IBM Mobile Foundation Custom Resource (CR) configuration
improve this page | report issueParameters
Qualifier | Parameter | Definition | Allowed Value |
---|---|---|---|
global.arch | amd64 | amd64 worker node scheduler preference in a hybrid cluster | amd64 |
global.image | pullPolicy | Image Pull Policy | Always, Never, or IfNotPresent. Default: IfNotPresent |
pullSecret | Image pull secret | Required only if images are not hosted on OCP image registry. | |
global.ingress | hostname | The external hostname or IP address to be used by external clients | Leave blank to default to the IP address of the cluster proxy node |
secret | TLS secret name | Specifies the name of the secret for the certificate that has to be used in the Ingress definition. The secret has to be pre-created using the relevant certificate and key. Mandatory if SSL/TLS is enabled. Pre-create the secret with Certificate & Key before supplying the name here. Refer here | |
sslPassThrough | Enable SSL passthrough | Specifies is the SSL request should be passed through to the Mobile Foundation service - SSL termination occurs in the Mobile Foundation service. false (default) or true | |
global.dbinit | enabled | Enable initialization of Server, Push and Application Center databases | Initializes databases and create schemas / tables for Server, Push and Application Center deployment.(Not required for Analytics). true (default) or false |
repository | Docker image repository for database initialization | Repository of the Mobile Foundation database docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url. | |
tag | Docker image tag | See Docker tag description | |
mfpserver | enabled | Flag to enable Server | true (default) or false |
mfpserver.image | repository | Docker image repository | Repository of the Mobile Foundation Server docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url. |
tag | Docker image tag | See Docker tag description | |
consoleSecret | A pre-created secret for login | Refer here | |
mfpserver.db | type | Supported database vendor name. | DB2 (default) / MySQL / Oracle |
host | IP address or hostname of the database where Mobile Foundation Server tables need to be configured. | ||
port | Port where database is setup | ||
secret | A precreated secret which has database credentials | ||
name | Name of the Mobile Foundation Server database | ||
schema | Server db schema to be created. | If the schema already present, it will be used. Otherwise, it will be created. | |
ssl | Database connection type | Specify if you database connection has to be http or https. Default value is false (http). Make sure that the database port is also configured for the same connection mode | |
driverPvc | Persistent Volume Claim to access the JDBC Database Driver | Specify the name of the persistent volume claim that hosts the JDBC database driver. Required if the database type selected is not DB2 | |
adminCredentialsSecret | MFPServer DB Admin Secret | If you have enabled DB initialization ,then provide the secret to create database tables and schemas for Mobile Foundation components. | |
mfpserver | adminClientSecret | Admin client secret | Specify the Client Secret name created. Refer here |
pushClientSecret | Push client secret | Specify the Client Secret name created. Refer here | |
liveupdateClientSecret | LiveUpddate client secret | Specify the Client Secret name created. Refer here | |
mfpserver.replicas | The number of instances (pods) of Mobile Foundation Server that need to be created | Positive integer (Default: 3) | |
mfpserver.autoscaling | enabled | Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicas field. | false (default) or true |
min | Lower limit for the number of pods that can be set by the autoscaler. | Positive integer (default to 1) | |
max | Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than min. | Positive integer (default to 10) | |
targetcpu | Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. | Integer between 1 and 100(default to 50) | |
mfpserver.pdb | enabled | Specifu whether to enable/disable PDB. | true (default) or false |
min | minimum available pods | Positive integer (default to 1) | |
mfpserver.customConfiguration | Custom server configuration (Optional) | Provide server specific additional configuration reference to a pre-created config map. Refer here | |
mfpserver | keystoreSecret | Refer the configuration section to pre-create the secret with keystores and their passwords. | |
mfpserver.resources | limits.cpu | Describes the maximum amount of CPU allowed. | Default is 2000m. See Kubernetes - meaning of CPU |
limits.memory | Describes the maximum amount of memory allowed. | Default is 2048Mi. See Kubernetes - meaning of Memory | |
requests.cpu | Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. | Default is 1000m. See Kubernetes - meaning of CPU | |
requests.memory | Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. | Default is 1536Mi. See Kubernetes - meaning of Memory | |
