App Connect Dashboard reference

Use this reference to create, update, or delete App Connect Dashboard instances by using the IBM® Cloud Pak Platform UI, the Red Hat® OpenShift® web console or CLI, or the CLI for a Kubernetes environment.

Tip: A deployed IBM Cloud Pak for Integration Platform UI instance gives you access to the IBM Cloud Pak Platform UI, where you can create and manage instances of capabilities from a central location.

Introduction
Prerequisites
Red Hat OpenShift SecurityContextConstraints requirements
Resources required
Storage
Data encryption
Dashboard display modes
Creating an instance
Updating the custom resource settings for an instance
Deleting an instance
Custom resource values
Supported platforms

Introduction

The App Connect Dashboard API enables you to create an App Connect Dashboard instance for administering integration servers and integration runtimes, which are deployed from BAR files that users upload into the Dashboard instance, or reference from an external repository. An App Connect Dashboard instance provides a runtime environment for hosting production workloads.

Usage guidelines:

An App Connect Dashboard instance cannot simultaneously host integration servers and integration runtimes. If you want to run integration servers and integration runtimes in a namespace (or project), create two Dashboard instances in that namespace to separately host your integration servers and your integration runtimes. For more information, see Dashboard display modes.

Prerequisites

If using Red Hat OpenShift, Red Hat OpenShift Container Platform 4.12 or 4.14 is required.
Note: For information about the custom resource (or operand) versions that are supported for each Red Hat OpenShift version, see spec.version values.
If using a Kubernetes environment, Kubernetes 1.25.x–1.29.x is required.
The IBM App Connect Operator must be installed in your cluster either through an independent deployment or an installation of IBM Cloud Pak for Integration. For further details, see the following information:
Ensure that you have cluster administrator authority or have been granted the appropriate role-based access control (RBAC).
If you want to use the command-line interface (CLI) to log in to your cluster and run commands to create and manage your IBM App Connect instances and other resources, ensure that the required CLI tools are installed on your computer. For more information, see Installing tools for managing the cluster, containers, and other resources (on Red Hat OpenShift), or Installing tools for managing the cluster, containers, and other resources (on Kubernetes).
You must have a Kubernetes pull secret called ibm-entitlement-key in the namespace before creating the instance. For more information, see Obtaining and applying your IBM Entitled Registry entitlement key.

Red Hat OpenShift SecurityContextConstraints requirements

IBM App Connect runs under the default restricted SecurityContextConstraints.

Resources required

Minimum recommended requirements:

CPU: 0.5 Cores
Memory: 0.75 GB

For information about how to configure these values, see Custom resource values.

Storage

When you upload or import BAR files to the App Connect Dashboard for deployment to integration servers or integration runtimes, the BAR files are stored in a content server that is associated with the App Connect Dashboard instance. The content server is created as a container in the App Connect Dashboard deployment and can either store uploaded (or imported) BAR files in a volume in the container’s file system, or store them within a bucket in a simple storage service that provides object storage via a web interface.

Before you create the App Connect Dashboard instance, you must decide what type of storage to use for uploaded or imported BAR files because you will need to specify this storage type while creating the Dashboard and will not be able to change this setting after the Dashboard is created.

Supported storage types

The following storage types can be used to allocate storage for the content server:

Persistent storage

With this storage type, any BAR files that you upload to the App Connect Dashboard (while creating an integration server or runtime) or that you import (by using the "BAR files" page in the Dashboard) are stored in a persistent volume in the container’s file system. The persistent volume can be dynamically provisioned through a storage class that is available on the cluster, or can be requested through a claim name. Persistent storage is recommended for extra resilience because the BAR files are retained in the content-server when pods restart and are deleted only when you delete the Dashboard.

The App Connect Dashboard requires a file-based storage class with ReadWriteMany (RWX) capability. If using IBM Cloud, use the ibmc-file-gold-gid storage class.

The file system must not be root-owned and must allow read/write access for the user that the Dashboard runs as. This user is a random unique identifier (UID) that is chosen by the Red Hat OpenShift cluster for all restricted pods in a given namespace.

If using Azure File storage, the owner user identifier (UID) of the Azure File mounted directory is different from the process UID of the container. From the Dashboard's pod YAML resource, get the uid value from the runAsUser field. For more information, see Considerations when using Azure File.

If you choose persistent storage, you will need to specify a storage class or the name of an existing claim, the storage size, and optionally, a label selector.

Ephemeral storage

With this storage type, an ephemeral volume is created when a Dashboard pod is started, and uploaded or imported BAR files are stored in this volume in the container’s file system. The ephemeral (emptyDir) volume exists only for the lifetime of the pod, so the BAR files will be lost when the pod restarts. You might typically choose this storage type if creating an environment for demonstration or testing.

If you choose ephemeral storage, you can specify a storage size limit for the volume.

Simple Storage Service (S3) storage

S3 storage offers an alternative option to persistent storage, and enables the content server to support the use of an object storage service for BAR file storage by using the S3 REST API.

Note: S3 storage is applicable only if the spec.version value in the App Connect Dashboard custom resource resolves to 12.0.1.0-r1 or later.

Restriction:

S3 storage is not supported when the IBM App Connect Operator is installed in a restricted network because a cluster requires internet access to read and write BAR files from or to an S3 object store.
Only Amazon S3 and IBM Cloud Object Storage S3 are supported as S3 providers.

Any BAR files that you upload or import to the Dashboard will be stored with read/write access in a specified bucket in your S3 instance. These BAR files will all be visible on the "BAR files" page (which presents a view of the content server) and can also be viewed in the S3 bucket. An uploaded or imported BAR file is stored with a generated static token, which is hidden in the Dashboard UI, but visible as an object within the S3 bucket.

BAR files and associated tokens that are stored as objects in a bucket follow a naming convention, as shown in the following example for a BAR file named CustomerDatabaseV1.bar:

/mnt/data/content/CustomerDatabaseV1/bars/CustomerDatabaseV1.bar

/mnt/data/content/CustomerDatabaseV1/.token

If you choose S3 storage, you will need to specify the following storage settings for your provisioned S3 instance:

The name of an existing bucket for storing uploaded or imported BAR files
Although you are not restricted from using an S3 bucket that already contains other objects, a dedicated bucket for BAR file storage is recommended. If you decide to use a bucket that contains other objects, the App Connect Dashboard will ignore those objects because they have no association with the content server.

Note: If different instances of the App Connect Dashboard are configured to use the same S3 bucket with the same credentials and endpoint, BAR files that are uploaded or imported to the content server from either Dashboard will be visible on the "BAR files" page in both Dashboards and can be deployed from these Dashboards.
An S3 endpoint to which the S3 REST API sends requests for reading and writing objects
You should be able to locate the available endpoints from your S3 instance. For example, on IBM Cloud Object Storage S3, you can locate the endpoints from the Endpoints page.

To minimize latency, it is recommended that you use an S3 bucket that is in the same geographic area as your App Connect Dashboard instance. Also use an endpoint with a location or region that is similar to where the Dashboard is deployed. For more information, see Endpoints and storage locations in the IBM Cloud Object Storage S3 documentation and Amazon Simple Storage Service endpoints and quotas in the Amazon Web Services documentation.
S3 credentials for connecting to the bucket
You will need to supply these credentials by creating a configuration of type S3Credentials. For more information, see Creating a configuration of type S3Credentials for use with the App Connect Dashboard.

To define the storage type when creating an App Connect Dashboard instance, you must specify your preferred type in the custom resource settings by setting the spec.storage.type parameter and then complete the other spec.storage.* parameters as appropriate for the selected storage type. If you want to create an S3-compatible Dashboard, your must first create a configuration object of type S3Credentials to store the credentials for accessing the bucket.

Data encryption

To secure data that is stored at rest, the following options are supported for enabling data encryption:

Portworx Enterprise
For more information, see Step 4: Set up volume encryption with IBM Key Protect.
IBM Cloud File Storage
For more information, see Setting up encryption for Block Storage for VPC.
Amazon services

Other options, such as Network File System (NFS), are not supported.

Dashboard display modes

Integration servers and integration runtimes can co-exist in the same namespace in your cluster, but cannot co-exist in a single view in an App Connect Dashboard instance. The Dashboard custom resource (CR) includes a display mode option (or spec.displayMode parameter), which enables you to switch to a view of integration servers only or integration runtimes only.

When the display mode is set to IntegrationServers, only integration servers are displayed in, and can be deployed from, the Dashboard. Similarly, when the display mode is set to IntegrationRuntimes, only integration runtimes are displayed in, and can be deployed from, the Dashboard. You can switch the display mode of the Dashboard by updating its CR, but only instances of the selected resource type will be visible in that mode. If you want to view and deploy both resource types by using the Dashboard, the best approach is to create two separate Dashboard instances in your namespace to host your integration runtimes and integration servers.

