Business Automation Workflow on containers runtime parameters

Edit online
Business Automation Workflow Runtime needs a set of values for its configuration parameters to create a Kubernetes deployment. The following tables provide the description and default value for each parameter. Complete the custom resource YAML file for your deployment by supplying values for your environment and configuration.

The following tables list the configurable parameters and their default values. All properties are mandatory, unless they have a default value or are explicitly optional. Although the containers might seem to install correctly when some parameters are omitted, this configuration is not supported.

Shared configuration parameters

See Shared configuration parameters External link opens a new window or tab. The pattern configuration parameters, LDAP configuration parameters, and all mandatory shared configuration parameters (including sc_deployment_baw_license) are required.

Business Automation Navigator configuration parameters

See IBM® Business Automation Navigator configuration parameters External link opens a new window or tab.

FileNet Content Manager configuration parameters

See IBM FileNet® Content Manager configuration parameters External link opens a new window or tab.

Business Automation Workflow configuration parameters

Provide the details that are relevant to your Business Automation Workflow environment and your decisions for the deployment of the container.

The following tables list the parameters for configuring Business Automation Workflow:

Workflow Server configuration parameters

You can deploy multiple instances of Workflow Server and assign different configurations for each instance. For each instance, baw_configuration.name and baw_configuration.name.hostname must have different values. Keep the instance name as short as possible to avoid running into line length problems.

For each instance's database configuration, you can choose to use either different database instances, or one shared database instance. If you use a shared database instance:
  • In Db2® or PostgreSQL, you must assign different database names (baw_configuration[x].database.database_name)
  • In Oracle, you must assign different database users (the dbUser in the baw_configuration[x].database.secret_name)
For baw_configuration[x].tls.tls_secret_name, if you choose to use a customized Workflow Server TLS certificate, ensure that each instance has a different value.

The following table lists the parameters for configuring Workflow Server. The Required column shows the parameters that are required.

