Installation Parameters¶

The parameters order¶

The installer is strictly command line based and all configuration and parameters are passed in values files or as single arguments to the installer script.

If the same parameter is passed to the installer several times the last in order will override the previous ones.

A values yaml file can hold many parameters structured in the yaml standard with the values:

example-values.yaml

global:
namespace: exampleprod
customerCode: example
environmentType: prod
solutionSetName: My Groovy Solution!!
replicas: 2

ifsappproxy:
accessLog: enabled

If above ifscloud-values.yaml is passed to the installer, and the parameter is also passed to the installer like this:

.\installer.cmd --values ifscloud-values.yaml --set ifsappproxy.accessLog=enabled --set global.replicas=1

the installer will use the "enabled" value of the parameter ifsappproxy.accessLog and "1" of the global.replicas since that was passed as a "--set" in the command line. So "--set" wins over "values" and if the same parameter is "--set" several times the last will win.

.\installer.cmd --values ifscloud-values.yaml  --values solutionset.yaml

in this example the "solutionSetName: My Groovy Solution!!" will be overwritten by the solutionSetName that is always defined parameter in a solutionset.yaml files.

IFS cloud values file¶

All configuration files and certificates should be placed in the config folder according to the folder structure in Windows Management Server.

**Follow this link to get an example template of ifscloud-values.yaml . **

Use the parameter guidance in the sections below to fill in the values in the ifscloud-values.yaml file and add optional parameters.

Password limitations¶

As IFS Cloud has many underlying password dependencies and locales, we restrict the passwords to fulfil all limitations. The following restrictions and recommendations apply:

Must start with an alphanumerical character [a-z] [A-Z]
Passwords should have least 15 characters (recommended)
These special characters are not allowed: \ / @ ' " | - * $ & # § [] {} () (and other language specific characters )

General Parameters¶

The parameters indicated in Bold are mandatory, and the others are optional.

Note: New parameters may be introduced with each release. It is important to review the release notes to identify any newly added mandatory parameters and ensure they are properly declared in your configuration.

