-
Notifications
You must be signed in to change notification settings - Fork 44
/
rhpam70-prod.yaml
1443 lines (1443 loc) · 50.3 KB
/
rhpam70-prod.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
---
kind: Template
apiVersion: v1
metadata:
annotations:
description: Application template for a managed HA production runtime environment, for Red Hat Process Automation Manager 7.0
iconClass: icon-jboss
tags: rhpam,jboss,prod
version: "1.2"
openshift.io/display-name: Red Hat Process Automation Manager 7.0 production environment
template.openshift.io/bindable: "false"
name: rhpam70-prod
labels:
template: rhpam70-prod
rhpam: "1.2"
message: A new environment has been set up for Red Hat Process Automation Manager 7. The username/password for accessing Business Central Monitoring is ${KIE_ADMIN_USER}/${KIE_ADMIN_PWD}. Both sets of KIE servers are configured with the username/password of ${KIE_SERVER_USER}/${KIE_SERVER_PWD}.
parameters:
- displayName: Application Name
description: The name for the application.
name: APPLICATION_NAME
value: myapp
required: true
- displayName: Maven repository URL
description: Fully qualified URL to a Maven repository or service.
name: MAVEN_REPO_URL
example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
required: true
- displayName: Maven repository username
description: Username to access the Maven repository, if required.
name: MAVEN_REPO_USERNAME
required: false
- displayName: Maven repository password
description: Password to access the Maven repository, if required.
name: MAVEN_REPO_PASSWORD
required: false
- displayName: Name of the Maven service hosted by Business Central
description: The service name for the optional business central, where it can be reached, to allow service lookups (for maven repo usage), if required
name: BUSINESS_CENTRAL_MAVEN_SERVICE
example: "myapp-rhpamcentr"
required: false
- displayName: Username for the Maven service hosted by Business Central
description: Username to access the Maven service hosted by Business Central inside EAP.
name: BUSINESS_CENTRAL_MAVEN_USERNAME
example: "mavenUser"
required: false
- displayName: Password for the Maven service hosted by Business Central
description: Password to access the Maven service hosted by Business Central inside EAP.
name: BUSINESS_CENTRAL_MAVEN_PASSWORD
example: "maven1!"
required: false
- displayName: KIE Admin User
description: KIE administrator username
name: KIE_ADMIN_USER
value: adminUser
required: false
- displayName: KIE Admin Password
description: KIE administrator password
name: KIE_ADMIN_PWD
from: "[a-zA-Z]{6}[0-9]{1}!"
generate: expression
required: false
- displayName: KIE Server User
description: KIE execution server username (Sets the org.kie.server.user system property)
name: KIE_SERVER_USER
value: executionUser
required: false
- displayName: KIE Server Password
description: KIE execution server password (Sets the org.kie.server.pwd system property)
name: KIE_SERVER_PWD
from: "[a-zA-Z]{6}[0-9]{1}!"
generate: expression
required: false
- displayName: ImageStream Namespace
description: Namespace in which the ImageStreams for Red Hat Middleware images are
installed. These ImageStreams are normally installed in the openshift namespace.
You should only need to modify this if you've installed the ImageStreams in a
different namespace/project.
name: IMAGE_STREAM_NAMESPACE
value: openshift
required: true
- displayName: KIE Server ImageStream Name
description: The name of the image stream to use for KIE Execution Server. Default is "rhpam70-kieserver-openshift".
name: KIE_SERVER_IMAGE_STREAM_NAME
value: "rhpam70-kieserver-openshift"
required: true
- displayName: ImageStream Tag
description: A named pointer to an image in an image stream. Default is "1.2".