Table 1. Workflow Server configuration parameters: spec.baw_configuration[x]
Parameter name Description Example values Required
name Name of the instance. The name for each item in the array must be different. The name can consist of lowercase alphanumeric characters or '-', and must start and end with an alphanumeric character. Keep the instance name short. The default value is instance1. instance1 Yes
host_federated_portal Whether the Business Automation Workflow instance hosts federated Process Portal. The host_federated_portal is valid only if IBM Process Federation Server is configured. Only one Business Automation Workflow Runtime server connected to the Process Federation Server can host federated Process Portal. The default value is false. false No
federated_portal. content_security_policy_additional_origins Content security policy has additional origins for federating Business Automation Workflow traditional systems. For example, ["https://on-prem-baw1","https://on-prem-baw2"]. [] No
process_federation_server.hostname Hostname of Process Federation Server. cpd-baw-cpfs.apps.x700.cp.fyre.ibm.com Yes
process_federation_server.port Port of Process Federation Server. The default value is 443. 443 No
process_federation_server.context_root_prefix Context root prefix of Process Federation Server. /pfs Yes
service_type Workflow Server service type. The default value is Route. Route No
hostname baw-server route hostname. If the hostname is not set, a default hostname with the following format is used.
baw-<BAW instance name>-<shared_configuration.sc_deployment_hostname_suffix>
  No
port Workflow Server port. The default value is 443. 443 No
nodeport Workflow Server node port. The default value is 30026. 30026 No
env_type Workflow Server environment type. The default value is Production. Production, Staging, Test, Development No
capabilities Workflow Server capability. Valid values are workflow, workstreams, and workflow,workstreams. workflow Yes
replicas Workflow Server replica count. The default value is 1. 1 No
 25.0.1.0 
rolling_update.max_unavailable		 Maximum number of pods that can be unavailable during a rolling update. Accepts an integer or percentage value.
Note: You might need to enable FeatureGates to use max_unavailable in Statefulset.
 "1" No
admin_user Designate an existing LDAP user to be given Workflow Server admin rights. Yes
admin_secret_name The name of Workflow Server admin secret. This secret name is optional. If the secret name is null, a default secret named <name>-<instance_name>-baw-admin-secret is generated, where <name> is the name of the custom resource that is used to generate the deployment environment. <name>-<instance-name>-baw-admin-secret No
monitor_enabled Whether to use the built-in monitoring capability. The default value is false. false No
full_text_search.enable Whether to enable the data collector and data indexer function. You must also add opensearch in shared_configuration.sc_optional_components and specify the elasticsearch.endpoint. The default value is false. false No
elasticsearch.endpoint Endpoint of external Elasticsearch or OpenSearch, such as https://<external_es_host>:<external_es_port>. This parameter is required if you want to use external Elasticsearch or OpenSearch for the data collector and data index function.   No
elasticsearch.admin_secret_name The external Elasticsearch or OpenSearch administrative secret that contains the username and password keys. If your instance does not have basic authentication, leave this parameter empty.   No
customized_portal_endpoint Required if you implemented your own portal. For example, https://portal.mycompany.com. false No
external_connection_timeout External connection timeout. The default value is 60s. 60s No
external_tls_secret For the baw-server route, the name of the secret that contains the certificates and Transport Layer Security (TLS) private key to be used for the route. If you set this parameter, the setting overrides the default generated certificate and the shared setting for route certificates. If you need to customize the route's certificate, create a secret that uses the following command and set the secret name to the property.
kubectl create secret generic ext-tls-crt-secret --from-file=tls.crt=<path to crt file> --from-file=tls.key=<path to key file>
The crt file must contain the route certificate followed by any intermediate CA signer certificates and the root CA signer certificate in an unencrypted PEM format. The key file must also be in unencrypted PEM format.		 No
external_tls_ca_secret This parameter is used only by stand-alone Business Automation Workflow on containers. For the baw-server route, provide the name of the secret containing the root CA certificate that signed the route certificate. If a customized secret for external_tls_secret is provided, you must also set the external_tls_ca_secret using the following command.
kubectl create secret generic ext-tls-ca-crt-secret --from-file=tls.crt=<path to crt file>
The crt file must contain the root CA signer certificate in an unencrypted PEM format.		 No
tls.tls_secret_name Workflow Server TLS secret that contains the tls.key and tls.crt keys. If you want to use a customized Workflow Server TLS certificate, ensure that it is signed by the CA in shared_configuration.root_ca_secret and that each instance has a different value. If you do not want to use a customized certificate, leave it empty, and the operator creates one automatically. <cr_name>-<instance_name>-baw-tls-secret No
tls.tls_trust_list Workflow Server TLS trust list. No
tls.tls_trust_store Secret to store your custom trusted keystore (optional). The type for the keystore must be JKS or PKCS12. All certificates from the keystore are imported into the trust keystore of the Workflow server. You cannot use this parameter when FIPS mode is enabled. External sourced trust stores are also not supported. You might run the following sample command to create the secret: 
kubectl create secret generic baw_custom_trust_keystore_secret --from-file=truststorefile=./trust.jks --from-literal=type=JKS --from-literal=password=WebAS
   No
image.repository Workflow Server (Process Server) image repository URL. By default, the path points to the URL and location in the IBM Entitled Registry. The default value is <path>/workflow-server where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value. <path>/workflow-server No
image.tag Image tag for Workflow Server container. If you want to use a specific image version, you can override the default tag or digest. 25.0.0 No
image.pullPolicy Pull policy for Workflow Server container. The default value is IfNotPresent. IfNotPresent, Always No
seccomp_profile.type   Localhost No
seccomp_profile.localhost_profile The type of seccomp profile to be used by the pods. You can also define the seccomp profile globally at shared_configuration.sc_seccomp_profile. Supported values are: Unconfined, RuntimeDefault, and Localhost. For more information about seccomp profile, see Restrict a Container's Syscalls with seccomp External link opens a new window or tab. The default value is RuntimeDefault on Red Hat® OpenShift® 4.11 and later. On other platforms, the default value is empty. profiles/audit.json Only if seccomp_profile.type is set to Localhost.
kafka_services.enable Option to enable or disable the Kafka services. By default, kafka_services.enable is disabled and its value is false. When the Kafka component is configured in shared_configuration.sc_optional_components, the value of kafka_services.enable is true. For more information about Kafka services, see Creating a Kafka service External link opens a new window or tab. false No
upgrade_job.repository Workflow Server database handling image repository URL. The default value is <path>/workflow-server-dbhandling where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value. <path>/workflow-server-dbhandling No
upgrade_job.tag Workflow Server database handling image repository tag. If you want to use a specific image version, you can override the default tag or digest. 25.0.0 No
upgrade_job.pullPolicy Pull policy for database handling. The default value is IfNotPresent. IfNotPresent, Always No
upgrade_job.trace_specification Trace specification for the Workflow Server database handling job. The default value is *=info. *=info:WLE.wle=fine:com.ibm.workflow.*=finest No
bas_auto_import_job.repository Workflow Server Business Automation Studio toolkit init image repository URL. The default value is <path>/toolkit_installer where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value. <path>/toolkit_installer No
bas_auto_import_job.tag Workflow Server Business Automation Studio toolkit init image repository tag. If you want to use a specific image version, you can override the default tag or digest. 25.0.0 No
bas_auto_import_job.pullPolicy Pull policy for Business Automation Studio toolkit init image.   No
database.dc_use_postgres Set this parameter to true, if you want PostgreSQL database to be created for a Business Automation Workflow database. If you set the value of database.dc_use_postgres to true, make sure that database.enable_ssl is also set to true and database.db_cert_secret_name, database.server_name, database.database_name, database.port, and database.secret_name are left empty because the operator automatically sets the values of these parameters with the values of the EDB Postgres instance.
Note:  25.0.1.0 EDB Postgres is not supported in 25.0.1.0. You must use an external PostgreSQL for the Identity Management (IM) service, Platform UI (Zen service), and Business Teams Service (BTS).
 false No
database.enable_ssl Whether to enable Secure Sockets Layer (SSL) support for the Workflow Server database connection. The default value is false. false No
database.db_cert_secret_name Secret name for storing the database TLS certificate when an SSL connection is enabled.   Yes
database.type Workflow Server database type. A "db2", "db2HADR", "db2rds", "db2rdsHADR", "oracle", "postgresql", or "sqlserver" database is supported. The default value is "db2". db2 Yes
database.server_name Workflow Server database server name. It must be an accessible address, such as an IP, hostname, or Kubernetes service name.   Yes
database.database_name Workflow Server database name.   Yes, but not required by Oracle
database.port Workflow Server database port. For Db2, the default is 50000. For Oracle, the default is 1521. Yes
database.secret_name Workflow Server database secret name.   Yes
database.current_schema Workflow Server database schema name. If it is not set, the schema name is the same as the database username. Only DB2® and PostgreSQL support this parameter. For DB2, the schema name is case-sensitive, and must be specified in uppercase characters.   No
database.jdbc_url Oracle and PostgreSQL database connection string. This parameter is not required for PostgreSQL if you enter server_name, database_name, and port. For Oracle: jdbc:oracle:thin:@//<oracle_server>:1521/orcl