Parameter	Purpose	Examples/Defaults
chart	specifies which master-chart to be used	Default: ifscloud/ifs-cloud can be a path to a local master-chart as well (only used by RnD). To use the local master-chart set e.g. " chart: .\master-chart "
chartVersion	Normally only used by RnD to specify specific helm chart version.
certificateFile	Location of the pfx file that holds the certificate and private key. See Certificate Handling for more certificate requirements and info. If the certificateFile is omitted or the file can not be found, a new selfsigned certificate will be automatically generated and used.	e.g. /path/to/yourcert.pfx or c:\path\to\yourcert.pfx
certificatePassword	password for the pfx file.	Note the pwd need to be a string. e.g. ifs123 or "12345"
helmRepo	The url of the Helm Chart repository.	Use - https://ifscloud.jfrog.io/artifactory/helm
helmUser	The service principal user name. This username should be provided per customer by IFS.
helmPwd	The service principal password. This password should be provided per customer by IFS.
global.namespace	Sets the namespace in the k8s cluster norally you would set is as a concatination of the customerCode and environmentType	none, but the parameter is mandatory and must consist of only lowercase alphanumeric characters or '-' volvobnt
global.customerCode	This is a label of the system. All monitoring metrics will be tagged with this label. Typically the label would be an abriviation of the company name.	none, but the parameter is mandatory e.g. volvo
global.environmentType	This is a label of the system. All monitoring metrics will be tagged with this label. Typical values prod/test/bnt/dev	none, but the parameter is mandatory e.g. bnt
global.customerId	Used in the License report. The id can be found in the Build Place portal.	The parameter is mandatory and if not supplied the default value of DEV_CUST is applied. Change it according to the customer environment.
global.customerName	Used in the License report. The id can be found in the Build Place portal.	The parameter is mandatory and if not set the default value of DEV_CUST is applied. Change it according to the customer environment.
global.installationId	Used in the License report. Just an environment identifier that is unique per customerId e.g. TEST/PROD/DEV/MIG/TRAIN/CFG	The parameter is mandatory is typically the same as the parameter environmentType
global.systemUrl	The FQDN of the primary url where the system is accessed. Note: the https:// is not part of the FQDN	e.g. ifscloud.corpnet.ifs.com
global.secondarySystemUrl	The FQDN of the secondary url where the system is accessed. This could be an internet facing external proxy that only allows b2b and mobile client requests. This FQDN could have a different domain than the normal systemUrl. If the entire system is exposed to internet, the secondarySystemUrl is not needed.	e.g. ifscloud.ifs.com
global.containerRegistry	The url of the docker container registry, where all containers will be fetched from. Note: Always append a trailing slash. Note: the https:// is not part of the FQDN	Use - ifscloud.jfrog.io/docker/
global.imageCredentials.username	The service principal user name. This username should be provided per customer by IFS.
global.imageCredentials.password	The service principal password. This password should be provided per customer by IFS.
global.scale	Defines the scaling of cpu/memory compared to the production mode 100%.	Default: 100 A scale of 10-20 is a small development environment. A scale of aprox 50 is a small test environment. Scale should be set to 100 in all production like environments.
global.replicas	Sets how many containers should be started by default	The default number of replicas to be started of each type of container. Can be overridden by the containers local replicas parameter.
global.cpuRatio	This will set the k8s CPU request/limit ratio on all containers.	Default: 50 This will set the CPU request to 50% of the CPU limit on the containers. Read more on k8s CPU request & limits on k8s user documentation for more infomation.
global.httpConnectTimeout	This will set the timeout of http connection to the ingress proxy and the ifsapp-proxy	Default: 60
global.httpSendTimeout	This will set the Send timeout of http connection to the ingress proxy and the ifsapp-proxy	Default: 600
global.httpReadTimeout	This will set the Read timeout of http connection to the ingress proxy and the ifsapp-proxy	Default: 600
global.ingressLimitRps	Limits requests per second that the ingress will pass through. Can be used to prevent DoS attacks	Default: not set set with care, highly dependant on the workload of the specific environment.
global.ingressLimitRpm	Limits requests per minute that the ingress will pass through. Can be used to prevent DoS attacks	Default: not set set with care, highly dependant on the workload of the specific environment.
global.sslCiphers	The SSL ciphers used by the ifsapp-proxy To set cipher on ingress edit ifs-ingress-values.yaml in Remote installation.	Default: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"<br
global.sslProtocols	The TLS versions used by the ifsapp-proxy To set TLSv in ingress edit ifs-ingress-values.yaml in Remote installation.	Default: "TLSv1.2 TLSv1.3"
global.demandPort	Demand Server Port number	Default: 5010
global.crystalPort	Crystal Server Port number	Default: 443
global.ssrsPort	SSRS Server Port number	Default: 80
global.nodeSelector or pod.nodeSelector	Can be used to define nodeSelector on namespace or pod	global: nodeSelector: \| IFSCloud: "true" or e.g. ifsapp-odata: nodeSelector: \| IFSCloud: "true"
global.tolerations or pod.tolerations	Can be used to define tolerations on namespace or pod	global: tolerations: \| - key: "IFSCloud" operator: "Equal" value: "true" effect: "NoSchedule"
global.affinity or pod.affinity	Can be used to define affinity on namespace or pod	ifsapp-odata: affinity: \| nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: -key: "beta.kubernetes.io/os" operator: "In" values: - "linux"
ifscore.secrets.jdbcUrl.name	ifs-jdbc-url
ifscore.secrets.jdbcUrl.data	The host should be the DB server's IP address. Oracle db service name or sid. Oracle db listener port. Advanced jdbc strings to support failover/RAC or TCPS can be defined here.	jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=10.241.0.4)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=CLOUD))) Note: If passing the jdbcUrl as a command line argument it needs to be quoted and escaped. set ifscore.secrets.jdbcUrl.data= \" jdbc:or......D)) \"
ifscore.networkpolicy.enabled	Set to true to activate network policy	default: true
ifscore.networkpolicy.internetAccess ExceptionList	Optional if network policy is enabled. A list of subnets that should be blocked for access from containers Note: the DB server will always be automatically opened on port 1521 even if behind internetAccessExceptionList subnet.	ifscore: networkpolicy: enabled: true demandhost: 10.0.2.4 internetAccessExceptionList: - ip: 10.0.0.0/16 - ip: 193.41.170.171/32
ifscore.networkpolicy.demandhost	Can only be set if network policy and internetAccessExceptionList is enabled. The IP's of servers that can have Demand Server (as e.g. Cold standby). This IP will be opened even if behind a restricted subnet (internetAccessExceptionList)	ifscore: networkpolicy: enabled: true demandhost: 10.0.2.4,10.0.2.10 internetAccessExceptionList: - ip: 10.0.0.0/16 - ip: 193.41.170.171/32
ifscore.networkpolicy.crystalhost	Can only be set if network policy and internetAccessExceptionList is enabled. The IP's of servers that can have Crystal Services. This IP will be opened even if behind a restricted subnet (internetAccessExceptionList)	ifscore: networkpolicy: enabled: true crystalhost: 10.0.2.5 internetAccessExceptionList: - ip: 10.0.0.0/16 - ip: 193.41.170.171/32
ifscore.networkpolicy.ssrshost	Can only be set if network policy and internetAccessExceptionList is enabled. The IP of a server that can have SSRS Services. This IP will be opened even if behind a restricted subnet (internetAccessExceptionList)	ifscore: networkpolicy: enabled: true ssrshost: 10.0.2.6 internetAccessExceptionList: - ip: 10.0.0.0/16 - ip: 193.41.170.171/32
ifscore.networkpolicy.connecthost	Can only be set if network policy and internetAccessExceptionList is enabled. The IP's of servers that can have service that the ifsapp-connect pod need to reach. This IP will be opened even if behind a restricted subnet (internetAccessExceptionList)	ifscore: networkpolicy: enabled: true connecthost: 10.0.2.7 internetAccessExceptionList: - ip: 10.0.0.0/16 - ip: 193.41.170.171/32
ifscore.networkpolicy.systemurlhost	Can only be set if network policy and internetAccessExceptionList is enabled. If the IP of system_url is behind a internetAccessExceptionList subnet and a pod with internet access need access to the system url, this IP will be opened even if behind a restricted subnet (internetAccessExceptionList)	ifscore: networkpolicy: enabled: true systemurlhost: 10.0.5.1 internetAccessExceptionList: - ip: 10.0.0.0/16 - ip: 193.41.170.171/32
ifscore.passwords.ifssysPassword.data	Set the ifssys-password for the IFSSYS user in the DB.
ifscore.passwords.ifsadminPassword.data	The iifsadmin-pw of the IFSADMIN is the initial user defined in IAM. This user is the only user that can logon to Cloud Web in a fresh installed system. With this user the additional users are defined in Solution Manager
.certificates.certname1	Path to a.cer file or a key as a string The string certname1 can be named a more descriptive name read special section below.	e.g. certificates.database.dbcert: /path/to/dbcert.cer
global.certificates.database.certname1	As a encryption certificate for the db connection are common for all pods the database cetificate is a global (ifscore) parameter.	e.g. global.certificates.database.dbcert: /path/to/dbcert.cer
global.serverTimeZone	Time zone of the database server. Valid time zone should be provided. Value cannot be changed after been set.	e.g. Asia/Colombo