name: IMAGE_STREAM_TAG
value: "1.2"
required: true
- displayName: Smart Router Custom http Route Hostname
description: Custom hostname for http service route. Leave blank for default hostname, e.g. <application-name>-smartrouter-<project>.<default-domain-suffix>'
name: SMART_ROUTER_HOSTNAME_HTTP
value: ''
required: false
- displayName: Smart Router ID
description: Router ID used when connecting to the controller (router property org.kie.server.router.id)
name: KIE_SERVER_ROUTER_ID
value: kie-server-router
- displayName: Smart Router protocol
description: KIE server router protocol (Used to build the org.kie.server.router.url.external property)
name: KIE_SERVER_ROUTER_PROTOCOL
example: "http"
required: false
- displayName: Smart Router external URL
description: Public URL where the router can be found. Format http://<host>:<port> (router property org.kie.server.router.url.external)
name: KIE_SERVER_ROUTER_URL_EXTERNAL
- displayName: Smart Router name
description: Router name used when connecting to the controller (router property org.kie.server.router.name)
name: KIE_SERVER_ROUTER_NAME
value: KIE Server Router
- displayName: KIE Server Controller User
description: KIE server controller username (Sets the org.kie.server.controller.user system property)
name: KIE_SERVER_CONTROLLER_USER
value: controllerUser
required: false
- displayName: KIE Server Controller Password
description: KIE server controller password (Sets the org.kie.server.controller.pwd system property)
name: KIE_SERVER_CONTROLLER_PWD
from: "[a-zA-Z]{6}[0-9]{1}!"
generate: expression
required: false
- displayName: KIE Server Persistence DS
description: KIE execution server persistence datasource (Sets the org.kie.server.persistence.ds system property)
name: KIE_SERVER_PERSISTENCE_DS
value: java:/jboss/datasources/rhpam
required: false
## PostgreSQL database parameters BEGIN
- displayName: PostgreSQL ImageStream Tag
description: The PostgreSQL image version, which is intended to correspond to the PostgreSQL version. Default is "9.6".
name: POSTGRESQL_IMAGE_STREAM_TAG
value: "9.6"
required: false
- displayName: KIE Server PostgreSQL Database User
description: KIE execution server PostgreSQL database username
name: KIE_SERVER_POSTGRESQL_USER
value: rhpam
required: false
- displayName: KIE Server PostgreSQL Database Password
description: KIE execution server PostgreSQL database password
name: KIE_SERVER_POSTGRESQL_PWD
from: "[a-zA-Z]{6}[0-9]{1}!"
generate: expression
required: false
- displayName: KIE Server PostgreSQL Database Name
description: KIE execution server PostgreSQL database name
name: KIE_SERVER_POSTGRESQL_DB
value: rhpam7
required: false
- displayName: PostgreSQL Database max prepared connections
description: Allows the PostgreSQL to handle XA transactions.
name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS
value: '100'
required: true
- displayName: Database Volume Capacity
description: Size of persistent storage for database volume.
name: DB_VOLUME_CAPACITY
value: 1Gi
required: true
## PostgreSQL database parameters END
- displayName: Drools Server Filter Classes
description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property)
name: DROOLS_SERVER_FILTER_CLASSES
value: 'true'
required: false
- displayName: KIE MBeans
description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
name: KIE_MBEANS
value: enabled
required: false
- displayName: Business Central Monitoring Custom http Route Hostname
description: 'Custom hostname for http service route. Leave blank for default hostname,
e.g.: <application-name>-rhpamcentrmon-<project>.<default-domain-suffix>'
name: BUSINESS_CENTRAL_HOSTNAME_HTTP
value: ''
required: false
- displayName: Business Central Monitoring Custom https Route Hostname
description: 'Custom hostname for https service route. Leave blank for default
hostname, e.g.: secure-<application-name>-rhpamcentrmon-<project>.<default-domain-suffix>'
name: BUSINESS_CENTRAL_HOSTNAME_HTTPS
value: ''
required: false
- displayName: Execution Server 1 Custom http Route Hostname
description: 'Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname,
e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
name: EXECUTION_SERVER1_HOSTNAME_HTTP
value: ''
required: false
- displayName: Execution Server 1 Custom https Route Hostname
description: 'Custom hostname for https service route. Leave blank for default
hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
name: EXECUTION_SERVER1_HOSTNAME_HTTPS
value: ''
required: false
- displayName: Execution Server 2 Custom http Route Hostname
description: 'Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname,
e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
name: EXECUTION_SERVER2_HOSTNAME_HTTP
value: ''
required: false
- displayName: Execution Server 2 Custom https Route Hostname
description: 'Custom hostname for https service route. Leave blank for default
hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
name: EXECUTION_SERVER2_HOSTNAME_HTTPS
value: ''
required: false
- displayName: Use the secure route name to set KIE_SERVER_HOST.
