Skip to main contentMerative SPM on Kubernetes

Configuration Reference

This page contains all available configuration options built into the reference Helm Charts for Merative Social Program Management (SPM). The published charts are intended to be a starting point for you to tailor the charts to your own environment and requirements.

The following tables list the configurable parameters of the spm chart and their default values.

Global properties

ParameterDescriptionDefault
global.licenseSet to accept to accept the terms of the IBM license''
global.images.imageLibraryNamespace in the image registry containing your SPM images''
global.images.imageTagImage tag of all SPM images to be used for deploymentlatest
global.images.registryPrivate image registry hosting your SPM imagesminikube.local:5000
global.imagePullSecret.secretNameName of a pre-created secret containing the credentials for connecting to your private image registry - if left blank, will attempt unauthenticated connection''
global.hubPullSecret.secretNameName of a pre-created secret containing the credentials for connecting to the docker hub - if left blank, will attempt unauthenticated connection''
global.database.typeDatabase type (Valid values: DB2 or ORA)DB2
global.database.credsSecretNameName of a pre-created secret containing the database credentials (see Handling Secrets topic for expected secret content)''
global.database.dbNameDatabase nameDATABASE
global.database.serviceNameThe Oracle database service name''
global.database.hostnameDatabase server hostname (required)''
global.database.portDatabase server TCP/IP port50000
global.database.ssl.enabledUse Secure (TLS) connection to the databasefalse
global.database.ssl.secretKeyThe key in the secret containing the TLS certificate for the secure connection to the databasedb2admin.arm
global.database.ssl.secretNameName of a pre-created secret containing the TLS certificate for the secure connection to the database''
global.apps.common.persistence.enabledUse persistent storage for logsfalse
global.apps.common.persistence.credentialsCredentials in the form of a list of key/value to authenticate with the object storage (contains any keys, but values are to be encoded in Base64)''
global.apps.common.persistence.storageClassNameName of the Storage Class to use''
global.apps.common.persistence.storageCapacityCapacity of the storage to request''
global.apps.common.persistence.propertiesPorperties to include in the creation of the Persistent Volume''
global.apps.common.persistence.mountPointPath, where the Persistent Volume should be mounted in pods''
global.apps.config.<applicationID>.enabledEnable/disable SPM applications in the Helm release, where applicationID is the lower-cased name of the EAR file deployedtrue for curam, false for all others
global.ingress.enabledToggle creation of Ingress/Route resourcesfalse
global.ingress.generateCertCreate a self-signed certificate for use in Ingress definitionsfalse
global.ingress.hostnameHostname for use in Ingress/Route definition''
global.ingress.tlsSecretNameName of a pre-created secret containing TLS key and certificate files''
global.timezoneTimezone* to be set in all deployed pods - this should be aligned with the underlying infrastructureUTC
global.useBetaFeaturesUse Beta featuresfalse

Note: Some elements of the deployment stack may have unexpected behaviour in half-hour timezones - we recommend using the nearest full-hour timezone for the global.timezone property, where possible.

Liberty runtime

In the following properties, <applicationID> is a placeholder for the name of SPM applications in lower case (e.g. curam, citizenportal, rest, etc).