Specific Certificate for pods¶

Certificates can be imported per pod, and will then be added to the java truststore (cacerts) at pod startup. Under each pod parameter section a certificate section can be added.

e.g:

ifsappconnect:  
     certificates:  
        mycertintext: |  
           -----BEGIN CERTIFICATE-----   
           MIIDHzdIZ3+TSgCbI2tupJsv1FRWV3pMg3pdIGo7Ia   
           FyJKCqEj4rV/q7MW2a4JQJF8ykXixZ4YTLwi67VFMSfd2D516r1Xx2k617B+01dg  
           GRwQDY3H2NWh1QjBoyIOJKklLd/fEPzm+UU/JH8K/yBQdVZBaxw4KjU0xyqQFTd0   
           jhsIc1pqf2aVEsejwyNLhs9DnZyvzRBNsyvuVm//0gWV4OPDAa/i0BULgHnjJF2y   
           2M8H0QgLNafuaVxL2K6jArHg5JB1Qgkd7jxvmylwQhelfV86MmO9cy7f3gIRcX52   
           lU+UKetAgt4koD5opvDOzWtToavXGALzFjMxMN9iyGEfFf8=   
           -----END CERTIFICATE-----  
       mycertfromfile: C:\remote\ifsroot\config\certs\mycert.crt

Note: All certificate names (e.g. mycertintext, mycertfromfile ) need to be unique over the entire ifscloud-values.yaml

Parameters for DB installer and DB import¶

Parameter	Purpose	Examples/Defaults
dbInstaller.ifsappPassword	The IFS Cloud application schema owner's password. Used when creating the application owner in prepares.sql
dbInstaller.deliveryPath	Path to DELIVERY or BUILD_HOME (this is normally passed as an argument since it should not be persisted in a ifscloud-values.yaml file.)	It default to the delivery or build home from where the installer was started.
ifscore.users.ifsappUser.data	If the IFS Cloud schema owner is not IFSAPP, this parameter can set a different schema owner name	defaults to IFSAPP, All new system should use IFSAPP.
dbInstaller.jdbcUrl	Only one of the jdbcUrl's is required. This param will win over the ifscore.secrets.jdbcUrl.data parameter. But the ifscore.secrets.jdbcUrl.data should be used if it is a simple jdbcUrl.
ifscore.secrets.jdbcUrl.data	This is the default jdbcUrl used by all contaniers, it can/should also be used by the db installer. If the ifscore.secrets.jdbcUrl.data points to an Oracle RAC cluster or Oracle Dataguard the dbInstaller.jdbcUrl should be used to deploy to the DB.
dbInstaller.fileName	Full path to a file to be deployed. (this is normally passed as an argument since it should not be persisted in a ifscloud-values.yaml file.)
dbInstaller.sysAdminUser	Admin user (PDB common user) when running Prepare Database, i.e. used when deliveryPath is set and delivery contains prepare.sql. If no value is given, SYS will be used as fallback.	SYS
dbInstaller.sysPassword	Password for the SYS Admin user (e.g. SYS) in DB. Only used when deliveryPath is set and delivery contains prepare.sql. If sysPassword not defined, prepare.sql as the admin user will not be run. (this is normally passed as an argument since it should not be persisted in a ifscloud-values.yaml file.)
dbInstaller.connectRole	If connection must be done as SYSDBA or SYSOPER, instead of NORMAL. Only relevant when action is FILEXEC. When running Prepare Database, the connect role is always set to SYSDBA
dbInstaller.ialOwner	If the IAL schema owner is not IFSINFO, this parameter can set a different schema owner name.	defaults to IFSINFO
dbInstaller.extLogging	Extended logging.	defaults to N
dbInstaller.waitingTime	Waiting time for still running processes, e.g. background jobs.	default = 3600 (one hour)
dbInstaller.exitOnWaitingTime	Terminating installation with exit code 10, if dbInstaller.waitingTime reached	defaults to N
dbInstaller.dbServerSize	Number of parallel threads when running independent file types	default = 12
logFileLocation	Path to where all logs will be placed	defaults to %TEMP%/ifsinstaller_<namespace> --set logFileLocation=c:\logs
ifscore.passwords.ifsiamPassword.data	Password when creating the user ifsiamsys in prepare.sql	Random value set as fallback in define.tem
ifscore.passwords.ifssysPassword.data	Password when creating the user ifssys in prepare.sql	Random value set as fallback in define.tem
ifscore.passwords.ifsmonPassword.data	Password when creating the user ifsmonitoring in prepare.sql	Random value set as fallback in define.tem

Parameters for AMM¶

Parameter	Purpose	Examples/Defaults
ifsappamm.replicas	Sets how many containers of this type should be started	Defaults to 1 Note: this container should not have more than 1 container running.
ifscore.passwords.ifsmonPassword.name	ifsmon-password	ifsmon-password
ifscore.passwords.ifsmonPassword.data	ifsmonitoring password
ifscore.passwords.ifsappmonitorPw.name	ifsappmonitor-pw	ifsappmonitor-pw
ifscore.passwords.ifsappmonitorPw.data	ifsappmonitor password used by AMM to do login validation tests

Parameters for BUSMOD¶

These should only be set if component PBIES is active.

