Configure ISW Custom Resource
To install an instance of IBM Industry Solutions Workbench, you have to create an ISW Custom Resource like described in the installation process. The Custom Resource provides different configurations for the product which can be edited at any time. The IBM Industry Solutions Workbench Operator always applies the current configuration of the Custom Resource. The following page will give you a description about the configuration possibilities.
Description
Main configuration
The following values are the main configuration for IBM Industry Solutions Workbench and should be thought of at installation. They will most likely not change.
| Variable | Description | Required | Default |
|---|---|---|---|
designer.enabled | A boolean value that enables or disables the Solution Designer | no | true |
domain | A value that defines the ingress domain which is used to create routes. It can be retrieved by calling oc get ingresses.config/cluster -o jsonpath={.spec.domain} | yes | - |
license.accept | A value that confirms that you accept the license. Value must be "true"! | yes | - |
Extended configuration
For more detailed configuration, there is the values key because it gives the opportunity to freely configure multiple
aspects of IBM Industry Solutions Workbench. All values are optional and can be edited at any time.
| Variable | Description | Default |
|---|---|---|
values.global.documentation.enabled | A boolean value that enables or disables the deployment of the documentation in the cluster | false |
values.global.endpoints.assetManager.host | A String value that defines the url for the k5-asset-manager Route | 'k5-asset-manager-YOUR_INGRESS_DOMAIN' |
values.global.endpoints.configurationManagement.host | A String value that defines the url for the k5-configuration-management Route | 'k5-configuration-YOUR_INGRESS_DOMAIN' |
values.global.endpoints.designer.host | A String value that defines the url for the k5-designer Route | 'k5-designer-YOUR_INGRESS_DOMAIN' |
values.global.endpoints.hub.host | A String value that defines the url for the k5-hub Route | 'k5-hub-YOUR_INGRESS_DOMAIN' |
values.global.endpoints.query.host | A String value that defines the url for the k5-query Route | 'k5-query-YOUR_INGRESS_DOMAIN' |
values.global.frontend.changePasswordLink | A String value that defines the url to change the password in your OIDC provider | '/account/#/security/signingin' |
values.global.frontend.defaultTimeout | A Integer value that defines the default timeout in the frontend in milliseconds. | 30000 |
values.global.network.egressPolicy.allowList | A list with domains that IBM Industry Solutions Workbench is allowed to connect to. Each entry in the list is a key-value pair that has either the key dnsName with a domain name as value (without protocol) or cidrSelector with an IP address range in CIDR format as value. See also Network Policies | - |
values.global.network.egressPolicy.enabled | A boolean value that enables or disables the EgressNetworkPolicy | true |
values.global.network.ingressPolicy.enabled | A boolean value that enables or disables the NetworkPolicy | true |
values.global.routes.annotations | Key-value pairs that are added as annotations to every route (Care: Adding annotations removes the default ones, see right column) | haproxy.router.openshift.io/hsts_header: max-age=31536000;includeSubDomains;preload haproxy.router.openshift.io/rate-limit-connections: 'true' haproxy.router.openshift.io/rate-limit-connections.concurrent-tcp: '25' |
values.service-builder.k5-asset-manager.routingExpose.enabled | A boolean value that enables or disables the route for k5-asset-manager | false |
values.service-builder.k5-cli-provider.routes.annotations | A String value that defines additional route annotations name for the k5-cli-provider. They are not overwriting the annotations, which are defined byvalues.global.routes.annotations nor the default annoations of values.global.routes.annotations. | - |
values.service-builder.k5-code-generation-provider.routes.annotations | A String value that defines additional route annotations name for the k5-code-generation-provider. They are not overwriting the annotations, which are defined byvalues.global.routes.annotations nor the default annoations of values.global.routes.annotations. | - |
values.service-builder.k5-designer-backend.mongoDb.dbName | A String value that defines the used database name for the k5-designer-backend | 'k5-solution-designer' |
values.service-builder.k5-git-integration-controller.mongoDb.dbName | A String value that defines the used database name for the k5-git-integration-controller | 'k5-git-integration' |
values.service-builder.k5-pipeline-manager.tekton.workspace.storage | A String value that defines size of the requested storage for the pipeline run workspace PVC | '1024Mi' |
values.service-builder.k5-pipeline-manager.tekton.workspace.storageClassName | A String value that defines the storage class name that is used for the workspace PVC for a new PipelineRun (if not set the default StorageClass of the cluster is used) | - |
values.service-builder.k5-pipeline-manager.tekton.cleanup.enabled | A boolean value that enables or disables the cleanup of the created PipelineRuns and related PVC | false |
values.service-builder.k5-pipeline-manager.tekton.cleanup.scheduleInMinutes | A String value that defines in minutes how often the cleanup job should be scheduled | '30' |
values.service-builder.k5-pipeline-manager.tekton.cleanup.keepLastPipelineRuns | A String value that defines the number of the last PipelineRuns the cleanup job should keep per service project (can be disabled with the value '-1'), e.g. the value '2' would mean every time the cleanup job runs, all PipelineRuns will be deleted except the latest 2 of every service project | '1' |
values.service-builder.k5-pipeline-manager.tekton.cleanup.keepLastPipelineRunsCompletedBefore | A String value that defines which PipelineRuns the cleanup job should keep by the completed timestamp in minutes (can be disabled with the value '-1'), e.g. the value '60' would mean every time the cleanup job runs, all PipelineRuns will be deleted that have been completed at least 60 minutes ago | '-1' |
values.service-builder.k5-git-integration-controller.encryption.encryptionAlgorithm | Encryption Algorithm that should be used to encrypt and decrypt user git token stored in mongoDB. Supported values are "aes-256-gcm", "aes-192-gcm", "aes-128-gcm", “aes-256-cbc", “aes-192-cbc" and “aes-128-cbc". Changing the encryptionAlgorithm will cause data loss, because user tokens are encrypted with that and can't be decrypted without it! In this case all encrypted data is invalid, hence all users have to remove and renew the saved Git Tokens and API Keys. | 'aes-256-gcm' |
Example ISW Custom Resource
The following describes an exemplary ISW Custom Resource:
apiVersion: k5.ibm.com/v1beta1
kind: ISW
metadata:
name: k5-tools
namespace: k5-tools
spec:
designer:
enabled: true
domain: apps.openshift.my.cloud
license:
accept: true
values:
global:
endpoints:
assetManager:
host: k5-asset-manager.apps.openshift.my.cloud
configurationManagement:
host: k5-configuration-management.apps.openshift.my.cloud
designer:
host: k5-designer.apps.openshift.my.cloud
hub:
host: k5-hub.apps.openshift.my.cloud
query:
host: k5-query.apps.openshift.my.cloud
frontend:
changePasswordLink: "accounts/password/change"
defaultTimeout: 30000
network:
egressPolicy:
enabled: true
allowList:
- dnsName: auth.openshift.my.cloud
- cidrSelector: 1.2.3.0/24
ingressPolicy:
enabled: false
routes:
annotations:
haproxy.router.openshift.io/rate-limit-connections: 'false'
service-builder:
k5-asset-manager:
routingExpose:
enabled: true
k5-cli-provider:
routes:
annotations:
haproxy.router.openshift.io/timeout: 45s
k5-code-generation-provider:
routes:
annotations:
haproxy.router.openshift.io/timeout: 1m
k5-designer-backend:
mongoDb:
dbName: my-designer-database
k5-git-integration-controller:
mongoDb:
dbName: my-gic-database