Configuring custom resources

Learn how to configure custom resources for IBM Robotic Process Automation on Red Hat® OpenShift® Container Platform.

Before you begin

Refer to Versioning reference for available version options.
You must create secrets to the external services that IBM RPA uses. For more information, see Creating IBM RPA secrets.

Basic setup

The following example shows a minimal IBM RPA custom resource that contains all the required sections and properties:

apiVersion: rpa.automation.ibm.com/v1beta1
kind: RoboticProcessAutomation
metadata:
  name: rpa-sample
spec:
  license:
    accept: true
  version: 2.3.0
  tls: {}
  api:
    externalConnection:
      secretName: rpa-db
    firstTenant:
      name: ibm
      owner:
        ownersecret:
          secretName: rpa-owner
    replicas: 1
    smtp:
      port: 587
      server: smtp.example.com
      userSecret:
        secretName: rpa-smtp
    storage: {}
  ui:
    replicas: 1
  ocr:
    replicas: 1

Understanding required CR sections

license
Accept the license. Refer to IBM RPA license 🡥 for license details.
version
Specify the version of the IBM RPA operand. Refer Versioning reference for available options.
tls
Specify an empty TLS section in order for the operator to create self-signed certificates.
externalConnection
Specify the name of a secret that contains the database connection strings.
api
- firstTenant
  Specify the authentication configuration for the first tenant.
  - name
    Name of the first tenant
  - owner
    - ownerSecret
      Name of the secret that contains the username and email for the first tenant owner.
- replicas
  Number of replicas of the IBM RPA's API server pod.
- smtp
  Configure the SMTP server that IBM RPA uses to send email notifications.
  - port
    The port number used to connect to the SMTP server by using TLS.
  - server
    The hostname of the SMTP server
  - userSecret
    Name of the secret that contains the username and password for the SMTP server.
- storage
  By specifying an empty storage section, the operator creates persistent volume claims using the cluster default storage class.
ui
- replicas
  The number of replicas of the UI server pod.
ocr
- replicas
  The number of replicas of the ABBYY™ Optical Character Recognition (OCR) pod. If you specify 0, no OCR pods are created.

Optional configurations

There are several sections that you get by default, but do not need to specify in the CR. You can include them if you want to customize their values and change the default behavior:

antivirus
Configures the antivirus component of IBM RPA. This section is optional. If you do not specify it, the default number of replicas is 1.
- replicas
  The number of replicas of the antivirus pod. If you specify 0, no antivirus pods are created.
- autoUpdateEnabled
  Configures whether the IBM RPA antivirus service automatically updates the virus signature database. If true, it enables the antivirus service to make egress connections to the internet. The default value is false.
fips
Configures the settings related to FIPS compliance. To configure your cluster to be FIPS-compliant, see Support for FIPS criptography 🡥 and Enabling FIPS.
- fipsEnabled
  Configures whether the RPA operand is created to be FIPS compliant. This parameter is only applied during the initial creation of the resource. If true, it enables FIPS compliance. The default value is false.
nlp
Configures the NLP provider component of IBM RPA. This section is optional. If you do not specify it, the default number of replicas is 1.
- replicas
  The number of replicas of the NLP pod. If you specify 0, no NLP pods are created.

Important:If you are on a cluster or IBM RPA tenant with FIPS enabled, define the number of nlp replicas to 0.

webDriverUpdates
Configures whether the server should look for web browser driver updates.
systemQueueProvider
Configures the system queue provider for IBM RPA.
- highAvailability
  If you do not specify highAvailability in the CR, the default value is false and deploys a single instance of IBM MQ as the system queue provider. If true, it deploys a high-availability configuration of IBM MQ.
- supplementalGroups
  Provides a list of Linux™ Group IDs to be set on a container. This may be required when using NFS storage, for example:
```
supplementalGroups:
- 4001
- 4002
```
  If you install IBM RPA on Red Hat® OpenShift® Kubernetes Service on IBM Cloud (ROKS) or on Red Hat® OpenShift® Service on AWS (ROSA), use the following configuration:
```
supplementalGroups:
- 65534
```
  Important:For clusters with Red Hat Enterprise Linux™ 7, use 99 instead of 65534.
  
  To learn more, see Configuring storage. See IBM MQ in containers and IBM Cloud Pak for Integration for additional settings.
createRoutes
Configures whether the IBM RPA operator creates Red Hat® OpenShift® Container Platform routes for IBM RPA.

false means that the IBM RPA does not create its own routes and true means that IBM RPA creates is own routes. If you do not specify createRoutes, the default value is false.

Example:

apiVersion: rpa.automation.ibm.com/v1beta1
kind: RoboticProcessAutomation
metadata:
  name: rpa-sample
spec:
  license:
    accept: true
  version: 2.3.0
  tls: {}
  api:
    externalConnection:
      secretName: rpa-db
    firstTenant:
      name: ibm
      owner:
        ownersecret:
          secretName: rpa-owner
    replicas: 1
    smtp:
      port: 587
      server: smtp.example.com
      userSecret:
        secretName: rpa-smtp
    storage: {}
    webDriverUpdates:
      enabled: true
    systemQueueProvider:
      storage:
        class: my-storage-class
  ui:
    replicas: 1
  ocr:
    replicas: 1

Note:In this configuration, you get one replica by default but you don't need to specify it in the custom resource.

