ODM for production configuration parameters
Configuration parameters are used to install ODM for production on Kubernetes. The installation is done from the Helm or Kubectl command line.
Mandatory configuration parameters
Table shows the mandatory configuration parameters and their descriptions.
| Parameters | Description | Default values |
|---|---|---|
| name | The name of the instance of the chart. The name is used as a prefix in all services and deployments that are created by the chart. A deterministic naming scheme is best, as it helps to look up a service name. | empty |
| namespace | The namespace to install the release into. Namespaces are a logical partitioning capability that enables one Kubernetes cluster to be used by multiple users without undesired interaction. | Defaults to the current kube config namespace. |
Optional configuration parameters
Table shows the optional configuration parameters and their descriptions.
| Parameters | Description | Default values |
|---|---|---|
| customization.authSecretRef | Customizes user authentication and management by overriding the default basic registry or by using an LDAP connection. You must create a Kubernetes secret and set the name of the secret for this parameter. | empty |
| customization.baiEmitterSecretRef | Enables ODM to emit events to a Kafka server used by IBM Business Automation Insights. Create a Kubernetes secret, and then
set this secret as the value for the customization.baiEmitterSecretRef parameter
when you configure the Helm release. |
empty |
| customization.dedicatedNodeLabel | Applies a node affinity property to the ODM pods. The toleration label is also applied to pods, and restricts the pods to schedule onto nodes with matching taints. Nodes must be labeled and tainted independently of the ODM deployments. Nodes do not accept pods that do not tolerate the taints. | empty |
| New in 8.10.5 customization.deployForProduction | Specify whether the instance is deployed with a production license. If set to false, the instance is deployed with the non-production license. | true |
| New in 8.10.5.1 customization.meteringServerUrl | Specify the URL to access the metering server. | empty |
| New in 8.10.5 customization.runAsUser | Specify the user ID to run the ODM containers. Must be set to empty if you want to use the
restricted scc on OpenShift. |
1001 |
| customization.securitySecretRef | Replaces the default certificate. You must create a Kubernetes secret and set the name of the secret for this parameter. | empty |
| New in 8.10.5 customization.trustedCertificateList | Specify a list of secrets that encapsulate certificates in PEM format to be included in the
truststore. Example: {"service1-secret"\, "service2-secret"} |
empty |
| New in 8.10.5 decisionCenter.contextRoot | Specify the context root of Decision Center. The context root is an extra path that is used to access the Decision Center component. | empty |
| decisionCenter.customlibPvc | Specify the name of the persistent volume claim (PVC) that locates the customized Decision Center JAR files. | empty |
| decisionCenter.enabled | To enable Decision Center. | true |
| decisionCenter.jvmOptionsRef | Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. | empty |
| decisionCenter.loggingRef | Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. | empty |
| decisionCenter.persistenceLocale | The persistence locale for Decision Center. | en_US |
| decisionCenter.replicaCount | The number of Decision Center pods. | 1 |
|
decisionCenter.resources.limits.cpu decisionCenter.resources.limits.memory decisionCenter.resources.requests.cpu decisionCenter.resources.requests.memory |
The CPU/Memory resource requests/limits for Decision Center. |
2 4096Mi 500m 1500Mi |
| New in 8.10.4 decisionCenter.extendRoleMapping | Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. | false |
| New in 8.10.5 decisionCenter.tagOrDigest | Specify the tag or digest for the Decision Center docker image. If left empty, the image.tag parameter is used. | empty |
| New in 8.10.5 decisionRunner.contextRoot | Specify the context root of the Decision Runner. The context root is an extra path that is used to access the Decision Runner component. | empty |
| decisionRunner.enabled | To enable Decision Runner. | true |
| decisionRunner.jvmOptionsRef | Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. | empty |
| decisionRunner.loggingRef | Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. | empty |
| decisionRunner.replicaCount | The number of Decision Runner pods. | 1 |
|
