" effect: "NoSchedule"`
decisionServerRuntime.topologySpreadConstraints	Specify topology spread constraints to allow Kubernetes scheduler to distribute Decision Server Runtime pods across your cluster among failure domains such as regions, zones, and nodes. For more information, see Configuring topology spread constraints on Operational Decision Manager pods.	empty	`empty decisionServerRuntime: replicaCount:3 topologySpreadConstraints: - maxSkew: 1 topologyKey: "kubernetes.io/hostname" whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app.kubernetes.io/component: decisionServerRuntime matchLabelKeys: - pod-template-hash`
decisionServerRuntime.webConfigRef	Specify the name of the configMap that customizes the `context-param` properties in the web.xml of the runtime. If left empty, the default context-param properties are used. For more information, see Customizing new Decision Server components.	empty	`decisionServerRuntime: webConfigRef: my-odm-web-configmap`
decisionServerRuntime.xuConfigRef	Specify the name of the configmap that contains the XU configuration property file. For more information, see Optimizing the execution unit (XU).	empty	`decisionServerRuntime: xuConfigRef: my-odm-xu-configmap`
externalCustomDatabase.datasourceRef	The data source secret reference. For more information, see Configuring a custom external database.	empty	`externalCustomDatabase: datasourceRef:customdatasource-secret`
externalDatabase.databaseName	The name of the external database that is used for Operational Decision Manager. If this parameter is empty, `odmdb` is used by default.	empty	`externalDatabase: databaseName: odmdb port: 5432 secretCredentials: odm-prod-secret-psql serverName: postgresql.odm-restricted.svc.cluster.local type: postgresql`
externalDatabase.port	The port that is exposed to connect to the external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle.	empty
externalDatabase.secretCredentials	The name of the secret that contains the credentials to connect to the external database.	empty
externalDatabase.serverName	The name of the server that runs the database for Operational Decision Manager. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external database.	empty
externalDatabase.type	The type of the external database. This parameter can be set to `postgresql` for a PostgreSQL database, to `db2` for a Db2 database, to `sqlserver` for a Microsoft SQL Server, or to `oracle` for an Oracle database. If this parameter is empty, `postgresql` is used by default. For more information, see Configuring an external database.	empty
externalDatabase.driversUrl	Specify the URL of the database driver. You can specify a list of URLs. For more information, see Configuring an external database.	[]	`externalDatabase: driversUrl: - https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.49/mysql-connector-java-5.1.49.jar - url2` In command line: `--set externalDatabase.driversUrl="{url1,url2}"`
externalDatabase.sslSecretRef	Specify the name of the secret which contains the TLS certificate that you want to use for the secure database. This parameter is left empty for a non-secured database. For more information, see Configuring an external database.	empty	`externalDatabase: sslSecretRef: db2-ssl-secret`
externalDatabase.url	The URL of the external database (currently only with Oracle) that is used for Operational Decision Manager. If defined, it is used in replacement of `databaseName/port/serverName` For more information, see Configuring an external database.	empty	`externalDatabase: url: "jdbc:oracle:thin:@serverName:port:databaseName"`
externalDatabase.decisionCenter.databaseName	The name of the Decision Center external database that is used for Operational Decision Manager. If this parameter is empty, `odmdb` is used by default.	empty	`externalDatabase: decisionCenter: databaseName: dcdb port: 5432 secretCredentials: odm-prod-secret-psql-dc serverName: postgresqldc.odm-restricted.svc.cluster.local type: postgresql`
externalDatabase.decisionCenter.port	The port that is exposed to connect to the Decision Center external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle.	empty
externalDatabase.decisionCenter.secretCredentials	The name of the secret that contains the credentials to connect to the Decision Center external database.	empty
externalDatabase.decisionCenter.serverName	The name of the server that runs the database for Decision Center. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external databases.	empty
externalDatabase.decisionCenter.type	The type of the Decision Center external database. This parameter can be set to `postgresql` for a PostgreSQL database, to `db2` for a Db2 database, to `sqlserver` for a Microsoft SQL Server, or to `oracle` for an Oracle database. If this parameter is empty, `postgresql` is used by default. For more information, see Configuring an external database.	empty