Parameter	Purpose	Examples/Defaults
ifsappbusmod.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifsappbusmod.authService	This is the authentication URL	Required
ifsappbusmod.appId	This is the app id (client id) of the azure application registration or managed identity that is linked to the service, this needs to be created before the service can be installed, this should be handled when a new customer is provisioned in azure.	Required
ifsappbusmod.tenantId	This is the Azure tenant id where the app id (client id) is created.	Required
ifsappbusmod.logLevel	The minimal level of messages that needs to be logged.	Optional, Default set to warn
ifsappbusmod.serviceAccountEnabled	Set to true when using managed identities	Optional
ifsappbusmod.managedIdentityEnabled	Set to true when using managed identities	Optional
ifsappbusmod.pbiBaseUri	Url used to connect to the power bi service	Optional, Default set to http://ifsapp-powerbi-svc:8080/
ifsappbusmod.dataLakeAccountName	This is the ADLS Gen2 account name for which SAS tokens will be created.	Optional when only using Advanced Analytics features, required when using analysis models framework features.
ifsappbusmod.dataLakeContainer	This is the ADLS Gen2 container for which SAS tokens will be created.	Optional when only using Advanced Analytics features, required when using analysis models framework features. Default set to AMC.
ifsappbusmod.targetWorkspaces	Used for the area to workspace mapping	Optional when only using Advanced Analytics features, required when using analysis models framework features. Example content that maps the HCM and the Finance area to 2 workspace ids: `{HCM;3d43b5b3-cfa9-43a1-9839-490afba6c1b4}\|{Finance;3efd157f-f356-4160-90d4-6747827519d4}`
ifscore.passwords.busmodAadSecret.data	Value for the busmod-aad-secret this is used to get a OAuth token for the service principal to invoke Azure and Office 365 services	Required when not using a managed identity
ifscore.users.ifsamfwUser.data	Value for the ifsamfw-user, the username of the database user that is used to maintain the administration tables	Optional when only using Advanced Analytics features, required when using analysis models framework features, default value: IFSAMFW
ifscore.passwords.ifsamfwPassword.data	Value for the ifsamfw-password, the password of the database user that is used to maintain the administration tables	Optional when only using Advanced Analytics features, required when using analysis models framework features
ifscore.secrets.jdbcUrl.data	Value for the ifs-jdbc-url, used to connect to the oracle database (see ## General Parameters for more info)	Optional when only using Advanced Analytics features, required when using analysis models framework features
ifscore.secrets.ifsAmDataLakeAppKey.data	Value for the ifs-am-datalake-appkey, used to configure the gateway connections so the datasources of a Power BI Dataset can access the datalake content	Optional when only using Advanced Analytics features, required when using Analysis Models Framework features

Parameters for Power BI Service (PBIES)¶

Should only be set if component PBIES is active

Parameter	Required	Purpose
ifsapppowerbisvc.replicas	Sets how many containers of this type should be started	Optional, Default set to global.replicas parameter
ifsapppowerbisvc.serviceConfigEnabled	Indicate whether the service is configured or not, if false then the readiness probe will not fail.	Optional, Default set to false
ifsapppowerbisvc.azureAdClientId	The app id (client id) of the azure application registration or managed identity that is linked to the service, this needs to be created before the service can be installed, this should be handled when a new customer is provisioned in azure.	Required
ifsapppowerbisvc.azureAdTenantId	The Azure tenant id where the app id (client id) is created	Required
ifsapppowerbisvc.azureAdServicePrincipalObjectId	Required	Required, the object id of the service principal of the Azure application registration
ifsapppowerbisvc.authConfigUserNameClaim	The claim of the OpenIdConnect token to use to send in the effective identity to an SQL Server Analysis Services (SSAS) when Row Level Security (RLS) is turned on for the model	Optional, Default set to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
ifsapppowerbisvc.authConfigCustomDataClaim	The claim of the OpenIdConnect token to use to send in the effective identity to an Azure Analysis Services (AAS) when Row Level Security (RLS) is turned on for the model	Optional, Default set to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
ifsapppowerbisvc.serviceAccountEnabled	Set to true when using managed identities	Optional
ifsapppowerbisvc.managedIdentityEnabled	Set to true when using managed identities	Optional
ifsapppowerbisvc.logLevel	The minimal level of messages that needs to be logged	Optional, Default set to warn
ifsapppowerbisvc.managedIdentityEnabled	Set to true when using managed identities	Optional
ifsapppowerbisvc.powerBiServiceApiUri	The url to use to talk to PowerBI	Optional, Default set to https://api.powerbi.com
ifsapppowerbisvc.powerBiGoldenWorkspaceId	The id of the workspace that is used as golden workspace	Optional, only required when using the Analysis Model Framework features
ifsapppowerbisvc.dataLakeGatewayId	The id of the gateway to use to access the datalake from PowerBI, used when deploying / updating analysis models	Optional, only required when using the Analysis Model Framework features
ifscore.passwords.pbiesAadSecret.data	value for the pbies-aad-secret this is used to get a OAuth token for the service principal to invoke Azure and Office 365 services	Required when not using a managed identity