mfppush | enabled | Flag to enable Mobile Foundation Push | true (default) or false |
repository | Docker image repository | Repository of the Mobile Foundation Push docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url. | |
tag | Docker image tag | See Docker tag description | |
mfppush.replicas | The number of instances (pods) of Mobile Foundation Server that need to be created | Positive integer (Default: 3) | |
mfppush.autoscaling | enabled | Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicaCount field. | false (default) or true |
min | Lower limit for the number of pods that can be set by the autoscaler. | Positive integer (default to 1) | |
max | Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than minReplicas. | Positive integer (default to 10) | |
targetcpu | Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. | Integer between 1 and 100(default to 50) | |
mfppush.pdb | enabled | Specifu whether to enable/disable PDB. | true (default) or false |
min | minimum available pods | Positive integer (default to 1) | |
mfppush.customConfiguration | Custom configuration (Optional) | Provide Push specific additional configuration reference to a pre-created config map. Refer here | |
mfppush | keystoresSecretName | Refer the configuration section to pre-create the secret with keystores and their passwords. | |
mfppush.resources | limits.cpu | Describes the maximum amount of CPU allowed. | Default is 1000m. See Kubernetes - meaning of CPU |
limits.memory | Describes the maximum amount of memory allowed. | Default is 2048Mi. See Kubernetes - meaning of Memory | |
requests.cpu | Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. | Default is 750m. See Kubernetes - meaning of CPU | |
requests.memory | Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. | Default is 1024Mi. See Kubernetes - meaning of Memory | |
mfpliveupdate | enabled | Flag to enable Liveupdate | false (default) or true |
mfpliveupdate.image | repository | Docker image repository | Repository of the Mobile Foundation Live Update docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url. |
tag | Docker image tag | See Docker tag description. | |
consoleSecret | A pre-created secret for login | Refer here. | |
mfpliveupdate.db | type | Supported database vendor name | DB2 (default) / MySQL / Oracle |
host | IP address or hostname of the database where Mobile Foundation Server tables need to be configured. | ||
port | Database Port number. | ||
secret | A pre-created secret, which has database credentials. | ||
name | Name of the Mobile Foundation Server database. | ||
schema | Server db schema to be created. | If the schema is already present, it will be used. Otherwise, it will be created. | |
ssl | Database connection type. | Specify if you database connection has to be http or https. Default value is false (http). Make sure that the database port is also configured for the same connection mode. | |
driverPvc | Persistent Volume Claim to access the JDBC Database Driver. | Specify the name of the persistent volume claim that hosts the JDBC database driver. Required, if the database type selected is not DB2. | |
adminCredentialsSecret | MFPServer DB Admin Secret. | If you have enabled DB initialization ,then provide the secret to create database tables and schemas for Mobile Foundation components. | |
mfpliveupdate.replicas | The number of instances (pods) of Mobile Foundation Liveupdate that need to be created. | Positive integer (Default: 2. | |
mfpliveupdate.autoscaling | enabled | Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicas field. | false (default) or true. |
min | Lower limit for the number of pods that can be set by the autoscaler. | Positive integer (defaults to 1). | |
max | Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than min. | Positive integer (defaults to 10). | |
targetcpu | Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. | Integer between 1 and 100(defaults to 50). | |
mfpliveupdate.pdb | enabled | Specify whether to enable/disable PDB. | true (default) or false. |
min | minimum available pods | Positive integer (defaults to 1). | |
mfpliveupdate.customConfiguration | Custom server configuration (Optional). | Provide server specific additional configuration reference to a pre-created config map. Refer here. | |
mfpliveupdate | keystoreSecret | Refer the configuration section to pre-create the secret with keystores and their passwords. | |
mfpliveupdate.resources | limits.cpu | Describes the maximum amount of CPU allowed. | Default is 1000m. See Kubernetes - meaning of CPU. |
limits.memory | Describes the maximum amount of memory allowed. | Default is 2048Mi. See Kubernetes - meaning of Memory. | |
requests.cpu | Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. | Default is 750m. See Kubernetes - meaning of CPU. | |
requests.memory | Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. | Default is 1024Mi. See Kubernetes - meaning of Memory. | |