decisionRunner.resources.limits.cpu decisionRunner.resources.limits.memory decisionRunner.resources.requests.cpu decisionRunner.resources.requests.memory |
The CPU/Memory resource requests/limits for Decision Runner. |
2 4096Mi 500m 512Mi |
| New in 8.10.4 decisionRunner.extendRoleMapping | Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. | false |
| New in 8.10.5 decisionRunner.tagOrDigest | Specify the tag or digest for the Decision Runner docker image. If left empty, the image.tag parameter is used. | empty |
| New in 8.10.5 decisionServerConsole.contextRoot | Specify the context root of the Decision Server console. The context root is an additional path that is used to access the Decision Server console component. | empty |
| decisionServerConsole.jvmOptionsRef | Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. | empty |
| decisionServerConsole.loggingRef | Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. | empty |
|
decisionServerConsole.resources.limits.cpu decisionServerConsole.resources.limits.memory decisionServerConsole.resources.requests.cpu decisionServerConsole.resources.requests.memory |
The CPU/Memory resource requests/limits for the Decision Server Console. |
2 1024Mi 500m 512Mi |
| New in 8.10.4 decisionServerConsole.extendRoleMapping | Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. | false |
| New in 8.10.5 decisionServerConsole.title | Specify the title for the Decision Server Console web page. If left empty, the default title Rule Execution Server is used. | empty |
| New in 8.10.5 decisionServerConsole.description | Specify a description for the Decision Server Console. If left empty, the default description Console is used. | empty |
| New in 8.10.5 decisionServerConsole.tagOrDigest | Specify the tag or digest for the Decision Server Console docker image. If left empty, the image.tag parameter is used. | empty |
| New in 8.10.5 decisionServerRuntime.contextRoot | Specify the context root of the Decision Server Runtime. The context root is an extra path that is used to access the Decision Server Runtime component. | empty |
| decisionServerRuntime.enabled | To enable Decision Server Runtime. | true |
| decisionServerRuntime.jvmOptionsRef | Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. | empty |
| decisionServerRuntime.loggingRef | Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. | empty |
| decisionServerRuntime.replicaCount | The number of Decision Server Runtime pods. | 1 |
|
decisionServerRuntime.resources.limits.cpu decisionServerRuntime.resources.limits.memory decisionServerRuntime.resources.requests.cpu decisionServerRuntime.resources.requests.memory |
The CPU/Memory resource requests/limits for Decision Server Runtime. |
2 4096Mi 500m 512Mi |
| New in 8.10.4 decisionServerRuntime.extendRoleMapping | Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. | false |
| New in 8.10.5 decisionServerRuntime.tagOrDigest | Specify the tag or digest for the Decision Server Runtime docker image. If left empty, the image.tag parameter is used. | empty |
| externalCustomDatabase.datasourceRef | The data source secret reference. | empty |
| externalCustomDatabase.driverPvc | The Persistent Volume Claim to access the JDBC Database Driver. | empty |
| externalDatabase.databaseName | The name of the external database that is used for ODM. If this parameter is empty,
odmdb is used by default. |
empty |
| externalDatabase.secretCredentials | The name of the secret that contains the credentials to connect to the external database. | empty |
| externalDatabase.port | The port that is exposed to connect to the external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2® and 1433 for Microsoft SQL Server (New in 8.10.5). | empty |
| externalDatabase.serverName | The name of the server that runs the database for ODM. Only PostgreSQL, Db2, and New in 8.10.5 Microsoft SQL Server are supported as external database. | empty |
| New in 8.10.5 externalDatabase.sslSecretRef | Specify the name of the secret which contains the TLS certificate that you want to use for the secure database. This parameter is left empty for a non-secured database. | empty |
| externalDatabase.type | The type of the external database. This parameter can be set to postgresql
for a PostgreSQL database, to db2 for a Db2
database, or to New in
8.10.5
sqlserver for a Microsoft SQL Server database. If this parameter is empty,
postgresql is used by default. |
empty |
| image.arch | The worker node architecture. | empty The architecture is automatically detected. The options are amd64, ppc64le, and s390x.