Parameters for AM Scheduler¶

Parameter	Purpose	Examples/Defaults
ifsappamscheduler.enabled	Indicates whether this service needs to be installed	Optional, Default set to false
ifsappamscheduler.logLevel	The minimal level of messages that needs to be logged	Optional, Default set to warn
ifsappamscheduler.serviceAccountEnabled	Set to true when using managed identities	Optional
ifsappamscheduler.managedIdentityEnabled	Set to true when using managed identities	Optional
ifsappamscheduler.job.azure.clientId	The app id (client id) of the azure application registration or managed identity that is linked to the service, this needs to be created before the service can be installed, this should be handled when a new customer is provisioned in azure.	Required
ifsappamscheduler.job.azure.tenantId	The Azure tenant id where the app id (client id) is created	Required
ifsappamscheduler.schedule	this is the CRON schedule on which interval this job gets started	default set to "/1 * * * " (run every minute)
ifscore.passwords.busmodAadSecret.data	value for the busmod-aad-secret	Required when not using a managed identity
ifscore.users.ifsappUser.data	value for the ifsapp-user	Required
ifscore.users.ifsamfwUser.data	value for the ifsamfw-user, the username of the database user that is used to maintain the administration tables	Optional, default value: IFSAMFW
ifscore.passwords.ifsamfwPassword.data	value for the ifsamfw-password, the password of the database user that is used to maintain the administration tables	Required
ifscore.secrets.jdbcUrl.data	value for the ifs-jdbc-url, used to connect to the oracle database (see ## General Parameters for more info)	Required
ifscore.secrets.ifsamIfsinfoUsername.data	value for the am-ifsinfo-un	Required
ifscore.passwords.ifsamIfsinfoPassword.data	value for the am-ifsinfo-pwd	Required

Parameters for AM DataPump¶

Parameter	Purpose	Examples/Defaults
ifsappamdatapump.enabled	Indicates whether this service needs to be installed	Optional, Default set to false
ifsappamdatapump.logLevel	The minimal level of messages that needs to be logged	Default set to warn
ifsappamdatapump.serviceAccountEnabled	Set to true when using managed identities	Optional
ifsappamdatapump.managedIdentityEnabled	Set to true when using managed identities	Optional
ifsappamdatapump.app.dataLake.name	The data lake (storage account) name to use	Required
ifsappamdatapump.app.dataLake.container	The name of the container within the data lake (storage account) to use	Optional, Default set to AMC
ifsappamdatapump.app.azure.clientId	The app id (client id) of the azure application registration or managed identity that is linked to the service, this needs to be created before the service can be installed, this should be handled when a new customer is provisioned in azure.	Required
ifsappamdatapump.app.azure.tenantId	The Azure tenant id where the app id (client id) is created	Required
ifscore.passwords.busmodAadSecret.data	value for the busmod-aad-secret	Required when not using a managed identity
ifscore.secrets.ifsamDatalakeAccountkey.data	value for the ifsapp-am-datalake-accountkey	Required
ifscore.users.ifsamfwUser.data	value for the ifsamfw-user, the username of the database user that is used to maintain the administration tables	Optional, default value: IFSAMFW
ifscore.passwords.ifsamfwPassword.data	value for the ifsamfw-password, the password of the database user that is used to maintain the administration tables	Required
ifscore.secrets.jdbcUrl.data	value for the ifs-jdbc-url, used to connect to the oracle database for the administration tables (see ## General Parameters for more info)	Required
ifscore.secrets.ifsamfwDatapumpJdbcUrl.data	value for the ifsamfw-datapump-jdbc-url, used to connect to the oracle database for the information sources, this should normally be the same as ifscore.secrets.jdbcUrl.data	Required
ifscore.secrets.ifsamIfsinfoUsername.data	value for the am-ifsinfo-un the database user which is used to read the dimension and fact data from oracle	Required
ifscore.passwords.ifsamIfsinfoPassword.data	value for the am-ifsinfo-pwd the password of the database user which is used to read the dimension and fact data from oracle	Required

Parameters for AM Work Queue¶

Parameter	Purpose	Examples/Defaults
ifsappamworkqueue.enabled	Indicates whether this service needs to be installed	This parameter is true by default because it supports functionality used by both Analysis Models and Document Automation components.

Parameters for GRAPH¶

Should only be set if component graph is active
NOTE: This uses mounted secrets. Therefore, make sure that the secrets are properly configured in case the pod fails in the PodInitialization state at startup.

Parameter	Purpose	Examples/Defaults
ifsappgraph.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifsappgraph.serviceConfigEnabled	Indicate whether the service is configured or not, if false then the readiness probe will not fail.	Must be set to true when deployed in an environment, Default set to false
ifsappgraph.logLevel	The minimal level of messages that needs to be logged.	eg:- debug, info, notice, warn, error, crit, alert, emerg. Default set to warn
ifsappgraph.app.cosmosGremlinSettings.host	Azure Cosmos Gremlin Host	eg:- my-customer.gremlin.cosmosdb.azure.com
ifsappgraph.app.cosmosGremlinSettings.port	Azure Cosmos Gremlin TCP/IP Port.	eg:- 443
ifsappgraph.app.cosmosGremlinSettings.database	Azure Cosmos Gremlin Database.	eg:- graphdb1
ifsappgraph.app.cosmosGremlinSettings.collection	Azure Cosmos Gremlin DB Collection.	eg:- collection1
ifsappgraph.app.customerSettings.customerId	Unique ID given to the customer.	eg:- cust001
ifsappgraph.app.databaseSettings.type	Type of the Database to use.	CosmosGremlin, Mongo. Default set to CosmosGremlin
ifscore.secrets.graphCosmosAuthkeySecret.name	graph-cosmos-authkey-secret	graph-cosmos-authkey-secret
ifscore.secrets.graphCosmosAuthkeySecret.data	Cosmos Gremlin Account Key	The Primary/Secondary (Read-Write) Account Key Should be specified here in plain text

