IBM Mobile Foundation Custom Resource (CR) configuration

improve this page | report issue

Parameters

Qualifier Parameter Definition Allowed Value
global.arch amd64 amd64 worker node scheduler preference in a hybrid cluster amd64
global.image pullPolicy Image Pull Policy Always, Never, or IfNotPresent. Default: IfNotPresent
  pullSecret Image pull secret Required only if images are not hosted on OCP image registry.
global.ingress hostname The external hostname or IP address to be used by external clients Leave blank to default to the IP address of the cluster proxy node
  secret TLS secret name Specifies the name of the secret for the certificate that has to be used in the Ingress definition. The secret has to be pre-created using the relevant certificate and key. Mandatory if SSL/TLS is enabled. Pre-create the secret with Certificate & Key before supplying the name here. Refer here
  sslPassThrough Enable SSL passthrough Specifies is the SSL request should be passed through to the Mobile Foundation service - SSL termination occurs in the Mobile Foundation service. false (default) or true
global.dbinit enabled Enable initialization of Server, Push and Application Center databases Initializes databases and create schemas / tables for Server, Push and Application Center deployment.(Not required for Analytics). true (default) or false
  repository Docker image repository for database initialization Repository of the Mobile Foundation database docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url.
  tag Docker image tag See Docker tag description
mfpserver enabled Flag to enable Server true (default) or false
mfpserver.image repository Docker image repository Repository of the Mobile Foundation Server docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url.
  tag Docker image tag See Docker tag description
  consoleSecret A pre-created secret for login Refer here
mfpserver.db type Supported database vendor name. DB2 (default) / MySQL / Oracle
  host IP address or hostname of the database where Mobile Foundation Server tables need to be configured.  
  port Port where database is setup  
  secret A precreated secret which has database credentials  
  name Name of the Mobile Foundation Server database  
  schema Server db schema to be created. If the schema already present, it will be used. Otherwise, it will be created.
  ssl Database connection type Specify if you database connection has to be http or https. Default value is false (http). Make sure that the database port is also configured for the same connection mode
  driverPvc Persistent Volume Claim to access the JDBC Database Driver Specify the name of the persistent volume claim that hosts the JDBC database driver. Required if the database type selected is not DB2
  adminCredentialsSecret MFPServer DB Admin Secret If you have enabled DB initialization ,then provide the secret to create database tables and schemas for Mobile Foundation components.
mfpserver adminClientSecret Admin client secret Specify the Client Secret name created. Refer here
  pushClientSecret Push client secret Specify the Client Secret name created. Refer here
  liveupdateClientSecret LiveUpddate client secret Specify the Client Secret name created. Refer here
mfpserver.replicas   The number of instances (pods) of Mobile Foundation Server that need to be created Positive integer (Default: 3)
mfpserver.autoscaling enabled Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicas field. false (default) or true
  min Lower limit for the number of pods that can be set by the autoscaler. Positive integer (default to 1)
  max Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than min. Positive integer (default to 10)
  targetcpu Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. Integer between 1 and 100(default to 50)
mfpserver.pdb enabled Specifu whether to enable/disable PDB. true (default) or false
  min minimum available pods Positive integer (default to 1)
mfpserver.customConfiguration   Custom server configuration (Optional) Provide server specific additional configuration reference to a pre-created config map. Refer here
mfpserver keystoreSecret Refer the configuration section to pre-create the secret with keystores and their passwords.  
mfpserver.resources limits.cpu Describes the maximum amount of CPU allowed. Default is 2000m. See Kubernetes - meaning of CPU
  limits.memory Describes the maximum amount of memory allowed. Default is 2048Mi. See Kubernetes - meaning of Memory
  requests.cpu Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. Default is 1000m. See Kubernetes - meaning of CPU
  requests.memory Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. Default is 1536Mi. See Kubernetes - meaning of Memory
mfppush enabled Flag to enable Mobile Foundation Push true (default) or false
  repository Docker image repository Repository of the Mobile Foundation Push docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url.
  tag Docker image tag See Docker tag description
mfppush.replicas   The number of instances (pods) of Mobile Foundation Server that need to be created Positive integer (Default: 3)
mfppush.autoscaling enabled Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicaCount field. false (default) or true
  min Lower limit for the number of pods that can be set by the autoscaler. Positive integer (default to 1)
  max Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than minReplicas. Positive integer (default to 10)
  targetcpu Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. Integer between 1 and 100(default to 50)
mfppush.pdb enabled Specifu whether to enable/disable PDB. true (default) or false
  min minimum available pods Positive integer (default to 1)
mfppush.customConfiguration   Custom configuration (Optional) Provide Push specific additional configuration reference to a pre-created config map. Refer here
mfppush keystoresSecretName Refer the configuration section to pre-create the secret with keystores and their passwords.  
