Helm Installation Parameters

The following table lists the parameters that you set during installation of the Helm chart for the Agent in Kubernetes.

For an online list of the parameters that you can set during installation of the Helm chart, run the following command:

helm show values controlm/controlm-agent
For more information about Kubernetes resources that certain parameters are based on, use the kubectl explain command, such as the following:

kubectl explain statefulset.spec.template.spec.affinity
Object-type and array-type values must be defined in JSON format (using the --set-json switch). If you obtain them in YAML format, convert them to JSON. You can use the JQ command on Linux for this conversion.

Parameter	Description	Required or Optional	Type
api.endpoint	Defines the URL for Control-M Automation API with the following format: https://<host-or-ip>:<port>/automation-api where the host portion can be either the hostname or the IP address. If you use the hostname, it must be DNS-resolvable from within the Kubernetes cluster (both by the Agent pod and by the pre-install/pre-upgrade validation job). Unlike the server.host parameter, there is no hostAliases fallback for the api.endpoint parameter. If the hostname is not resolvable, use an IP address instead. Examples: With a hostname, which requires DNS resolution: https://my-controlm.my-org.com:8443/automation-api With an IP address, which always works: https://10.1.2.3:8443/automation-api	Required	String
api.token	Defines the API token value to authenticate and connect to the Automation API server. For information about obtaining this token, see Creating an API Token. Ensure that the role associated with this API token is associated with your Agents with an access level of UPDATE or FULL or has Configuration Admin Management set to an access level of UPDATE or FULL, and is also associated with your Agent tag (if you use one).	Optional	String
api.username	Defines a Control-M username to use (together with a password) to connect to the Automation API server, instead of using an API token. If you are working in Compatibility mode after an upgrade from Control-M/EM 9.0.20.200, authentication using a username and password is required. Otherwise, BMC recommends using an API token.	Optional	String
api.password	Defines a password for the defined Control-M username to use to connect to the Automation API server, instead of using an API token.	Optional	String
api.secret	Defines the name of a Kubernetes secret that contains the API token value or the API password, instead of using the api.token or api.password parameter, respectively. For more information about Kubernetes secrets, refer to Kubernetes documentation. To create such a Kubernetes secret, use one of the following commands: For API token: kubectl create secret generic <name of secret> --from-literal='apiToken=<token value>' For API password: kubectl create secret generic <name of secret> --from-literal='apiPass=<password value>'	Optional	String
ai.additionalPluginsConfigMapName	Defines the name of a configMap that lists additional Control-M plug-ins to dynamically deploy in the Agent pod, along with the Kubernetes plug-in. Supported plug-ins are plug-ins that were developed in Control-M Application Integrator, including Control-M Integrations. For more information, see Setting Up Dynamic Deployment of Additional Plug-ins.	Optional	String
ai.additionalCertsConfigMapName	Defines the name of a configMap that lists the certifications required by the additional Control-M plug-ins that you deploy in the Agent pod.	Optional	String
ai.proxyConfigMapName	Defines the name of a configMap that contains Application Integrator proxy settings for the additional Control-M plug-ins that you deploy in the Agent pod.	Optional	String
agent.name	Defines a logical name for the Agent. This is the name used by and displayed in Control-M. This parameter enables you to give your Agent a name that differs from the name of the Agent pod (<release>-sts-<n>). A sequential number is added as a suffix to the name of each Agent, corresponding to the pod number: <agent.name>-<n>.	Optional	String
agent.tag	Defines a logical name that is used to label specific Agents into a group with specific authorizations. For more information about agent tags, see Agent General Parameters.	Optional	String
agent.replicas	Determines the number of Agent pods to run. Default: 2 Kubernetes resource: statefulset.spec.replicas	Optional	Integer
agent.configParametersConfigMapName	Defines the name of a Kubernetes ConfigMap that contains any of the following Control-M/Agent configuration settings: LOGKEEPDAYS I18N LOCALE Configuration settings in the configMap are saved in the CONFIG.dat file. The following ConfigMap defines values for the supported Control-M/Agent configuration settings: Copy `apiVersion: v1 kind: ConfigMap metadata: name: ag-config-params data: LOGKEEPDAYS: "4" I18N: "LATIN-1" LOCALE: "en_GB"` For more information about the supported configuration settings, see Configuring Agent System Parameters.	Optional	String
agent.uploadRemoteUtils	Enables you to upload all Agent utilities to remote agentless hosts. When you set this parameter to true, the UPLOAD_REMOTE_UTILS Agent system parameter is set to Y. For more information, see Agentless Hosts. Values: true \| false Default: false	Optional	String
server.name	Defines the logical name of the Control-M/Server that the Agent connects to. To obtain this value, your Control-M Administrator can run the ctm config servers::get API command and copy the returned "name" value.	Required	String