Availability: The ability to select a display mode for a Dashboard instance to view either integration servers or integration runtimes is available only for spec.version values that resolve to 12.0.7.0-r1 or later in the CR. 12.0.6.0-r1 or earlier Dashboard instances support integration servers only.

Creating an instance

You can create an App Connect Dashboard instance from the IBM Cloud Pak Platform UI, the Red Hat OpenShift web console or CLI, or the CLI for a Kubernetes environment.

Configuring identity and access management (IAM):

For App Connect Dashboard 12.0.10.0-r2 or later instances that you create by using IBM App Connect Operator 11.0.0 or later, you can use IAM to control access to a Dashboard instance. IAM is implemented by using Keycloak to authenticate users and to authorize access. For information about the prerequisites for IAM, enabling IAM for a Dashboard instance, and configuring Keycloak, see Identity and access management for App Connect Designer and App Connect Dashboard instances on Red Hat OpenShift.

Before you begin

Ensure that the Prerequisites are met.
If you want to create an S3-compatible App Connect Dashboard instance, ensure that you have created a configuration object of type S3Credentials as described in Creating a configuration of type S3Credentials for use with the App Connect Dashboard.
Decide how to control upgrades to the instance when a new version becomes available. The spec.version value that you specify while creating the instance will determine how that instance is upgraded after installation, and whether you will need to specify a different license or version number for the upgrade. To help you decide whether to specify a spec.version value that either lets you subscribe to a channel for updates, or that uses a specific version for the instance, review the Upgrade considerations for channels, versions, and licenses before you start this task.
Namespace restriction for an instance, server, configuration, or trace:
The namespace in which you create an instance or object must be no more than 40 characters in length.

Create options:

Creating an instance from the IBM Cloud Pak Platform UI
Creating an instance from the Red Hat OpenShift web console
Creating an instance from the Red Hat OpenShift CLI or Kubernetes CLI

Creating an instance from the IBM Cloud Pak Platform UI

To create an App Connect Dashboard instance from the IBM Cloud Pak Platform UI, complete the following steps:

From a browser window, log in to the Platform UI.
Tip: You can use the generated URL for a deployed IBM Cloud Pak for Integration Platform UI instance to access the Platform UI.
- Applicable to IBM App Connect Operator 11.0.0 or later: The Platform UI Instances page opens as the home page. The welcome banner includes a theme switcher that you can use to choose a light theme, a dark theme, or a custom theme that matches your existing system UI.
- Applicable to IBM App Connect Operator 10.1.1 or earlier: The Platform UI home page opens with cards and navigation menu options that provide access to the instances and other resources that you are authorized to create, manage, or use. For information about completing administration tasks (such as user management or platform customization) from this page, see Platform UI in the IBM Cloud Pak foundational services documentation.
  
  From the navigation menu , expand Administration and click Integration instances.
From the Instances (or Integration instances) page, click Create an instance.
To create an App Connect Dashboard instance from the Create an instance page, click the Integration dashboard tile and click Next.
From the Create an integration dashboard page, click a tile to select which type of instance you want to create:
- Quick start: Deploy a development dashboard with one replica pod.
- Production: Deploy a production dashboard with multiple replica pods for resilience and high availability.
- Select a template from Automation assets: (Applicable to IBM App Connect Operator 11.0.0 or later) Create a Dashboard instance by selecting an existing template from Automation assets. For more information, see Deploying an instance from a template in the IBM Cloud Pak for Integration documentation.
Click Next. A UI form view opens with the minimum configuration that is required to create the instance.
Complete either of the following steps:
- To quickly get going, complete the standard set of configuration fields. You can display advanced settings in the UI form view by setting Advanced settings to on. Note that some fields might not be represented in the form.
  Note:
  - Identity and access management (IAM) by using Keycloak is enabled by default although the authentication and authorization fields (which are used to enable or disable IAM) are not displayed in UI form view. For more information about using IAM with the instance that you are creating, see Identity and access management for App Connect Designer and App Connect Dashboard instances on Red Hat OpenShift.
  - The API for IBM App Connect in containers is also enabled by default although its field is not displayed in UI form view. You can use this API to administer BAR files, configuration objects, integration runtimes, and trace objects within an App Connect Dashboard instance. For more information, see API for IBM App Connect in containers.
  The parameters for these fields (spec.authentication.integrationKeycloak.enabled, spec.authorization.integrationKeycloak.enabled, and spec.api.enabled) are exposed when you switch to the YAML view.
  - Name: Enter a short distinctive name that uniquely identifies this Dashboard.
  - Namespace: Enter the name of the namespace (project) where you want to create the Dashboard instance. If the Platform UI is deployed in a single namespace (namespace-scoped), this namespace is displayed and cannot be changed.
  - Labels: (Applicable to IBM App Connect Operator 11.0.0 or later) Add one or more labels as key/value pairs, which can be used to organize and categorize (scope and select) instances. For more information, see Labels and Selectors.
    By default, a label is provided with a key of backup.appconnect.ibm.com/component and a value of dashboard. This label is used if you need to run backup and restore operations by using OpenShift API for Data Protection (OADP) and is ignored otherwise.
  - Channel or version: Select an App Connect product (fix pack) version that the Dashboard is based on. You can select a channel that will resolve to the latest fully qualified version on that channel, or select a specific fully qualified version. If you are using IBM App Connect Operator 7.1.0 or later, the supported channels or versions will depend on the Red Hat OpenShift version that is installed in your cluster. For more information about these values, see spec.version values.
  - Accept: Review the license that is accessible from the supplied link and then click this check box to accept the terms and conditions.
  - License LI: Select a license identifier that aligns with the channel or the fully qualified version that you selected. For more information, see Licensing reference for IBM App Connect Operator.
  - License use: Select an appropriate CloudPakForIntegration or AppConnectEnterprise license type that you are entitled to use.
    IAM entitlements:
    - If you purchased Cloud Pak for Integration, you are entitled to use either CloudPakForIntegration* or AppConnectEnterprise* style licenses. However, to use a CloudPakForIntegration* license, a Platform UI instance must be deployed.
    - If you purchased the IBM App Connect Operator for an independent deployment, you are restricted to AppConnectEnterprise* style licenses regardless of whether IAM is enabled or disabled. (Although installation of the Cloud Pak for Integration and other Operators is permitted for configuring IAM, you are not allowed to deploy the Platform UI.)
  - Replicas: Specify the number of replica pods to run for this deployment.
  - Display Mode: Select the type of resources that you want to view in, or deploy from, the Dashboard.
    - IntegrationRuntimes: Select this option if you want to use the Dashboard to display or deploy integration runtimes only. This option is the default for Dashboard instances at version 12.0.9.0-r3 or later.
    - IntegrationServers: Select this option if you want to use the Dashboard to display or deploy integration servers only.
    For more information, see Dashboard display modes.
  - Storage type: Select the type of storage to use for storing BAR files that are uploaded or imported to the Dashboard.
    - persistent-claim: Choose this option for storage in a persistent volume in the container’s file system.
    - ephemeral: Choose this option for storage in an ephemeral volume that exists only for the lifetime of the pod.
    - s3: Choose this option for storage in a bucket in a Simple Storage Service (S3) instance.
    For more information, see Supported storage types.
  - Storage class: If preferred for a persistent volume, select a supported storage class for your cluster, which should be used to dynamically provision a persistent volume that belongs to that class.
    When Storage type is set to persistent-claim, either Storage class or Claim Name is required.
    