externalDatabase.decisionCenter.driversUrl	Specify the URL of the Decision Center database driver. You can specify a list of URLs. For more information, see Configuring an external database.	empty	`externalDatabase: decisionCenter: driversUrl: - url1 - url2` In command line: `--set externalDatabase.decisionCenter.driversUrl="{url1,url2}"`
externalDatabase.decisionCenter.sslSecretRef	Specify the name of the secret which contains the TLS certificate that you want to use for the secure Decision Center database. This parameter is left empty for a non-secured database. For more information, see Configuring an external database.	empty	`externalDatabase: decisionCenter: sslSecretRef: db2-ssl-secret`
externalDatabase.decisionCenter.url	The URL of the Decision Center external database (currently only with Oracle) that is used for Operational Decision Manager. If defined, it is used in replacement of `databaseName/port/serverName` For more information, see Configuring an external database.	empty	`externalDatabase: decisionCenter: url: "jdbc:oracle:thin:@serverName:port:databaseName"`
externalDatabase.decisionServer.databaseName	The name of the Decision Server external database that is used for Operational Decision Manager. If this parameter is empty, `odmdb` is used by default.	empty	`externalDatabase: decisionServer: databaseName: dsdb port: 5432 secretCredentials: odm-prod-secret-psql-ds serverName: postgresqlds.odm-restricted.svc.cluster.local type: postgresql`
externalDatabase.decisionServer.port	The port that is exposed to connect to the Decision Server external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2®, 1433 for Microsoft SQL Server, and 1521 for Oracle.	empty
externalDatabase.decisionServer.secretCredentials	The name of the secret that contains the credentials to connect to the Decision Server external database.	empty
externalDatabase.decisionServer.serverName	The name of the server that runs the database for Decision Server. Only PostgreSQL, Db2, Microsoft SQL Server, and Oracle are supported as external databases.	empty
externalDatabase.decisionServer.type	The type of the Decision Server external database. This parameter can be set to `postgresql` for a PostgreSQL database, to `db2` for a Db2 database, to `sqlserver` for a Microsoft SQL Server, or to `oracle` for an Oracle database. If this parameter is empty, `postgresql` is used by default. For more information, see Configuring an external database.	empty
externalDatabase.decisionServer.driversUrl	Specify the URL of the Decision Server database driver. You can specify a list of URLs. For more information, see Configuring an external database.	[]	`externalDatabase: decisionServer: driversUrl: - url1 - url2` In command line: `--set externalDatabase.decisionServer.driversUrl="{url1,url2}"`
externalDatabase.decisionServer.sslSecretRef	Specify the name of the secret which contains the TLS certificate that you want to use for the secure Decision Server database. This parameter is left empty for a non-secured database. For more information, see Configuring an external database.	empty	`externalDatabase: decisionServer: sslSecretRef: db2-ssl-secret`
externalDatabase.decisionServer.url	The URL of the Decision Server external database (currently only with Oracle) that is used for Operational Decision Manager. If defined, it is used in replacement of `databaseName/port/serverName` For more information, see Configuring an external database.	empty	`externalDatabase: decisionServer: url: "jdbc:oracle:thin:@serverName:port:databaseName"`
image.pullPolicy	The image pull policy. By default, the most recent downloaded docker image is used. Set the policy to Always to pull the latest version of the docker image.	IfNotPresent	`image: pullPolicy: Always`
image.pullSecrets	The image pull secrets.	[]	`image: pullSecrets: - admin.registrykey - admin.registrykey`
image.tag	The image tag version.	9.0.0.1	`image: tag: 9.0.0.1-IF00n`
image.repository	The repository.	empty	`image: repository: your.private.registry.example.com`
internalDatabase.persistence.enabled	To enable the use of a Persistent Volume Claim (PVC) to persist data.	true	`internalDatabase: persistence: enabled: true resources: requests: storage: 5Gi storageClassName: my-storage-class useDynamicProvisioning: true`
internalDatabase.persistence.resources.requests.storage	The requested storage size for the Persistent Volume.	5Gi
internalDatabase.persistence.storageClassName	The storage class name for the Persistent Volume.	empty