description: Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value.
name: EXECUTION_SERVER_USE_SECURE_ROUTE_NAME
value: 'false'
required: false
- displayName: Business Central Monitoring Server Keystore Secret Name
description: The name of the secret containing the keystore file
name: BUSINESS_CENTRAL_HTTPS_SECRET
example: businesscentral-app-secret
required: true
- displayName: Business Central Monitoring Server Keystore Filename
description: The name of the keystore file within the secret
name: BUSINESS_CENTRAL_HTTPS_KEYSTORE
value: keystore.jks
required: false
- displayName: Business Central Monitoring Server Certificate Name
description: The name associated with the server certificate
name: BUSINESS_CENTRAL_HTTPS_NAME
value: jboss
required: false
- displayName: Business Central Monitoring Server Keystore Password
description: The password for the keystore and certificate
name: BUSINESS_CENTRAL_HTTPS_PASSWORD
value: mykeystorepass
required: false
- displayName: KIE Server Keystore Secret Name
description: The name of the secret containing the keystore file
name: KIE_SERVER_HTTPS_SECRET
example: kieserver-app-secret
required: true
- displayName: KIE Server Keystore Filename
description: The name of the keystore file within the secret
name: KIE_SERVER_HTTPS_KEYSTORE
value: keystore.jks
required: false
- displayName: KIE Server Certificate Name
description: The name associated with the server certificate
name: KIE_SERVER_HTTPS_NAME
value: jboss
required: false
- displayName: KIE Server Keystore Password
description: The password for the keystore and certificate
name: KIE_SERVER_HTTPS_PASSWORD
value: mykeystorepass
required: false
- displayName: KIE Server Bypass Auth User
description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)
name: KIE_SERVER_BYPASS_AUTH_USER
value: 'false'
required: false
- displayName: "Timer service data store refresh interval (in milliseconds)"
description: "Sets refresh-interval for the EJB timer service database-data-store."
name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL
value: '30000'
required: false
- displayName: Business Central Monitoring Container Memory Limit
description: Business Central Monitoring Container memory limit
name: BUSINESS_CENTRAL_MEMORY_LIMIT
value: 2Gi
required: false
- displayName: Execution Server Container Memory Limit
description: Execution Server Container memory limit
name: EXECUTION_SERVER_MEMORY_LIMIT
value: 1Gi
required: false
- displayName: Smart Router Container Memory Limit
description: Smart Router Container memory limit
name: SMART_ROUTER_MEMORY_LIMIT
value: 512Mi
required: false
- displayName: RH-SSO URL
description: RH-SSO URL
name: SSO_URL
example: https://rh-sso.example.com/auth
required: false
- displayName: RH-SSO Realm name
description: RH-SSO Realm name
name: SSO_REALM
required: false
- displayName: Business Central Monitoring RH-SSO Client name
description: Business Central Monitoring RH-SSO Client name
name: BUSINESS_CENTRAL_SSO_CLIENT
required: false
- displayName: Business Central Monitoring RH-SSO Client Secret
description: Business Central Monitoring RH-SSO Client Secret
name: BUSINESS_CENTRAL_SSO_SECRET
example: "252793ed-7118-4ca8-8dab-5622fa97d892"
required: false
- displayName: KIE Server 1 RH-SSO Client name
description: KIE Server 1 RH-SSO Client name
name: KIE_SERVER1_SSO_CLIENT
required: false
- displayName: KIE Server 1 RH-SSO Client Secret
description: KIE Server 1 RH-SSO Client Secret
name: KIE_SERVER1_SSO_SECRET
example: "252793ed-7118-4ca8-8dab-5622fa97d892"
required: false
- displayName: KIE Server 2 RH-SSO Client name
description: KIE Server 2 RH-SSO Client name
name: KIE_SERVER2_SSO_CLIENT
required: false
- displayName: KIE Server 2 RH-SSO Client Secret
description: KIE Server 2 RH-SSO Client Secret
name: KIE_SERVER2_SSO_SECRET
example: "252793ed-7118-4ca8-8dab-5622fa97d892"
required: false
- displayName: RH-SSO Realm Admin Username
description: RH-SSO Realm Admin Username used to create the Client if it doesn't exist
name: SSO_USERNAME
required: false
- displayName: RH-SSO Realm Admin Password
description: RH-SSO Realm Admin Password used to create the Client
name: SSO_PASSWORD
required: false
- displayName: RH-SSO Disable SSL Certificate Validation
description: RH-SSO Disable SSL Certificate Validation
name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
value: "false"
required: false
objects:
- kind: ServiceAccount
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-kieserver"
labels:
application: "${APPLICATION_NAME}"
- kind: RoleBinding
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-kieserver-view"
subjects:
- kind: ServiceAccount
name: "${APPLICATION_NAME}-kieserver"
roleRef:
name: view
- kind: Service
apiVersion: v1
spec:
ports:
- name: http
port: 8080
targetPort: 8080
- name: https
port: 8443
targetPort: 8443
selector:
deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon"
metadata:
name: "${APPLICATION_NAME}-rhpamcentrmon"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhpamcentrmon"
annotations:
description: All the Business Central Monitoring web server's ports.