ParameterDescriptionDefault
global.apps.config.<applicationID>.jvmArray of JVM options to be passed to LibertyVaries by application (see values.yaml)
AKS only global.apps.config.<applicationID>.mqConnectionNameListConnection list when IBM MQ is running in HA mode outside Kubernets (e.g. mqHost1(1414),mqHost2(1414))''
global.apps.config.<applicationID>.consumerTuningDictionary of tuning values specific to the consumer pods (valid keys: jvm, replicaCount, resources, any keys from apps.tuningDefaults){}
global.apps.config.<applicationID>.producerTuningDictionary of tuning values specific to the producer pods (valid keys: jvm, replicaCount, resources, any keys from apps.tuningDefaults){}
global.apps.config.<applicationID>.producerTuning.maxEndPoints_DPEnactmentASSets maximum concurrent endpoints for the DPEnactment JMS queue in the producerDefault derived from maxThreads
global.apps.config.<applicationID>.producerTuning.maxEndPoints_WorkflowActivityASSets maximum concurrent endpoints for the WorkflowActivity JMS queue in the producerDefault derived from maxThreads
global.apps.config.<applicationID>.producerTuning.maxEndPoints_WorkflowEnactmentASSets maximum concurrent endpoints for the WorkflowEnactment JMS queue in the producerDefault derived from maxThreads
global.apps.config.<applicationID>.consumerTuning.maxEndPoints_DPEnactmentASSets maximum concurrent endpoints for the DPEnactment JMS queue in the consumerDefault derived from maxThreads
global.apps.config.<applicationID>.consumerTuning.maxEndPoints_WorkflowActivityASSets maximum concurrent endpoints for the WorkflowActivity JMS queue in the consumerDefault derived from maxThreads
global.apps.config.<applicationID>.consumerTuning.maxEndPoints_WorkflowEnactmentASSets maximum concurrent endpoints for the WorkflowEnactment JMS queue in the consumerDefault derived from maxThreads
global.apps.config.<applicationID>.replicaCountNumber of replicas of the application to be deployed1
global.apps.config.<applicationID>.resourcesPod resources definitionVaries by application (see values.yaml)
apps.initialDelaySecondsTime in seconds before commencing application readiness probes150
SPM 8.0.0.0 apps.jwtConfig.issuerIdentifierJSON Web Token issuer identity, matching the curam.watson.assistant.issuer database propertyspm
SPM 8.0.0.0 apps.jwtConfig.secretNameName of a pre-created secret containing signing certificate for JSON Web Tokens (see Handling Secrets topic for expected secret content)''
apps.loginConfig.identityOnlyUse LDAP authentication in Identity-Only modefalse
apps.loginConfig.traceDebug authentication process by printing tracing information on invocation of the login modulefalse
apps.replicaCountDefault number of replicas, if global.apps.config.<applicationID>.replicaCount is not specified1
apps.sessionConfig.maxInMemorySessionCountMaximum number of sessions to maintain in memory for each web module1000
apps.sessionConfig.sessionTimeoutAmount of time a session can go unused before it is no longer valid30m
apps.sessionConfig.transactionTimeoutMaximum time allowed for transactions started on this server to complete. Any such transactions that do not complete before this timeout occurs are rolled back.3m
apps.systemUser.credsSecretNameName of a pre-created secret containing credentials of the system user (see Handling Secrets topic for expected secret content)SYSTEM
apps.tuningDefaults.coreThreadsMinimum number of threads to associate with the executor4
apps.tuningDefaults.maxThreadsMaximum number of threads that can be associated with the executor4
apps.tuningDefaults.curamdb_maxPoolSizeMaximum number of physical connections for a pool on the curamdb database8
apps.tuningDefaults.curamtimerdb_maxPoolSizeMaximum number of physical connections for a pool on the curamtimerdb database8
apps.tuningDefaults.curamsessdb_maxPoolSizeMaximum number of physical connections for a pool on the curamsessdb database8
apps.tuningDefaults.curamdb_numConnectionsPerThreadLocalNumber of connections to the curamdb database to be cached for each thread2
apps.tuningDefaults.curamtimerdb_numConnectionsPerThreadLocalNumber of connections to the curamtimerdb database to be cached for each thread2
apps.tuningDefaults.curamsessdb_numConnectionsPerThreadLocalNumber of connections to the curamsessdb database to be cached for each thread2
apps.tuningDefaults.curamdb_purgePolicySpecifies which connections on curamdb to destroy when a stale connection is detected in a poolEntirePool
apps.tuningDefaults.curamtimerdb_purgePolicySpecifies which connections on curamtimerdb to destroy when a stale connection is detected in a poolEntirePool
apps.tuningDefaults.curamsessdb_purgePolicySpecifies which connections on curamsessdb to destroy when a stale connection is detected in a poolEntirePool
apps.tuningDefaults.curamdb_statementCacheSizeMaximum number of cached statements per connection on curamdb database1000
apps.tuningDefaults.curamtimerdb_statementCacheSizeMaximum number of cached statements per connection on curamtimerdb database1000
apps.tuningDefaults.curamsessdb_statementCacheSizeMaximum number of cached statements per connection on curamsessdb1000
apps.tuningDefaults.maxJMSConnectionsPerThreadLimits the number of open JMS connections on each thread.2
apps.tuningDefaults.mqMaxPoolSizeMaximum number of physical connections for a pool. A value of 0 means unlimited.12
apps.tuningDefaults.mqMinPoolSizeMinimum number of physical connections for a pool. A value of 0 means unlimited.12
apps.tuningDefaults.mqNumConnectionsPerThreadLocalCaches the specified number of connections for each thread.2
apps.tuningDefaults.maxEndPoints_DPErrorASSets maximum concurrent endpoints for the DPError JMS queue1
apps.tuningDefaults.maxEndPoints_WorkflowErrorASSets maximum concurrent endpoints for the WorkflowError JMS queue1
apps.tuningDefaults.maxEndPoints_CuramDeadMessageQueueASSets maximum concurrent endpoints for the CuramDeadMessageQueue JMS queue1
apps.tuningDefaults.resourcesyaml stanza to allow fine tuning of resource config for an app. Overrides global.apps.config.APPLICATION_NAME.resources if set''
apps.wlpAdmin.secretNameName of a pre-created secret containing WebSphere Liberty administration credentials (see Handling Secrets topic for expected secret content)''
apps.wlpAdmin.enableAdminCenterToggle whether the WebSphere Liberty Admin Center should be enabledfalse
apps.podAnnotationsAnnotations to be applied during deployment{}
SPM 8.0.0.0 apps.persistenTimers.missedPersistentTimerActionHow missed timer actions are handled when no server is available. (Valid values: ONCE or ALL)ONCE
SPM 8.0.0.0 apps.persistenTimers.lateTimerThresholdHow long before a warning is logged by Liberty when a timer is missed. (Valid value range: 0 (off) - 90m)5m
SPM 8.0.0.0 apps.persistenTimers.missedTaskThresholdMaximum amount of time to allow for successful completion of a timer execution. (Valid value range: 100s - 9000s)120s
SPM 8.0.0.0 apps.persistenTimers.pollIntervalHow often the database tables are checked for tasks. (Minimum valid value: 100s)120s
SPM 8.0.0.0 apps.persistenTimers.initialPollDelayDelay before Liberty begins polling for timer tasks. (Valid values: 0 or positive integer followed by the unit of time, s (seconds))0
SPM 8.0.0.0 apps.persistenTimers.pollSizeMaximum number of task entries to find when polling the persistent store. (Valid values: no value (no limit), integer 1 or greater)""
apps.propertiesApplications properties to be set during deployment{}