mfppush.resources limits.cpu Describes the maximum amount of CPU allowed. Default is 1000m. See Kubernetes - meaning of CPU
  limits.memory Describes the maximum amount of memory allowed. Default is 2048Mi. See Kubernetes - meaning of Memory
  requests.cpu Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. Default is 750m. See Kubernetes - meaning of CPU
  requests.memory Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. Default is 1024Mi. See Kubernetes - meaning of Memory
mfpliveupdate enabled Flag to enable Liveupdate false (default) or true
mfpliveupdate.image repository Docker image repository Repository of the Mobile Foundation Live Update docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url.
  tag Docker image tag See Docker tag description.
  consoleSecret A pre-created secret for login Refer here.
mfpliveupdate.db type Supported database vendor name DB2 (default) / MySQL / Oracle
  host IP address or hostname of the database where Mobile Foundation Server tables need to be configured.  
  port Database Port number.  
  secret A pre-created secret, which has database credentials.  
  name Name of the Mobile Foundation Server database.  
  schema Server db schema to be created. If the schema is already present, it will be used. Otherwise, it will be created.
  ssl Database connection type. Specify if you database connection has to be http or https. Default value is false (http). Make sure that the database port is also configured for the same connection mode.
  driverPvc Persistent Volume Claim to access the JDBC Database Driver. Specify the name of the persistent volume claim that hosts the JDBC database driver. Required, if the database type selected is not DB2.
  adminCredentialsSecret MFPServer DB Admin Secret. If you have enabled DB initialization ,then provide the secret to create database tables and schemas for Mobile Foundation components.
mfpliveupdate.replicas   The number of instances (pods) of Mobile Foundation Liveupdate that need to be created. Positive integer (Default: 2.
mfpliveupdate.autoscaling enabled Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicas field. false (default) or true.
  min Lower limit for the number of pods that can be set by the autoscaler. Positive integer (defaults to 1).
  max Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than min. Positive integer (defaults to 10).
  targetcpu Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. Integer between 1 and 100(defaults to 50).
mfpliveupdate.pdb enabled Specify whether to enable/disable PDB. true (default) or false.
  min minimum available pods Positive integer (defaults to 1).
mfpliveupdate.customConfiguration   Custom server configuration (Optional). Provide server specific additional configuration reference to a pre-created config map. Refer here.
mfpliveupdate keystoreSecret Refer the configuration section to pre-create the secret with keystores and their passwords.  
mfpliveupdate.resources limits.cpu Describes the maximum amount of CPU allowed. Default is 1000m. See Kubernetes - meaning of CPU.
  limits.memory Describes the maximum amount of memory allowed. Default is 2048Mi. See Kubernetes - meaning of Memory.
  requests.cpu Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. Default is 750m. See Kubernetes - meaning of CPU.
  requests.memory Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. Default is 1024Mi. See Kubernetes - meaning of Memory.
mfpanalytics enabled Flag to enable analytics false (default) or true
mfpanalytics.image repository Docker image repository Repository of the Mobile Foundation Operational Analytics docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url.
  tag Docker image tag See Docker tag description
  consoleSecret A pre-created secret for login Refer here
mfpanalytics.replicas   The number of instances (pods) of Mobile Foundation Operational Analytics that need to be created Positive integer (Default: 2)
mfpanalytics.autoscaling enabled Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicaCount field. false (default) or true
  min Lower limit for the number of pods that can be set by the autoscaler. Positive integer (default to 1)
  max Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than minReplicas. Positive integer (default to 10)
  targetcpu Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. Integer between 1 and 100(default to 50)
mfpanalytics.shards   Number of Elasticsearch shards for Mobile Foundation Analytics default to 2
mfpanalytics.replicasPerShard   Number of Elasticsearch replicas to be maintained per each shard for Mobile Foundation Analytics default to 2
mfpanalytics.persistence claimName Provide an existing PersistentVolumeClaim  
  storageClassName Storage class of backing PersistentVolumeClaim Existing Storageclass name.
  size Size of data volume 20Gi
mfpanalytics esrepo Analytics Elasticsearch Docker image repository  
  tag Docker image tag See Docker tag description.
  esmasterReplicas Replica count for Elasticsearch master Positive integer (defaults to 2).
  esclientReplicas Replica count for Elasticsearch client Positive integer (defaults to 1).
  esdataReplicas Replica count for Elasticsearch data Positive integer (defaults to 2).
mfpanalytics.esdataresources limits.cpu Describes the maximum amount of CPU allowed. Default is 2000m. See Kubernetes - meaning of CPU.
  limits.memory Describes the maximum amount of memory allowed. Default is 10Gi. See Kubernetes - meaning of Memory.
  requests.cpu Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. Default is 1000m. See Kubernetes - meaning of CPU.
  requests.memory Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. Default is 2048Mi. See Kubernetes - meaning of Memory.
mfpanalytics.pdb enabled Specify whether to enable/disable PDB. true (default) or false
  min minimum available pods Positive integer (default to 1)
