IBM Workflow Process Service Authoring parameters

IBM Workflow Process Service Authoring needs a set of values for its configuration parameters to create a Kubernetes deployment.

The following tables list the configurable parameters and their default values. Complete the custom resource YAML file for your deployment by supplying values for your environment and configuration. All properties are mandatory, unless they have a default value or are explicitly optional. Although Workflow Process Service Authoring might seem to install correctly when some parameters are omitted, this kind of configuration is not supported.

Shared configuration parameters

See Shared configuration parameters. The pattern configuration parameters, LDAP configuration parameters, and all mandatory shared configuration parameters are required.

Business Automation Insights configuration parameters

See IBM Business Automation Insights parameters.

Business Automation Studio configuration parameters

See IBM Business Automation Studio parameters.

Workflow Process Service Authoring configuration parameters

Provide the details that are relevant to your Workflow Process Service Authoring environment and your decisions for the deployment of the container.

The following table lists the parameters for configuring Workflow Process Service Authoring. The Required column shows the parameters that are required.

Table 1. Workflow Process Service Authoring configuration parameters (spec.workflow_authoring_configuration)
Parameter name Description Example values Required
bas_auto_import_job.repository Workflow Process Service Authoring Business Automation Studio toolkit init image repository URL. The default value is <path>/toolkit_installer where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value. <path>/toolkit_installer No
bas_auto_import_job.tag Workflow Process Service Authoring Business Automation Studio toolkit init image repository tag. If you want to use a specific image version, you can override the default tag or digest. 24.0.0 No
bas_auto_import_job.pullPolicy Pull policy for Business Automation Studio toolkit init image.   No
storage.use_dynamic_provisioning Set to true to use dynamic storage provisioning. If set to false, you must set existing_pvc_for_logstore and existing_pvc_for_dumpstore. The default value is true. true No
storage.existing_pvc_for_filestore PVC for files. This includes temporary files that are created by the SQL integration facility Invoking SQL Integration services.   No
storage.size_for_filestore Minimum size of the PV that is mounted as the file store. The default value is 1Gi. 1Gi No
environment_config.csrf.origin_allowlist Security-hardening property that protects against Cross-Site Request Forgery (CSRF) attacks. Specify the values that are acceptable in the origin header field of an incoming request. The value of this property must be a comma-separated list of prefixes. https://example.com, http://example2.com:8080 No
environment_config.csrf.referer_allowlist Security-hardening property that protects against CSRF attacks. Specify the values that are acceptable in the referer header field of an incoming request. The value of this property must be a comma-separated list of fully qualified host names. example1.com, example2.com No
environment_config.csrf.user_agent_keyword_allow_list_for_old_restapi_csrf_check Comma-separated list of user agents. For the REST API requests with the path pattern /rest/bpm/wle/v1/* that is sent by the agents in the list, the server will not validate the XSRF-TOKEN cookie. The value of this property must be a comma-separated list, for example, agentkeyworkd1, agentkeyworkd2. java,wink client,httpclient,curl,jersey,httpurlconnection No
environment_config.csrf.check_xsrf_for_old_restapi Whether to validate the XSRF-TOKEN cookie against incoming REST API requests (POST/PUT/DELETE) with the path pattern /rest/bpm/wle/v1/*. The default value is true. true No
environment_config.content_security_policy_additional_all Content security policy additional directive for all folders. The format of this parameter is an array list. ["https://hostname1", "https://hostname2"] No
environment_config.content_security_policy_additional_default_src Content security policy additional directive for default-src. https://hostname1, https://hostname2 No
environment_config.content_security_policy_additional_script_src Content security policy additional directive for script-src. https://hostname1, https://hostname2 No
environment_config.content_security_policy_additional_frame_src Content security policy additional directive for frame-src. https://hostname1, https://hostname2 No
environment_config.content_security_policy_additional_object_src Content security policy additional directive for object-src. https://hostname1, https://hostname2 No
environment_config.content_security_policy_additional_connect_src Content security policy additional directive for connect-src. https://hostname1, https://hostname2 No
environment_config.content_security_policy_additional_frame_ancestor Content security policy additional directive for frame-ancestor. https://hostname1, https://hostname2 No
environment_config.content_security_policy_additional_img_src Content security policy additional directive for img-src. https://hostname1, https://hostname2 No
environment_config.content_security_policy_additional_font_src Content security policy additional directive for font-src. https://hostname1, https://hostname2 No
jvm_customize_options JVM options separated with spaces, for example: -Dtest1=test -Dtest2=test2.   No
liberty_custom_xml Workflow Process Service Authoring custom plain XML snippet. The custom_xml_secret_name is also used for Workflow Server customization. Put your configuration values either in liberty_custom_xml or custom_xml_secret_name. Do not set the same configuration value in both places.   No
custom_xml_secret_name Workflow Process Service Authoring custom XML secret name. The liberty_custom_xml is also used for Workflow Server customization. Put your configuration values either in liberty_custom_xml or custom_xml_secret_name. Do not set the same configuration value in both places.   No
lombardi_custom_xml_secret_name Workflow Process Service Authoring Lombardi custom XML secret name.   No

BPM event emitter configuration parameters

The following table lists the parameters for configuring BPM event emitter. All parameters are optional.