Batch jobs

In the following properties, <progID> is a placeholder for the name of the batch program - this must be a valid YAML term (lower case, alphanumerical plus hypens, must begin with a letter), but does not need to match the Batch process class.

ParameterDescriptionDefault
batch.backoffLimitNumber of retries for failed Batch executions1
batch.javaOptionsDefault Java Heap options for all programs-Xms1g -Xmx1g
batch.successfulJobsHistoryLimitNumber of successful batch executions to keep3
---------------------------
batch.programs.<progID>.activeDeadlineSecondsNumber of seconds within which the job is expected to complete. If this time is exceeded, the job is terminated. Blank value denoted no limit.''
batch.programs.<progID>.classNameJava class for the batch process (-Dbatch.program=)''
batch.programs.<progID>.javaOptionsJava options to be injected via ANT_OPTS''
batch.programs.<progID>.parametersParameters, if any, to be passed to the batch process (-Dbatch.parameters=)''
batch.programs.<progID>.resourcesPod resources definition''
batch.programs.<progID>.usernameSPM username for the execution of the batch progress (-Dbatch.username=)''
batch.programs.<progID>.scheduleDifferent schedules can be specified for different batch jobs. The default schedule applies to any jobs queued in the system.*/30 * * * *
---------------------------
batch.streamed.<progID>.activeDeadlineSecondsNumber of seconds within which the job is expected to complete. If this time is exceeded, the job is terminated. Blank value denoted no limit.''
batch.streamed.<progID>.scheduleDifferent schedules can be specified for different batch jobs. The default schedule applies to any jobs queued in the system.*/30 * * * *
batch.streamed.<progID>.chunker.classNameJava class for the batch chunker (-Dbatch.program=)''
batch.streamed.<progID>.chunker.javaOptionsJava options to be injected via ANT_OPTS''
batch.streamed.<progID>.chunker.parametersParameters, if any, to be passed to the batch chunker (-Dbatch.parameters=)''
batch.streamed.<progID>.chunker.replicaCountNumber of replicas of chunker to launch''
batch.streamed.<progID>.chunker.resourcesPod resources definition''
batch.streamed.<progID>.chunker.usernameSPM username for the execution of the batch chunker (-Dbatch.username=)''
---------------------------
batch.streamed.<progID>.stream.classNameJava class for the batch stream (-Dbatch.program=)''
batch.streamed.<progID>.stream.javaOptionsJava options to be injected via ANT_OPTS''
batch.streamed.<progID>.stream.parametersParameters, if any, to be passed to the batch stream (-Dbatch.parameters=)''
batch.streamed.<progID>.stream.replicaCountNumber of replicas of stream to launch''
batch.streamed.<progID>.stream.resourcesPod resources definition''
batch.streamed.<progID>.stream.usernameSPM username for the execution of the batch stream (-Dbatch.username=)''