- kind: Service
apiVersion: v1
spec:
clusterIP: "None"
ports:
- name: "ping"
port: 8888
selector:
deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon"
metadata:
name: "${APPLICATION_NAME}-rhpamcentrmon-ping"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhpamcentrmon"
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
description: "The JGroups ping port for clustering."
- kind: Service
apiVersion: v1
spec:
ports:
- port: 9000
targetPort: 9000
selector:
deploymentConfig: "${APPLICATION_NAME}-smartrouter"
metadata:
name: "${APPLICATION_NAME}-smartrouter"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-smartrouter"
annotations:
description: The smart router server http port.
## KIE server services 1 BEGIN
- kind: Service
apiVersion: v1
spec:
ports:
- name: http
port: 8080
targetPort: 8080
- name: https
port: 8443
targetPort: 8443
selector:
deploymentConfig: "${APPLICATION_NAME}-kieserver-1"
metadata:
name: "${APPLICATION_NAME}-kieserver-1"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver-1"
annotations:
description: All the KIE server web server's ports. (First execution server)
- kind: Service
apiVersion: v1
spec:
clusterIP: "None"
ports:
- name: "ping"
port: 8888
selector:
deploymentConfig: "${APPLICATION_NAME}-kieserver-1"
metadata:
name: "${APPLICATION_NAME}-kieserver-1-ping"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver-1"
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
description: "The JGroups ping port for clustering."
## KIE server services 1 END
## KIE server services 2 BEGIN
- kind: Service
apiVersion: v1
spec:
ports:
- name: http
port: 8080
targetPort: 8080
- name: https
port: 8443
targetPort: 8443
selector:
deploymentConfig: "${APPLICATION_NAME}-kieserver-2"
metadata:
name: "${APPLICATION_NAME}-kieserver-2"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver-2"
annotations:
description: All the KIE server web server's ports. (Second execution server)
- kind: Service
apiVersion: v1
spec:
clusterIP: "None"
ports:
- name: "ping"
port: 8888
selector:
deploymentConfig: "${APPLICATION_NAME}-kieserver-2"
metadata:
name: "${APPLICATION_NAME}-kieserver-2-ping"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver-2"
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
description: "The JGroups ping port for clustering."
## KIE server services 2 END
## PostgreSQL service 1 BEGIN
- apiVersion: v1
kind: Service
metadata:
annotations:
description: The first database server's port.
labels:
application: ${APPLICATION_NAME}
service: "${APPLICATION_NAME}-postgresql-1"
name: ${APPLICATION_NAME}-postgresql-1
spec:
ports:
- port: 5432
targetPort: 5432
selector:
deploymentConfig: ${APPLICATION_NAME}-postgresql-1
## PostgreSQL service 1 END
## PostgreSQL service 2 BEGIN
- apiVersion: v1
kind: Service
metadata:
annotations:
description: The second database server's port.
labels:
application: ${APPLICATION_NAME}
service: "${APPLICATION_NAME}-postgresql-2"
name: ${APPLICATION_NAME}-postgresql-2
spec:
ports:
- port: 5432
targetPort: 5432
selector:
deploymentConfig: ${APPLICATION_NAME}-postgresql-2
## PostgreSQL service 2 END
- kind: Route
apiVersion: v1
id: "${APPLICATION_NAME}-rhpamcentrmon-http"
metadata:
name: "${APPLICATION_NAME}-rhpamcentrmon"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhpamcentrmon"
annotations:
description: Route for Business Central Monitoring's http service.
