Provision optional configuration
The following configurations are optional:
- ArgoCD: Configures the properties to access ArgoCD service (this configuration is needed for Application Composition projects)
- Redis: Optional - Configures the properties to access a Redis
- Schema Registry: Configures the connection to Schema Registry (this configuration is needed for Event Support)
- Vault: Optional - Configures the properties to access a HashiCorp Vault
- Audit binding: Optional - Configure connection to the audit logging collector
ArgoCD
These configurations are required to connect to the ArgoCD service.
Configuration description:
| Key | Description |
|---|---|
| url | The url of the ArgoCD service |
| username | The username to login into the ArgoCD service |
| password | The password to login into the ArgoCD service |
| namespace | The namespace (or OpenShift project) of the ArgoCD installation |
Please use the public route URL as url or ensure that all certificates (whole chain) of the
ArgoCD Service are included in the Truststore.
In the following "k5-tools" is the name of the namespace where IBM DevOps Solution Workbench is installed.
Apply Configuration:
kind: Secret
apiVersion: v1
metadata:
name: k5-argocd-binding
namespace: <k5-tools>
stringData:
url: "https://openshift-gitops-server.apps.openshift-cluster.mydomain.cloud"
username: "user"
password: "pw123"
namespace: "openshift-gitops"
Adjust metadata.namespace and stringData and then create this secret via UI or save it as a file and apply it with
the following command:
oc apply -f secret.yaml
Redis
These configurations are required to connect to the Redis service.
Configuration description:
| Key | Description |
|---|---|
| host | The host of the Redis service |
| password | The password to login into the Redis service |
| port | The port of the Redis service |
Please use the internal service URL as host, e.g. redis-master.redis-namespace.svc.cluster.local.
If you have configured a Redis service you can enable Horizontal Pod Autoscaling for k5-diagram-modelling service, see Extended configuration
Apply Configuration:
kind: Secret
apiVersion: v1
metadata:
name: k5-redis-binding
namespace: <k5-tools>
stringData:
host: "redis-master.redis-namespace.svc.cluster.local"
password: "pw123"
port: "6379"
Adjust metadata.namespace and stringData and then create this secret via UI or save it as a file and apply it with
the following command:
oc apply -f secret.yaml
Schema Registry
This configuration is necessary to connect to the Schema Registry.
Configuration description:
| Parameter | Description |
|---|---|
| cleanUpTaskTime (optional) | The time when the clean up job should be run. Please use cron schedule expressions. (Default: 0 0 20 * * Saturday) |
| cleanUpTaskTimeZone (optional) | The timezone you're in. Example: Europe/Berlin (Default timezone: UTC) |
| url | Url of the Schema Registry. |
Apply Configuration:
kind: Secret
apiVersion: v1
metadata:
name: k5-schema-registry-binding
namespace: <k5-tools>
stringData:
url: "https://schema-registry.apps.openshift-cluster.mydomain.cloud"
Adjust metadata.namespace and stringData and then create this secret via UI or save it as a file and apply it with
the following command:
oc apply -f secret.yaml
Vault
Configures properties to access a HashiCorp Vault. This configuration is not mandatory!
Configuration description:
| Parameter | Description |
|---|---|
| url | The url of the HashiCorp Vault |
| role | The name of the role you configured in your vault. You can find information how to do that here. |
Losing/changing the vault configuration can cause errors and secrets need to be recreated.
Apply Configuration:
kind: Secret
apiVersion: v1
metadata:
name: k5-vault-binding
namespace: <k5-tools>
labels:
k5-configuration: 'true'
stringData:
url: "string"
role: "string"
Adjust metadata.namespace and stringData and then create this secret via UI or save it as a file and apply it with
the following command:
oc apply -f secret.yaml
Audit Binding
This configuration is necessary to connect to your audit logging collector (e.g. Fluentd). By default, the audit logging is disabled since it is not meant to be used without a connection to an audit logging collector. If you do not wish Audit Logging, you can skip this configuration.
Configuration description:
| Parameter | Description |
|---|---|
| auditEnabled | Enables or disables the Audit logging. |
| connectionString | The Fluentd connectionString for Audit logging. |
Apply Configuration:
kind: Secret
apiVersion: v1
metadata:
name: k5-auditlog-settings
namespace: <k5-tools>
labels:
k5-configuration: 'true'
stringData:
auditEnabled: "boolean"
connectionString: "string"
Adjust metadata.namespace and stringData and then create this secret via UI or save it as a file and apply it with
the following command:
oc apply -f secret.yaml