The default batch configuration runs any queued jobs every 30 minutes (equivalent of running build.sh runbatch without any parameters).

Additional batch jobs may be added with additional keys under batch.programs.

For more information about batch examples, see bulk reassessment of all open integrated cases in the Social Program Management Health Care Reform Developer Guide.

The Social Program Management PDF documentation is available to download from Merative Support Docs.

The following batch.programs example adds the bulk reassessment of all open integrated cases batch job to be run at 2AM every Sunday night.

batch:
  programs:
    queued:
      schedule: "*/30 * * * *"
    reassessment:
      className: curam.healthcare.sl.intf.BulkICReassessment.process
      javaOptions: "-Xms2g -Xmx2g -Xgcpolicy:gencon"
      parameters: "evidenceMigrationDetails=CASE|DET0026071;DET0026027|CT26301"
      username: system

Note: Kubernetes by default has limits set on resources such as memory and CPU usage. SPM containers require more resources than the default values that we have set. We have set the default resource values to the limits that we have found to work best during development.

The resource values are subject to change during further iterations.

The resource values can be changed. However, for troubleshooting, we will request that our default values are used at a minimum.

IBM MQ

Note: There are two deployment strategies for IBM MQ, with MQ installed on a virtual machine or within a container. Merative SPM supports MQ on a VM for both Openshift and Kubernetes Service. We only support containerised MQ on Openshift.

ParameterDescriptionDefault
Container only global.mq.versionVersion of IBM MQ to deploy9.2.2.0-r1
VM based only global.mq.useConnectionNameListIndicator if IBM MQ is running in HA mode outside the clusterfalse
global.mq.tlsSecretNameName of a pre-created Secret containing TLS certificates for IBM MQ (required if running MQ outside the cluster, optional for MQ containers - certificates are auto-generated if not provided)''
Container only global.mq.queueManager.nameName of the queue manager to be created in the MQ containerQM1
global.mq.queueManager.secret.nameName of a pre-created secret containing credentials of the MQ client and admin users (see Handling Secrets topic)''
Container only global.mq.queueManager.secret.adminPasswordKeyThe key in the Kubernetes Secret containing the password for the MQ admin useradminPasswordKey
global.mq.queueManager.secret.appUsernameKeyThe key in the Kubernetes Secret containing the username for the MQ client userappUsername
global.mq.queueManager.secret.appPasswordKeyThe key in the Kubernetes Secret containing the password for the MQ client userappPasswordKey
Container only global.mq.availabilityTypeAvailability type to be used for deployments (alternatives: SingleInstance or MultiInstance). Only available with stateful MQ OperatorsSingleInstance
Container only global.mq.storageTypeStorage type to be used (alternatives: ephemeral or persistent-claim)ephemeral
Container only global.mq.storageClassNameStorage class used for dynamic provisioning by the provisioner''
Container only global.mq.security.context.fsGroupPrimary user group for any filesystem mounts, if required by the storage provisioner''
Container only global.mq.security.context.supplementalGroupsSupplemental user groups for any filesystem mounts, if required by the storage provisioner[]
Container only global.mq.security.initVolumeAsRootInitialise storage volume as root userfalse
Container only mqserver.podAnnotationsAnnotations to be applied during deployment{}

MQ Metrics (optional)

ParameterDescriptionDefault
global.mq.metrics.enabledEnable/disable the MQ metricsfalse
global.mq.metrics.additionalMetricsEnable/disable the IBM MQ Queue Depth Events metrics (only valid if global.mq.metrics.enabled is set to true)false
mqserver.metricsImage.libraryNamespace in the image registry containing your IBM MQ Queue Depth Events image{}
mqserver.metricsImage.nameName of your IBM MQ Queue Depth Events image to be used{}
mqserver.metricsImage.tagImage tag of your IBM MQ Queue Depth Events image to be used{}