mfpanalytics.customConfiguration   Custom configuration (Optional) Provide Analytics specific additional configuration reference to a pre-created config map. Refer [here](#optional-custom-server-configuration
mfpanalytics keystoreSecret Refer the configuration section to pre-create the secret with keystores and their passwords.  
mfpanalytics.resources limits.cpu Describes the maximum amount of CPU allowed. Default is 1000m. See Kubernetes - meaning of CPU
  limits.memory Describes the maximum amount of memory allowed. Default is 2048Mi. See Kubernetes - meaning of Memory
  requests.cpu Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. Default is 750m. See Kubernetes - meaning of CPU
  requests.memory Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. Default is 1024Mi. See Kubernetes - meaning of Memory
mfpanalytics_recvr enabled Flag to enable Analytics Receiver false (default) or true
mfpanalytics_recvr.image repository Docker image repository Repository of the Mobile Foundation Live Update docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url.
  tag Docker image tag See Docker tag description.
mfpanalytics_recvr.replicas   The number of instances (pods) of Mobile Foundation Analytics Receiver that needs to be created. Positive integer (Default: 1.
mfpanalytics_recvr.autoscaling enabled Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicaCount field. false (default) or true.
  min Lower limit for the number of pods that can be set by the autoscaler. Positive integer (defaults to 1).
  max Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than min. Positive integer (defaults to 10).
  targetcpu Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. Integer between 1 and 100(defaults to 50).
mfpanalytics_recvr.pdb enabled Specify whether to enable/disable PDB. true (default) or false.
  min minimum available pods Positive integer (defaults to 1).
mfpanalytics_recvr analyticsRecvrSecret A pre-created secret for receiver. Refer here.
mfpanalytics_recvr.customConfiguration   Custom configuration (Optional). Provide Analytics specific additional configuration reference to a pre-created config map. Refer here.
mfpanalytics_recvr keystoreSecret Refer the configuration section to pre-create the secret with keystores and their passwords.  
mfpanalytics_recvr.resources limits.cpu Describes the maximum amount of CPU allowed. Default is 1000m. See Kubernetes - meaning of CPU.
  limits.memory Describes the maximum amount of memory allowed. Default is 2048Mi. See Kubernetes - meaning of Memory.
  requests.cpu Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. Default is 750m. See Kubernetes - meaning of CPU.
  requests.memory Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. Default is 1024Mi. See Kubernetes - meaning of Memory.
mfpappcenter enabled Flag to enable Application Center false (default) or true
mfpappcenter.image repository Docker image repository Repository of the Mobile Foundation Application Center docker image. Make sure the placeholder REPO_URL is replaced with right docker registry url.
  tag Docker image tag See Docker tag description
  consoleSecret A pre-created secret for login Refer here
mfpappcenter.db type Supported database vendor name. DB2 (default) / MySQL / Oracle
  host IP address or hostname of the database where Appcenter database needs to be configured  
  port Port of the database  
  name Name of the database to be used The database has to be precreated.
  secret A precreated secret which has database credentials  
  schema Application Center database schema to be created. If the schema already exists, it will be used. If not, one will be created.
  ssl Database connection type Specify if you database connection has to be http or https. Default value is false (http). Make sure that the database port is also configured for the same connection mode
  driverPvc Persistent Volume Claim to access the JDBC Database Driver Specify the name of the persistent volume claim that hosts the JDBC database driver. Required if the database type selected is not DB2
  adminCredentialsSecret Application Center DB Admin Secret If you have enabled DB initialization, then provide the secret to create database tables and schemas for Mobile Foundation components
mfpappcenter.autoscaling enabled Specifies whether a horizontal pod autoscaler (HPA) is deployed. Note that enabling this field disables the replicaCount field. false (default) or true
  min Lower limit for the number of pods that can be set by the autoscaler. Positive integer (default to 1)
  max Upper limit for the number of pods that can be set by the autoscaler. Cannot be lower than minReplicas. Positive integer (default to 10)
  targetcpu Target average CPU utilization (represented as a percentage of requested CPU) over all the pods. Integer between 1 and 100(default to 50)
mfpappcenter.pdb enabled Specifu whether to enable/disable PDB. true (default) or false
  min minimum available pods Positive integer (default to 1)
mfpappcenter.customConfiguration   Custom configuration (Optional) Provide Application Center specific additional configuration reference to a pre-created config map. Refer here
mfpappcenter keystoreSecret Refer the configuration section to pre-create the secret with keystores and their passwords.  
mfpappcenter.resources limits.cpu Describes the maximum amount of CPU allowed. Default is 1000m. See Kubernetes - meaning of CPU
  limits.memory Describes the maximum amount of memory allowed. Default is 2048Mi. See Kubernetes - meaning of Memory
  requests.cpu Describes the minimum amount of CPU required - if not specified will default to limit (if specified) or otherwise implementation-defined value. Default is 750m. See Kubernetes - meaning of CPU
  requests.memory Describes the minimum amount of memory required. If not specified, the memory amount will default to the limit (if specified) or the implementation-defined value. Default is 1024Mi. See Kubernetes - meaning of Memory

