ODM for production configuration parameters

Configuration parameters are used to install ODM for production on Kubernetes. The installation is done from the Helm or Kubectl command line.

Mandatory configuration parameters

Table shows the mandatory configuration parameters and their descriptions.

Table 1. Mandatory configuration parameters
Parameters Description Default values
name The name of the instance of the chart. The name is used as a prefix in all services and deployments that are created by the chart. A deterministic naming scheme is best, as it helps to look up a service name. empty
namespace The namespace to install the release into. Namespaces are a logical partitioning capability that enables one Kubernetes cluster to be used by multiple users without undesired interaction. Defaults to the current kube config namespace.

Optional configuration parameters

Table shows the optional configuration parameters and their descriptions.

Table 2. Optional configuration parameters
Parameters Description Default values
customization.authSecretRef Customizes user authentication and management by overriding the default basic registry or by using an LDAP connection. You must create a Kubernetes secret and set the name of the secret for this parameter. empty
customization.baiEmitterSecretRef Enables ODM to emit events to a Kafka server used by IBM Business Automation Insights. Create a Kubernetes secret, and then set this secret as the value for the customization.baiEmitterSecretRef parameter when you configure the Helm release. empty
customization.dedicatedNodeLabel Applies a node affinity property to the ODM pods. The toleration label is also applied to pods, and restricts the pods to schedule onto nodes with matching taints. Nodes must be labeled and tainted independently of the ODM deployments. Nodes do not accept pods that do not tolerate the taints. empty
New in 8.10.5 customization.deployForProduction Specify whether the instance is deployed with a production license. If set to false, the instance is deployed with the non-production license. true
New in 8.10.5.1 customization.meteringServerUrl Specify the URL to access the metering server. empty
New in 8.10.5 customization.runAsUser Specify the user ID to run the ODM containers. Must be set to empty if you want to use the restricted scc on OpenShift. 1001
customization.securitySecretRef Replaces the default certificate. You must create a Kubernetes secret and set the name of the secret for this parameter. empty
New in 8.10.5 customization.trustedCertificateList Specify a list of secrets that encapsulate certificates in PEM format to be included in the truststore.

Example: {"service1-secret"\, "service2-secret"}

empty
New in 8.10.5 decisionCenter.contextRoot Specify the context root of Decision Center. The context root is an extra path that is used to access the Decision Center component. empty
decisionCenter.customlibPvc Specify the name of the persistent volume claim (PVC) that locates the customized Decision Center JAR files. empty
decisionCenter.enabled To enable Decision Center. true
decisionCenter.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. empty
decisionCenter.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. empty
decisionCenter.persistenceLocale The persistence locale for Decision Center. en_US
decisionCenter.replicaCount The number of Decision Center pods. 1

decisionCenter.resources.limits.cpu

decisionCenter.resources.limits.memory

decisionCenter.resources.requests.cpu

decisionCenter.resources.requests.memory

The CPU/Memory resource requests/limits for Decision Center.

2

4096Mi

500m

1500Mi

New in 8.10.4 decisionCenter.extendRoleMapping Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. false
New in 8.10.5 decisionCenter.tagOrDigest Specify the tag or digest for the Decision Center docker image. If left empty, the image.tag parameter is used. empty
New in 8.10.5 decisionRunner.contextRoot Specify the context root of the Decision Runner. The context root is an extra path that is used to access the Decision Runner component. empty
decisionRunner.enabled To enable Decision Runner. true
decisionRunner.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. empty
decisionRunner.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. empty
decisionRunner.replicaCount The number of Decision Runner pods. 1

decisionRunner.resources.limits.cpu

decisionRunner.resources.limits.memory

decisionRunner.resources.requests.cpu

decisionRunner.resources.requests.memory

The CPU/Memory resource requests/limits for Decision Runner.

2

4096Mi

500m

512Mi

New in 8.10.4 decisionRunner.extendRoleMapping Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. false
New in 8.10.5 decisionRunner.tagOrDigest Specify the tag or digest for the Decision Runner docker image. If left empty, the image.tag parameter is used. empty
New in 8.10.5 decisionServerConsole.contextRoot Specify the context root of the Decision Server console. The context root is an additional path that is used to access the Decision Server console component. empty
decisionServerConsole.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. empty
decisionServerConsole.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. empty

decisionServerConsole.resources.limits.cpu

decisionServerConsole.resources.limits.memory

decisionServerConsole.resources.requests.cpu

decisionServerConsole.resources.requests.memory

The CPU/Memory resource requests/limits for the Decision Server Console.