For PostgreSQL: jdbc:postgresql://<postgresql_server>:5432/<your_database>

 Yes
database.use_custom_jdbc_drivers Whether to use custom JDBC drivers. Set to true if you are using Oracle, PostgreSQL, or a special Db2 driver. The default value is false. false No
database.custom_jdbc_pvc Name of the persistent volume claim (PVC) that binds to the persistent volume (PV) where the custom JDBC driver files are stored. Yes
database.jdbc_driver_files The set of JDBC driver files. The default value is:
db2jcc4.jar
db2jcc_license_cisuz.jar
db2jcc_license_cu.jar
 
db2jcc4.jar
db2jcc_license_cisuz.jar
db2jcc_license_cu.jar
 No
database.cm_max_pool_size Workflow server database connect pool maximum number of physical connections. The default value is 200. 200 No
database.dbcheck.wait_time The maximum wait time (in seconds) to check the database initialization status. The default value is 900. 900 No
database.dbcheck.interval_time The interval time (in seconds) to check that the database initialization status before thedatabase is ready and bootstrapped with system data. The default value is 15. 15 No
database.hadr.standbydb_host Database standby host for high availability disaster recovery (HADR). To enable database HADR, configure both standby host and port. No
database.hadr.standbydb_port Database standby port for HADR. To enable database HADR, configure both standby host and port. No
database.hadr.retryinterval Retry interval for HADR. No
database.hadr.maxretries Maximum retries for HADR. No
content_integration.init_job_image.repository Image name for content integration container. By default, the path points to the URL and location in the IBM Entitled Registry. The default value is <path>/iaws-ps-content-integration where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value. <path>/iaws-ps-content-integration No
content_integration.init_job_image.tag Image tag for content integration container. If you want to use a specific image version, you can override the default tag or digest. 25.0.0 No
content_integration.init_job_image.pull_policy Pull policy for content integration container. The default value is IfNotPresent. IfNotPresent, Always No
content_integration.domain_name Domain name for content integration. The value must be the same as initialize_configuration.ic_domain_creation.domain_name. The default value is P8DOMAIN. P8DOMAIN No
content_integration.object_store_name Object Store name for content integration.   No
content_integration.cpe_admin_secret Admin secret for connecting to the Content Platform Engine (CPE). This parameter is optional. If not set, it will autodetect Content Platform Engine's admin secret in the same namespace.   No
case.init_job_image.repository Image name for CASE init job container. By default, the path points to the URL and location in the IBM Entitled Registry. The default value is <path>/workflow-server-case-initialization where <path> is cp.icr.io/cp/cp4a/baw/. If sc_image_repository has a value, the path is that value. <path>/workflow-server-case-initialization No
case.init_job_image.tag Image tag for CASE init job container. If you want to use a specific image version, you can override the default tag or digest. 25.0.0 No
case.init_job_image.pull_policy Pull policy for CASE init job container. The default value is IfNotPresent. IfNotPresent, Always No
case.domain_name Domain name for CASE. The value must be the same as initialize_configuration.ic_domain_creation.domain_name. The default value is P8DOMAIN. P8DOMAIN No
case.object_store_name_dos Design Object Store name of CASE. The value must be the same as the oc_cpe_obj_store_symb_name value of one of the object stores defined in initialize_configuration.ic_obj_store_creation.object_stores. The default value is DOS. DOS No
case.tos_list The tos_list is a list of Target Object Stores.   No
case.tos_list.object_store_name Target Object Store name of CASE. For each Target Object Store, the object_store_name value must be the same as the oc_cpe_obj_store_symb_name value of one of the object stores defined in initialize_configuration.ic_obj_store_creation.object_stores.   Yes
case.tos_list.connection_point_name_tos Connection point name for Target Object Store. See initialize_configuration.ic_obj_store_creation.object_stores[x].oc_cpe_obj_store_workflow_pe_conn_point_name. If oc_cpe_obj_store_workflow_pe_conn_point_name is not specified explicitly, the default value is pe_conn_<TOS_OS_DB_NAME>. For example, pe_conn_BAWINS1TOS. cpe_conn_tos Required if the Target Object Store does not exist in initialize_configuration.ic_obj_store_creation.object_stores.
case.tos_list.desktop_id Navigator desktop name for Target Object Store. The default value is baw. There is no default value for other target object stores. BAWINS1TOS No
case.tos_list.target_environment_name Name of the target environment or project area to register with the case components and associate with an IBM Content Navigator desktop. The default value of case.tos_list.target_environment_name for the default target object store is target_env. The default value of case.tos_list.target_environment_name for other target object stores is the object store name. target_env No
case.tos_list.is_default Whether to use the Target Object Store as the default Target Object Store. If none of the Target Object Stores is set as default, the first one in the tos_list is set as the default Target Object Store. false No
case.network_shared_directory_pvc Persistent volume claim (PVC) name for case network shared directory. If navigator_configuration.datavolume.existing_pvc_for_icn_pluginstore is not specified explicitly, the default value is icn-pluginstore. See IBM Business Automation Navigator configuration parameters External link opens a new window or tab. icn_pluginstore No
case.custom_package_names Custom package names for installing custom packages, where the value format is similar to package1.zip, package2.zip.   No
case.custom_extension_names Custom extension names for installing custom packages, where the value format is similar to extension1.zip, extension2.zip.   No
case.cpe_metadata_cache_time_to_live Number of seconds before a newly added or modified asset will take effect in the Case Client. The value must be an integer. A default value is used at run time if this parameter is not set. 100 No
case.jvm_customize_options JVM options for the case init job, separated with spaces. For example, -Dtest1=test -Dtest2=test2.   No
resources.limits.cpu CPU limit for Workflow Server. The default value is 2. 2 No
resources.limits.memory Memory limit for Workflow Server. The default value is 2096Mi. 2096Mi No
resources.requests.cpu Requested amount of CPU for Workflow Server. The default value is 500m. 500m No
resources.requests.memory Requested amount of memory for Workflow Server. The default value is 1048Mi. 1048Mi No
probe.ws.liveness_probe.initial_delay_seconds Number of seconds after the Workflow Server container starts before the liveness probe is initiated. The default value is 360. 360 No