haproxy.router.openshift.io/timeout: 60s
spec:
host: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}"
to:
name: "${APPLICATION_NAME}-rhpamcentrmon"
port:
targetPort: http
- kind: Route
apiVersion: v1
id: "${APPLICATION_NAME}-rhpamcentrmon-https"
metadata:
name: "secure-${APPLICATION_NAME}-rhpamcentrmon"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhpamcentrmon"
annotations:
description: Route for Business Central Monitoring's https service.
haproxy.router.openshift.io/timeout: 60s
spec:
host: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}"
to:
name: "${APPLICATION_NAME}-rhpamcentrmon"
port:
targetPort: https
tls:
termination: passthrough
## KIE server routes 1 BEGIN
- kind: Route
apiVersion: v1
id: "${APPLICATION_NAME}-kieserver-1-http"
metadata:
name: "${APPLICATION_NAME}-kieserver-1"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver-1"
annotations:
description: Route for First KIE server's http service.
spec:
host: "${EXECUTION_SERVER1_HOSTNAME_HTTP}"
to:
name: "${APPLICATION_NAME}-kieserver-1"
port:
targetPort: http
- kind: Route
apiVersion: v1
id: "${APPLICATION_NAME}-kieserver-1-https"
metadata:
name: "secure-${APPLICATION_NAME}-kieserver-1"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver-1"
annotations:
description: Route for First KIE server's https service.
spec:
host: "${EXECUTION_SERVER1_HOSTNAME_HTTPS}"
to:
name: "${APPLICATION_NAME}-kieserver-1"
port:
targetPort: https
tls:
termination: passthrough
## KIE server routes 1 END
## KIE server routes 2 BEGIN
- kind: Route
apiVersion: v1
id: "${APPLICATION_NAME}-kieserver-2-http"
metadata:
name: "${APPLICATION_NAME}-kieserver-2"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver-2"
annotations:
description: Route for Second KIE server's http service.
spec:
host: "${EXECUTION_SERVER2_HOSTNAME_HTTP}"
to:
name: "${APPLICATION_NAME}-kieserver-2"
port:
targetPort: http
- kind: Route
apiVersion: v1
id: "${APPLICATION_NAME}-kieserver-2-https"
metadata:
name: "secure-${APPLICATION_NAME}-kieserver-2"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver-2"
annotations:
description: Route for Second KIE server's https service.
spec:
host: "${EXECUTION_SERVER2_HOSTNAME_HTTPS}"
to:
name: "${APPLICATION_NAME}-kieserver-2"
port:
targetPort: https
tls:
termination: passthrough
## KIE server routes 2 BEGIN
- kind: Route
apiVersion: v1
id: "${APPLICATION_NAME}-smartrouter-http"
metadata:
name: "${APPLICATION_NAME}-smartrouter"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-smartrouter"
annotations:
description: Route for Smart Router's http service.