2

1024Mi

500m

512Mi

New in 8.10.4 decisionServerConsole.extendRoleMapping Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. false
New in 8.10.5 decisionServerConsole.title Specify the title for the Decision Server Console web page. If left empty, the default title Rule Execution Server is used. empty
New in 8.10.5 decisionServerConsole.description Specify a description for the Decision Server Console. If left empty, the default description Console is used. empty
New in 8.10.5 decisionServerConsole.tagOrDigest Specify the tag or digest for the Decision Server Console docker image. If left empty, the image.tag parameter is used. empty
New in 8.10.5 decisionServerRuntime.contextRoot Specify the context root of the Decision Server Runtime. The context root is an extra path that is used to access the Decision Server Runtime component. empty
decisionServerRuntime.enabled To enable Decision Server Runtime. true
decisionServerRuntime.jvmOptionsRef Specify the name of the configMap that has the defined JVM options. If left empty, the default JVM options are used. empty
decisionServerRuntime.loggingRef Specify the name of the configMap that has the defined logging options. If left empty, the default logging options are used. empty
decisionServerRuntime.replicaCount The number of Decision Server Runtime pods. 1

decisionServerRuntime.resources.limits.cpu

decisionServerRuntime.resources.limits.memory

decisionServerRuntime.resources.requests.cpu

decisionServerRuntime.resources.requests.memory

The CPU/Memory resource requests/limits for Decision Server Runtime.

2

4096Mi

500m

512Mi

New in 8.10.4 decisionServerRuntime.extendRoleMapping Enable the role mapping extension feature to map an ODM role to one or several groups (basic or LDAP registry) when their names are different. false
New in 8.10.5 decisionServerRuntime.tagOrDigest Specify the tag or digest for the Decision Server Runtime docker image. If left empty, the image.tag parameter is used. empty
externalCustomDatabase.datasourceRef The data source secret reference. empty
externalCustomDatabase.driverPvc The Persistent Volume Claim to access the JDBC Database Driver. empty
externalDatabase.databaseName The name of the external database that is used for ODM. If this parameter is empty, odmdb is used by default. empty
externalDatabase.secretCredentials The name of the secret that contains the credentials to connect to the external database. empty
externalDatabase.port The port that is exposed to connect to the external database. If this parameter is empty, the default port numbers are used: 5432 for PostgreSQL, 50000 for Db2® and 1433 for Microsoft SQL Server (New in 8.10.5). empty
externalDatabase.serverName The name of the server that runs the database for ODM. Only PostgreSQL, Db2, and New in 8.10.5 Microsoft SQL Server are supported as external database. empty
New in 8.10.5 externalDatabase.sslSecretRef Specify the name of the secret which contains the TLS certificate that you want to use for the secure database. This parameter is left empty for a non-secured database. empty
externalDatabase.type The type of the external database. This parameter can be set to postgresql for a PostgreSQL database, to db2 for a Db2 database, or to New in 8.10.5 sqlserver for a Microsoft SQL Server database. If this parameter is empty, postgresql is used by default. empty
image.arch The worker node architecture. empty

The architecture is automatically detected. The options are amd64, ppc64le, and s390x.

  • amd64 (or x86_64) refers to the 64-bit edition for Linux® x86.
  • ppc64le is the little-endian version of ppc64 for Linux Power®.
  • s390x is a 64-bit Linux on z kernel architecture.
image.pullPolicy The image pull policy. IfNotPresent. The most recent downloaded docker image is used.