    IAM requirement: Keycloak requires block storage and a storage class that is set as the default class. For more information, see Storage options for Keycloak in the IBM Cloud Pak for Integration documentation.
  - Claim Name: If preferred for a persistent volume, specify the name of an existing claim that should be used to request a persistent volume for BAR file storage. This claim must exist in the same namespace as the Dashboard.
    When Storage type is set to persistent-claim, either Storage class or Claim Name is required.
  - Size: Specify the maximum amount of storage that is required for a persistent volume in decimal or binary format; that is, Gi or G. This value is required if Storage type is set to persistent-claim.
  - s3 bucket: Specify the name of an existing bucket that is used for object storage in a Simple Storage Service (S3) instance. You must have read/write access to this bucket, which will be used to store BAR files that are uploaded or imported to the Dashboard. This value is required if Storage type is set to s3.
    For a list of supported S3 providers and considerations for choosing a bucket, see Supported storage types.
  - s3 host: Specify an endpoint that is associated with your Simple Storage Service (S3) system, to which the S3 REST API sends requests for reading and writing objects to the bucket specified in s3 bucket. This value is required if Storage type is set to s3.
  - s3 configuration: Specify the name of an existing configuration object of type S3Credentials, which stores credentials for accessing the bucket specified in s3 bucket. Set this parameter to the Name (or metadata.name) value that was specified while creating the configuration. This value is required if Storage type is set to s3.
  Set Advanced settings to on if you want to specify any advanced settings from the UI form view.
  - Advanced: Log Format: Select a format for the container logs that are output to the container's console. Valid values are basic (the default) and json.
  - Advanced: Log Level: Select the level of information to display in the container logs. Valid values are info (the default) and debug.
  - Advanced: Labels: Specify one or more custom labels (as classification metadata) to apply to each pod that is created during deployment. Specify each label as a key/value pair. The custom labels that you specify are merged with the default (generated) labels. If duplicate label keys are detected, the custom value overwrites the default value.
  - Advanced: Annotations: Specify one or more custom annotations (as arbitrary metadata) to apply to each pod that is created during deployment. Specify each annotation as a key/value pair. The custom annotations that you specify are merged with the default (generated) annotations. If duplicate annotation keys are detected, the custom value overwrites the default value.
  - Advanced: Disable Routes: Clear this checkbox (the default) to enable the automatic creation of HTTP and HTTPS routes, which externally expose a service that identifies the set of Dashboard pods. Select this checkbox to disable the automatic creation of routes. This option is not applicable in a Kubernetes environment.
  - Content server container (Resource requirements): Specify resource requirements for running the content server container that stores BAR files. For information about the values that you can specify, see the spec.pod.containers.content-server.* parameters in Custom resource values.
  - Dashboard UI container (Resource requirements): Specify resource requirements for running the Dashboard UI container. For information about the values that you can specify, see the spec.pod.containers.control-ui.* parameters in Custom resource values.
  - Advanced: Name: Specify the name of an existing switch server that enables secure connectivity when running callable flows in the Dashboard instance, or when running flows that interact with applications in a private network. The switch server name is the metadata.name value in the switch server custom resource. For information about how to create a switch server, see App Connect Switch Server reference.
- For a more advanced configuration, click YAML to switch to the YAML view and then update the editor with your required parameters.
  - For information about the available parameters and their values, see Custom resource values.
  - For information about the supported storage types for storing BAR files that are uploaded to the App Connect Dashboard, see Storage. You can use the spec.storage.* parameters to allocate this storage. Note that you will not be able to change the storage type of your App Connect Dashboard instance after it's created.
Click Create. You are redirected to the Instances (or Integration instances) page. An entry for the instance is shown in the table with an initial status of Pending, which you can click to check the progress of the deployment. When the deployment completes, the status changes to Ready.

What to do next

If IAM with Keycloak is enabled for this instance, use the Keycloak Admin Console to manage user access to the instance by setting up users with assigned roles. For more information, see Identity and access management for App Connect Designer and App Connect Dashboard instances on Red Hat OpenShift.
Share the URL of the Platform UI with the configured users and supply the authentication credentials that they can use to log in to the Platform UI and Dashboard instance.
The authorized users can access the Dashboard (Integration dashboard) instance by clicking the name in the Platform UI, and then use the instance to deploy Designer and Toolkit integrations to integration servers or integration runtimes.

Creating an instance from the Red Hat OpenShift web console

To create an App Connect Dashboard instance by using the Red Hat OpenShift web console, complete the following steps:

From a browser window, log in to the Red Hat OpenShift Container Platform web console. Ensure that you are in the Administrator perspective .
From the navigation, click Operators > Installed Operators.
If required, select the namespace (project) in which you installed the IBM App Connect Operator.
From the Installed Operators page, click IBM App Connect.
From the Operator details page for the App Connect Operator, click the Dashboard tab.
Click Create Dashboard.
From the Details tab on the Operator details page, you can also locate the Dashboard tile and click Create instance to specify installation settings for the instance.
To use the Form view, ensure that Form view is selected and then complete the fields. Note that some fields might not be represented in the form.
- Name: Enter a short distinctive name that uniquely identifies this Dashboard.
- Labels: (Applicable to IBM App Connect Operator 11.0.0 or later)
  By default, a label is provided with a key of backup.appconnect.ibm.com/component and a value of dashboard. This label is used if you need to run backup and restore operations by using OpenShift API for Data Protection (OADP) and is ignored otherwise. For more information, see Backing up and restoring your IBM App Connect resources and persistent volumes on Red Hat OpenShift.
- License/Accept: Select this checkbox to accept the terms and conditions of the license.
- License/License LI: Select a license identifier that aligns with the channel or the fully qualified version that you want to select. For more information, see Licensing reference for IBM App Connect Operator.
- License/License use: Select an appropriate CloudPakForIntegration or AppConnectEnterprise license type that you are entitled to use.
  IAM entitlements:
  - If you purchased Cloud Pak for Integration, you are entitled to use either CloudPakForIntegration* or AppConnectEnterprise* style licenses. However, to use a CloudPakForIntegration* license, a Platform UI instance must be deployed.
  - If you purchased the IBM App Connect Operator for an independent deployment, you are restricted to AppConnectEnterprise* style licenses regardless of whether IAM is enabled or disabled. (Although installation of the Cloud Pak for Integration and other Operators is permitted for configuring IAM, you are not allowed to deploy the Platform UI.)
- Channel or version: Select an App Connect product (fix pack) version that the Dashboard is based on. You can select a channel that will resolve to the latest fully qualified version on that channel, or select a specific fully qualified version. If you are using IBM App Connect Operator 7.1.0 or later, the supported channels or versions will depend on the Red Hat OpenShift version that is installed in your cluster. For more information about these values, see spec.version values.
- Storage/Storage type: Select the type of storage to use for storing BAR files that are uploaded or imported to the Dashboard.
  - persistent-claim: Choose this option for storage in a persistent volume in the container’s file system.
  - ephemeral: Choose this option for storage in an ephemeral volume that exists only for the lifetime of the pod.
  - s3: Choose this option for storage in a bucket in a Simple Storage Service (S3) instance.
  Note that you cannot change the storage type of your App Connect Dashboard instance after it's created. For more information, see Supported storage types.
- Storage/Claim Name: If preferred for a persistent volume, specify the name of an existing claim that should be used to request a persistent volume for BAR file storage. This claim must exist in the same namespace as the Dashboard.
  When Storage type is set to persistent-claim, either Storage class or Claim Name is required.
- Storage/Storage class: If preferred for a persistent volume, select a supported storage class for your cluster, which should be used to dynamically provision a persistent volume that belongs to that class.
  When Storage type is set to persistent-claim, either Storage class or Claim Name is required.
  
  IAM requirement: Keycloak requires block storage and a storage class that is set as the default class. For more information, see Storage options for Keycloak in the IBM Cloud Pak for Integration documentation.
- Storage/s3 bucket: Specify the name of an existing bucket that is used for object storage in a Simple Storage Service (S3) instance. You must have read/write access to this bucket, which will be used to store BAR files that are uploaded or imported to the Dashboard. This value is required if Storage type is set to s3.
  For a list of supported S3 providers and considerations for choosing a bucket, see Supported storage types.
- Storage/s3 host: Specify an endpoint that is associated with your Simple Storage Service (S3) system, to which the S3 REST API sends requests for reading and writing objects to the bucket specified in s3 bucket. This value is required if Storage type is set to s3.
- Storage/s3 configuration: Specify the name of an existing configuration object of type S3Credentials, which stores credentials for accessing the bucket specified in s3 bucket. Set this parameter to the Name (or metadata.name) value that was specified while creating the configuration. This value is required if Storage type is set to s3.
- Storage/Selector: Specify a label query that a specified claim can use to filter for volumes that can be bound to the claim. This setting is applicable only when Storage type is set to persistent-claim. For more information, see the spec.storage.selector parameter in Custom resource values.
- Replicas: Specify the number of replica pods to run for this deployment.
- switchServer/Name: Specify the name of an existing switch server that enables secure connectivity when running callable flows in the Dashboard instance, or when running flows that interact with applications in a private network. The switch server name is the metadata.name value in the switch server custom resource. For information about how to create a switch server, see App Connect Switch Server reference.
  Note: If you want to deploy integrations that run callable flows or that interact with applications in a private network, the Dashboard instance must be configured to use a switch server.
  - For callable flows, the Dashboard configuration is automatic if a switch server also exists in the same namespace. When you create a switch server, it is automatically associated with the Dashboard instance, and default Agentx and AgentA configuration objects are created for configuring connectivity. This Agentx configuration object must be selected when creating an integration server or integration runtime that includes a callable flow. The default configuration objects are named in the format metadata.name-agentx and metadata.name-agenta, where metadata.name is the switch server name. For more information about configuration objects, see Configuration types.
  - To deploy integrations that interact with applications in a private network, you need to manually configure the Dashboard instance to use a switch server.
    - If a switch server is already deployed in the namespace, complete the switchServer/Name field (in Form view), or add the spec.switchServer.name parameter to the Dashboard YAML, where switchServerName is the metadata.name value in the switch server custom resource.
      