[OPTIONAL] Creating Custom Defined Console Login secrets

By default, the console login secrets for all the mobile foundation components are created automatically during the deployment. Optionally one can choose to create Login Secret to access Server, Analytics and Application Center console explictly. Following is the example.

For Server,

kubectl create secret generic serverlogin --from-literal=MFPF_ADMIN_USER=admin --from-literal=MFPF_ADMIN_PASSWORD=admin

For Analytics,

kubectl create secret generic analyticslogin --from-literal=MFPF_ANALYTICS_ADMIN_USER=admin --from-literal=MFPF_ANALYTICS_ADMIN_PASSWORD=admin

For Analytics receiver,

kubectl create secret generic analytics_recvrsecret --from-literal=MFPF_ANALYTICS_RECVR_USER=admin --from-literal=MFPF_ANALYTICS_RECVR_PASSWORD=admin

For Application Center,

kubectl create secret generic appcenterlogin --from-literal=MFPF_APPCNTR_ADMIN_USER=admin --from-literal=MFPF_APPCNTR_ADMIN_PASSWORD=admin

NOTE: If these secrets are not provided, they are created with default username and password of admin/admin during the installation of Mobile Foundation.

[OPTIONAL] Creating TLS secret for ingress configuration

Mobile Foundation components can be configured with hostname based Ingress for external clients to reach them using hostname. The Ingress can be secured by using a TLS private key and certificate. The TLS private key and certificate must be defined in a secret with key names tls.key and tls.crt.

The secret mf-tls-secret is created in the same namespace as the Ingress resource by using the following command.

kubectl create secret tls mf-tls-secret --key=/path/to/tls.key --cert=/path/to/tls.crt

The name of the secret is then provided in the field global.ingress.secret in the custom resource configuration yaml.

