-
Notifications
You must be signed in to change notification settings - Fork 44
/
rhpam70-trial-ephemeral.yaml
496 lines (496 loc) · 17.5 KB
/
rhpam70-trial-ephemeral.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
---
kind: Template
apiVersion: v1
metadata:
annotations:
description: Application template for an ephemeral authoring and testing environment, for Red Hat Process Automation Manager 7.0
iconClass: icon-jboss
tags: rhpam,jboss,trial
version: "1.2"
openshift.io/display-name: Red Hat Process Automation Manager 7.0 ephemeral trial environment
template.openshift.io/bindable: "false"
name: rhpam70-trial-ephemeral
labels:
template: rhpam70-trial-ephemeral
rhpam: "1.2"
message: "A new Process Automation Manager trial environment has been created. Please remember that this is an ephemeral enviornment and any work will be LOST with a simple pod restart."
parameters:
- displayName: Application Name
description: The name for the application.
name: APPLICATION_NAME
value: myapp
required: true
- displayName: Default Password
description: Default password used for multiple components for user convenience in this trial environment
name: DEFAULT_PASSWORD
value: RedHat
required: true
- displayName: KIE Admin User
description: KIE administrator username
name: KIE_ADMIN_USER
value: adminUser
required: false
- displayName: KIE Server User
description: KIE execution server username (Sets the org.kie.server.user system property)
name: KIE_SERVER_USER
value: executionUser
required: false
- displayName: KIE Server ID
description: Business server identifier. Determines the template ID in Business Central or controller. If this parameter is left blank, it is set using the $HOSTNAME environment variable or a random value. (Sets the org.kie.server.id system property).
name: KIE_SERVER_ID
value: ''
required: false
- displayName: KIE Server Bypass Auth User
description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)
name: KIE_SERVER_BYPASS_AUTH_USER
value: 'false'
required: false
- displayName: KIE Server Controller User
description: KIE server controller username (Sets the org.kie.server.controller.user system property)
name: KIE_SERVER_CONTROLLER_USER
value: controllerUser
required: false
- displayName: KIE MBeans
description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
name: KIE_MBEANS
value: enabled
required: false
- displayName: Drools Server Filter Classes
description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property)
name: DROOLS_SERVER_FILTER_CLASSES
value: 'true'
required: false
- displayName: Execution Server Custom http Route Hostname
description: 'Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname,
e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
name: EXECUTION_SERVER_HOSTNAME_HTTP
value: ''
required: false
- displayName: Business Central Custom http Route Hostname
description: 'Custom hostname for http service route. Leave blank for default hostname,
e.g.: <application-name>-rhpamcentr-<project>.<default-domain-suffix>'
name: BUSINESS_CENTRAL_HOSTNAME_HTTP
value: ''
required: false
- displayName: ImageStream Namespace
description: Namespace in which the ImageStreams for Red Hat Middleware images are
installed. These ImageStreams are normally installed in the openshift namespace.
You should only need to modify this if you've installed the ImageStreams in a
different namespace/project.
name: IMAGE_STREAM_NAMESPACE
value: openshift
required: true
- displayName: KIE Server ImageStream Name
description: The name of the image stream to use for KIE Execution Server. Default is "rhpam70-kieserver-openshift".
name: KIE_SERVER_IMAGE_STREAM_NAME
value: "rhpam70-kieserver-openshift"
required: true
- displayName: ImageStream Tag
description: A named pointer to an image in an image stream. Default is "1.2".
name: IMAGE_STREAM_TAG
value: "1.2"
required: true
- displayName: KIE Server Container Deployment
description: 'KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2'
name: KIE_SERVER_CONTAINER_DEPLOYMENT
value: ''
required: false
- displayName: Maven repository URL
description: Fully qualified URL to a Maven repository or service.
name: MAVEN_REPO_URL
example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
required: false
- displayName: Maven repository username
description: Username to access the Maven repository, if required.
name: MAVEN_REPO_USERNAME
required: false
- displayName: Maven repository password
description: Password to access the Maven repository, if required.
name: MAVEN_REPO_PASSWORD
required: false
- displayName: Username for the Maven service hosted by Business Central
description: Username to access the Maven service hosted by Business Central inside EAP.