Parameters for SCIM¶

Parameter	Purpose	Examples/Defaults
ifsappscim.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifscore.passwords.scimtextPw.data	The password for scimext-pw

Parameters for IAM¶

Parameter	Purpose	Examples/Defaults
ifsappsiam.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifsappsiam.ifsadminTempPasswordEnabled	Allows the temporary flag of ifsadmin password to be disabled when setting this to false	Default: true
ifsappsiam.keycloakLogLevel	Sets the log level for keycloak	ALL, DEBUG, ERROR, FATAL, INFO, OFF, TRACE and WARN Default: WARN
ifsappsiam.forceRecreateDomain	Force the realm version back to zero so that all upgrade scripts are re-run upon start	Default: false
ifscore.passwords.ifsiamPassword.data	This is the ifsiam-password for the IAM schema owner IFSIAMSYS
ifscore.passwords.ifsiamAdminPw.data	The ifsiam-admin-pw used to logon to the iam admin portal
ifscore.passwords.ifsreadonlysuppPw.data	The ifsreadonlysupp-pw is the password for the readonly user.
ifscore.passwords.ifsmonPassword.data	The ifsmon-password used by AMM to logon to DB with user ifsmonitoring (is always reqired by IAM)
ifscore.passwords.ifsappmonitorPw.data	The ifsappmonitor-pw used by AMM to do login validation tests with ifsappmonitor user (is always reqired by IAM)

Parameters for DOC¶

Parameter	Purpose	Examples/Defaults
ifsappdoc.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifsappdoc.techDocUrl	URL to techdoc	Leave empty, but can be set as e.g: https://docs.ifs.com/techdocs/21r1/

Parameters for PROXY¶

Parameter	Purpose	Examples/Defaults
ifsappproxy.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifsappproxy.basicAuthEnabled	true/false Allow basic authenitcation on integrations.	Default: false Warning enabling basic authentication compromises system security!
ifsappproxy.documentationLink	Can be set to a specific Technical doc.	Leave empty, but can be set as e.g: https://docs.ifs.com/techdocs/21r1/
ifsappproxy.accessLogEnabled	true/false Enable access log on proxy	Default: true
ifsappproxy.logLevel	sets the proxy server error log level.	Default: warn Valid values are debug, info, notice, warn, error, crit, alert, emerg. NOTE: anything other than those above will stop proxy server starting.

Parameters for ODATA¶

Parameter	Purpose	Examples/Defaults
ifsappodata.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifsappodata.logLevel	sets the oData server error log level.	Default: warn Valid values are debug, info, notice, warn, error, crit, alert, emerg. NOTE: anything other than those above will stop proxy server starting.
ifsappodata.maxPoolSize	Sets maximum connection pool size	Default set to 50
ifsappodata.minPoolSize	Sets minimum connection pool size	Default set to 1
ifsappodata.queryTimeout	Sets timeout for data retrieving requests	Default set to 299s
ifsappodata.maxQueryTimeout	Sets max value for timeout of data retrieving requests	Default set to 5m
ifsappodata.statementTimeout	Sets general timeout for any given request	Default set to 15m
ifsappodata.integrationQueryTimeout	Sets integration timeout for data retrieving requests	Default set to 10m
ifsappodata.integrationMaxQueryTimeout	Sets integration max value for timeout of data retrieving requests	Default set to 15m
ifsappodata.integrationStatementTimeout	Sets integration general timeout for any given request	Default set to 30m

Parameters for APPLICATIONSVC¶

Parameter	Purpose	Examples/Defaults
ifsappapplicationsvc.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for CLIENT¶

Parameter	Purpose	Examples/Defaults
ifsappclient.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for CLIENT SERVICES¶

Parameter	Purpose	Examples/Defaults
ifsappclientservices.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for CLIENT NOTIFICATION¶

Parameter	Purpose	Examples/Defaults
ifsappclientnotification.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for NATIVESERVER¶

Should only be set if component fndmob is active

Parameter	Purpose	Examples/Defaults
ifsappnativeserver.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for NATIVEEXECUTOR¶

Should only be set if component fndmob is active

Parameter	Purpose	Examples/Defaults
ifsappnativeexecutor.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for NATIVENOTIFICATION¶

Should only be set if component fndmob is active

Parameter	Purpose	Examples/Defaults
ifsappnativenotification.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for CONNECT¶

Parameter	Purpose	Examples/Defaults
ifsappconnect.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifsappconnect.enterpriseId	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifsappconnect.connectQueryTimeout	Sets a time limit for data retrieval requests	Default set to 600s

Parameters for REM¶

Should only be set if component fndrem is active

Parameter	Purpose	Examples/Defaults
ifsapprem.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifsapprem.entp_id	Sets the enterprice id	Mandatory if replicas >0

Parameters for RMPANEL¶

Should only be set if component rmpanl is active

Parameter	Purpose	Examples/Defaults
ifsapprmpanel.replicas	Sets how many containers of this type should be started	Defaults to 1

Parameters for RMSYNC¶

Should only be set if component rmpanl is active

Parameter	Purpose	Examples/Defaults
ifsapprmsync.replicas	Sets how many containers of this type should be started	Defaults to 1 Note: this container should not have more than 1 container running.