spec:
host: "${SMART_ROUTER_HOSTNAME_HTTP}"
to:
name: "${APPLICATION_NAME}-smartrouter"
- kind: DeploymentConfig
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-rhpamcentrmon"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhpamcentrmon"
spec:
strategy:
type: Recreate
triggers:
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- "${APPLICATION_NAME}-rhpamcentrmon"
from:
kind: ImageStreamTag
namespace: "${IMAGE_STREAM_NAMESPACE}"
name: "rhpam70-businesscentral-monitoring-openshift:${IMAGE_STREAM_TAG}"
- type: ConfigChange
## Replicas for Business Central Monitoring
replicas: 3
selector:
deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon"
template:
metadata:
name: "${APPLICATION_NAME}-rhpamcentrmon"
labels:
deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon"
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhpamcentrmon"
spec:
terminationGracePeriodSeconds: 60
containers:
- name: "${APPLICATION_NAME}-rhpamcentrmon"
image: rhpam70-businesscentral-monitoring-openshift
imagePullPolicy: Always
resources:
limits:
memory: "${BUSINESS_CENTRAL_MEMORY_LIMIT}"
volumeMounts:
- name: businesscentral-keystore-volume
mountPath: "/etc/businesscentral-secret-volume"
readOnly: true
- name: "${APPLICATION_NAME}-rhpamcentr-pvol"
mountPath: "/opt/eap/standalone/data/bpmsuite"
livenessProbe:
exec:
command:
- "/bin/bash"
- "-c"
- "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp"
initialDelaySeconds: 180
timeoutSeconds: 2
periodSeconds: 15
readinessProbe:
exec:
command:
- "/bin/bash"
- "-c"
- "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp"
initialDelaySeconds: 60
timeoutSeconds: 2
periodSeconds: 30
failureThreshold: 6
ports:
- name: jolokia
containerPort: 8778
protocol: TCP
- name: http
containerPort: 8080
protocol: TCP
- name: https
containerPort: 8443
protocol: TCP
- name: ping
containerPort: 8888
protocol: TCP
env:
- name: KIE_ADMIN_PWD
value: "${KIE_ADMIN_PWD}"
- name: KIE_ADMIN_USER
value: "${KIE_ADMIN_USER}"
- name: KIE_SERVER_PWD
value: "${KIE_SERVER_PWD}"
- name: KIE_SERVER_USER
value: "${KIE_SERVER_USER}"
- name: MAVEN_REPO_URL
value: "${MAVEN_REPO_URL}"
- name: MAVEN_REPO_USERNAME
value: "${MAVEN_REPO_USERNAME}"
- name: MAVEN_REPO_PASSWORD
value: "${MAVEN_REPO_PASSWORD}"
- name: KIE_SERVER_CONTROLLER_PWD
value: ${KIE_SERVER_CONTROLLER_PWD}
- name: KIE_SERVER_CONTROLLER_USER
value: ${KIE_SERVER_CONTROLLER_USER}
- name: PROBE_IMPL
value: probe.eap.jolokia.EapProbe
- name: PROBE_DISABLE_BOOT_ERRORS_CHECK
value: 'true'
- name: HTTPS_KEYSTORE_DIR
value: "/etc/businesscentral-secret-volume"
- name: HTTPS_KEYSTORE
value: "${BUSINESS_CENTRAL_HTTPS_KEYSTORE}"
- name: HTTPS_NAME
value: "${BUSINESS_CENTRAL_HTTPS_NAME}"
- name: HTTPS_PASSWORD
value: "${BUSINESS_CENTRAL_HTTPS_PASSWORD}"
- name: JGROUPS_PING_PROTOCOL
value: "openshift.DNS_PING"
- name: OPENSHIFT_DNS_PING_SERVICE_NAME
value: "${APPLICATION_NAME}-rhpamcentrmon-ping"
- name: OPENSHIFT_DNS_PING_SERVICE_PORT
value: "8888"
- name: SSO_URL
value: "${SSO_URL}"
- name: SSO_OPENIDCONNECT_DEPLOYMENTS
value: "ROOT.war"
- name: SSO_REALM
value: "${SSO_REALM}"
- name: SSO_SECRET
value: "${BUSINESS_CENTRAL_SSO_SECRET}"
- name: SSO_CLIENT
value: "${BUSINESS_CENTRAL_SSO_CLIENT}"
- name: SSO_USERNAME
value: "${SSO_USERNAME}"
- name: SSO_PASSWORD