internalDatabase.persistence.useDynamicProvisioning	To use dynamic provisioning for Persistent Volume Claim. If this parameter is set to false, the Kubernetes binding process selects a pre-existing volume. Ensure, in this case, that a volume is not already bound before you install the chart. For more information, see Configuring the internal database.	false
internalDatabase.populateSampleData	Specify whether to provide sample data in the internal database. Only if the persistence locale for Decision Center is set to English (US).	false	`internalDatabase: populateSampleData: true`
internalDatabase.resources.limits.cpu internalDatabase.resources.limits.memory internalDatabase.resources.limits.ephemeral-storage internalDatabase.resources.requests.cpu internalDatabase.resources.requests.memory internalDatabase.resources.requests.ephemeral-storage	The CPU/Memory resource requests/limits for the internal database.	2 4096Mi 1G 500m 512Mi 500Mi	`internalDatabase: resources: requests: cpu: 500m memory: 512Mi ephemeral-storage: 500Mi limits: cpu: 2 memory: 4096Mi ephemeral-storage: 1G`
internalDatabase.runAsUser	Specify the user ID to run the internal database container. Must be set to empty if you want to use the `restricted` scc on OpenShift. For more information, see Preparing to install Operational Decision Manager.	26	`internalDatabase: runAsUser: ““` In command line: `--set internalDatabase.runAsUser=`
internalDatabase.secretCredentials	The name of the secret that contains the credentials to connect to the internal database. For more information, see Configuring the internal database.	empty	`internalDatabase: secretCredentials: my-secret`
internalDatabase.tagOrDigest	Specify the tag or digest for the internal database docker image. If left empty, the image.tag parameter is used.	empty	`internalDatabase: tagOrDigest: my-custom-tag`
livenessProbe.failureThreshold livenessProbe.initialDelaySeconds livenessProbe.periodSeconds livenessProbe.timeoutSeconds	The behavior of liveness probes to know when to restart a container.	4 300 30 5	`livenessProbe: failureThreshold: 4 initialDelaySeconds: 300 periodSeconds: 30 timeoutSeconds: 5`
networkPolicy.enabled	Enable the creation of network policy resources.	true	`networkPolicy: enable: false`
networkPolicy.egress	Specify the egress network policy to apply to all components.	empty	Example to restrict internet access: `networkPolicy: egress: - ports: - protocol: TCP port: <DC_DATABASE_PORT> - protocol: TCP port: <DS_DATABASE_PORT> - protocol: TCP port: 9443 # DS service port - protocol: TCP port: 9453 # DC service port to: - ipBlock: cidr: <DC_DATABASE_IP>/32 - ipBlock: cidr: <DS_DATABASE_IP>/32 - namespaceSelector: matchLabels: kubernetes.io/metadata.name: <RELEASE_NAME>-ibm-odm-prod`
networkPolicy.ingress	Specify the ingress network policy to apply to all components.	empty	Example to allow all ingress communications: `networkPolicy: ingress: - {}`
oidc.disableLoginPanel	Allows you to disable the basic authentication login panel when Operational Decision Manager is configured with Open ID Connect (`oidc.enabled=true`).	false	`oidc: disableLoginPanel: true`
oidc.enabled	Set to `true` to enable OpenID authentication.	false	`oidc: enabled: true serverUrl: my-openid-serverUrl adminRef: my-openid-admin-secret allowedDomains: my-openid-allowed-domains`
oidc.serverUrl	The URL of the OpenID server is mandatory.	empty
oidc.adminRef	A secret for the OpenID administrator. The administrator secret is used to call the OpenID REST API to register the URLs of the Operational Decision Manager services.	empty
oidc.allowedDomains	A list of domain names (separated by commas) to avoid Cross-Site Request Forgery (CSRF) attacks on the Decision Server console. For more information, see Configuring user access with OpenID.	empty
oidc.clientRef	The secret reference name that contains the client ID and password to use the OpenID REST API. If not provided, a default secret is created. For more information, see Configuring user access with OpenID.	empty	`oidc: clientRef: my_openid_clientid_secret`
oidc.provider	The name of the provider used to build the endpoints for OpenID REST API calls. If left empty, the ums provider name is used. For more information, see Configuring user access with OpenID.	empty	`oidc: provider: myopenidprovider`
oidc.redirectUrisRef	The configmap that contains the list of redirect URLs (separated by commas) to access Operational Decision Manager.	empty	`oidc: redirectUrisRef: my-odm-oidc-redirect-uris-configmap`
oidc.applyToComponents	The list of components for which OpenID should be enabled. If left empty, OpenID is enabled in all the components (`decisionCenter`, `decisionRunner`, `decisionServerConsole`, `decisionServerRuntime`). Listing components restricts OpenID to those components, for example, `decisionServerConsole` and `decisionServerRuntime` in the provided example.	empty	`oidc: applyToComponents: - decisionServerConsole - decisionServerRuntime`