server.host	Defines the hostname of the computer where the Control-M/Server runs. To obtain this value, your Control-M Administrator can run the ctm config servers::get API command and copy the returned "host" value.	Required	String
server.port	Defines the listening port of the Control-M/Server. Obtain this value from your Control-M Administrator.	Required	Integer
server.ip	Defines the public IPv4 or IPv6 address of the Control-M/Server. This is required only if the hostname cannot be resolved by DNS lookup from the cluster, as is often the case in the cloud.	Optional	String
server.hostgroup	Defines the name of the host group that contains the deployed Agent. For more information, see Host Groups. Default: k8s_group	Optional	String
server.hostgroupParticipationEventName	Determines the name of an event that allows the Agent to participate in the host group. If you use this parameter to define an event-based participation rule, you must also define the event's date attribute using the server.hostgroupParticipationEventRunDate parameter.	Optional	String
server.hostgroupParticipationEventRunDate	Defines the date attribute associated with the event (defined by server.hostgroupParticipationEventName) that limits the Agent's participation in the host group. Values: RunDate: The Agent participates in the host group when this event is added on the job run date. AnyDate: The Agent participates in the host group when this event is added on any date. NoDate: The Agent participates in the host group when this event is added.	Optional	String
server.secondaryHost	Defines the name of the secondary Control-M/Server host used in High Availability configurations.	Optional	String
server.secondaryPort	Defines the listening port of the secondary Control-M/Server host used in High Availability configurations. This parameter is required only if the secondary Control-M/Server port differs from the primary Control-M/Server port.	Optional	Integer
server.secondaryIp	Defines the public IPv4 or IPv6 address of the secondary Control-M/Server host used in High Availability configurations. This is required only if the secondary hostname cannot be resolved by DNS lookup from the cluster.	Optional	String
server.dr.host	Defines the hostname of the Disaster Recovery (DR) Control-M/Server host.	Optional	String
server.dr.port	Defines the listening port of the Disaster Recovery (DR) Control-M/Server host. This parameter is required only if the DR Control-M/Server port differs from the primary Control-M/Server port.	Optional	Integer
server.dr.ip	Defines the public IPv4 or IPv6 address of the DR Control-M/Server. This is required only if the DR hostname cannot be resolved by DNS lookup from the cluster, as is often the case in the cloud.	Optional	String
server.dr.secondaryHost	Defines the name of the secondary DR Control-M/Server host used in High Availability configurations.	Optional	String
server.dr.secondaryPort	Defines the listening port of the secondary Disaster Recovery (DR) Control-M/Server host used in High Availability configurations. This parameter is required only if the secondary DR Control-M/Server port differs from the primary Control-M/Server port.	Optional	Integer
server.dr.secondaryIp	Defines the public IPv4 or IPv6 address of the secondary DR Control-M/Server host used in High Availability configurations. This is required only if the secondary DR hostname cannot be resolved by DNS lookup from the cluster.	Optional	String
image.repo	Defines the path to the container image repository, in the following format: <registry hostname>/<account name>/<repository name> If you do not define a registry hostname, Kubernetes assumes the Docker public registry (in the Docker Hub). Default: controlm/saas-agent Change the default value only if you created your own non-default container image, as described in Docker Container Image. Kuxbernetes resource: statefulset.spec.template.spec.containers.image	Optional	String
image.tag	Defines the tag associated with the image. Tags enable you to identify different versions of the same series of images. By default, the Helm chart uses a BMC-provided image with the 9.22.100-k8s-openjdk tag. Use this parameter to specify the tag of a different image that you want to use: The 9.22.100-k8s-mft-openjdk image enables you to use Control-M MFT for file transfers into and out of the Kubernetes cluster. Any other non-default container image that you created, as described in Docker Container Image. Kubernetes resource: statefulset.spec.template.spec.containers.image	Optional	String
image.pullPolicy	Determines whether to update the image (by pulling a new version of the image) when the kubelet launches a container. Values: Always Never IfNotPresent Default: IfNotPresent Kubernetes resource: statefulset.spec.template.spec.containers.imagePullPolicy	Optional	String
image.pullSecrets	Defines a secret (password) to access a private registry. --set image.pullSecrets"[0]".name=<secret_name> By default, no secret is used. Define a secret if you created your own non-default container image, as described in Docker Container Image. If so, you might need a secret in your cluster. To create the secret, see the Kubernetes documentation. Kubernetes resource: statefulset.spec.template.spec.imagePullSecrets	Optional	Array
pod.annotations	Defines annotations for pod metadata. In yaml format: Copy `pod: annotations: annotations: ad.datadoghq.com/psr-monitor.checks: '{ "openmetrics": { "init_config": {}, "instances": [ { "openmetrics_endpoint": "http://%%host%%:8080/ ", "namespace": "controlm", "metrics": ["."] } ] } }' key2: 'value2'` Kubernetes resource*: statefulset.spec.template.spec.annotations	Optional	Array