[OPTIONAL] Creating custom keyStore secret for the deployments

You can provide your own keystore and truststore to Server, Push, Analytics and Application Center deployment by creating a secret with your own keystore and truststore.

Pre-create a secret with keystore.jks and truststore.jks along with keystore and trustore password using the literals KEYSTORE_PASSWORD and TRUSTSTORE_PASSWORD provide the secret name in the field keystoreSecret of respective component.

Below is an example of creating keystore secret for the server deployment using keystore.jks, truststore.jks and set their passwords.

kubectl create secret generic server-secret --from-file=./keystore.jks --from-file=./truststore.jks --from-literal=KEYSTORE_PASSWORD=worklight --from-literal=TRUSTSTORE_PASSWORD=worklight

NOTE: The names of the files and literals should be the same as mentioned in command above. Provide this secret name in keystoresSecretName input field of respective component to override the default keystores when configuring the helm chart.

[OPTIONAL] Creating secrets for confidential clients

Mobile Foundation Server is predefined with confidential clients for Admin Service. The credentials for these clients are provided in the mfpserver.adminClientSecret and mfpserver.pushClientSecret fields.

These secrets can be created as follows:

kubectl create secret generic mf-admin-client --from-literal=MFPF_ADMIN_AUTH_CLIENTID=admin --from-literal=MFPF_ADMIN_AUTH_SECRET=admin

kubectl create secret generic mf-push-client --from-literal=MFPF_PUSH_AUTH_CLIENTID=admin --from-literal=MFPF_PUSH_AUTH_SECRET=admin

If the values for these fields mfpserver.pushClientSecret, mfpserver.adminClientSecret and mfpserver.liveupdateClientSecret are not provided during helm chart installation, default client secrets are created respectively with below credentials as follows:

  • admin / nimda for mfpserver.adminClientSecret
  • push / hsup for mfpserver.pushClientSecret
  • liveupdate / etadpuevil for mfpserver.liveupdateClientSecret

[OPTIONAL] Custom Server Configuration

To customise the configuration (example: modifying a log trace setting, adding a new jndi property and so on), you will have to create a configmap with the configuration XML file. This allows you to add a new configuration setting or override the existing configurations of the Mobile Foundation components.

The custom configuration is accessed by the Mobile Foundation components through a configMap (mfpserver-custom-config) which can be created as follows -

kubectl create configmap mfpserver-custom-config --from-file=<configuration file in XML format>

The configmap created using the above command should be provided in the Custom Server Configuration in the Helm chart while deploying Mobile Foundation.

Below is an example of setting the trace log specification to warning (The default setting is info) using mfpserver-custom-config configmap.

  • Sample config XML (logging.xml)
<server>
        <logging maxFiles="5" traceSpecification="com.ibm.mfp.*=debug:*=warning"
        maxFileSize="20" />
</server>
  • Creating configmap and add the same during the helm chart deployment
kubectl create configmap mfpserver-custom-config --from-file=logging.xml
  • Notice the change in the messages.log (of Mobile Foundation components) - Property traceSpecification will be set to com.ibm.mfp.=debug:*=warning.

[OPTIONAL] Using custom generated LTPA keys

By default, the images of Mobile Foundation bundles a set of ltpa.keys for each Mobile Foundation component. In production environment, when there is a need to update the out-of-the-box ltpa.keys with custom generated ones, you can use custom configuration to add any custom generated ltpa.keys along with the config xml.

Following is the config sample ltpa.xml.

<server description="mfpserver">
    <ltpa
        keysFileName="ltpa.keys" />
    <webAppSecurity ssoUseDomainFromURL="true" />
</server>

The following command is an example of adding the custom LTPA keys.

kubectl create configmap mfpserver-custom-config --from-file=ltpa.xml --from-file=ltpa.keys

For more details about the LTPA keys generation and other details, refer to the Liberty documentation.

Note: Having multiple custom-configmaps is not supported for adding custom configuration, instead it is recommended to create the custom configuration configmap as follows.

kubectl create configmap mfpserver-custom-config --from-file=ltpa.xml --from-file=ltpa.keys --from-file=moreconfig.xml
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.
Last modified on July 02, 2020