      spec: switchServer: name: switchServerName
    - If a switch server is not yet deployed in the namespace, you can create a switch server after you create the Dashboard instance. Then, update the Dashboard custom resource to add the spec.switchServer.name setting as described in Updating the custom resource settings for an instance.
    For information about how to create a switch server, see App Connect Switch Server reference. When you create a switch server, a default Private Network Agent configuration object is also created, which you can use to set up private network connectivity. The default configuration object is named in the format metadata.name-privatenetworkagent, where metadata.name is the switch server name.
  A Dashboard instance that is configured to use a switch server includes a Private network connections page that you can use to configure connectivity to applications in a private network.
- Display Mode: Select the type of resources that you want to view in, or deploy from, the Dashboard.
  - IntegrationRuntimes: Select this option if you want to use the Dashboard to display or deploy integration runtimes only. This option is the default for Dashboard instances at version 12.0.9.0-r3 or later.
  - IntegrationServers: Select this option if you want to use the Dashboard to display or deploy integration servers only.
  For more information, see Dashboard display modes.
- Api/Enabled: Select this checkbox (the default) to enable the API for IBM App Connect in containers (or IBM App Connect Enterprise certified container). You can use this API to administer BAR files, configuration objects, integration runtimes, and trace objects within an App Connect Dashboard instance. For more information, see API for IBM App Connect in containers.
Expand the Advanced configuration section if you want to specify any advanced settings in Form view.
- Log Format: Select a format for the container logs that are output to the container's console. Valid values are basic (the default) and json.
- Log Level: Select the level of information to display in the container logs. Valid values are info (the default) and debug.
- Pod/containers/control-ui: Specify resource requirements for running the Dashboard UI container. For information about the values that you can specify, see the spec.pod.containers.control-ui.* parameters in Custom resource values.
- Pod/containers/content-server: Specify resource requirements for running the content server container that stores BAR files. For information about the values that you can specify, see the spec.pod.containers.content-server.* parameters in Custom resource values.
- Pod/imagePullSecrets: Use the Add ImagePullSecrets link to add one or more secrets for pulling images.
- Pod/volumes: Specify details of one or more named volumes that can be provided to the pod, to use for persisting data. For information about the values that you can specify, see the spec.pod.volumes parameter in Custom resource values.
- Pod affinity: Specify custom affinity settings that will control the placement of pods on nodes. For more information, see the spec.affinity parameter in Custom resource values.
- Disable Routes: Clear this checkbox (the default) to enable the automatic creation of HTTP and HTTPS routes, which externally expose a service that identifies the set of Dashboard pods. Select this checkbox to disable the automatic creation of routes. This option is not applicable in a Kubernetes environment.
- Authentication and Authorization:
  - Authentication/integrationKeycloak/Enabled: Select this checkbox to control access to the Dashboard instance by using identity and access management (IAM) to validate user identities.
  - Authorization/integrationKeycloak/Enabled Select this checkbox to control access to the Dashboard instance by using IAM to grant access permissions.
  You must select both of these checkboxes to enable Keycloak, which implements IAM. Keycloak is enabled by default. For more information about using IAM with the instance that you are creating, see Identity and access management for App Connect Designer and App Connect Dashboard instances on Red Hat OpenShift.
  
  If you do not want to restrict access to the instance, you must clear both of the Enabled checkboxes. Also ensure that you are using an AppConnectEnterprise* style license.
  
  Restriction: These settings are not applicable for Kubernetes environments.
Optional: For a finer level of control over your installation settings, click YAML view to switch to the YAML view. Update the content of the YAML editor with the parameters and values that you require for this Dashboard instance.
To view the full set of parameters and values available, see Custom resource values.
Click Create to start the deployment. An entry for the Dashboard instance is shown in the Dashboards table, initially with a Pending status.
Click the Dashboard name to view information about its definition and current status.
On the Details tab of the page, you can view the following information:
- The Conditions section reveals the progress of the deployment.
- If you created the Dashboard by using IBM App Connect Operator 11.2.0 or later, the Dashboard UI field provides the URL for accessing the Dashboard instance. If Keycloak is enabled, the Keycloak UI field also provides the URL of the Keycloak instance that you can use to access the Keycloak Admin Console. (These URLs are displayed after the deployment completes.) You can also locate these URLs under Networking > Routes in the console navigation.
- If you created the Dashboard by using IBM App Connect Operator 11.1.0 or earlier, the Admin UI field provides the URL for accessing the Dashboard instance. (This URL is displayed after the deployment completes.) You can also locate this URL under Networking > Routes in the console navigation.
You can use the breadcrumb trail to return to the (previous) Operator details page for the App Connect Operator. When the deployment is complete, the status is shown as Ready in the Dashboards table.

What to do next

If IAM with Keycloak is enabled for this instance, use the Keycloak Admin Console to manage user access to the instance by setting up users with assigned roles. For more information, see Identity and access management for App Connect Designer and App Connect Dashboard instances on Red Hat OpenShift.
Share the Dashboard UI (or Admin UI) URL with the users who need to access the Dashboard. If IAM is enabled, also supply the authentication credentials that users can use to log in to the Dashboard instance.
Users can then access and use the Dashboard instance to deploy Designer and Toolkit integrations to integration servers or integration runtimes.

Creating an instance from the Red Hat OpenShift CLI or Kubernetes CLI

To create an App Connect Dashboard instance from the Red Hat OpenShift CLI, complete the following steps.

Note: These instructions relate to the Red Hat OpenShift CLI, but can be applied to a Kubernetes environment by using the relevant command to log in to the cluster, and substituting oc with kubectl where appropriate.

From your local computer, create a YAML file that contains the configuration for the App Connect Dashboard instance that you want to create. Include the metadata.namespace parameter to identify the namespace in which you want to create the instance; this should be the same namespace where the other App Connect instances or resources are created.
- To view the full set of parameters and values that you can specify, see Custom resource values.
  
  For information about the supported storage types for storing BAR files that are uploaded to the App Connect Dashboard, see Storage. You can use the spec.storage.* parameters to allocate this storage. Note that you will not be able to change the storage type of your App Connect Dashboard instance after it's created.
  IAM requirement: Keycloak requires block storage and a storage class that is set as the default class. For more information, see Storage options for Keycloak in the IBM Cloud Pak for Integration documentation.
  Note: If you want to deploy integrations that run callable flows or that interact with applications in a private network, the Dashboard instance must be configured to use a switch server.
  - For callable flows, the Dashboard configuration is automatic if a switch server also exists in the same namespace. When you create a switch server, it is automatically associated with the Dashboard instance, and default Agentx and AgentA configuration objects are created for configuring connectivity. This Agentx configuration object must be selected when creating an integration server or integration runtime that includes a callable flow. The default configuration objects are named in the format metadata.name-agentx and metadata.name-agenta, where metadata.name is the switch server name. For more information about configuration objects, see Configuration types.
  - To deploy integrations that interact with applications in a private network, you need to manually configure the Dashboard instance to use a switch server.
    
    If a switch server is already deployed in the namespace, complete the switchServer/Name field (in Form view), or add the spec.switchServer.name parameter to the Dashboard YAML, where switchServerName is the metadata.name value in the switch server custom resource.
    
    spec: switchServer: name: switchServerName
    
    If a switch server is not yet deployed in the namespace, you can create a switch server after you create the Dashboard instance. Then, update the Dashboard custom resource to add the spec.switchServer.name setting as described in Updating the custom resource settings for an instance.
    
    For information about how to create a switch server, see App Connect Switch Server reference. When you create a switch server, a default Private Network Agent configuration object is also created, which you can use to set up private network connectivity. The default configuration object is named in the format metadata.name-privatenetworkagent, where metadata.name is the switch server name.
  A Dashboard instance that is configured to use a switch server includes a Private network connections page that you can use to configure connectivity to applications in a private network.
- Use the spec.displayMode parameter to indicate whether you want to use the Dashboard to display or deploy integration servers only or integration runtimes only.
- To control access to the instance by using identity and access management (IAM), ensure that both of these parameters are set to true (the default).
  - spec.authentication.integrationKeycloak.enabled: This setting ensures that user identities can be validated.
  - spec.authorization.integrationKeycloak.enabled: This setting ensures that access permissions can be granted.
  This value enables Keycloak, which implements IAM. For more information about using IAM with the instance that you are creating, see Identity and access management for App Connect Designer and App Connect Dashboard instances on Red Hat OpenShift.
  
  If you do not want to restrict access to the instance, ensure that both of these parameters are set to false. Also ensure that you are using an AppConnectEnterprise* style license.
  