probe.ws.liveness_probe.period_seconds Number of seconds to wait before the next probe. The default value is 10. 10 No
probe.ws.liveness_probe.timeout_seconds Number of seconds after which the probe times out. The default value is 10. 10 No
probe.ws.liveness_probe.failure_threshold When a probe fails, number of times that Kubernetes tries before it gives up and restarts the container. The default value is 3. 3 No
probe.ws.liveness_probe.success_threshold Minimum consecutive successes for the probe to be considered successful after it failed. The default value is 1. 1 No
probe.ws.readinessProbe.initial_delay_seconds Number of seconds after the Workflow Server container starts before the readiness probe is initiated. The default value is 360. 360 No
probe.ws.readiness_probe.period_seconds Number of seconds to wait before the next probe. The default value is 5. 5 No
probe.ws.readiness_probe.timeout_seconds Number of seconds after which the probe times out. The default value is 5. 5 No
probe.ws.readiness_probe.failure_threshold When a probe fails, number of times that Kubernetes tries before it marks the pod as unready. The default value is 6. 6 No
probe.ws.readiness_probe.success_threshold Minimum consecutive successes for the probe to be considered successful after it failed. The default value is 1. 1 No
probe.ws.startup_probe.period_seconds Number of seconds to wait before the next probe. The default value is 10. 10 No
probe.ws.startup_probe.timeout_seconds Number of seconds after which the probe times out. The default value is 10. 10 No
probe.ws.startup_probe.failure_threshold When a probe fails, number of times that Kubernetes tries before it marks the pod as unready. The default value is 20. 20 No
probe.ws.startup_probe.success_threshold Minimum consecutive successes for the probe to be considered successful after it failed. The default value is 1. 1 No
logs.console_format Format for printing logs on the console. The default value is json. json No
logs.console_log_level Log level for printing logs on the console. The default value is INFO. INFO No
logs.console_source Source of the logs for printing on the console. The default values are message, trace, accessLog, ffdc, audit. message, trace, accessLog, ffdc, audit No
logs.message_format Required format for the messages.log file. The default value is SIMPLE. SIMPLE, JSON No
logs.trace_format Format of the trace log. The default value is ENHANCED. BASIC, ADVANCED, ENHANCED No
logs.trace_specification Specification for printing trace logs. The default value is *=info|. *=info| No
logs.max_files Maximum number of log files that are kept before the oldest file is removed. The default value is 10. 10 No
logs.max_filesize Maximum size (in MB) that a log file can reach before it is rolled. The default value is 50. 50 No
audit_log.enable Whether to enable the audit log for Process Admin Console. The default value is false.
Note: If you enable audit_log, you cannot enable audit_logging. Only one of the parameters, audit_log.enable or audit_logging.enabled, can be set to true at a time.
 false No
audit_log.pvc_name Persistent volume claim (PVC) for audit logs. If it is not specified, audit logs are stored in the log PVC.   No
audit_log.pvc_size Size of the persistent volume (PV) that is mounted as the audit log store. The default value is 2Gi. 2Gi No
audit_log.file_name Audit log file name. The default value is bawaudit.log. bawaudit.log No
audit_log.rollover_size Maximum size (in MB) that the log file can reach before it is closed and a new one is created. The default value is 100. 100 No
audit_log.verbose Whether to enable verbose mode. The default value is true. true. true No
audit_log.max_historical_files Maximum number of historical files that are kept. The default value is 5. 5 No
audit_logging.enabled Whether to enable the Audit Logging service. The default value is true. This overrides the sc_audit_logging.enabled of the cluster CR.
Note: If you enable audit_logging, you cannot enable audit_log. Only one of the parameters, audit_logging.enabled or audit_log.enable, can be set to true at a time.
 true  
audit_logging.log_dir_size The maximum size of the audit log directory. The default value is 150Mi. 150Mi  
audit_logging.rolling_max_files The maximum number of rolling files for audit log. The default value is 5. 5  
audit_logging.rolling_max_size The maximum size of one audit log file. The default value is 20Mi. 20Mi  
storage.use_dynamic_provisioning Set to true to use dynamic storage provisioning. If set to false, you must set existing_pvc_for_logstore and existing_pvc_for_dumpstore. The default value is true. true No
storage.existing_pvc_for_logstore Persistent volume claim (PVC) for logs.   No
storage.size_for_logstore Minimum size of the persistent volume (PV) that is mounted as the log store. The default value is 1Gi. 1Gi No
storage.existing_pvc_for_dumpstore PVC for dump files.   No
storage.size_for_dumpstore Minimum size of the PV that is mounted as the dump store. The default value is 5Gi. 5Gi No
storage.existing_pvc_for_filestore PVC for files. This includes temporary files that are created by the SQL integration facility. See .   No
storage.size_for_filestore Minimum size of the PV that is mounted as the file store. The default value is 1Gi. 1Gi No
autoscaling.enabled Whether to enable automatically scaling the number of pods. The default value is false. false No
autoscaling.max_replicas Upper limit for the number of pods that can be set by the autoscaler. If it is not specified or negative, the server uses the default value. The default value is 3. 3 No
autoscaling.min_replicas Lower limit for the number of pods that can be set by the autoscaler. If it is not specified or negative, the server uses the default value. The default value is 2. 2 No
autoscaling.target_cpu_utilization_percentage Target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it is not specified or negative, the default is used. The default value is 80. 80 No
environment_config. timezone Timezone of the Workflow server. The default value is Etc/UTC. Etc/UTC No
environment_config.csrf.origin_allowlist Security-hardening property that protects against Cross-Site Request Forgery (CSRF) attacks. Specify the values that are acceptable in the origin header field of an incoming request. The value of this property must be a comma-separated list of prefixes. https://example.com, http://example2.com:8080 No
environment_config.csrf.referer_allowlist Security-hardening property that protects against CSRF attacks. Specify the values that are acceptable in the referer header field of an incoming request. The value of this property must be a comma-separated list of fully qualified host names. example1.com, example2.com No
environment_config.csrf.user_agent_keyword_allow_list_for_old_restapi_csrf_check Comma-separated list of user agents. For the REST API requests with the path pattern /rest/bpm/wle/v1/* that is sent by the agents in the list, the server will not validate the XSRF-TOKEN cookie. The value of this property must be a comma-separated list, for example, agentkeyworkd1, agentkeyworkd2. java,wink client,httpclient,curl,jersey,httpurlconnection No