Parameters for Sigining Service¶

Should only be set if component fnddss is active

Parameter	Purpose	Examples/Defaults
ifsappsigningservice.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for REPORTING¶

Parameter	Purpose	Examples/Defaults
ifsappreporting.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifscore.generatedSecrets.symmetricKey.data	Sets a key for encrypting reporting secrets in the IFS Cloud database. If this parameter is not passed a ramdom key will be generated. Note if this key is lost the reporting passwords need to be reentered in solution manager again, since the key is the only way to decrypt the secrets. That said - the parameter is more or less Mandatory.	e.g. 2a6f434d2f0689029b7da6856ca4ad11

Parameters for REPORTINGBR¶

Should only be set if component brbase is active

Parameter	Purpose	Examples/Defaults
ifsappreportingbr.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for REPORTINGCR¶

Should only be set if component crystl is active

Parameter	Purpose	Examples/Defaults
ifsappreportingcr.replicas	Sets how many containers of this type should be started	Always set to 01

Parameters for REPORTINGREN¶

Parameter	Purpose	Examples/Defaults
ifsappreportingren.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for REPORTINGWEBDESIGNER¶

Parameter	Purpose	Examples/Defaults
ifsappreportingwebdesigner.replicas	Sets how many containers of this type should be started	Default value is set to global.replicas parameter

Parameters for REPORTINGWEBDESIGNERREN¶

Parameter	Purpose	Examples/Defaults
ifsappreportingwebdesignerren.replicas	Sets how many containers of this type should be started	Default value is set to global.replicas parameter

Parameters for REPORTINGWEBRUNTIMEREN¶

Parameter	Purpose	Examples/Defaults
ifsappreportingwebruntimeren.replicas	Sets how many containers of this type should be started	Default value is set to global.replicas parameter

Parameters for REPORTINGWEBTRANSFORMER¶

Parameter	Purpose	Examples/Defaults
ifsappreportingwebtransformer.replicas	Sets how many containers of this type should be started	Default value is set to global.replicas parameter

Parameters for IFSMAINTENIXREPORTSERVER¶

Should only be set if component MXCORE is active.

Parameter	Purpose	Examples/Defaults
ifsmaintenixreportserver.replicas	Sets how many containers of this type should be started	Always set to 1
ifsmaintenixreportserver.keycloakReportSuperAdminUser	The Keycloak admin user used for Jasper report
global.customContainerRegistry	A url of a custom docker container registry where Maintenix customized containers can be fetched from. Note: Always append a trailing slash. Note: the https:// is not part of the FQDN
global.customImageCredentials.username	The service principal user name. Customer project provide user.
global.customImageCredentials.password	The service principal password. This password should be provided by customer project
ifsmaintenixreportserver.customRegistryEnabled	Defaults to false - if true the Maintenix image will be fetched from the customContainerRegistry
ifsmaintenixreportserver.imageVersion	The custom Image version

Parameters for IFSMAINTENIXAPPSERVER¶

Should only be set if component MXCORE is active.

Parameter	Purpose	Examples/Defaults
ifsmaintenixappserver.replicas	Sets how many containers of this type should be started	Always set to 1
ifscore.passwords.ifsmtxappPassword.name	Optional if component mxcore is active If set, must be set to: ifsmtxapp-password	ifsmtxapp-password
ifscore.passwords.ifsmtxappPassword.data	Mandatory if component mxcore is active The password for mtx schema owner in the DB
ifscore.passwords.ifsmtxreportPassword.name	Optional if component mxcore is active If set, must be set to: ifsmtxapp-password	ifsmtxapp-password
ifscore.passwords.ifsmtxreportPassword.data	Mandatory if component mxcore is active The password for mtx report schema owner in the DB
global.customContainerRegistry	A url of a custom docker container registry where Maintenix customized containers can be fetched from. Note: Always append a trailing slash. Note: the https:// is not part of the FQDN
global.customImageCredentials.username	The service principal user name. Customer project provide user.
global.customImageCredentials.password	The service principal password. This password should be provided by customer project
ifsmaintenixappserver.customRegistryEnabled	Defaults to false - if true the Maintenix image will be fetched from the customContainerRegistry
ifsmaintenixappserver.imageVersion	The custom Image version	e.g. 2021-06-06.1234.1
ifsmaintenixappserver.maintenixDbId	Optional if component mxcore is active. The distributed nature of the Maintenix for DiSCOPS component to identify different databases. Note: The database ID should be a string value.	Set Maintenix database ID of the target database’s MIM_LOCAL_DB table’s DB_ID field. Use double quotes around the database ID value.
ifsmaintenixappserver.maintenixInitHeap	Tuning of Java settings required to achieve expected performance
ifsmaintenixappserver.maintenixMaxHeap	Tuning of Java settings required to achieve expected performance
ifsmaintenixappserver.maintenixJavaOpts	Tuning of Java settings required to achieve expected performance
ifsmaintenixappserver.maintenixDsXaPoolMin	Maintenix XA data source minimum pool size
ifsmaintenixappserver.maintenixDsXaPoolMax	Maintenix XA data source maximum pool size

Parameters for IFSFORECAST¶

Should only be set if component fltplnis active

Parameter	Purpose	Examples/Defaults
ifsforecast.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter

Parameters for Signature Service¶

Should only be set if component fnddss is active

Parameter	Purpose	Examples/Defaults
ifsappsigningservice.replicas	Sets how many containers of this type should be started	Default set to global.replicas parameter
ifsappsigningservice.logLevel	Sets the log level used by the server	OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL default: WARN

Parameters for File Storage Service¶

Parameter	Purpose	Examples/Defaults
ifsfilestorage.fssSmbSharePath	Set the SMB share path for remote installations	//smb-hostname/smbshare
ifsfilestorage.fssVolumeSize	Set the SMB storage size for remote installations. This value represents the minimum capacity of the storage.	Default set to 100Gi
ifscore.secrets.ifsStorageSmbCredentials	Set SMB credentials for remote installations
ifsfilestorage.fssPvCreationEnabled	Enables Kubernetes Persistent Volume(PV) creation for remote installations. Should be set to false when the PV is pre-configured	Default set to true

Parameters for Virus Scanner Service¶

Parameter	Purpose	Examples/Defaults
ifsvirusscanner.avDailyUpdateFrequency	Set the ClamAV virus database update frequency	Default set to 1

Parameters for Document Management Electronic Signatures (ifsapp-docman-esign)¶

Not supported in Remote Deployment.

Parameters for IFS Analysis Models¶

Will only be valid if component tabmfw is active.

Note that only the names mentioned below should be used. Only data can have custom values.

Oracle Related Parameters

Parameter	Purpose	Examples/Defaults
ifscore.secrets.ifsamIfsDataSource.name	IFS Cloud Database Information	am-ifs-data-src
ifscore.secrets.ifsamIfsDataSource.data	HOST:PORT/SID	e.g. ifsdbhost:1521/ifs
ifscore.secrets.ifsamIfsinfoUsername.name	IFS Cloud Information Schema Username	am-ifsinfo-un
ifscore.secrets.ifsamIfsinfoUsername.data	Same as dbInstaller.ialOwner	e.g. IFSINFO
ifscore.passwords.ifsamIfsinfoPassword.name	IFS Cloud Information Schema Password	am-ifsinfo-pwd
ifscore.passwords.ifsamIfsinfoPassword.data	Refer IAL_OWNER_PASSWORD from Define.tem

SQL Server Related Paramters

Parameter	Purpose	Examples/Defaults
ifscore.secrets.ifsamSqlServerType.name	Installation type of SQL Server	am-sql-srv-type
ifscore.secrets.ifsamSqlServerType.data	ON_PREMISE / AZURE	e.g.: ON_PREMISE
ifscore.secrets.ifsamSqlServerName.name	SQL Server Host Name	am-sql-srv-name
ifscore.secrets.ifsamSqlServerName.data	ON_PREMISE: sqlhostserver.mydomain.com AZURE: sqlhostserver.db.win.net Mandatory	e.g. sqlhostserver.mydomain.com
ifscore.secrets.ifsamSqlServerDbName.name	SQL Server Database for IFS Cloud DW	am-sql-db-name
ifscore.secrets.ifsamSqlServerDbName.data	Mandatory
ifscore.secrets.ifsamSqlServerAgentJobName.name	SQL Server Agent Job Used for Running SSIS Packages	am-sql-agent-name
ifscore.secrets.ifsamSqlServerAgentJobName.data	Mandatory for ON_PREMISE ifsamSqlServerType installations only
ifscore.secrets.ifsamSqlServerUsername.name	SQL Server Username (SQL Server Authentication)	am-sql-un
ifscore.secrets.ifsamSqlServerUsername.data	Mandatory
ifscore.passwords.ifsamSqlServerPassword.name	SQL Server Password (SQL Server Authentication)	am-sql-pwd
ifscore.passwords.ifsamSqlServerPassword.data	Mandatory

SSIS Related Parameters

Parameter	Purpose	Examples/Defaults
ifscore.secrets.ifsamSqlServerSsisDbName.name	SQL Server Database for SSIS	am-sql-ssisdb-name
ifscore.secrets.ifsamSqlServerSsisDbName.data	Mandatory	e.g.SSIDDB
ifscore.secrets.ifsamSsisProjectName.name	SQL Server Integration Services Catalog Project Name	am-ssis-proj-name
ifscore.secrets.ifsamSsisProjectName.data	Mandatory. This is a static value.	IFSCloudAnalysisModelsSSISFramework
ifscore.secrets.ifsamSsisFolderName.name	SQL Server Integration Services Catalog Folder Name	am-ssis-fold-name
ifscore.secrets.ifsamSsisFolderName.data	Mandatory

SSAS Related Parameters

Parameter	Purpose	Examples/Defaults
ifscore.secrets.ifsamSsasServerName.name	SQL Server Analysis Services Host Name	am-ssas-srv-name
ifscore.secrets.ifsamSsasServerName.data	ON_PREMISE: sqlhostserver.mydomain.com AZURE: asazure://region.asazure.win.net Mandatory	e.g. sqlhostserver.mydomain.com
ifscore.secrets.ifsamSsasUsername.name	SQL Server Analysis Services Username (Windows Integrated Authentication based user for SQL Server Analysis Services on-prem / Azure AD user for Azure Analysis Services)	am-ssas-un
ifscore.secrets.ifsamSsasUsername.data	Mandatory
ifscore.passwords.ifsamSsasPassword.name	SQL Server Analysis Services Password	am-ssas-pwd
ifscore.passwords.ifsamSsasPassword.data	Mandatory