Template

You can also create a template for your container by using the following fields:

template (optional)
The object that describes the pod overrides that are used when pods are created.
- pod (optional)
  Contains the pod information.
  - metadata (optional)
    Customize the task manager pods metadata.
    - annotations
      Set or override annotations on the task manager pods.
  - spec (optional)
    Contains the pod container and scheduling information.
    - containers (optional)
      Contains the specification for pod container overrides.
      - name (required): For example, taskmanager.
      - resources
        Describes the compute resource requirements.
      - image
        Override the container image.
      - imagePullPolicy
        Override imagePullPolicy.
    - affinity (optional)
      Affinity information for pod scheduling. For more information, see the Kubernetes documentation 🡥.
      - nodeAffinity (optional)
        Use it to select which nodes are selected by the scheduler.
      - podAffinity (optional)
        Use it to influence where your pods are deployed based on already deployed pods.
      - podAntiAffinity (optional)
        Describes the pod anti-affinity scheduling rules, such as to avoid putting this pod in the same node or zone as some other pod.
    - tolerations
      An optional core/v1/Tolerations array to specify toleration for scheduling taints. For more information, see the Kubernetes documentation 🡥.

An example of a template includes:

spec:
  template:
    pod:
      spec:
        containers:
        - name: svc
          resources:
            requests:
              cpu: 8
              memory: 64Gi
            limits:
              cpu: 10
              memory: 128Gi
        - name: sidecar
          resources:
            requests:
              cpu: 1
        affinity:
          nodeAffinity:
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
              - matchExpressions:
                - key: kubernetes.io/arch
                  operator: In
                  values:
                  - amd64
          podAntiAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/component: rpa
                    app.kubernetes.io/instance: test-instance
                    app.kubernetes.io/managed-by: ibm-rpa-operator
                    app.kubernetes.io/name: apiserver
                    rpa.automation.ibm.com/cr-name: test-instance
                topologyKey: kubernetes.io/hostname
              weight: 80

Labels and annotations

Labels and annotations that are defined on a custom resource can be merged with the labels and annotations that are defined by the operator. Based on priority, the order of these labels and annotations is:

Template form labels and annotation (highest priority)
Short form label and annotation
Default from operator (lowest priority)

The labels and annotations can be applied to pods.

If the CR has only one main deployment, or if the deployments do not need to be configured independently, then you can configure the labels and annotations by using the labels and annotations keys:

spec:
  labels:
    my.custom/label: "foo"
  annotations:
    my.custom/annotation: "bar"

If the CR has multiple components that need to be configured independently, the keys can be included in component subsections:

spec:
  ui:
    labels:
      my.custom/label: "foo"
    annotations:
      my.custom/annotation: "bar"
  api:
    labels:
      my.custom/label: "fizz"
    annotations:
      my.custom/annotation: "buzz"

Or alternatively, the block can be split by component:

spec:
  labels:
    ui:
      my.custom/label: "foo"
    api:
      my.custom/label: "fizz"
  annotations:
    ui:
      my.custom/annotation: "bar"
    api:
      my.custom/annotation: "buzz"

Workload placement with node selectors

The schema must mark nodeSelector fields with the selector spec descriptor.

If there is only one main deployment for the CR, or the deployments do not need to be configured independently, then the node selectors are configured using the nodeSelector key:

spec:
  nodeSelector:
    disktype: ssd

If there are multiple components that need to be configured independently, the key can be included in component subsections:

spec:
  ui:
    nodeSelector:
      type: edge
  api:
    nodeSelector:
      disktype: ssd

Or alternatively, the block can be split by component:

spec:
  nodeSelector:
    ui:
      type: edge
    api:
      disktype: ssd

Customization for Redis

This is an optional Redis resource override that applies a uniform memory and CPU limit change to all the Redis resources, namely ProxyLog, DB, Proxy, and Mgmt.

The CR override is a top-level CR attribute sharedCache, as follows:

sharedCache:
  memoryLimit: 250Mi
  cpuLimit: 0.8

By default, the value of memoryLimit is 100Mi and cpuLimit is set to 0.4.

Important:Starting from version 23.0.12, the sharedCache attribute is deprecated. You can now define CPU and memory limits directly in the Redis operator spec.

Compute resource limits

You can customize compute resource limits, in terms of CPU and memory. It uses the field name resources.

This is specified as follows:

Field	Description
requests (object)	Requests describe the minimum amount of compute resources that are required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value.
requests.cpu (Quantity)	The CPU request.
requests.memory (Quantity)	The memory request.
limits (object)	Limits describe the maximum amount of compute resources that are allowed.
limits.cpu (Quantity)	The CPU limit.
limits.memory (Quantity)	The memory limit.

Here's an example:

resources:
  requests:
    cpu: "8"
    memory: 64Gi
  limits:
    cpu: "12"
    memory: 128Gi

This may also be used in the template form as an override to be merged onto a container. This should only be used where a container is unlikely to have its resource limits changed by a user:

spec:
  template:
    pod:
      containers:
      - name: helper-pod
        resources:
          requests:
            cpu: 0.5
            memory: 128Mi
          limits:
            cpu: 1
            memory: 128Mi

What to do next

You can proceed to deploy your instance. For more information, see Deploy the IBM RPA custom resource.