environment_config.csrf.check_xsrf_for_old_restapi Whether to validate the XSRF-TOKEN cookie against incoming REST API requests (POST/PUT/DELETE) with the path pattern /rest/bpm/wle/v1/*. The default value is true. true No
environment_config.content_security_policy_additional_default_src Content security policy additional directive for default-src. It accepts array list inputs as shown in the example. ["https://hostname1", "https://hostname2"] No
environment_config.content_security_policy_additional_script_src Content security policy additional directive for script-src. It accepts array list inputs as shown in the example. ["https://hostname1", "https://hostname2"] No
environment_config.content_security_policy_additional_frame_src Content security policy additional directive for frame-src. It accepts array list inputs as shown in the example. ["https://hostname1", "https://hostname2"] No
environment_config.content_security_policy_additional_object_src Content security policy additional directive for object-src. It accepts array list inputs as shown in the example. ["https://hostname1", "https://hostname2"] No
environment_config.content_security_policy_additional_connect_src Content security policy additional directive for connect-src. It accepts array list inputs as shown in the example. ["https://hostname1", "https://hostname2"] No
environment_config.content_security_policy_additional_frame_ancestor Content security policy additional directive for frame-ancestor. It accepts array list inputs as shown in the example. ["https://hostname1", "https://hostname2"] No
environment_config.content_security_policy_additional_img_src Content security policy additional directive for img-src. It accepts array list inputs as shown in the example. ["https://hostname1", "https://hostname2"] No
environment_config.content_security_policy_additional_font_src Content security policy additional directive for font-src. It accepts array list inputs as shown in the example. ["https://hostname1", "https://hostname2"] No
environment_config.enable_fips Use this option only if FIPS mode is enabled for the deployment by setting shared_configuration.enable_fips to true. To disable FIPS for the component, change the value to false. false No
federation_config.workflow_server. index_number_of_shards Number of primary shards of the Elasticsearch index used to store Workflow server data. The default value is 3. 3 No
federation_config.workflow_server. index_number_of_replicas Number of shard replicas of the Elasticsearch index used to store Workflow server data. The default value is 1. 1 No
federation_config.case_manager[x]. object_store_name Case Manager object store name. The default value is TOS. TOS No
federation_config.case_manager[x]. index_number_of_shards Number of primary shards of the Elasticsearch index used to store Case Manager object store data. The default value is 3. 3 No
federation_config.case_manager[x]. index_number_of_replicas Number of shard replicas of the Elasticsearch index used to store Case Manager object store data. The default value is 1. 1 No
jvm_customize_options JVM options separated with spaces. For example, -Dtest1=test -Dtest2=test2.   No
liberty_custom_xml Workflow Server custom plain XML snippet. The custom_xml_secret_name is also used for Workflow Server customization. Put your configuration values either in liberty_custom_xml or custom_xml_secret_name. Do not set the configuration value in both places.   No
custom_xml_secret_name Workflow Server custom XML secret name. The liberty_custom_xml is also used for Workflow Server customization. Put your configuration values either in liberty_custom_xml or custom_xml_secret_name. Do not set the same configuration value in both places.   No
lombardi_custom_xml_secret_name Workflow Server Lombardi custom XML secret name.   No
node_affinity.deploy_arch Values in this field are used as kubernetes.io/arch selector values. The valid values are amd64, s390x, and ppc64le.   No
node_affinity.custom_node_selector_match_expression Added in node selector match expressions. It accepts array list inputs. You can assign multiple selector match expressions except (kubernetes.io/arch). 
- key: kubernetes.io/hostname
  operator: In
  values:
    - worker0
    - worker1
    - worker3
 No
custom_annotations Values in this field are used as annotations in all generated pods. They must be valid annotation key-value pairs. customAnnotationKey: customAnnotationValue No
custom_labels Values in this field are used as labels in all generated pods. They must be valid label key-value pairs. customLabelKey: customLabelValue No
security_context.selinux_options Key value pair to assign SELinux labels to a container. selinux_options: type: "spc_t" No
security_context.fs_groupchangepolicy Defines behavior for changing ownership and permission of the volume before being exposed inside a Pod. Possible values :
  • Always
  • OnRootMismatch
 fs_groupchangepolicy:"OnRootMismatch" No
zen_performance.keepalive Number of idle keepalive connections to an upstream server that remain open for each worker process. This parameter is optional. The default value is 512. 512 No
zen_performance.keepalive_timeout How long an idle keepalive connection remains open. This parameter is optional. The default value is 30s. 30s No
zen_performance.keepalive_requests The number of requests a client can make over a single keepalive connection. This parameter is optional. The default value is 500. 500 No
zen_performance.proxy_buffer_size Size of the buffer used to read the first part of the response received from the proxied server. This parameter is optional. The default value is 256k. 256k No
zen_performance.proxy_buffers Number and size of the buffers that are used for reading a response from the proxied server, for a single connection. This parameter is optional. The default value is 8 512k. 8 512k No
zen_performance.proxy_busy_buffers_size When buffering of responses from the proxied server is enabled, this parameter limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read. This parameter is optional. The default value is 512k. 512k No
zen_performance.proxy_connect_timeout Timeout for establishing a connection with a proxied server. This parameter is optional. The default value is 300s. 300s No
zen_performance.proxy_send_timeout Timeout for transmitting a request to the proxied server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the proxied server does not receive anything within this time, the connection is closed. This parameter is optional. The default value is 300s. 300s No
zen_performance.proxy_read_timeout Timeout for reading a response from the proxied server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the proxied server does not transmit anything within this time, the connection is closed. This parameter is optional. The default value is 300s. 300s No