pod.affinity	Defines the pod scheduling constraints. In yaml format: Copy `affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: disktype operator: In values: - ssd` Kubernetes resource: statefulset.spec.template.spec.affinity	Optional	Array
pod.nodeSelector	Defines node labels for the NodeSelector, so that the pod is scheduled on the nodes. Default labels: kubernetes.io/os: linux kubernetes.io/arch: amd64 Kubernetes resource: statefulset.spec.template.spec.nodeSelector	Optional	Array
pod.resources	Defines Kubernetes memory and CPU resource requests and resource limits for the pod. The default memory size is 2Gi. In yaml format: Copy `resources: requests: memory: "2Gi"` Kubernetes resource: statefulset.spec.template.spec.containers.resources	Optional	Array
pod.serviceAccount.create	Determines whether to create a Service Account. If this parameter is set to true, the Service Account has the default name ".Release.Name.-sa". You can use pod.serviceAccount.name to change the default name. Values: true \| false Default: true If you decide to use your own Service Account (for example, if the user responsible for installing this Helm chart is not authorized to create a Service Account), set this parameter to false. If you set this parameter to false, ensure that you have granted the required privileges to your Service Account, as described in Service Account Privileges.	Optional	String
pod.serviceAccount.name	Defines the name of the Service Account to use to run the pod. Optional if pod.serviceAccount.create is set to true. Required if pod.serviceAccount.create is set to false. Default: ".Release.Name.-sa" (where .Release.Name is the name that you assigned to this installation instance) Kubernetes resource: statefulset.spec.template.spec.serviceAccountName	Optional	String
pod.securityContext	Determines which security context constraints (SCCs) control pod permissions on a RedHat OpenShift Kubernetes-based platform. By default (when this parameter is not explicitly set), the Agent is deployed with permission to use the nonroot-v2 SCC. If your IT environment or corporate security policies do not allow you to deploy a privileged pod, set this parameter to a value of auto. This disables the use of the nonroot-v2 SCC and the Agent is instead deployed with permission to use the cluster default SCC (typically, the restricted-v2 SCC). Kubernetes resource: statefulset.spec.template.spec.securityContext	Optional	String
pod.fsGroup	Specifies a Linux group ID (GID), which enables the Control-M/Agent to read/write files owned by that group on the persistent volume. Relevant only when pod.securityContext is not set to auto. Default: 0 Kubernetes resource: statefulset.spec.template.spec.securityContext.fsGroup	Optional	Integer
pod.labels.label	Defines a custom pod label, as a key=value pair. The following two --set switches in a helm install command define custom pod labels for a production environment and devops team: --set pod.labels.environment=production --set pod.labels.team=devops	Optional	String
pod.livenessProbe.timeoutSeconds	Determines the number of seconds to wait for a response from the liveness probe before a timeout occurs. The liveness probe verifies that the Agent is running properly. Default: 2 Kubernetes resource: statefulset.spec.template.spec.containers.livenessProbe.timeoutSeconds	Optional	Integer
pod.timezone	Determines the pod timezone. pod.timezone=Asia/Taipei	Optional	String
pod.readOnlyRootFilesystem	Determines whether to mount the Agent container's root filesystem as read-only, which prevents runtime modifications to the container image. An initContainer automatically prepares writable directories needed by Control-M for Kubernetes at startup, and writable emptyDir volumes are mounted for /home/controlm and /tmp. Enable this setting if your cluster enforces a read-only root filesystem policy, such as Kubernetes Pod Security Admission in restricted mode, or if your organization's security requirements mandate immutable container filesystems. Values: true \| false Default: false Kubernetes resource: statefulset.spec.template.spec.containers.securityContext.readOnlyRootFilesystem	Optional	String
pvc.accessMode	Determines the required access mode of the volume used by the Persistent Volume Claim (PVC). Values: ReadWriteOnce: The volume is mounted as read-write by a single node. ReadWriteMany: The volume is mounted as read-write by many nodes. Default: ReadWriteMany The default ReadWriteMany is necessary when you deploy 2 or more Agents (as set by agent.replicas) on separate nodes. Kubernetes resource: persistentvolumeclaim.spec.accessModes	Optional	String
pvc.storageClass	Defines the name of the Storage Class required by the Persistent Volume Claim (PVC). Ensure that the Storage Class that you choose is compatible with the access mode that you set through pvc.accessMode. For a list of Storage Classes that support the different access modes, see Access Modes in the Kubernetes documentation. If you use an NFS Storage Class, ensure that the UID and GID, which are Storage Class parameters for dynamic provisioning, are set to the following values: UID=1000 GID=0 Kubernetes resource: persistentvolumeclaim.spec.storageClassName	Required	String
pvc.volumeSize	Determines the minimum amount of persistent volume required. Default: 10Gi, appropriate for 2 Agents (the default value of agent.replicas) Kubernetes resource: persistentvolumeclaim.spec.resources.requests.storage	Optional	String