|
| image.pullPolicy | The image pull policy. | IfNotPresent. The most recent downloaded docker image is used. Set the policy to always on to pull the latest version of the docker image. |
| image.pullSecrets | The image pull secrets. | empty Does not add image pull secrets to deployed pods. |
| image.tag | The image tag version. | 8.10.5.0 |
| image.repository | The repository. | empty |
| internalDatabase.persistence.enabled | To enable the use of a Persistent Volume Claim (PVC) to persist data. | true |
| internalDatabase.persistence.resources.requests.storage | The requested storage size for Persistent Volume. | 5Gi |
| internalDatabase.persistence.storageClassName | The storage class name for Persistent Volume. | empty |
| internalDatabase.persistence.useDynamicProvisioning | To use dynamic provisioning for Persistent Volume Claim. If this parameter is set to false, the Kubernetes binding process selects a pre-existing volume. Ensure, in this case, that a volume is not already bound before you install the chart. | false |
| New in 8.10.4 internalDatabase.populateSampleData | Specify whether to provide sample data in the internal database. Only if the persistence locale for Decision Center is set to English (US). | false |
|
internalDatabase.resources.limits.cpu internalDatabase.resources.limits.memory internalDatabase.resources.requests.cpu internalDatabase.resources.requests.memory |
The CPU/Memory resource requests/limits for the internal database. |
2 4096Mi 500m 512Mi |
| New in 8.10.5 internalDatabase.runAsUser | Specify the user ID to run the internal database container. Must be set to empty if you want
to use the restricted scc on OpenShift. |
26 |
| internalDatabase.secretCredentials | The name of the secret that contains the credentials to connect to the internal database. | empty |
| New in 8.10.5 internalDatabase.tagOrDigest | Specify the tag or digest for the internal database docker image. If left empty, the image.tag parameter is used. | empty |
|
livenessProbe.failureThreshold livenessProbe.initialDelaySeconds livenessProbe.periodSeconds livenessProbe.timeoutSeconds |
The behavior of liveness probes to know when to restart a container. |
10 300 10 5 |
| New in 8.10.4 oidc.enabled | Set to true to enable OpenID authentication. |
false |
| New in 8.10.4 oidc.serverUrl | The URL of the OpenID server is mandatory. | empty |
| New in 8.10.4 oidc.adminRef | A secret for the OpenID administrator. The administrator secret is used to call the OpenID REST API to register the URLs of the ODM services. | empty |
| New in 8.10.4 oidc.redirectUrisRef | The configmap containing the list of redirect URLs (separated by commas) to access ODM. | empty |
| New in 8.10.4 oidc.clientRef | The secret reference name that contains the client id and password to use the OpenID REST API. If not provided, a default secret is created. | empty |
| New in 8.10.4 oidc.provider | The name of the provider used to build the endpoints for OpenID REST API calls. If not
provided, the umsprovider name is used. |
ums |
| New in 8.10.4 oidc.allowedDomains | A list of domain names (separated by commas) to avoid Cross-Site Request Forgery (CSRF) attacks on the Decision Server console. | * |
|
readinessProbe.failureThreshold readinessProbe.initialDelaySeconds readinessProbe.periodSeconds readinessProbe.timeoutSeconds |
The behavior of readiness probes to know when the containers are ready to start accepting traffic. |
45 5 5 5 |
| New in 8.10.5 serviceAccountName | Customize the serviceAccount that is used by the pods that are created by
the Helm chart. If left empty, a serviceAccount named
<release_name>-ibm-odm-prod-service-account is
automatically created. For more information about the concept of service account, see the Kubernetes documentation. |
empty |
| New in 8.10.4 service.enableRoute | Specify whether to create OpenShift routes automatically. If true, the routes are created for all ODM components. | false |
| service.enableTLS | To enable Transport Layer Security (TLS). If this parameter is set to true, the web applications are accessed through HTTPS. If this parameter is set to false, the web applications are accessed through HTTP. | true |
| New in 8.10.4 service.hostname | Specify the hostname that is used by the created routes. This parameter is only used if the creation of the routes is enabled with the service.enableRoute parameter. |
empty If empty, OpenShift automatically generates a hostname of the form <route-name>.<suffix>, where the generated hostname suffix is the default routing subdomain of your cluster according to the OpenShift documentation. |
|
New in 8.10.5 service.ingress.enabled service.ingress.annotations service.ingress.tlsHosts service.ingress.tlsSecretRef service.ingress.host |
Specify whether an Ingress is created automatically. If true, an Ingress is created for each ODM component. Specify the Ingress annotations. Specify the TLS domains of the Ingress. Specify the name of the secret that contains the TLS certificate that you want to use for the Ingress Domain. Specify the name of the Ingress Domain. |
false empty empty empty empty |
| service.type | The Kubernetes Service type. You can set it to ClusterIP if you define an Ingress controller manually. For 8.10.5 You can set it to ClusterIP if you enable OpenShift routes to be created automatically (through the service.enableRoute parameter). New in 8.10.5.1 If the service.enableRoute parameter is set to true, service.type is automatically set to ClusterIP. |
NodePort New in 8.10.5.1 ClusterIP (if service.enableRoute is set to true) |