Java Message Service (JMS) configuration parameters

The following table lists the parameters for configuring JMS. All parameters are optional.

Table 2. Java Message Service (JMS) configuration parameters: spec.baw_configuration
Parameter name Description Example values
jms.storage.persistent Whether to enable persistent storage for JMS. The default value is true. true
jms.storage.size Size for JMS persistent storage. The default value is 1Gi. 1Gi
jms.storage.use_dynamic_provisioning Whether to enable dynamic provisioning for JMS persistent storage. The default value is true. true
jms.storage.access_modes Access modes for JMS persistent storage. Refer to Kubernetes documentation for available options. The default value is ReadWriteOnce. ReadWriteOnce
jms.storage.storage_class Storage class name for JMS persistent storage. The default value is shared_configuration.storage_configuration. sc_fast_file_storage_classname. shared_configuration.storage_configuration. sc_fast_file_storage_classname

BPM event emitter configuration parameters

The following table lists the parameters for configuring BPM event emitter. All parameters are optional.

Table 3. BPM event emitter configuration parameters: spec.baw_configuration[x]
Parameter name Description Example values Required
business_event.enable Whether to enable event monitoring for Dynamic Event Framework events for the Workflow Services container. If Business Automation Insights and the Machine Learning Server parameters are configured, this parameter must be set to true. The default value is false. false No
business_event.enable_task_api Whether to record additional task information in generated events. If Business Automation Insights and the Machine Learning Server parameters are configured, this parameter must be set to true. This parameter is equivalent to the enable_task_api_def parameter. The default value is false. false No
business_event.enable_task_record Whether to enable the task record in generated events. This optional parameter is equivalent to the task-record-enabled parameter. The default value is true. true No
business_event.subscription List of the subscription configurations. Each subscription attribute is listed in the rest of this table.
 [{'app_name': '*','version': '*','component_type': '*','component_name': '*','element_type': '*','element_name': '*','nature': '*'}]
See Event point key and filter External link opens a new window or tab.		   No
business_event.subscription[x].app_name Name of the source application that has events to monitor. The default value is *, which means all applications are monitored.   No
business_event.subscription[x].component_name Name of the component to monitor. The default value is *, which means all components are monitored.   No
business_event.subscription[x].component_type Type of the component to monitor. The default value is *, which means all component types are monitored.   No
business_event.subscription[x].element_name Name of the element to monitor. The default value is *, which means all elements are monitored.   No
business_event.subscription[x].element_type Type of element to monitor. BPMN types include PROCESS, ACTIVITY, EVENT, and GATEWAY. The default value is *, which means all element types are monitored.   No
business_event.subscription[x].nature Status of the event to monitor. Elements can send events of various statuses. The BPMN status types include STARTED, COMPLETED, TERMINATED, DELETED, FAILED, CAUGHT, THROWN, EXPECTED, ACTIVE, READY, RESOURCE_ASSIGNED, ACTIVE, LOOP_CONDITION_TRUE, LOOP_CONDITION_FALSE, and MULTIPLE_INSTANCES_STARTED. The default value is *, which means all status types are monitored.   No
business_event.subscription[x].version Version of the source application that has events to monitor. The default value is *, which means all versions are monitored.   No
To enable event monitoring for Dynamic Framework Events, add the configuration business_event related to each instance of baw_configuration in your custom resource YAML file, as in the following example:
  baw_configuration:
    - name: instance1
      business_event:
	#The main switch
        enable: true
	#Performance tuning switches. You must set these to true so the task-related events can be monitored.
        enable_task_api: true
        enable_task_record: true
	#Subscription related settings
        subscription:
        - app_name: '*'
          component_name: '*'
          component_type: '*'
          element_name: '*'
          element_type: '*'
          nature: '*'
          version: '*'

Case event emitter configuration parameters

The following table lists the parameters for configuring Case event emitter. By default, the Case event emitter is not enabled. If you enable it, the case.event_emitter.logical_unique_id parameter is required. Otherwise, all parameters are optional.