The following table lists additional parameters that you can set if you want to use Control-M MFT for file transfers into and out of the Kubernetes cluster:

To enable the File Transfer functionality, set the image.tag parameter to the 9.22.100-k8s-mft-openjdk image or to your custom-built MFT-based image with your own Java.

For more information about the setup of Kubernetes resources for file transfers using Control-M MFT, see Setting Up File Transfer Resources.

Parameter	Description	Type
mft.pvcs[n].name	Defines the name of an existing Persistent Volume Claim (PVC) to store input or output files transferred using Control-M MFT. n is the index number of the PVC (starting at 0) in a list of multiple PVCs. For each PVC in the list, you must provide both the PVC name (this parameter) and the mount path (next parameter).	String
mft.pvcs[n].mountPath	Defines the mount path inside the Agent pod where the PVC will be attached for file access. n is the index number of the PVC (starting at 0) in a list of multiple PVCs. For each PVC in the list, you must provide both the PVC name (previous parameter) and the mount path (this parameter).	String
mft.configParametersConfigMapName	Defines the name of a Kubernetes ConfigMap that contains runtime configuration settings for the Control-M MFT plug-in. Configuration settings in the configMap are saved in the aft_configurable.properties file. For more information, see Configuring Control-M MFT in the aft_configurable.properties File.	String
mft.sshPrivateKeySecretName	Defines the name of a Kubernetes Secret that stores private SSH keys used for SFTP authentication in Control-M MFT. Each item in the list generates a key file that is stored in <Control-M/Agent_Home_Dir>/cm/AFT/data/Keys.	String