mfpanalytics | enabled | Flag to enable analytics | false (default) or true |
mfpanalytics.image | repository | Docker image repository | Repository of the Mobile Foundation Operational Analytics docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url. |
tag | Docker image tag | See Docker tag description | |
consoleSecret | A pre-created secret for login | Refer here | |
mfpanalytics.replicas | The number of instances (pods) of Mobile Foundation Operational Analytics that need to be created | Positive integer (Default: 2) | |
mfpanalytics.autoscaling | enabled | Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicaCount field. | false (default) or true |
min | Lower limit for the number of pods that can be set by the autoscaler. | Positive integer (default to 1) | |
max | Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than minReplicas. | Positive integer (default to 10) | |
targetcpu | Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. | Integer between 1 and 100(default to 50) | |
mfpanalytics.shards | Number of Elasticsearch shards for Mobile Foundation Analytics | default to 2 | |
mfpanalytics.replicasPerShard | Number of Elasticsearch replicas to be maintained per each shard for Mobile Foundation Analytics | default to 2 | |
mfpanalytics.persistence | claimName | Provide an existing PersistentVolumeClaim | |
storageClassName | Storage class of backing PersistentVolumeClaim | Existing Storageclass name. | |
size | Size of data volume | 20Gi | |
mfpanalytics | esrepo | Analytics Elasticsearch Docker image repository | |
tag | Docker image tag | See Docker tag description. | |
esmasterReplicas | Replica count for Elasticsearch master | Positive integer (defaults to 2). | |
esclientReplicas | Replica count for Elasticsearch client | Positive integer (defaults to 1). | |
esdataReplicas | Replica count for Elasticsearch data | Positive integer (defaults to 2). | |
mfpanalytics.esdataresources | limits.cpu | Describes the maximum amount of CPU allowed. | Default is 2000m. See Kubernetes - meaning of CPU. |
limits.memory | Describes the maximum amount of memory allowed. | Default is 10Gi. See Kubernetes - meaning of Memory. | |
requests.cpu | Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. | Default is 1000m. See Kubernetes - meaning of CPU. | |
requests.memory | Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. | Default is 2048Mi. See Kubernetes - meaning of Memory. | |
mfpanalytics.pdb | enabled | Specify whether to enable/disable PDB. | true (default) or false |
min | minimum available pods | Positive integer (default to 1) | |
mfpanalytics.customConfiguration | Custom configuration (Optional) | Provide Analytics specific additional configuration reference to a pre-created config map. Refer [here](#optional-custom-server-configuration | |
mfpanalytics | keystoreSecret | Refer the configuration section to pre-create the secret with keystores and their passwords. | |
mfpanalytics.resources | limits.cpu | Describes the maximum amount of CPU allowed. | Default is 1000m. See Kubernetes - meaning of CPU |
limits.memory | Describes the maximum amount of memory allowed. | Default is 2048Mi. See Kubernetes - meaning of Memory | |
requests.cpu | Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. | Default is 750m. See Kubernetes - meaning of CPU | |
requests.memory | Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. | Default is 1024Mi. See Kubernetes - meaning of Memory | |
mfpanalytics_recvr | enabled | Flag to enable Analytics Receiver | false (default) or true |
mfpanalytics_recvr.image | repository | Docker image repository | Repository of the Mobile Foundation Live Update docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url. |
tag | Docker image tag | See Docker tag description. | |
mfpanalytics_recvr.replicas | The number of instances (pods) of Mobile Foundation Analytics Receiver that needs to be created. | Positive integer (Default: 1. | |
mfpanalytics_recvr.autoscaling | enabled | Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicaCount field. | false (default) or true. |
min | Lower limit for the number of pods that can be set by the autoscaler. | Positive integer (defaults to 1). | |
max | Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than min. | Positive integer (defaults to 10). | |
targetcpu | Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. | Integer between 1 and 100(defaults to 50). | |
mfpanalytics_recvr.pdb | enabled | Specify whether to enable/disable PDB. | true (default) or false. |
min | minimum available pods | Positive integer (defaults to 1). | |
mfpanalytics_recvr | analyticsRecvrSecret | A pre-created secret for receiver. | Refer here. |
mfpanalytics_recvr.customConfiguration | Custom configuration (Optional). | Provide Analytics specific additional configuration reference to a pre-created config map. Refer here. | |
mfpanalytics_recvr | keystoreSecret | Refer the configuration section to pre-create the secret with keystores and their passwords. | |