Table 4. Case event emitter configuration parameters: spec.baw_configuration[x]
Parameter name Description Example values
case.event_emitter.date_sql Creation date of the events. The emitter starts processing the events from that date. If a bookmark exists, the emitter ignores this parameter and processes the events from the bookmark.  
case.event_emitter.logical_unique_id An 8-character alphanumeric string without underscores. This value is always required. While processing, the emitter tracks the events that are processed by using the Content Engine Audit Processing Bookmark with a display name that is based on this value. Therefore, if the emitter is restarted and if the bookmark exists, the emitter processes the events from the last bookmark. This parameter is required if the case event emitter is enabled.  
case.event_emitter.solution_list Comma-separated list of all the case solution names that need to be processed. Add all the solutions that you want to be processed before you deploy the Case event emitter.  
case.event_emitter.emitter_batch_size Case event emitter batch size. The default value is 1000. 1000
case.event_emitter.process_pe_events Whether to process FileNet Process Engine events in addition to IBM Business Automation Workflow events. The default value is true. true
tos_name Case target object store name.  
connection_point_name Target object store connection point name.  
The following example shows sample values:
event_emitter:
  date_sql: 20200630T002840Z
  logical_unique_id: bawinst1
  solution_list: SampleSolution1,SampleSolution2
You can use the * wildcard if you want events from all the case solutions to be processed by the Case event emitter. Use: solution_list: *

Case History emitter configuration parameters

The following table lists the parameters for configuring Case history emitter.

Table 5. Case History emitter configuration parameters: spec.baw_configuration[x]
Parameter name Description Example values
case.case_history_emitter.enable Whether to enable Case History emitter. true
case.case_history_emitter.case_history_store_schema_name Schema name of Case History store. CHSCHEMA
case.case_history_emitter.dc_common_cpe_datasource_name Content Platform Engine datasource name of Case History store. CASEHISTORYDS
The following example shows sample values:
case_history_emitter:
        enable: true
        case_history_store_schema_name: CHSCHEMA
        dc_common_cpe_datasource_name: CASEHISTORYDS

Intelligent Task Prioritization configuration parameters

The following table lists the parameters for configuring Intelligent Task Prioritization. All parameters are optional. These parameters are not supported on Linux® on IBM Z® or Linux on Power® (ppc64le).
Important: To use Intelligent Task Prioritization, you must set the following Business Automation Insights parameter to true: 
bai_configuration:
    bpmn:
      install: true
Table 6. Intelligent Task Prioritization configuration parameters: spec.baml_configuration
Parameter name Description Example values
intelligent_task_prioritization.replicas Intelligent Task Prioritization pod count. The default value is 2. 2
intelligent_task_prioritization.probes.readiness.initial_delay_seconds Number of seconds after the Intelligent Task Prioritization container starts before the readiness probe is initiated. The default value is 40. 40
intelligent_task_prioritization.image.repository Image for Intelligent Task Prioritization container. By default, the path points to the URL and location in the IBM Entitled Registry. The default value is <path>/bui-task-prioritization, where <path> is cp.icr.io/cp/cp4a/baw. If sc_image_repository has a value, the path is that value. <path>bui-task-prioritization
intelligent_task_prioritization.image.tag Image tag for Intelligent Task Prioritization container. If you want to use a specific image version, you can override the default tag or digest. 25.0.1.0
intelligent_task_prioritization.image.pull_policy Pull policy for Intelligent Task Prioritization container. The default value is IfNotPresent. IfNotPresent, Always
intelligent_task_prioritization.resources.limits.cpu CPU limit for Intelligent Task Prioritization container. The default value is 2. 2
intelligent_task_prioritization.resources.limits.memory Memory limit for Intelligent Task Prioritization container. The default value is 2048Mi. 2048Mi
intelligent_task_prioritization.resources.requests.cpu Requested amount of CPU for Intelligent Task Prioritization container. The default value is 500m. 500m
intelligent_task_prioritization.resources.requests.memory Requested amount of memory for Intelligent Task Prioritization container. The default value is 1024Mi. 1024Mi
intelligent_task_prioritization.storage.use_dynamic_provisioning Whether to use a dynamic storage provisioner. If this parameter is set to false, existing_pvc_for_logstore and existing_pvc_for_trained_pipelines must also be set. The default value is true. true
intelligent_task_prioritization.storage.existing_pvc_for_logstore Persistent volume claim (PVC) for logs.  
intelligent_task_prioritization.storage.size_for_logstore Minimum size of the persistent volume (PV) that is mounted as the log store. The default value is 1Gi. 1Gi
intelligent_task_prioritization.storage.existing_pvc_for_trained_pipelines PVC for Intelligent Task Prioritization trained pipeline files.  
intelligent_task_prioritization.storage.size_for_trained_pipelines Minimum size of the PV that is mounted as the storage for Intelligent Task Prioritization trained pipeline files. The default value is 10Gi. 10Gi
intelligent_task_prioritization.autoscaling.enabled Whether to enable Horizontal Pod Autoscaler for Intelligent Task Prioritization pod. The default value is false. false
intelligent_task_prioritization.autoscaling.max_replicas Upper limit for the number of pods that can be set by the autoscaler. It cannot be smaller than min_replicas. The default value is 3. 3
intelligent_task_prioritization.autoscaling.min_replicas Lower limit for the number of replicas to which the autoscaler can scale down. The default value is 2. 2
intelligent_task_prioritization.autoscaling.target_cpu_utilization_percentage Target average CPU utilization over all the pods. The default value is 80. 80
intelligent_task_prioritization.node_affinity.deploy_arch Values in this field are used as kubernetes.io/arch selector values. The default value is amd64. Intelligent Task Prioritization does not support s390x and ppc64le architectures. 
amd64
intelligent_task_prioritization.node_affinity.custom_node_selector_match_expression Added in node selector match expressions. It accepts array list inputs. You can assign multiple selector match expressions except (kubernetes.io/arch). 
- key: kubernetes.io/hostname
  operator: In
  values:
    - worker0
    - worker1
    - worker3
intelligent_task_prioritization.custom_annotations Values in this field are used as annotations in all generated pods. They must be valid annotation key-value pairs. customAnnotationKey: customAnnotationValue
intelligent_task_prioritization.custom_labels Values in this field are used as labels in all generated pods. They must be valid label key-value pairs. customLabelKey: customLabelValue
intelligent_task_prioritization.retrain_model_schedule The time schedule at which the Intelligent Task Prioritization server is triggered to train the model using data retrieved from the Business Automation Insights server. The default value is the Linux cron expression to have it run every Sunday at 3AM UTC, since that is a low-use time period. The crontab format is 
# ┌───────────── minute (0 - 59)
# │ ┌───────────── hour (0 - 23)
# │ │ ┌───────────── day of month (1 - 31)
# │ │ │ ┌───────────── month (1 - 12)
# │ │ │ │ ┌───────────── day of week (0 - 6) (Sunday to Saturday)
# │ │ │ │ │
# │ │ │ │ │
# │ │ │ │ │
# * * * * *
To schedule the training every 30 minutes, use 
*/30 * * * *
To schedule it every day at 3AM UTC, use 
* 3 * * *
 * 3 * * 0