  Restriction: These settings are not applicable for Kubernetes environments.
- Use the spec.api.enabled parameter to indicate whether you want to enable the API for IBM App Connect in containers (or IBM App Connect Enterprise certified container). You can use this API to administer BAR files, configuration objects, integration runtimes, and trace objects within an App Connect Dashboard instance. For more information, see API for IBM App Connect in containers.
- For licensing information, see Licensing reference for IBM App Connect Operator.
  IAM entitlements:
  - If you purchased Cloud Pak for Integration, you are entitled to use either CloudPakForIntegration* or AppConnectEnterprise* style licenses. However, to use a CloudPakForIntegration* license, a Platform UI instance must be deployed.
  - If you purchased the IBM App Connect Operator for an independent deployment, you are restricted to AppConnectEnterprise* style licenses regardless of whether IAM is enabled or disabled. (Although installation of the Cloud Pak for Integration and other Operators is permitted for configuring IAM, you are not allowed to deploy the Platform UI.)
The following examples (Example 1 and Example 2) show a Dashboard CR with settings for a persistent-claim storage type and a display mode that provides a view of integration runtimes only. The spec.switchServer.name setting references an existing switch server that is used for callable flow and private network connectivity, and spec.api.enabled is set to tue to enable the API for IBM App Connect in containers.
Example 1: Keycloak enabled for IAM by default
```
apiVersion: appconnect.ibm.com/v1beta1
kind: Dashboard
metadata:
  name: db-prod
  labels:
    backup.appconnect.ibm.com/component: dashboard
  namespace: mynamespace
spec:
  license:
    accept: true
    license: L-QECF-MBXVLU
    use: CloudPakForIntegrationNonProduction
  pod:
    containers:
      content-server:
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 50Mi
      control-ui:
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 125Mi
  switchServer:
    name: default
  authentication:
    integrationKeycloak:
      enabled: true
  authorization:
    integrationKeycloak:
      enabled: true
  api:
    enabled: true
  storage:
    size: 5Gi
    type: persistent-claim
    class: ocs-storagecluster-cephfs
  displayMode: IntegrationRuntimes
  replicas: 3
  version: '12.0'
```
Example 2: Keycloak disabled - IAM not required (or not supported on Kubernetes)
```
apiVersion: appconnect.ibm.com/v1beta1
kind: Dashboard
metadata:
  name: db-prod
  labels:
    backup.appconnect.ibm.com/component: dashboard
  namespace: mynamespace
spec:
  license:
    accept: true
    license: L-QECF-MBXVLU
    use: AppConnectEnterpriseProduction
  pod:
    containers:
      content-server:
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 50Mi
      control-ui:
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 125Mi
  switchServer:
    name: default
  authentication:
    integrationKeycloak:
      enabled: false
  authorization:
    integrationKeycloak:
      enabled: false
  api:
    enabled: true
  storage:
    size: 5Gi
    type: persistent-claim
    class: valid-storage-class
  displayMode: IntegrationRuntimes
  replicas: 3
  version: '12.0'
```
The following examples (Example 3 and Example 4) show a Dashboard CR with settings for an s3 storage type and a display mode that provides a view of integration servers only. The spec.switchServer.name setting also references an existing switch server that is used for callable flow and private network connectivity.
Example 3: Keycloak enabled for IAM by default
```
apiVersion: appconnect.ibm.com/v1beta1
kind: Dashboard
metadata:
  name: db-prod
  labels:
    backup.appconnect.ibm.com/component: dashboard
  namespace: mynamespace
spec:
  license:
    accept: true
    license: L-QECF-MBXVLU
    use: CloudPakForIntegrationNonProduction
  pod:
    containers:
      content-server:
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 50Mi
      control-ui:
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 125Mi
  switchServer:
    name: default
  authentication:
    integrationKeycloak:
      enabled: true
  authorization:
    integrationKeycloak:
      enabled: true
  storage:
    size: 5Gi
    type: s3
    bucket: appc-operator-e2e
    host: s3.eu-gb.cloud-object-storage.appdomain.cloud
    s3Configuration: s3credentials-ibmcosiam
  displayMode: IntegrationServers
  replicas: 3
  version: '12.0'
```
Example 4: Keycloak disabled - IAM not required (or not supported on Kubernetes)
```
apiVersion: appconnect.ibm.com/v1beta1
kind: Dashboard
metadata:
  name: db-prod
  labels:
    backup.appconnect.ibm.com/component: dashboard
  namespace: mynamespace
spec:
  license:
    accept: true
    license: L-QECF-MBXVLU
    use: AppConnectEnterpriseProduction
  pod:
    containers:
      content-server:
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 50Mi
      control-ui:
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 125Mi
  switchServer:
    name: default
  authentication:
    integrationKeycloak:
      enabled: false
  authorization:
    integrationKeycloak:
      enabled: false
  storage:
    size: 5Gi
    type: s3
    bucket: appc-operator-e2e
    host: s3.eu-gb.cloud-object-storage.appdomain.cloud
    s3Configuration: s3credentials-ibmcosiam
  displayMode: IntegrationServers
  replicas: 3
  version: '12.0'
```
Save this file with a .yaml extension; for example, dashboard_cr.yaml.
From the command line, log in to your Red Hat OpenShift cluster by using the oc login command.
Run the following command to create the App Connect Dashboard instance. (Use the name of the .yaml file that you created.)
```
oc apply -f dashboard_cr.yaml
```

Run the following command to check the status of the App Connect Dashboard instance and verify that it is ready:

oc get dashboards -n namespace

On IBM App Connect Operator 11.2.0 or later, the output also provides the URL of the Dashboard instance as shown in the following example. If Keycloak is enabled, the URL of the Keycloak instance, which you can use to access the Keycloak Admin Console, is also displayed.

NAME       RESOLVEDVERSION   REPLICAS   CUSTOMIMAGES   STATUS  URL                                                              KEYCLOAKURL                                                                  AGE
testdash   12.0.12.2-r1      1          false          Ready   https://testdash-ui-jala.apps.acecc-shared-1120-cd-414-abc.com   https://keycloak-ibm-common-services.apps.acecc-shared-1120-cd-414-abc.com   30h

On IBM App Connect Operator 11.1.0 or earlier, the output also provides the URL of the Dashboard instance; for example:

NAME       RESOLVEDVERSION   REPLICAS   CUSTOMIMAGES   STATUS    URL                                                          AGE
db-prod    12.0.10.0-r3      3          false          Ready     https://db-prod-ui-mynamespace.apps.acecc-abcde.icp4i.com    9m12s

What to do next

If IAM with Keycloak is enabled for this instance on Red Hat OpenShift, use the Keycloak Admin Console to manage user access to the instance by setting up users with assigned roles. For more information, see Identity and access management for App Connect Designer and App Connect Dashboard instances on Red Hat OpenShift.
Share the URL value in the output with the users who need to access the Dashboard. If IAM is enabled, also supply the authentication credentials that users can use to log in to the Dashboard instance.
Users can then access and use the Dashboard instance to deploy Designer and Toolkit integrations to integration servers or integration runtimes.

Note: If you are using a Kubernetes environment, ensure that you create an ingress definition after you create this instance, to make its internal service publicly available. For more information, see Creating ingress definitions for external access to your IBM App Connect instances.

Updating the custom resource settings for an instance

If you want to change the settings of an existing App Connect Dashboard instance, you can edit its custom resource settings from the IBM Cloud Pak Platform UI, the Red Hat OpenShift web console or CLI, or the CLI for a Kubernetes environment. For example, you might want to change the log level for the container logs, apply custom annotations to the pods, or configure the instance to use a switch server for integrations that require a private network connection.

Restriction: You cannot update standard settings such as the kind of resource (kind), and the name and namespace (metadata.name and metadata.namespace), as well as some system-generated settings, or settings such as the storage type of certain components. An error message will be displayed when you try to save.

Ensure that you have cluster administrator authority or have been granted the appropriate role-based access control (RBAC).

Update options:

Updating an instance from the IBM Cloud Pak Platform UI
Updating an instance from the Red Hat OpenShift web console
Updating an instance from the Red Hat OpenShift CLI or Kubernetes CLI

Updating an instance from the IBM Cloud Pak Platform UI

To update an App Connect Dashboard instance from the IBM Cloud Pak Platform UI, complete the following steps:

From a browser window, log in to the Platform UI.
Tip: You can use the generated URL for a deployed IBM Cloud Pak for Integration Platform UI instance to access the Platform UI.
- Applicable to IBM App Connect Operator 11.0.0 or later: The Platform UI Instances page opens as the home page. The welcome banner includes a theme switcher that you can use to choose a light theme, a dark theme, or a custom theme that matches your existing system UI.
- Applicable to IBM App Connect Operator 10.1.1 or earlier: The Platform UI home page opens with cards and navigation menu options that provide access to the instances and other resources that you are authorized to create, manage, or use. For information about completing administration tasks (such as user management or platform customization) from this page, see Platform UI in the IBM Cloud Pak foundational services documentation.
  