Set the policy to always on to pull the latest version of the docker image.

image.pullSecrets The image pull secrets. empty

Does not add image pull secrets to deployed pods.

image.tag The image tag version. 8.10.5.0
image.repository The repository. empty
internalDatabase.persistence.enabled To enable the use of a Persistent Volume Claim (PVC) to persist data. true
internalDatabase.persistence.resources.requests.storage The requested storage size for Persistent Volume. 5Gi
internalDatabase.persistence.storageClassName The storage class name for Persistent Volume. empty
internalDatabase.persistence.useDynamicProvisioning To use dynamic provisioning for Persistent Volume Claim. If this parameter is set to false, the Kubernetes binding process selects a pre-existing volume. Ensure, in this case, that a volume is not already bound before you install the chart. false
New in 8.10.4 internalDatabase.populateSampleData Specify whether to provide sample data in the internal database. Only if the persistence locale for Decision Center is set to English (US). false

internalDatabase.resources.limits.cpu

internalDatabase.resources.limits.memory

internalDatabase.resources.requests.cpu

internalDatabase.resources.requests.memory

The CPU/Memory resource requests/limits for the internal database.

2

4096Mi

500m

512Mi

New in 8.10.5 internalDatabase.runAsUser Specify the user ID to run the internal database container. Must be set to empty if you want to use the restricted scc on OpenShift. 26
internalDatabase.secretCredentials The name of the secret that contains the credentials to connect to the internal database. empty
New in 8.10.5 internalDatabase.tagOrDigest Specify the tag or digest for the internal database docker image. If left empty, the image.tag parameter is used. empty

livenessProbe.failureThreshold

livenessProbe.initialDelaySeconds

livenessProbe.periodSeconds

livenessProbe.timeoutSeconds

The behavior of liveness probes to know when to restart a container.

10

300

10

5

New in 8.10.4 oidc.enabled Set to true to enable OpenID authentication. false
New in 8.10.4 oidc.serverUrl The URL of the OpenID server is mandatory. empty
New in 8.10.4 oidc.adminRef A secret for the OpenID administrator. The administrator secret is used to call the OpenID REST API to register the URLs of the ODM services. empty
New in 8.10.4 oidc.redirectUrisRef The configmap containing the list of redirect URLs (separated by commas) to access ODM. empty
New in 8.10.4 oidc.clientRef The secret reference name that contains the client id and password to use the OpenID REST API. If not provided, a default secret is created. empty
New in 8.10.4 oidc.provider The name of the provider used to build the endpoints for OpenID REST API calls. If not provided, the ums provider name is used. ums
New in 8.10.4 oidc.allowedDomains A list of domain names (separated by commas) to avoid Cross-Site Request Forgery (CSRF) attacks on the Decision Server console. *

readinessProbe.failureThreshold

readinessProbe.initialDelaySeconds

readinessProbe.periodSeconds

readinessProbe.timeoutSeconds

The behavior of readiness probes to know when the containers are ready to start accepting traffic.

45

5

5

5

New in 8.10.5 serviceAccountName Customize the serviceAccount that is used by the pods that are created by the Helm chart. If left empty, a serviceAccount named <release_name>-ibm-odm-prod-service-account is automatically created. For more information about the concept of service account, see the Kubernetes documentation. empty
New in 8.10.4 service.enableRoute Specify whether to create OpenShift routes automatically. If true, the routes are created for all ODM components. false
service.enableTLS To enable Transport Layer Security (TLS). If this parameter is set to true, the web applications are accessed through HTTPS. If this parameter is set to false, the web applications are accessed through HTTP. true
New in 8.10.4 service.hostname Specify the hostname that is used by the created routes. This parameter is only used if the creation of the routes is enabled with the service.enableRoute parameter.

empty

If empty, OpenShift automatically generates a hostname of the form <route-name>.<suffix>, where the generated hostname suffix is the default routing subdomain of your cluster according to the OpenShift documentation.

New in 8.10.5

service.ingress.enabled

service.ingress.annotations

service.ingress.tlsHosts

service.ingress.tlsSecretRef

service.ingress.host

Specify whether an Ingress is created automatically. If true, an Ingress is created for each ODM component.

Specify the Ingress annotations.

Specify the TLS domains of the Ingress.

Specify the name of the secret that contains the TLS certificate that you want to use for the Ingress Domain.

Specify the name of the Ingress Domain.

false

empty

empty

empty

empty

service.type The Kubernetes Service type. You can set it to ClusterIP if you define an Ingress controller manually. For 8.10.5 You can set it to ClusterIP if you enable OpenShift routes to be created automatically (through the service.enableRoute parameter). New in 8.10.5.1 If the service.enableRoute parameter is set to true, service.type is automatically set to ClusterIP.

NodePort

New in 8.10.5.1 ClusterIP (if service.enableRoute is set to true)