Workforce Insights configuration parameters

The following table lists the parameters for configuring Workforce Insights. All parameters are optional. These parameters are not supported on Linux on IBM Z or Linux on Power (ppc64le).
Important: To use Workforce Insights, you must set the following Business Automation Insights parameters to true: 
bai_configuration:
    bpmn:
      install: true
      force_elasticsearch_timeseries: true
Table 7. Workforce Insights configuration parameters: spec.baml_configuration
Parameter name Description Example values
workforce_insights.replicas Workforce Insights pod count. The default value is 2. 2
workforce_insights.probes.readiness.initial_delay_seconds Number of seconds after the Workforce Insights container starts before the readiness probe is initiated. The default value is 40. 40
workforce_insights.image.repository Image for Workforce Insights container. By default, the path points to the URL and location in the IBM Entitled Registry. The default value is <path>/bui-workforce-insights where <path> is cp.icr.io/cp/cp4a/baw. If sc_image_repository has a value, the path is that value. <path>/baw/bui-workforce-insights
workforce_insights.image.tag Image tag for Workforce Insights container. If you want to use a specific image version, you can override the default tag or digest. 25.0.1.0
workforce_insights.image.pull_policy Pull policy for Workforce Insights container. The default value is IfNotPresent. IfNotPresent, Always
workforce_insights.resources.limits.cpu CPU limit for Workforce Insights container. The default value is 2. 2
workforce_insights.resources.limits.memory Memory limit for Workforce Insights container. The default value is 2048Mi. 2048Mi
workforce_insights.resources.requests.cpu Requested amount of CPU for Workforce Insights container. The default value is 500m. 500m
workforce_insights.resources.requests.memory Requested amount of memory for Workforce Insights container. The default value is 1024Mi. 1024Mi
workforce_insights.storage.use_dynamic_provisioning Whether to use a dynamic storage provisioner. If this parameter is set to false, existing_pvc_for_logstore must also be set. The default value is true. true
workforce_insights.storage.existing_pvc_for_logstore Persistent volume claim (PVC) for logs.  
workforce_insights.storage.size_for_logstore Minimum size of the persistent volume (PV) that is mounted as the log store. The default value is 1Gi. 1Gi
workforce_insights.autoscaling.enabled Whether to enable Horizontal Pod Autoscaler for Workforce Insights pod. The default value is false. false
workforce_insights.autoscaling.max_replicas Upper limit for the number of pods that can be set by the autoscaler. It cannot be smaller than min_replicas. The default value is 3. 3
workforce_insights.autoscaling.min_replicas Lower limit for the number of replicas to which the autoscaler can scale down. The default value is 2. 2
workforce_insights.autoscaling.target_cpu_utilization_percentage Target average CPU utilization over all the pods. The default value is 80. 80
workforce_insights.node_affinity.deploy_arch Values in this field are used as kubernetes.io/arch selector values. The default value is amd64. Workforce Insights does not support s390x and ppc64le architectures. amd64
workforce_insights.node_affinity.custom_node_selector_match_expression Added in node selector match expressions. It accepts array list inputs. You can assign multiple selector match expressions except (kubernetes.io/arch). 
- key: kubernetes.io/hostname
  operator: In
  values:
    - worker0
    - worker1
    - worker3
workforce_insights.custom_annotations Values in this field are used as annotations in all generated pods. They must be valid annotation key-value pairs. customAnnotationKey: customAnnotationValue
workforce_insights.custom_labels Values in this field are used as labels in all generated pods. They must be valid label key-value pairs. customLabelKey: customLabelValue