Prerequisites
Before you install IBM Operational Decision Manager on Certified Kubernetes, make sure that you install the necessary software and prepare your cluster.
For more information about the level of integration with third-party Certified Kubernetes environments, see the Support statement.
License agreement
- License acceptance
- To install Operational Decision Manager, you must
read and accept the IBM license agreement. Refer to the LICENSES/LICENSE-EN
file of your Helm chart. You must explicitly set the license parameter to
true
to accept the license agreement and be to able to install Operational Decision Manager. For more information, see Preparing to install IBM Operational Decision Manager. - Licensing service
- To track your Operational Decision Manager usage, you must install the IBM License Service in your cluster. For more information, see Licensing and metering.
Software requirements
The following software is required.
- Docker
- For the supported versions, see the detailed system requirements.
- Kubernetes
- For the supported versions, see the detailed system requirements.
- Helm
- For the supported versions, see the detailed system requirements.
Persistence requirements
Operational Decision Manager must persist data in a database. You have three ways to persist the data: use the PostgreSQL internal database, use a supported external database, or use a custom external database. For more information, see Configuring the database.
- PersistentVolume
- If you are using the internal database without dynamic provisioning (parameters
internalDatabase.persistence.enabled=true
andinternalDatabase.persistence.dynamicProvisioning=false
), one PersistentVolume must be created before installing the chart. If you prefer to use an external database, make sure to create an instance of the external database.For more information, see Preparing to install IBM Operational Decision Manager.
- Database Credentials Secret
To preserve sensitive data, you must create a secret that encapsulates the database user and password before you install the Helm release.
Specify the name of the secret as the value for the parametersinternalDatabase.secretCredentials
orexternalDatabase.secretCredentials
, depending on the type of database you use.For more information, see Preparing to install IBM Operational Decision Manager.
Security requirements
- ServiceAccount requirements
- By default, the Helm chart creates and uses a custom service account that is named release_name-ibm-odm-dev-service-account for a developer edition, or release_name-ibm-odm-prod-service-account for a production installation. Depending on your cluster configuration, the service account must be granted the appropriate PodSecurityPolicy or SecurityContextConstraints.
- PodSecurityPolicy requirements (for any Certified Kubernetes platform except OpenShift)
- The Helm chart requires a PodSecurityPolicy to be bound to the target namespace before
installation. To meet this requirement, a specific cluster and namespace might have to be scoped by
a cluster administrator. The predefined PodSecurityPolicy name
ibm-restricted-psp
is verified for this chart. If your target namespace is bound to this PodSecurityPolicy, you can proceed to install the chart. - Red Hat OpenShift SecurityContextConstraints requirements
-
The Helm chart requires SecurityContextConstraints to be bound to the serviceAccount before installation. A cluster administrator can either bind the SecurityContextConstraints to the target namespace or to the serviceAccount specifically. See Preparing to install IBM Operational Decision Manager for how to execute this task.
The predefined SecurityContextConstraints name
restricted
is verified for this chart.For more information, see Preparing to install IBM Operational Decision Manager.
User access requirements
- Predefined users
- By default, Operational Decision Manager is provided with a set of predefined users. For these predefined users, you must define a unique password. For more information, see Preparing to install IBM Operational Decision Manager.
- LDAP users
- You can also provide customized user access through an LDAP directory. In this case, you need to configure access to the Liberty server and Decision Center with Kubernetes secrets. For more information, see Configuring user access.