mfpanalytics_recvr.resources | limits.cpu | Describes the maximum amount of CPU allowed. | Default is 1000m. See Kubernetes - meaning of CPU. |
limits.memory | Describes the maximum amount of memory allowed. | Default is 2048Mi. See Kubernetes - meaning of Memory. | |
requests.cpu | Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. | Default is 750m. See Kubernetes - meaning of CPU. | |
requests.memory | Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. | Default is 1024Mi. See Kubernetes - meaning of Memory. | |
mfpappcenter | enabled | Flag to enable Application Center | false (default) or true |
mfpappcenter.image | repository | Docker image repository | Repository of the Mobile Foundation Application Center docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url. |
tag | Docker image tag | See Docker tag description | |
consoleSecret | A pre-created secret for login | Refer here | |
mfpappcenter.db | type | Supported database vendor name. | DB2 (default) / MySQL / Oracle |
host | IP address or hostname of the database where Appcenter database needs to be configured | ||
port | Port of the database | ||
name | Name of the database to be used | The database has to be precreated. | |
secret | A precreated secret which has database credentials | ||
schema | Application Center database schema to be created. | If the schema already exists, it will be used. If not, one will be created. | |
ssl | Database connection type | Specify if you database connection has to be http or https. Default value is false (http). Make sure that the database port is also configured for the same connection mode | |
driverPvc | Persistent Volume Claim to access the JDBC Database Driver | Specify the name of the persistent volume claim that hosts the JDBC database driver. Required if the database type selected is not DB2 | |
adminCredentialsSecret | Application Center DB Admin Secret | If you have enabled DB initialization, then provide the secret to create database tables and schemas for Mobile Foundation components | |
mfpappcenter.autoscaling | enabled | Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicaCount field. | false (default) or true |
min | Lower limit for the number of pods that can be set by the autoscaler. | Positive integer (default to 1) | |
max | Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than minReplicas. | Positive integer (default to 10) | |
targetcpu | Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. | Integer between 1 and 100(default to 50) | |
mfpappcenter.pdb | enabled | Specifu whether to enable/disable PDB. | true (default) or false |
min | minimum available pods | Positive integer (default to 1) | |
mfpappcenter.customConfiguration | Custom configuration (Optional) | Provide Application Center specific additional configuration reference to a pre-created config map. Refer here | |
mfpappcenter | keystoreSecret | Refer the configuration section to pre-create the secret with keystores and their passwords. | |
mfpappcenter.resources | limits.cpu | Describes the maximum amount of CPU allowed. | Default is 1000m. See Kubernetes - meaning of CPU |
limits.memory | Describes the maximum amount of memory allowed. | Default is 2048Mi. See Kubernetes - meaning of Memory | |
requests.cpu | Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. | Default is 750m. See Kubernetes - meaning of CPU | |
requests.memory | Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. | Default is 1024Mi. See Kubernetes - meaning of Memory |
[OPTIONAL] Creating Custom Defined Console Login secrets
By default, the console login secrets for all the mobile foundation components are created automatically during the deployment. Optionally one can choose to create Login Secret to access Server, Analytics and Application Center console explictly. Following is the example.
For Server,
kubectl create secret generic serverlogin --from-literal=MFPF_ADMIN_USER=admin --from-literal=MFPF_ADMIN_PASSWORD=admin
For Analytics,
kubectl create secret generic analyticslogin --from-literal=MFPF_ANALYTICS_ADMIN_USER=admin --from-literal=MFPF_ANALYTICS_ADMIN_PASSWORD=admin
For Analytics receiver,
kubectl create secret generic analytics_recvrsecret --from-literal=MFPF_ANALYTICS_RECVR_USER=admin --from-literal=MFPF_ANALYTICS_RECVR_PASSWORD=admin
For Application Center,
kubectl create secret generic appcenterlogin --from-literal=MFPF_APPCNTR_ADMIN_USER=admin --from-literal=MFPF_APPCNTR_ADMIN_PASSWORD=admin
NOTE: If these secrets are not provided, they are created with default username and password of admin/admin during the installation of Mobile Foundation.
[OPTIONAL] Creating TLS secret for ingress configuration
Mobile Foundation components can be configured with hostname based Ingress for external clients to reach them using hostname. The Ingress can be secured by using a TLS private key and certificate. The TLS private key and certificate must be defined in a secret with key names tls.key
and tls.crt
.