MQ tuning (optional)

ParameterDescriptionDefault
global.apps.config.<applicationID>.mqTuningMQ Pod resources definition per applicationVaries by application (see values.yaml)

Static Content Server

ParameterDescriptionDefault
web.ingressPathStatic content Ingress/Route path without a trailing forward slash (must match what had been defined when the application was built)/CuramStatic
web.readinessProbe.pathPath for the pod readiness probe (should be same as ingressPath except with the trailing forward slash)/CuramStatic/
web.replicaCountNumber of replicas to be deployed1
web.resourcesPod resources definitionVaries by application (see values.yaml)
web.tuningTuning values for Apache HTTP server of web component. Multiple values can be configured, each in the form “key value” e.g “ThreadLimit 2”''

XML Server

ParameterDescriptionDefault
xmlserver.replicaCountNumber of replicas to be deployed1
xmlserver.resourcesPod resources definitionVaries by application (see values.yaml)
xmlserver.serverPortThe port that the XML server (its service) listens on (see note below)1800
xmlserver.jvm.maxMemoryThe maximum Java heap for the XML server768m
xmlserver.jvm.threadStackSizeThe Java thread stack size for the XML server-Xss4m
xmlserver.jvm.jvmOptionsOptions to be passed to the JVM; for example, the minimum heap size: -Xms1024m''
xmlserver.config.threadPoolSizeThe XML server thread pool size5
xmlserver.config.threadPoolQueueSizeThe XML server thread pool queue size200
xmlserver.config.socketTimeoutThe XML server socket timeout (milliseconds)60000
SPM 8.0.1.0 xmlserver.metrics.enabledEnable sending XML server statistics (stats/ThreadPoolWorker-* file contents) to Prometheusfalse
SPM 8.0.1.0 xmlserver.metrics.portThe port to monitor the XML server statistics8080
SPM 8.0.1.0 xmlserver.startOptionsXML server start option; specifically for specifying -forcestatswrite''
xmlserver.jvmStats.enabledEnable the Prometheus JMX Exporter for the XML server JVM metricsfalse
xmlserver.jvmStats.portThe port to monitor the XML server JVM metrics8083
xmlserver.jvmStats.configYamlThe Prometheus JMX Exporter configuration YAML string''
SPM 8.1.0.0 xmlserver.readinessProbe.enabledEnable XML server readinessProbe described in XML server health checksfalse
SPM 8.1.0.0 xmlserver.readinessProbe.initialDelaySecondsConfigure the number of seconds after container startup to initiate the probe15
SPM 8.1.0.0 xmlserver.readinessProbe.periodSecondsConfigure the number of seconds between probe invocations60
SPM 8.1.0.0 xmlserver.livenessProbe.enabledEnable XML server livenessProbe described in XML server health checksfalse
SPM 8.1.0.0 xmlserver.livenessProbe.initialDelaySecondsConfigure the number of seconds after container startup to initiate the probe60
SPM 8.1.0.0 xmlserver.livenessProbe.periodSecondsConfigure the number of seconds between probe invocations120
SPM 8.1.0.0 xmlserver.livenessProbe.timeoutSecondsConfigure the number of seconds before the probe times out30

In a Kubernetes environment the XML server replicas are abstracted to the single xmlserver.serverPort by a Kubernetes service that handles the load balancing between multiple replicas.

Universal Access React App - optional

ParameterDescriptionDefault
uawebapp.imageConfig.libraryNamespace in the image registry containing your Univeral Access image''
uawebapp.imageConfig.nameName of your Univeral Access image to be used''
uawebapp.imageConfig.tagImage tag of your Univeral Access image to be usedlatest
uawebapp.ingressPathStatic content Ingress/Route path without a trailing forward slash (must match the PUBLIC_URL variable when the application was built)/universal
uawebapp.readinessProbe.pathPath for the pod readiness probe (should be same as ingressPath except with the trailing forward slash)/universal/
uawebapp.replicaCountNumber of replicas to be deployed1
uawebapp.resourcesPod resources definitionVaries by application (see values.yaml)
uawebapp.tuningTuning values for Apache HTTP server of UAWebApp component. Multiple values can be configured, each in the form “key value” e.g “ThreadLimit 2”''
Previous
Deploying with Helm Charts: Preparing Helm Charts
Next
Deploying with Helm Charts: Handling Secrets