  From the navigation menu , expand Administration and click Integration instances.
From the Instances (or Integration instances) page, locate the App Connect Dashboard (Integration dashboard) instance that you want to update.
Click the options icon to open the options menu, and then click Edit. The "Edit" page opens for that instance.
Either use the fields in the "UI form" view or switch to the YAML view to update the required settings. You can update existing values, add new entries, or delete entries. For information about the available parameters and their values, see Custom resource values.
Click Update to save your changes.

Updating an instance from the Red Hat OpenShift web console

To update an App Connect Dashboard instance by using the Red Hat OpenShift web console, complete the following steps:

From a browser window, log in to the Red Hat OpenShift Container Platform web console. Ensure that you are in the Administrator perspective .
From the navigation, click Operators > Installed Operators.
If required, select the namespace (project) in which you installed the IBM App Connect Operator.
From the Installed Operators page, click IBM App Connect.
From the Operator details page for the App Connect Operator, click the Dashboard tab.
Locate and click the name of the instance that you want to update.
Click the YAML tab.
Update the content of the YAML editor as required. You can update existing values, add new entries, or delete entries. For information about the available parameters and their values, see Custom resource values.
Click Save to save your changes.

Updating an instance from the Red Hat OpenShift CLI or Kubernetes CLI

To update an App Connect Dashboard instance from the Red Hat OpenShift CLI, complete the following steps.

From the command line, log in to your Red Hat OpenShift cluster by using the oc login command.
From the namespace where the Dashboard instance is deployed, run the oc edit command to partially update the instance, where instanceName is the name (metadata.name value) of the instance.
```
oc edit dashboard instanceName
```
The Dashboard CR automatically opens in the default text editor for your operating system.
Update the contents of the file as required. You can update existing values, add new entries, or delete entries. For information about the available parameters and their values, see Custom resource values.
Save the YAML definition and close the text editor to apply the changes.

Tip:

If preferred, you can also use the oc patch command to apply a patch with some bash shell features, or use oc apply with the appropriate YAML settings.

For example, you can save the YAML settings to a file with a .yaml extension (for example, updatesettings.yaml), and then run oc patch as follows to update the settings for an instance:

oc patch dashboard instanceName --type='merge' --patch "$(cat updatesettings.yaml)"

Deleting an instance

If no longer required, you can delete an App Connect Dashboard instance. You can do so from the IBM Cloud Pak Platform UI, the Red Hat OpenShift web console or CLI, or the CLI for a Kubernetes environment.

Ensure that you have cluster administrator authority or have been granted the appropriate role-based access control (RBAC).

Note:

If you delete an S3-compatible App Connect Dashboard instance, the BAR files and corresponding tokens will still be preserved in the S3 bucket. You can delete these objects from the bucket if no longer required. If retained in the bucket, you can reuse these objects later (if required) by creating another S3-compatible App Connect Dashboard instance that connects to the same bucket.

Delete options:

Deleting an instance from the IBM Cloud Pak Platform UI
Deleting an instance from the Red Hat OpenShift web console
Deleting an instance from the Red Hat OpenShift CLI or Kubernetes CLI

Deleting an instance from the IBM Cloud Pak Platform UI

To delete an App Connect Dashboard instance from the IBM Cloud Pak Platform UI, complete the following steps:

From a browser window, log in to the Platform UI.
Tip: You can use the generated URL for a deployed IBM Cloud Pak for Integration Platform UI instance to access the Platform UI.
- Applicable to IBM App Connect Operator 11.0.0 or later: The Platform UI Instances page opens as the home page. The welcome banner includes a theme switcher that you can use to choose a light theme, a dark theme, or a custom theme that matches your existing system UI.
- Applicable to IBM App Connect Operator 10.1.1 or earlier: The Platform UI home page opens with cards and navigation menu options that provide access to the instances and other resources that you are authorized to create, manage, or use. For information about completing administration tasks (such as user management or platform customization) from this page, see Platform UI in the IBM Cloud Pak foundational services documentation.
  
  From the navigation menu , expand Administration and click Integration instances.
From the Instances (or Integration instances) page, locate the App Connect Dashboard (Integration dashboard) instance that you want to delete.
Click the options icon () to open the options menu, and then click Delete.
Confirm the deletion.

Deleting an instance from the Red Hat OpenShift web console

To delete an App Connect Dashboard instance by using the Red Hat OpenShift web console, complete the following steps:

From a browser window, log in to the Red Hat OpenShift Container Platform web console. Ensure that you are in the Administrator perspective .
From the navigation, click Operators > Installed Operators.
If required, select the namespace (project) in which you installed the IBM App Connect Operator.
From the Installed Operators page, click IBM App Connect.
From the Operator details page for the App Connect Operator, click the Dashboard tab.
Locate the instance that you want to delete.
Click the options icon () to open the options menu, and then click the Delete option.
Confirm the deletion.

Deleting an instance from the Red Hat OpenShift CLI or Kubernetes CLI

To delete an App Connect Dashboard instance from the Red Hat OpenShift CLI, complete the following steps.

From the command line, log in to your Red Hat OpenShift cluster by using the oc login command.
From the namespace where the Dashboard instance is deployed, run the following command to delete the instance, where instanceName is the value of the metadata.name parameter.
```
oc delete dashboard instanceName
```

Custom resource values

The following table lists the configurable parameters and default values for the custom resource.