value: "${SSO_PASSWORD}"
- name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
- name: HOSTNAME_HTTP
value: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}"
- name: HOSTNAME_HTTPS
value: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}"
volumes:
- name: businesscentral-keystore-volume
secret:
secretName: "${BUSINESS_CENTRAL_HTTPS_SECRET}"
- name: "${APPLICATION_NAME}-rhpamcentr-pvol"
persistentVolumeClaim:
claimName: "${APPLICATION_NAME}-rhpamcentr-claim"
- kind: DeploymentConfig
apiVersion: v1
metadata:
name: ${APPLICATION_NAME}-smartrouter
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-smartrouter"
spec:
strategy:
type: Recreate
triggers:
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- "${APPLICATION_NAME}-smartrouter"
from:
kind: ImageStreamTag
namespace: "${IMAGE_STREAM_NAMESPACE}"
name: "rhpam70-smartrouter-openshift:${IMAGE_STREAM_TAG}"
- type: ConfigChange
replicas: 2
selector:
deploymentConfig: "${APPLICATION_NAME}-smartrouter"
template:
metadata:
name: "${APPLICATION_NAME}-smartrouter"
labels:
application: "${APPLICATION_NAME}"
deploymentConfig: "${APPLICATION_NAME}-smartrouter"
service: "${APPLICATION_NAME}-smartrouter"
spec:
terminationGracePeriodSeconds: 60
containers:
- name: "${APPLICATION_NAME}-smartrouter"
image: rhpam70-smartrouter-openshift
imagePullPolicy: Always
resources:
limits:
memory: "${SMART_ROUTER_MEMORY_LIMIT}"
ports:
- name: http
containerPort: 9000
protocol: TCP
env:
- name: KIE_SERVER_ROUTER_HOST
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: KIE_SERVER_ROUTER_PORT
value: "9000"
- name: KIE_SERVER_ROUTER_URL_EXTERNAL
value: "${KIE_SERVER_ROUTER_URL_EXTERNAL}"
- name: KIE_SERVER_ROUTER_ID
value: "${KIE_SERVER_ROUTER_ID}"
- name: KIE_SERVER_ROUTER_NAME
value: "${KIE_SERVER_ROUTER_NAME}"
- name: KIE_SERVER_ROUTER_PROTOCOL
value: "${KIE_SERVER_ROUTER_PROTOCOL}"
- name: KIE_SERVER_CONTROLLER_USER
value: "${KIE_SERVER_CONTROLLER_USER}"
- name: KIE_SERVER_CONTROLLER_PWD
value: "${KIE_SERVER_CONTROLLER_PWD}"
- name: KIE_SERVER_CONTROLLER_SERVICE
value: "${APPLICATION_NAME}-rhpamcentrmon"
- name: KIE_SERVER_ROUTER_REPO
value: "/opt/rhpam-smartrouter/data"
- name: KIE_SERVER_ROUTER_CONFIG_WATCHER_ENABLED
value: "true"
volumeMounts:
- name: "${APPLICATION_NAME}-smartrouter"
mountPath: "/opt/rhpam-smartrouter/data"
volumes:
- name: "${APPLICATION_NAME}-smartrouter"
persistentVolumeClaim:
claimName: "${APPLICATION_NAME}-smartrouter-claim"
## KIE server deployment config 1 BEGIN
- kind: DeploymentConfig
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-kieserver-1"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver-1"
spec:
strategy:
type: Recreate
triggers:
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- "${APPLICATION_NAME}-kieserver-1"
from:
kind: ImageStreamTag
namespace: "${IMAGE_STREAM_NAMESPACE}"
name: "${KIE_SERVER_IMAGE_STREAM_NAME}:${IMAGE_STREAM_TAG}"
- type: ConfigChange
replicas: 3
selector:
deploymentConfig: "${APPLICATION_NAME}-kieserver-1"
template:
metadata:
name: "${APPLICATION_NAME}-kieserver-1"
labels:
deploymentConfig: "${APPLICATION_NAME}-kieserver-1"
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver-1"
spec:
serviceAccountName: "${APPLICATION_NAME}-kieserver"
terminationGracePeriodSeconds: 60
containers:
- name: "${APPLICATION_NAME}-kieserver-1"
image: "${KIE_SERVER_IMAGE_STREAM_NAME}"
imagePullPolicy: Always
resources:
limits:
memory: "${EXECUTION_SERVER_MEMORY_LIMIT}"
volumeMounts:
- name: kieserver-keystore-volume
mountPath: "/etc/kieserver-secret-volume"
readOnly: true
livenessProbe:
exec:
command:
- "/bin/bash"
- "-c"
- "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/healthcheck"
initialDelaySeconds: 180
timeoutSeconds: 2
periodSeconds: 15
failureThreshold: 3
readinessProbe:
exec:
command:
- "/bin/bash"
- "-c"
- "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck"
initialDelaySeconds: 60
timeoutSeconds: 2
periodSeconds: 30
failureThreshold: 6
ports:
- name: jolokia
containerPort: 8778
protocol: TCP
- name: http
containerPort: 8080
protocol: TCP
- name: https
containerPort: 8443
protocol: TCP
- name: ping
containerPort: 8888
protocol: TCP
env:
- name: DROOLS_SERVER_FILTER_CLASSES
value: "${DROOLS_SERVER_FILTER_CLASSES}"
- name: KIE_ADMIN_USER
value: "${KIE_ADMIN_USER}"
- name: KIE_ADMIN_PWD
value: "${KIE_ADMIN_PWD}"
- name: KIE_MBEANS
value: "${KIE_MBEANS}"
- name: KIE_SERVER_BYPASS_AUTH_USER
value: "${KIE_SERVER_BYPASS_AUTH_USER}"
- name: KIE_SERVER_CONTROLLER_USER
value: "${KIE_SERVER_CONTROLLER_USER}"
- name: KIE_SERVER_CONTROLLER_PWD
value: "${KIE_SERVER_CONTROLLER_PWD}"
- name: KIE_SERVER_CONTROLLER_SERVICE
value: "${APPLICATION_NAME}-rhpamcentrmon"
- name: KIE_SERVER_CONTROLLER_PROTOCOL
value: "ws"
- name: KIE_SERVER_ID
value: "kie-server-1"
- name: KIE_SERVER_HOST
value: "${EXECUTION_SERVER1_HOSTNAME_HTTP}"
- name: EXECUTION_SERVER_ROUTE_NAME
value: "${APPLICATION_NAME}-kieserver-1"
- name: EXECUTION_SERVER_USE_SECURE_ROUTE_NAME
value: "${EXECUTION_SERVER_USE_SECURE_ROUTE_NAME}"
- name: KIE_SERVER_USER
value: "${KIE_SERVER_USER}"
- name: KIE_SERVER_PWD
value: "${KIE_SERVER_PWD}"
- name: KIE_SERVER_CONTAINER_DEPLOYMENT
value: ""
- name: MAVEN_REPOS
value: "RHPAMCENTR,EXTERNAL"
- name: RHPAMCENTR_MAVEN_REPO_SERVICE
value: "${BUSINESS_CENTRAL_MAVEN_SERVICE}"
- name: RHPAMCENTR_MAVEN_REPO_PATH
value: "/maven2/"
- name: RHPAMCENTR_MAVEN_REPO_USERNAME
value: "${BUSINESS_CENTRAL_MAVEN_USERNAME}"
- name: RHPAMCENTR_MAVEN_REPO_PASSWORD
value: "${BUSINESS_CENTRAL_MAVEN_PASSWORD}"
- name: EXTERNAL_MAVEN_REPO_URL
value: "${MAVEN_REPO_URL}"
- name: EXTERNAL_MAVEN_REPO_USERNAME
value: "${MAVEN_REPO_USERNAME}"
- name: EXTERNAL_MAVEN_REPO_PASSWORD
value: "${MAVEN_REPO_PASSWORD}"
- name: KIE_SERVER_ROUTER_SERVICE
value: "${APPLICATION_NAME}-smartrouter"
- name: KIE_SERVER_ROUTER_PORT
value: "9000"
- name: KIE_SERVER_ROUTER_PROTOCOL
value: "${KIE_SERVER_ROUTER_PROTOCOL}"
- name: KIE_SERVER_PERSISTENCE_DS
value: "${KIE_SERVER_PERSISTENCE_DS}"
- name: DATASOURCES
value: "RHPAM"
- name: RHPAM_JNDI
value: "${KIE_SERVER_PERSISTENCE_DS}"
- name: RHPAM_JTA
value: "true"
## PostgreSQL driver settings 1 BEGIN
- name: RHPAM_DATABASE
value: "${KIE_SERVER_POSTGRESQL_DB}"
- name: RHPAM_DRIVER
value: "postgresql"
- name: KIE_SERVER_PERSISTENCE_DIALECT
value: "org.hibernate.dialect.PostgreSQLDialect"
- name: RHPAM_USERNAME
value: "${KIE_SERVER_POSTGRESQL_USER}"
- name: RHPAM_PASSWORD
value: "${KIE_SERVER_POSTGRESQL_PWD}"
- name: RHPAM_SERVICE_HOST
value: "${APPLICATION_NAME}-postgresql-1"
- name: RHPAM_SERVICE_PORT
value: "5432"