name: BUSINESS_CENTRAL_MAVEN_USERNAME
required: true
value: mavenUser
- displayName: Business Central Container Memory Limit
description: Business Central Container memory limit
name: BUSINESS_CENTRAL_MEMORY_LIMIT
value: 2Gi
required: false
- displayName: Execution Server Container Memory Limit
description: Execution Server Container memory limit
name: EXCECUTION_SERVER_MEMORY_LIMIT
value: 1Gi
required: false
- displayName: RH-SSO URL
description: RH-SSO URL
name: SSO_URL
example: https://rh-sso.example.com/auth
required: false
- displayName: RH-SSO Realm name
description: RH-SSO Realm name
name: SSO_REALM
required: false
- displayName: Business Central RH-SSO Client name
description: Business Central RH-SSO Client name
name: BUSINESS_CENTRAL_SSO_CLIENT
required: false
- displayName: Business Central RH-SSO Client Secret
description: Business Central RH-SSO Client Secret
name: BUSINESS_CENTRAL_SSO_SECRET
example: "252793ed-7118-4ca8-8dab-5622fa97d892"
required: false
- displayName: KIE Server RH-SSO Client name
description: KIE Server RH-SSO Client name
name: KIE_SERVER_SSO_CLIENT
required: false
- displayName: KIE Server RH-SSO Client Secret
description: KIE Server RH-SSO Client Secret
name: KIE_SERVER_SSO_SECRET
example: "252793ed-7118-4ca8-8dab-5622fa97d892"
required: false
- displayName: RH-SSO Realm Admin Username
description: RH-SSO Realm Admin Username used to create the Client if it doesn't exist
name: SSO_USERNAME
required: false
- displayName: RH-SSO Realm Admin Password
description: RH-SSO Realm Admin Password used to create the Client
name: SSO_PASSWORD
required: false
- displayName: RH-SSO Disable SSL Certificate Validation
description: RH-SSO Disable SSL Certificate Validation
name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
value: "false"
required: false
objects:
- kind: ServiceAccount
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-kieserver"
labels:
application: "${APPLICATION_NAME}"
- kind: RoleBinding
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-kieserver-view"
subjects:
- kind: ServiceAccount
name: "${APPLICATION_NAME}-kieserver"
roleRef:
name: view
- kind: Service
apiVersion: v1
spec:
ports:
- name: http
port: 8080
targetPort: 8080
- name: git-ssh
port: 8001
targetPort: 8001
selector:
deploymentConfig: "${APPLICATION_NAME}-rhpamcentr"
metadata:
name: "${APPLICATION_NAME}-rhpamcentr"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhpamcentr"
annotations:
description: All the Business Central web server's ports.
- kind: Service
apiVersion: v1
spec:
ports:
- port: 8080
targetPort: 8080
selector:
deploymentConfig: "${APPLICATION_NAME}-kieserver"
metadata:
name: "${APPLICATION_NAME}-kieserver"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver"
annotations:
description: All the KIE server web server's ports.
- kind: Route
apiVersion: v1
id: "${APPLICATION_NAME}-rhpamcentr-http"
metadata:
name: "${APPLICATION_NAME}-rhpamcentr"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhpamcentr"
annotations:
description: Route for Business Central's http service.
spec:
host: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}"
to:
name: "${APPLICATION_NAME}-rhpamcentr"
port:
targetPort: http
- kind: Route
apiVersion: v1
id: "${APPLICATION_NAME}-kieserver-http"
metadata:
name: "${APPLICATION_NAME}-kieserver"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver"
annotations:
description: Route for execution server's http service.
spec:
host: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
to:
name: "${APPLICATION_NAME}-kieserver"
- kind: DeploymentConfig
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-rhpamcentr"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhpamcentr"
spec:
strategy:
type: Recreate
triggers:
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- "${APPLICATION_NAME}-rhpamcentr"
from:
kind: ImageStreamTag
namespace: "${IMAGE_STREAM_NAMESPACE}"
name: "rhpam70-businesscentral-openshift:${IMAGE_STREAM_TAG}"
- type: ConfigChange
replicas: 1
selector:
deploymentConfig: "${APPLICATION_NAME}-rhpamcentr"
template:
metadata:
name: "${APPLICATION_NAME}-rhpamcentr"
labels:
deploymentConfig: "${APPLICATION_NAME}-rhpamcentr"
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhpamcentr"
spec:
terminationGracePeriodSeconds: 60
containers:
- name: "${APPLICATION_NAME}-rhpamcentr"