Parameter	Description	Default
apiVersion	The API version that identifies which schema is used for this instance.	`appconnect.ibm.com/v1beta1`
kind	The resource type.	`Dashboard`
metadata.name	A unique short name by which the Dashboard instance can be identified.
metadata.namespace	The namespace (project) in which the Dashboard instance is installed. The namespace in which you create an instance or object must be no more than 40 characters in length.
spec.affinity (Only applicable if spec.version resolves to 11.0.0.10-r1 or later)	Specify custom affinity settings that will control the placement of pods on nodes. The custom affinity settings that you specify will completely overwrite all of the default settings. (The current default settings are shown after this table.) Custom settings are supported only for `nodeAffinity`. If you provide custom settings for `nodeAntiAffinity`, `podAffinity`, or `podAntiAffinity`, they will be ignored. For more information about spec.affinity.nodeAffinity definitions, see Controlling pod placement on nodes using node affinity rules in the OpenShift documentation and Assign Pods to Nodes using Node Affinity in the Kubernetes documentation.
spec.annotations (Only applicable if spec.version resolves to 11.0.0.10-r1 or later)	Specify one or more custom annotations (as arbitrary metadata) to apply to each pod that is created during deployment. Specify each annotation as a key/value pair in the format `key: value`. For example: `spec: annotations: key1: value1 key2: value2` The custom annotations that you specify will be merged with the default (generated) annotations. If duplicate annotation keys are detected, the custom value will overwrite the default value.
spec.api.enabled (Only applicable if spec.version resolves to 12.0.12.2-r1 or later)	Indicate whether the API for IBM App Connect in containers (or IBM App Connect Enterprise certified container) is enabled. You can use this API to administer BAR files, configuration objects, integration runtimes, and trace objects within an App Connect Dashboard instance. For more information, see API for IBM App Connect in containers. Valid values are `true` and `false`. Set this value to `true` to enable the API.	`true`
spec.authentication.integrationKeycloak.enabled (Only applicable if spec.version resolves to 12.0.10.0-r2-lts or later) (Not applicable in a Kubernetes environment)	Indicate whether to control access to the instance by using identity and access management (IAM), which is implemented by using Keycloak. Valid values are `true` and `false`. Must be set to `true` to ensure that user identities can be validated. The spec.authorization.integrationKeycloak.enabled setting must also be set to `true`. Must be set to `false` if you do not want to restrict access to the instance. The spec.authorization.integrationKeycloak.enabled setting must also be set to `false`. Note: You cannot disable IAM by omitting spec.authentication.integrationKeycloak.enabled and spec.authorization.integrationKeycloak.enabled from the CR. If omitted, IAM is enabled by default. For more information, see Identity and access management for App Connect Designer and App Connect Dashboard instances on Red Hat OpenShift.	`true`
spec.authorization.integrationKeycloak.enabled (Only applicable if spec.version resolves to 12.0.10.0-r2-lts or later) (Not applicable in a Kubernetes environment)	Indicate whether to control access to the instance by using identity and access management (IAM), which is implemented by using Keycloak. Valid values are `true` and `false`. Must be set to `true` to ensure that access permissions can be granted. The spec.authentication.integrationKeycloak.enabled setting must also be set to `true`. Must be set to `false` if you do not want to restrict access to the instance. The spec.authentication.integrationKeycloak.enabled setting must also be set to `false`. Note: You cannot disable IAM by omitting spec.authentication.integrationKeycloak.enabled and spec.authorization.integrationKeycloak.enabled from the CR. If omitted, IAM is enabled by default. For more information, see Identity and access management for App Connect Designer and App Connect Dashboard instances on Red Hat OpenShift.	`true`
spec.disableRoutes (Only applicable if spec.version resolves to 12.0.5.0-r1-lts or later) (Not applicable in a Kubernetes environment; will be ignored)	Indicate whether to disable the automatic creation of routes, which externally expose a service that identifies the set of Dashboard pods. Valid values are `true` and `false`. Set this value to `true` to disable the automatic creation of external HTTP and HTTPS routes.	`false`
spec.displayMode (Only applicable if spec.version resolves to 12.0.7.0-r1 or later)	The type of resources that you want to view in, or deploy from, the Dashboard: `IntegrationServers`: Specify this option if you want to use the Dashboard to display or deploy integration servers only. `IntegrationRuntimes`: Specify this option if you want to use the Dashboard to display or deploy integration runtimes only. For more information, see Dashboard display modes.	`IntegrationServers` (when spec.version is 12.0.7.0-r1 through 12.0.9.0-r2) `IntegrationRuntimes` (when spec.version is 12.0.9.0-r3 or later)
spec.labels (Only applicable if spec.version resolves to 11.0.0.10-r1 or later)	Specify one or more custom labels (as classification metadata) to apply to each pod that is created during deployment. Specify each label as a key/value pair in the format `labelKey: labelValue`. For example: `spec: labels: key1: value1 key2: value2` The custom labels that you specify will be merged with the default (generated) labels. If duplicate label keys are detected, the custom value will overwrite the default value.
spec.license.accept	An indication of whether the license should be accepted. Valid values are `true` and `false`. To install, this value must be set to `true`.	`false`
spec.license.license	See Licensing reference for IBM App Connect Operator for the valid values.
spec.license.use	See Licensing reference for IBM App Connect Operator for the valid values.
spec.logFormat	The format used for the container logs that are output to the container's console. Valid values are `basic` and `json`.	`basic`
spec.logLevel (Only applicable if spec.version resolves to 11.0.0.12-r1 or later)	The level of information that is displayed in the container logs. Valid values are `info` and `debug`.	`info`
spec.pod.containers.content-server.livenessProbe.failureThreshold	The number of times the liveness probe (which checks whether the content server that stores BAR files is still running) can fail before taking action.	`1`
spec.pod.containers.content-server.livenessProbe.initialDelaySeconds	How long to wait (in seconds) before starting the liveness probe, which checks whether the content server that stores BAR files is still running.	`360`
spec.pod.containers.content-server.livenessProbe.periodSeconds	How often (in seconds) to perform the liveness probe, which checks whether the content server that stores BAR files is still running.	`10`
spec.pod.containers.content-server.livenessProbe.timeoutSeconds	How long (in seconds) before the liveness probe (which checks whether the content server that stores BAR files is still running) times out.	`5`
spec.pod.containers.content-server.readinessProbe.failureThreshold	The number of times the readiness probe (which checks whether the content server that stores BAR files is ready) can fail before taking action.	`1`
spec.pod.containers.content-server.readinessProbe.initialDelaySeconds	How long to wait (in seconds) before starting the readiness probe, which checks whether the content server that stores BAR files is ready.	`10`
spec.pod.containers.content-server.readinessProbe.periodSeconds	How often (in seconds) to perform the readiness probe, which checks whether the content server that stores BAR files is ready.	`5`
spec.pod.containers.content-server.readinessProbe.timeoutSeconds	How long (in seconds) before the readiness probe (which checks whether the content server that stores BAR files is ready) times out.	`3`
spec.pod.containers.content-server.resources.limits.cpu	The upper limit of CPU cores that are allocated for running the content server container. Specify integer, fractional (for example, 0.5), or millicore values (for example, 100m, equivalent to 0.1 core). When you create a Dashboard instance, no CPU limits are set on the resource if spec.version resolves to 12.0.7.0-r1 or later. If required, either use spec.pod.containers.content-server.resources.limits.cpu to set the CPU limits, or configure CPU limits for the namespace as described in Configure Memory and CPU Quotas for a Namespace in the Kubernetes documentation.	`1` (when spec.version is 12.0.6.0-r1 or earlier)
spec.pod.containers.content-server.resources.limits.ephemeral-storage (Only applicable if spec.version resolves to 12.0.1.0-r4 or later)	The disk upper limit in bytes when using ephemeral storage. Specify integers with one of these suffixes: E, P, T, G, M, K, or power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. For more information, see Setting requests and limits for local ephemeral storage.	20Gi
spec.pod.containers.content-server.resources.limits.memory	The memory upper limit (in bytes) that is allocated for running the content server container. Specify integers with suffixes: E, P, T, G, M, K, or power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki.	`512Mi`
spec.pod.containers.content-server.resources.requests.cpu	The minimum number of CPU cores that are allocated for running the content server container. Specify integer, fractional (for example, 0.5), or millicore values (for example, 100m, equivalent to 0.1 core).	`250m`
spec.pod.containers.content-server.resources.requests.ephemeral-storage (Only applicable if spec.version resolves to 12.0.1.0-r4 or later)	The minimum disk in bytes when using ephemeral storage. Specify integers with one of these suffixes: E, P, T, G, M, K, or power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. For more information, see Setting requests and limits for local ephemeral storage.	5Gi
spec.pod.containers.content-server.resources.requests.memory	The minimum memory (in bytes) that is allocated for running the content server container. Specify integers with one of these suffixes: E, P, T, G, M, K, or power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki.	`256Mi`
spec.pod.containers.control-ui.env (Only applicable if spec.version resolves to 12.0.11.3-r1 or later)	Define custom environment variables that will be set and used within the Dashboard UI container in the deployment. For example, you can set the container's timezone by declaring a `TZ` environment variable with a value that is set to a valid TZ identifier (such as `Africa/Abidjan`). This parameter exposes the Kubernetes API for declaring environment variables in the container, and as such follows the same schema. Add a name/value pair for each environment variable, as shown in the following example, which sets two environment variables for the container. `spec: pod: containers: control-ui: env: - name: MY_CUSTOM_ENV_VAR value: 'true' - name: ANOTHER_ENV_VAR value: '100'` For more information, see Define Environment Variables for a Container in the Kubernetes documentation.
spec.pod.containers.control-ui.livenessProbe.failureThreshold	The number of times the liveness probe (which checks whether the Dashboard UI container is still running) can fail before taking action.	`1`
spec.pod.containers.control-ui.livenessProbe.initialDelaySeconds	How long to wait (in seconds) before starting the liveness probe, which checks whether the Dashboard UI container is still running. Increase this value if your system cannot start Dashboard UI container in the default time period.	`360`
spec.pod.containers.control-ui.livenessProbe.periodSeconds	How often (in seconds) to perform the liveness probe that checks whether the Dashboard UI container is still running.	`10`