The secret mf-tls-secret is created in the same namespace as the Ingress resource by using the following command.
kubectl create secret tls mf-tls-secret --key=/path/to/tls.key --cert=/path/to/tls.crt
The name of the secret is then provided in the field global.ingress.secret in the custom resource configuration yaml.
[OPTIONAL] Creating custom keyStore secret for the deployments
You can provide your own keystore and truststore to Server, Push, Analytics and Application Center deployment by creating a secret with your own keystore and truststore.
Pre-create a secret with keystore.jks
and truststore.jks
along with keystore and trustore password using the literals KEYSTORE_PASSWORD and TRUSTSTORE_PASSWORD provide the secret name in the field keystoreSecret of respective component.
Below is an example of creating keystore secret for the server deployment using keystore.jks
, truststore.jks
and set their passwords.
kubectl create secret generic server-secret --from-file=./keystore.jks --from-file=./truststore.jks --from-literal=KEYSTORE_PASSWORD=worklight --from-literal=TRUSTSTORE_PASSWORD=worklight
NOTE: The names of the files and literals should be the same as mentioned in command above. Provide this secret name in
keystoresSecretName
input field of respective component to override the default keystores when configuring the helm chart.
[OPTIONAL] Creating secrets for confidential clients
Mobile Foundation Server is predefined with confidential clients for Admin Service. The credentials for these clients are provided in the mfpserver.adminClientSecret
and mfpserver.pushClientSecret
fields.
These secrets can be created as follows:
kubectl create secret generic mf-admin-client --from-literal=MFPF_ADMIN_AUTH_CLIENTID=admin --from-literal=MFPF_ADMIN_AUTH_SECRET=admin
kubectl create secret generic mf-push-client --from-literal=MFPF_PUSH_AUTH_CLIENTID=admin --from-literal=MFPF_PUSH_AUTH_SECRET=admin
If the values for these fields mfpserver.pushClientSecret
, mfpserver.adminClientSecret
and mfpserver.liveupdateClientSecret
are not provided during helm chart installation, default client secrets are created respectively with below credentials as follows:
admin / nimda
formfpserver.adminClientSecret
push / hsup
formfpserver.pushClientSecret
liveupdate / etadpuevil
formfpserver.liveupdateClientSecret
[OPTIONAL] Custom Server Configuration
To customise the configuration (example: modifying a log trace setting, adding a new jndi property and so on), you will have to create a configmap with the configuration XML file. This allows you to add a new configuration setting or override the existing configurations of the Mobile Foundation components.
The custom configuration is accessed by the Mobile Foundation components through a configMap (mfpserver-custom-config) which can be created as follows -
kubectl create configmap mfpserver-custom-config --from-file=<configuration file in XML format>
The configmap created using the above command should be provided in the Custom Server Configuration in the Helm chart while deploying Mobile Foundation.
Below is an example of setting the trace log specification to warning (The default setting is info) using mfpserver-custom-config configmap.
- Sample config XML (logging.xml)
<server>
<logging maxFiles="5" traceSpecification="com.ibm.mfp.*=debug:*=warning"
maxFileSize="20" />
</server>
- Creating configmap and add the same during the helm chart deployment
kubectl create configmap mfpserver-custom-config --from-file=logging.xml
- Notice the change in the messages.log (of Mobile Foundation components) - Property traceSpecification will be set to com.ibm.mfp.=debug:*=warning.
[OPTIONAL] Using custom generated LTPA keys
By default, the images of Mobile Foundation bundles a set of ltpa.keys
for each Mobile Foundation component. In production environment, when there is a need to update the out-of-the-box ltpa.keys
with custom generated ones, you can use custom configuration to add any custom generated ltpa.keys
along with the config xml.
Following is the config sample ltpa.xml
.
<server description="mfpserver">
<ltpa
keysFileName="ltpa.keys" />
<webAppSecurity ssoUseDomainFromURL="true" />
</server>
The following command is an example of adding the custom LTPA keys.
kubectl create configmap mfpserver-custom-config --from-file=ltpa.xml --from-file=ltpa.keys
For more details about the LTPA keys generation and other details, refer to the Liberty documentation.
Note: Having multiple custom-configmaps is not supported for adding custom configuration, instead it is recommended to create the custom configuration configmap as follows.
kubectl create configmap mfpserver-custom-config --from-file=ltpa.xml --from-file=ltpa.keys --from-file=moreconfig.xml
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.