readinessProbe.failureThreshold readinessProbe.initialDelaySeconds readinessProbe.periodSeconds readinessProbe.timeoutSeconds	The behavior of readiness probes to know when the containers are ready to start accepting traffic.	45 5 5 5	`readinessProbe: failureThreshold: 45 initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 5`
serviceAccountName	Customize the service account that is used by the pods that are created by the Helm chart. If left empty, a service account named `<release_name>`-ibm-odm-prod-service-account is automatically created. For more information about the concept of service account, see the Kubernetes documentation. For more information, see Preparing to install Operational Decision Manager.	empty	`serviceAccountName: my-custom-sa`
service.enableRoute	Specify whether to create OpenShift routes automatically. If true, the routes are created for all Operational Decision Manager components. For more information, see Configuring external access.	false	`service: enableRoute: true`
service.enableTLS	To enable Transport Layer Security (TLS). If this parameter is set to true, the web applications are accessed through HTTPS. If this parameter is set to false, the web applications are accessed through HTTP. For more information, see Configuring external access.	true	`service: enableTLS: false`
service.hostname	Specify the hostname that is used by the created routes. This parameter is only used if the creation of the routes is enabled with the service.enableRoute parameter. The following hostname is generated `<component-name>`.odm.`<release-name>`.`<service.hostname>`. If empty, OpenShift automatically generates a hostname of the form `<route-name>.<suffix>`, where the generated hostname suffix is the default routing subdomain of your cluster according to the OpenShift documentation .	empty	`service: hostname: my-custom-route.com`
service.ingress.enabled service.ingress.annotations service.ingress.tlsHosts service.ingress.tlsSecretRef service.ingress.host	Specify whether an Ingress is created automatically. If true, an Ingress is created for each Operational Decision Manager component. Specify the Ingress annotations. For an example, see odm-docker-kubernetes documentation . Specify the TLS domains of the Ingress. Specify the name of the secret that contains the TLS certificate that you want to use for the Ingress Domain. Specify the name of the Ingress Domain. For more information, see Configuring external access.	false empty [] empty empty	`service: ingress: enabled: true annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/backend-protocol: "HTTPS" alb.ingress.kubernetes.io/certificate-arn: "arn:aws:iam::<AWS-AccountId>:server-certificate/mycompany" tlsHosts: - tls-host-1 - tls-host-2 tlsSecretRef: my-tls-secret host: mycompany.com`
service.type	The Kubernetes Service type. You can set it to ClusterIP if you define an Ingress controller manually. If the service.enableRoute parameter is set to true, service.type is automatically set to ClusterIP. For more information, see Configuring external access.	NodePort ClusterIP (if service.enableRoute is set to true)	`service: type: ClusterIP`
service.ipFamilyPolicy	Define how IP families (IPv4 and IPv6) are handled for the Service. This setting becomes particularly relevant in dual-stack environments where both IPv4 and IPv6 are enabled. Here are the options you can specify for `ipFamilyPolicy`: `SingleStack` , `PreferDualStack` , `RequireDualStack` (New since version 9.0.0.1)	empty	`service: ipFamilyPolicy: RequireDualStack`
service.ipFamilies	The `ipFamilies` parameter is used to specify which IP families (IPv4 or IPv6) a Service should use. This parameter works in conjunction with the `ipFamilyPolicy` to define the IP addressing behaviors for the Service. (New since version 9.0.0.1)	empty	`service: ipFamilies: - IPv6`
startupProbe.failureThreshold startupProbe.initialDelaySeconds startupProbe.periodSeconds startupProbe.timeoutSeconds	The behavior of startup probes to verify whether the application within a container is started. If needed, you can adjust the values of `periodSeconds` and `failureThreshold` to suit the application startup time in your cluster. The value of `timeoutSeconds` should be lower than the value of `periodSeconds`.	30 15 10 5	`startupProbe: failureThreshold: 30 initialDelaySeconds: 15 periodSeconds: 20 timeoutSeconds: 5`
vault.enabled	Specify whether to use an external secrets store.	false	`vault: enabled: true type: spc`
vault.type	Specify how secrets are provided. When `vault.enabled=true`, `vault.type` must be either `initcontainer` or `spc`, which stants for Secret Provider Class.	null	`vault: enabled: true type: spc`