spec.pod.containers.control-ui.livenessProbe.timeoutSeconds	How long (in seconds) before the liveness probe (which checks whether the Dashboard UI container is still running) times out.	`5`
spec.pod.containers.control-ui.readinessProbe.failureThreshold	The number of times the readiness probe (which checks whether the Dashboard UI container is ready) can fail before taking action.	`1`
spec.pod.containers.control-ui.readinessProbe.initialDelaySeconds	How long to wait (in seconds) before starting the readiness probe, which checks whether the Dashboard UI container is ready.	`10`
spec.pod.containers.control-ui.readinessProbe.periodSeconds	How often (in seconds) to perform the readiness probe that checks whether the Dashboard UI container is ready.	`5`
spec.pod.containers.control-ui.readinessProbe.timeoutSeconds	How long (in seconds) before the readiness probe (which checks whether the Dashboard UI container is ready) times out.	`3`
spec.pod.containers.control-ui.resources.limits.cpu	The upper limit of CPU cores that are allocated for running the Dashboard UI container. Specify integer, fractional (for example, 0.5), or millicore values (for example, 100m, equivalent to 0.1 core). When you create a Dashboard instance, no CPU limits are set on the resource if spec.version resolves to 12.0.7.0-r1 or later. If required, either use spec.pod.containers.control-ui.resources.limits.cpu to set the CPU limits, or configure CPU limits for the namespace as described in Configure Memory and CPU Quotas for a Namespace in the Kubernetes documentation.	`1` (when spec.version is 12.0.6.0-r1 or earlier)
spec.pod.containers.control-ui.resources.limits.memory	The memory upper limit (in bytes) that is allocated for running the Dashboard UI container. Specify integers with suffixes: E, P, T, G, M, K, or power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki.	`512Mi`
spec.pod.containers.control-ui.resources.requests.cpu	The minimum number of CPU cores that are allocated for running the Dashboard UI container. Specify integer, fractional (for example, 0.5), or millicore values (for example, 100m, equivalent to 0.1 core).	`250m`
spec.pod.containers.control-ui.resources.requests.memory	The minimum memory (in bytes) that is allocated for running the Dashboard UI container. Specify integers with one of these suffixes: E, P, T, G, M, K, or power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki.	`256Mi`
spec.pod.containers.control-ui.volumeMounts (Only applicable if spec.version resolves to 12.0.11.3-r1 or later)	Details of where to mount one or more named volumes into the Dashboard UI container. Follows the Volume Mount specification at https://pkg.go.dev/k8s.io/api@v0.20.3/core/v1#VolumeMount. For more information, see Volumes in the Kubernetes documentation. The following volume mounts are blocked: /home/aceuser/ excluding /home/aceuser/ace-server/log /opt/ibm/ace-12/* Specify custom settings for your volume mounts as an array. Use spec.pod.containers.control-ui.volumeMounts with spec.pod.volumes. The spec.pod.containers.control-ui.volumeMounts.name value must match the name of a volume that is specified in spec.pod.volumes.name, as shown in the following example. `spec: pod: containers: control-ui: volumeMounts: - name: volume-name1 mountPath: /mypath subPath: mysubdir readOnly: true mountPropagation: HostToContainer volumes: - name: volume-name1 ...` The following example illustrates how to add an empty directory (as a volume) to the /cache folder in a Dashboard's pod. The mount into the Dashboard UI container is read-write by default. `spec: pod: containers: control-ui: volumeMounts: - name: cache-volume mountPath: /cache volumes: - name: cache-volume emptyDir: {}`
spec.pod.imagePullSecrets.name	The secret used for pulling images.
spec.pod.volumes (Only applicable if spec.version resolves to 12.0.11.3-r1 or later)	Details of one or more named volumes that can be provided to the pod, to use for persisting data. Each volume must be configured with the appropriate permissions to allow the Dashboard to read or write to it as required. Follows the Volume specification at https://pkg.go.dev/k8s.io/api/core/v1#VolumeMount. For more information, see Volumes in the Kubernetes documentation. Specify custom settings for your volume types as an array. Use spec.pod.volumes with spec.pod.containers.control-ui.volumeMounts. The following example illustrates how to add an empty directory (as a volume) to the /cache folder in a Dashboard's pod. The mount into the Dashboard UI container is read-write by default. `spec: pod: containers: control-ui: volumeMounts: - name: cache-volume mountPath: /cache volumes: - name: cache-volume emptyDir: {}`
spec.replicas	The number of replica pods to run for each deployment. A number between 1-10.
spec.storage.bucket (Only applicable if spec.version resolves to 12.0.1.0-r1 or later)	The name of an existing bucket that is used for object storage in a Simple Storage Service (S3) instance. You must have read/write access to this bucket, which will be used to store BAR files that are uploaded or imported to the App Connect Dashboard. For a list of supported S3 providers and considerations for choosing a bucket, see Supported storage types. Required if spec.storage.type is set to `s3`.
spec.storage.claimName	The name of an existing claim that should be used to request a persistent volume for BAR file storage. This claim must exist in the same namespace as the App Connect Dashboard. When spec.storage.type is set to `persistent-claim`, either spec.storage.claimName or spec.storage.class is required.
spec.storage.class	A supported storage class for your cluster, which should be used to dynamically provision a persistent volume that belongs to that class. If using IBM Cloud, set the storage class to `ibmc-file-gold-gid`. For more information, see Supported storage types. When spec.storage.type is set to `persistent-claim`, either spec.storage.claimName or spec.storage.class is required.
spec.storage.host (Only applicable if spec.version resolves to 12.0.1.0-r1 or later)	An endpoint associated with your Simple Storage Service (S3) system, to which the S3 REST API sends requests for reading and writing objects to the bucket specified in spec.storage.bucket. For more information, see Supported storage types. Required if spec.storage.type is set to `s3`.
spec.storage.s3Configuration (Only applicable if spec.version resolves to 12.0.1.0-r1 or later)	The name of an existing configuration object of type `S3Credentials`, which stores credentials for accessing the bucket specified in spec.storage.bucket. Set this parameter to the metadata.name value that was specified while creating the configuration. For information about creating this configuration, see Creating a configuration of type S3Credentials for use with the App Connect Dashboard. Required if spec.storage.type is set to `s3`.
spec.storage.selector	A label query that a specified claim can use to filter for volumes that can be bound to the claim. Optional and applicable only when spec.storage.type is set to `persistent-claim`. For more information, see Selector and Label selectors in the Kubernetes documentation.
spec.storage.size	The maximum amount of storage required for a persistent volume in decimal or binary format; that is, Gi or G. Required if spec.storage.type is set to `persistent-claim`.	`5Gi`
spec.storage.sizeLimit	The storage size limit when spec.storage.type is set to `ephemeral`.
spec.storage.type	The type of storage to use for storing BAR files that are uploaded or imported to the App Connect Dashboard. Valid values are: `persistent-claim`: Choose this option for storage in a persistent volume in the container’s file system. `ephemeral`: Choose this option for storage in an ephemeral volume that exists only for the lifetime of the pod. `s3`: Choose this option for storage in a bucket in a Simple Storage Service (S3) instance. For more information, see Supported storage types.
spec.switchServer.name (Only applicable if spec.version resolves to 12.0.7.0-r1 or later)	The name of an existing switch server that enables secure connectivity when running callable flows in the Dashboard instance, or when running flows that interact with applications in a private network. The switch server name is the metadata.name value in the switch server custom resource. For information about how to create a switch server, see App Connect Switch Server reference.
spec.useCommonServices Note: Removed from all instances in IBM App Connect Operator 11.0.0 or later. To enable identity and access management (IAM) with Keycloak, see spec.authentication.integrationKeycloak.enabled and spec.authorization.integrationKeycloak.enabled.	An indication of whether to enable use of IBM Cloud Pak foundational services 3.x.x when using an instance in IBM App Connect Operator 10.1.1 or earlier only. Valid values are `true` and `false`. Must be set to `true` if using an IBM Cloud Pak for Integration license (specified via spec.license.use). Can be set to `true` or `false` if using an App Connect Enterprise license. Must be set to `false` if running in a Kubernetes environment with one of the supported App Connect Enterprise licenses (specified via spec.license.use). Applicable only if spec.version resolves to 11.0.0.11-r2 to 12.0.5.0-r3: When set to `true`, only essential IBM Cloud Pak foundational services are requested, which means that only the Identity and Access Management (IAM) service is installed by default, together with a Common UI component that provides a login page for secure access to the instance. Applicable only if spec.version resolves to 12.0.5.0-r4 or later: If set to `true`, you must ensure that the IBM Cloud Pak foundational services Operator (3.19.x or later 3.x.x) is installed as part of your IBM Cloud Pak for Integration deployment, or is manually installed in the same namespace as your independent deployment of the IBM App Connect Operator. (For more information, see Installing IBM Cloud Pak foundational services.) When spec.useCommonServices is set to `true`, only essential IBM Cloud Pak foundational services are requested, which means that only the Identity and Access Management (IAM) service is installed by default, together with a Common UI component that provides a login page for secure access to the instance.	`false`
spec.version	The product version that the Dashboard instance is based on. Can be specified by using a channel or as a fully qualified version. If you specify a channel, you must ensure that the license aligns with the latest fully qualified version in the channel. If you are using IBM App Connect Operator 7.1.0 or later, the supported channels or versions will depend on the Red Hat OpenShift version that is installed in your cluster. To view the available values that you can choose from, see spec.version values.	`12.0`

Default affinity settings

The default settings for spec.affinity are as follows. Note that the labelSelector entries are automatically generated.

You can overwrite the default settings for spec.affinity.nodeAffinity with custom settings, but attempts to overwrite the default settings for spec.affinity.podAntiAffinity will be ignored.

spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/arch
            operator: In
            values:
            - amd64
            - s390x
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - podAffinityTerm:
          labelSelector:
            matchLabels:
              <copy of the pod labels>
          topologyKey: kubernetes.io/hostname
        weight: 100

Supported platforms

Red Hat OpenShift: Supports the amd64, s390x, and ppc64le CPU architectures. For more information, see Supported platforms.

Kubernetes environment: Supports only the amd64 CPU architecture. For more information, see Supported operating environment for Kubernetes.