Modifying the TM1 custom resource definition

Use the TM1 custom resource (CR) to configure storage, sizing, scaling, node placement, security (certs), networking, and operational behavior of the TM1 service in Planning Analytics instances. Changes can be made anytime after the service is installed.

The full schema reference and examples for the TM1 custom resource definition follow the OpenAPI v3 schema definition.

Restarting the service

The following parameters require a full restart of the service if you change the configuration while the TM1 service is running:

databaseSizing
nodeAffinity
customCACerts: If you run TM1 databases, you must restart the service for certificate changes to take effect.

To restart the service, set the shutdown property of the custom resource to true, then false to start the service again.

alternativeStorageClasses (array[string])

A list of storage class names to use if fileStorageClass is not available.

alternativeStorageClasses:
  - fast-storage
  - backup-storage

autoScaling (Boolean)

Allows auto-scaling of TM1 service components dynamically based on load. The default value is true.

autoScaling: true

customCACerts (object)

Specify extra custom certificate authorities for all services and databases. Running TM1 databases require a service restart for the changes to take effect.

Fields:

secret (string): Secret containing the custom CA.
file (string): File name inside the secret.

customCACerts:
  secret: custom-ca-secret
  file: ca.pem

databaseResourceLimits (object)

Configures database resource limits (CPU, memory, storage) enforced across the deployment. CPU and memory values are per replica.

Fields and default values:

cpu

minimum (integer): The minimum CPU limit in millicores. Default: 250
maximum (integer): The maximum CPU limit in millicores. Default: 50000

memory

minimum (integer): The minimum memory limit in GB. Default: 1
maximum (integer): The maximum memory limit in GB. Default: 2000

storage

minimum (integer): The minimum storage limit in GB. Default: 20
maximum (integer): The maximum storage limit in GB. Default: 4096

databaseResourceLimits:
  cpu:
    minimum: 250
    maximum: 50000
  memory:
    minimum: 1
    maximum: 2000
  storage:
    minimum: 20
    maximum: 4096

databaseSizing (object)

Allows the isolation of similar-sized database pods to certain tainted nodes by defining memory limit ranges. Requires a full restart of the service if this field is changed while the TM1 service is running.

Fields:

key (string): Key that is used for node toleration or taint matching.
labels (array[object]):
- name (string): Class label name.
- min (integer): Minimum memory size, in GB.
- max (integer): Exclusive maximum memory size, in GB.

Use nodeAffinity with databaseSizing is to “jail” database pods onto selected node pools and prevent other workloads from running on those nodes.

databaseSizing:
  key: "pa/tm1-database-size"
  labels:
    - name: "small"
      min: 1
      max: 64
    - name: "medium"
      min: 64
      max: 512
    - name: "large"
      min: 512
      max: 2048

In the previous example, replicas with memory limits between 1 GB and 64 GB are scheduled on nodes that are tainted with pa/tm1-database-size=small:NoSchedule.

exposeService (Boolean)

Show the TM1 service through ingress. Use only for stand-alone installations without Planning Analytics Workspace. If enabled, also populate the ingress field.

exposeService: true

fileStorageClass (string)

Name of the default file storage class to use.

fileStorageClass: standard

imagePullSecretName (string)

Name of the Kubernetes secret for authenticating image pulls.

imagePullSecretName: my-image-pull-secret

ingress (object)

Specify the URL through which the TM1 service is shown.

domain (string): Hostname or domain.
port (string): Port number.

ingress:
  domain: example.com
  port: "443"

minimalMode (Boolean)

Disables high availability of TM1 service components to reduce memory and CPU footprint.

minimalMode: false

mongodb (object)

MongoDB connection configuration.

host (string)
protocol (string)
credentials.secret (string): Kubernetes secret with credentials.
tls
- secret (string): TLS secret.
- file (string): TLS file name.
authMechanism (string)
authSource (string)
replicaSet (string)

mongodb:
  host: mongo.example.com
  protocol: mongodb
  credentials:
    secret: mongo-credentials
  tls:
    secret: mongo-tls-secret
    file: tls.crt
  authMechanism: SCRAM-SHA-256
  authSource: admin
  replicaSet: rs0

nodeAffinity (object)

Node affinity configuration for service and database pods. Requires a full restart if changed while TM1 is running. Label your nodes before you enable this field.

Fields:

service

key (string)
value (string)

database

key (string)
value (string)
evenReplicaSuffix (string): Optional. Use this field to split even replicas across node pods.
oddReplicaSuffix (string): Optional. Use this field to split odd replicas across node pods.

nodeAffinity:
  service:
    key: ibm-cloud.kubernetes.io/worker-pool-id
    value: tm1-service
  database:
    key: ibm-cloud.kubernetes.io/worker-pool-id
    value: tm1-databases
    evenReplicaSuffix: "-a"
    oddReplicaSuffix: "-b"

The purpose of the even and odd isolation is to prevent all replicas of a database from being not available during cluster node upgrades.

registry (object)

Configuration of the container image registry.

host (string): Registry host URL.
namespace (string): Registry namespace. If this field is not specified, only the host value is used.

registry:
  host: registry.example.com
  namespace: myproject

serviceMeshNamespace: istio-system

serviceMeshNamespace (string)

Namespace when the Istio or Service Mesh is deployed. Keep this field empty if the neither mesh is used.

serviceSize (string)

Determines the size of TM1 service common components. The large configuration requires a total of approximately 40 GB memory and 30 CPUs for all highly available common components. If autoScaling is enabled, each service under load can scale up to 2*n + 1 replicas (where n=3 for the large). When you configure the size of the components, make sure to you keep extra capacity free in the cluster for failover purposes.

Valid values are small, small_mincpureq, medium, and large. The default value is large.

serviceSize: large

shutdown (string)

Enables the entire TM1 service to scale down or up by shutting down or starting databases and common services.

Valid values are true, false, and force. Specify force to force a shutdown regardless of errors.

shutdown: "false"

useTagsNotDigests (Boolean)

Use image tags instead of digests when set to true.

The default value is false.

useTagsNotDigests: true

Example TM1 custom resource

The following example illustrates a complete TM1 custom resource instance.

apiVersion: tm1s.ibm.com/v1
kind: TM1
metadata:
  name: v12
spec:
  autoScaling: true
  customCACerts:
    secret: "external-root-ca"
    file: "ca.pem"
  fileStorageClass: "efs-sc"
  serviceSize: "large"
  imagePullSecretName: "my-image-pull-secret"
  mongodb:
    host: "abc-0.xyz.databases.appdomain.cloud:32555,abc-0.xyz.databases.appdomain.cloud:32555,abc-0.xyz.databases.appdomain.cloud:32555"
    credentials:
      secret: "external-creds"
    tls:
      secret: "mongo-cacert"
      file: "ca.pem"
    authSource: "admin"
    replicaSet: "replset"
  registry:
    host: "us.icr.io"
    namespace: "tm1-ns"
  databaseResourceLimits:
    cpu:
      minimum: 250
      maximum: 50000
    memory:
      minimum: 1
      maximum: 2048
    storage:
      minimum: 20
      maximum: 4096
  databaseSizing:
    key: "pa/tm1-database-size"
    labels:
      - name: "small"
        min: 1
        max: 64
      - name: "medium"
        min: 64
        max: 512
      - name: "large"
        min: 512
        max: 2048
  nodeAffinity:
    service:
      key: "ibm-cloud.kubernetes.io/worker-pool-id"
      value: "tm1-service"
    database:
      key: "ibm-cloud.kubernetes.io/worker-pool-id"
      value: "tm1-databases"
  serviceMeshNamespace: "istio-system"