Table 2. BPM event emitter configuration parameters (spec.workflow_authoring_configuration)
Parameter name Description Example values
business_event.enable Whether to enable event monitoring for Dynamic Event Framework events for the authoring container. If Business Automation Insights and the Machine Learning Server parameters are configured, this parameter must be set to true. The default value is false. false
business_event.enable_task_api Whether to record additional task information in generated events. If Business Automation Insights and the Machine Learning Server parameters are configured, this parameter must be set to true. This parameter is equivalent to the enable_task_api_def parameter. See BPMN summary event formats. The default value is false. false
business_event.enable_task_record Whether to enable the task record in generated events. This optional parameter is equivalent to the task-record-enabled parameter. See BPMN summary event formats. The default value is true. true
business_event.subscription List of the subscription configurations. Each subscription attribute is listed in the rest of this table.
 [{'app_name': '*','version': '*','component_type': '*','component_name': '*','element_type': '*','element_name': '*','nature': '*'}]
See Event point key and filter.		  
business_event.subscription[x].app_name Name of the source application that has events to monitor. The default value is *, which means all applications are monitored.  
business_event.subscription[x].component_name Name of the component to monitor. The default value is *, which means all components are monitored.  
business_event.subscription[x].component_type Type of the component to monitor. The default value is *, which means all component types are monitored.  
business_event.subscription[x].element_name Name of the element to monitor. The default value is *, which means all elements are monitored.  
business_event.subscription[x].element_type Type of the element to monitor. BPMN types include PROCESS, ACTIVITY, EVENT, and GATEWAY. The default value is *, which means all element types are monitored.  
business_event.subscription[x].nature Status of the event to monitor. Elements can send events of various statuses. The BPMN status types include STARTED, COMPLETED, TERMINATED, DELETED, FAILED, CAUGHT, THROWN, EXPECTED, ACTIVE, READY, RESOURCE_ASSIGNED, ACTIVE, LOOP_CONDITION_TRUE, LOOP_CONDITION_FALSE, and MULTIPLE_INSTANCES_STARTED. The default value is *, which means all status types are monitored.  
business_event.subscription[x].version Version of the source application that has events to monitor. The default value is *, which means all versions are monitored.  
To enable event monitoring for Dynamic Framework Events, add the configuration business_event related to each instance of workflow_authoring_configuration in your custom resource YAML file, as in the following example:
workflow_authoring_configuration:
      business_event:
	#The main switch 
        enable: true
	#Performance tuning switches. You must set these to true so the task-related events can be monitored.
        enable_task_api: true
        enable_task_record: true
	#Subscription related settings
        subscription:
        - app_name: '*'
          component_name: '*'
          component_type: '*'
          element_name: '*'
          element_type: '*'
          nature: '*'
          version: '*'

External Elasticsearch configuration parameters

These parameters are for using external Elasticsearch for data collection and data indexing. The first two parameters are required if you want to use external Elasticsearch.

Table 3. External Elasticsearch configuration parameters (spec.workflow_authoring_configuration)
Parameter name Description Example values
elasticsearch.endpoint Endpoint of external Elasticsearch or OpenSearch, such as: https://<external_es_host>:<external_es_port>. This parameter is required if you want to use external Elasticsearch or OpenSearch.
If security is enabled for your external search, you must also add the TLS certificate of the external Elasticsearch or OpenSearch to the Business Automation Studio trustlist.
  1. Create the trust certificate by running
    kubectl create secret generic externales-ssl --from-file=tls.crt=<your_es_tls_cert>
  2. Add the externales-ssl certificate to the trustlist in bastudio configuration:
    bastudio_configuration:
    tls:
      tlsTrustList: [extes-ssl]
 
elasticsearch.admin_secret_name The external Elasticsearch or OpenSearch administrative secret that contains the username and password keys. If the external Elasticsearch or OpenSearch has no basic authentication, you can leave this parameter empty. Otherwise, complete the following steps.
  1. Create a YAML file named external_es_secret.yaml with the following content:
    apiVersion: v1
kind: Secret
metadata:
  name: external-es-secret
type: Opaque
stringData:
  username: "<elasticsearch_username>"
  password: "<elasticsearch_password>"
  2. To create the secret, run 
    kubectl apply -f external_es_secret.yaml
 CHSCHEMA
elasticsearch.connect_timeout Number of seconds for external Elasticsearch or OpenSearch connection timeout. The default value is 10s. 10s
elasticsearch.read_timeout Number of seconds for external Elasticsearch or OpenSearch read timeout. The default value is 30s. 30s
elasticsearch.thread_count External Elasticsearch or OpenSearch thread count.  
elasticsearch.max_connection_total Maximum number of connections allowed across all routes when the Workflow Process Service Authoring connects to the Elasticsearch cluster to call its REST API.

Specify a positive integer. If the provided value is less than or equal to 0, the default Elasticsearch High Level REST Client value is used.

 -1
elasticsearch.max_connection_per_route Maximum number of connections allowed for a route when Workflow Process Service Authoring connects to the Elasticsearch cluster to call its REST API.

Specify a positive integer. If the provided value is less than or equal to 0, the default Elasticsearch High Level REST Client value is used.

 -1