Prerequisites

License agreement

License acceptance

To install Operational Decision Manager, you must read and accept the IBM license agreement. Refer to the LICENSES/LICENSE-EN file of your Helm chart. You must explicitly set the license parameter to true to accept the license agreement and be to able to install Operational Decision Manager. For more information, see Preparing to install IBM Operational Decision Manager.

Licensing service

To track your Operational Decision Manager usage, you must install the IBM License Service in your cluster. For more information, see Licensing and metering.

Software requirements

The following software is required.

Docker

For the supported versions, see the detailed system requirements.

Kubernetes

For the supported versions, see the detailed system requirements.

Helm

For the supported versions, see the detailed system requirements.

Persistence requirements

Operational Decision Manager must persist data in a database. You have three ways to persist the data: PostgreSQL internal database, supported external database, or custom external database. For more information, see Configuring the database.

PersistentVolume

If you are using the internal database without dynamic provisioning (parameters internalDatabase.persistence.enabled=true and internalDatabase.persistence.dynamicProvisioning=false), one PersistentVolume must be created before installing the chart. If you prefer to use an external database, make sure that you create an instance of the external database first.

For more information, see Preparing to install Operational Decision Manager.

Database Credentials Secret

To preserve sensitive data, you must create a secret that encapsulates the database user and password before you install the Helm release.

Specify the name of the secret as the value for the parameters internalDatabase.secretCredentials or externalDatabase.secretCredentials, depending on the type of database you use.

For more information, see Preparing to install Operational Decision Manager.

Security requirements

ServiceAccount requirements

By default, the Helm chart creates and uses a custom service account that is named release_name-ibm-odm-dev-service-account for a developer edition, or release_name-ibm-odm-prod-service-account for a production installation. Depending on your cluster configuration, the service account must be granted the appropriate PodSecurityPolicy or SecurityContextConstraints.

PodSecurityPolicy requirements (for any Certified Kubernetes platform except OpenShift)

The Helm chart requires a PodSecurityPolicy to be bound to the target namespace before installation. To meet this requirement, a specific cluster and namespace might have to be scoped by a cluster administrator. The predefined PodSecurityPolicy name ibm-restricted-psp is verified for this chart. If your target namespace is bound to this PodSecurityPolicy, you can proceed to install the chart.

Red Hat OpenShift SecurityContextConstraints requirements

The Helm chart requires SecurityContextConstraints to be bound to the serviceAccount before installation. A cluster administrator can either bind the SecurityContextConstraints to the target namespace or to the serviceAccount specifically. See Preparing to install Operational Decision Manager for how to execute this task.

The predefined SecurityContextConstraints name restricted is verified for this chart.

For more information, see Preparing to install Operational Decision Manager.

User access requirements

Predefined users

By default, Operational Decision Manager includes a set of predefined users. For these predefined users, you must define a unique password. For more information, see Preparing to install Operational Decision Manager.

LDAP users

You can also provide customized user access through an LDAP directory. In this case, you need to configure access to the Liberty server and Decision Center with Kubernetes secrets. For more information, see Configuring user access.