image: rhpam70-businesscentral-openshift
imagePullPolicy: Always
resources:
limits:
memory: "${BUSINESS_CENTRAL_MEMORY_LIMIT}"
livenessProbe:
exec:
command:
- "/bin/bash"
- "-c"
- "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp"
initialDelaySeconds: 180
timeoutSeconds: 2
periodSeconds: 15
readinessProbe:
exec:
command:
- "/bin/bash"
- "-c"
- "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp"
initialDelaySeconds: 60
timeoutSeconds: 2
periodSeconds: 30
failureThreshold: 6
ports:
- name: jolokia
containerPort: 8778
protocol: TCP
- name: http
containerPort: 8080
protocol: TCP
- name: git-ssh
containerPort: 8001
protocol: TCP
env:
- name: KIE_ADMIN_USER
value: "${KIE_ADMIN_USER}"
- name: KIE_ADMIN_PWD
value: "${DEFAULT_PASSWORD}"
- name: KIE_MBEANS
value: "${KIE_MBEANS}"
- name: KIE_SERVER_CONTROLLER_USER
value: "${KIE_SERVER_CONTROLLER_USER}"
- name: KIE_SERVER_CONTROLLER_PWD
value: "${DEFAULT_PASSWORD}"
- name: KIE_SERVER_USER
value: "${KIE_SERVER_USER}"
- name: KIE_SERVER_PWD
value: "${DEFAULT_PASSWORD}"
- name: MAVEN_REPO_URL
value: "${MAVEN_REPO_URL}"
- name: MAVEN_REPO_USERNAME
value: "${MAVEN_REPO_USERNAME}"
- name: MAVEN_REPO_PASSWORD
value: "${MAVEN_REPO_PASSWORD}"
- name: KIE_MAVEN_USER
value: "${BUSINESS_CENTRAL_MAVEN_USERNAME}"
- name: KIE_MAVEN_PWD
value: "${DEFAULT_PASSWORD}"
- name: PROBE_IMPL
value: probe.eap.jolokia.EapProbe
- name: PROBE_DISABLE_BOOT_ERRORS_CHECK
value: 'true'
- name: SSO_URL
value: "${SSO_URL}"
- name: SSO_OPENIDCONNECT_DEPLOYMENTS
value: "ROOT.war"
- name: SSO_REALM
value: "${SSO_REALM}"
- name: SSO_SECRET
value: "${BUSINESS_CENTRAL_SSO_SECRET}"
- name: SSO_CLIENT
value: "${BUSINESS_CENTRAL_SSO_CLIENT}"
- name: SSO_USERNAME
value: "${SSO_USERNAME}"
- name: SSO_PASSWORD
value: "${SSO_PASSWORD}"
- name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
- name: HOSTNAME_HTTP
value: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}"
- kind: DeploymentConfig
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-kieserver"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver"
spec:
strategy:
type: Recreate
triggers:
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- "${APPLICATION_NAME}-kieserver"
from:
kind: ImageStreamTag
namespace: "${IMAGE_STREAM_NAMESPACE}"
name: "${KIE_SERVER_IMAGE_STREAM_NAME}:${IMAGE_STREAM_TAG}"
- type: ConfigChange
replicas: 1
selector:
deploymentConfig: "${APPLICATION_NAME}-kieserver"
template:
metadata:
name: "${APPLICATION_NAME}-kieserver"
labels:
deploymentConfig: "${APPLICATION_NAME}-kieserver"
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver"
spec:
serviceAccountName: "${APPLICATION_NAME}-kieserver"
terminationGracePeriodSeconds: 60
containers:
- name: "${APPLICATION_NAME}-kieserver"
image: "${KIE_SERVER_IMAGE_STREAM_NAME}"
imagePullPolicy: Always
resources:
limits:
memory: "${EXCECUTION_SERVER_MEMORY_LIMIT}"
livenessProbe:
exec:
command:
- "/bin/bash"
- "-c"
- "curl --fail --silent -u ${KIE_ADMIN_USER}:${DEFAULT_PASSWORD} http://localhost:8080/services/rest/server/healthcheck"
initialDelaySeconds: 180
timeoutSeconds: 2
periodSeconds: 15
failureThreshold: 3
readinessProbe:
exec:
command:
- "/bin/bash"
- "-c"
- "curl --fail --silent -u ${KIE_ADMIN_USER}:${DEFAULT_PASSWORD} http://localhost:8080/services/rest/server/readycheck"
initialDelaySeconds: 60
timeoutSeconds: 2
periodSeconds: 30
failureThreshold: 6
ports:
- name: jolokia
containerPort: 8778
protocol: TCP
- name: http
containerPort: 8080
protocol: TCP
env:
- name: DROOLS_SERVER_FILTER_CLASSES
value: "${DROOLS_SERVER_FILTER_CLASSES}"
- name: KIE_ADMIN_USER
value: "${KIE_ADMIN_USER}"
- name: KIE_ADMIN_PWD
value: "${DEFAULT_PASSWORD}"
- name: KIE_MBEANS
value: "${KIE_MBEANS}"
- name: KIE_SERVER_BYPASS_AUTH_USER
value: "${KIE_SERVER_BYPASS_AUTH_USER}"
- name: KIE_SERVER_CONTROLLER_USER
value: "${KIE_SERVER_CONTROLLER_USER}"
- name: KIE_SERVER_CONTROLLER_PWD
value: "${DEFAULT_PASSWORD}"
- name: KIE_SERVER_CONTROLLER_SERVICE
value: "${APPLICATION_NAME}-rhpamcentr"
- name: KIE_SERVER_CONTROLLER_PROTOCOL
value: "ws"
- name: KIE_SERVER_ID
value: "${KIE_SERVER_ID}"
- name: KIE_SERVER_HOST
value: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
- name: EXECUTION_SERVER_ROUTE_NAME
value: "${APPLICATION_NAME}-kieserver"
- name: EXECUTION_SERVER_USE_SECURE_ROUTE_NAME
value: "${EXECUTION_SERVER_USE_SECURE_ROUTE_NAME}"
- name: KIE_SERVER_USER
value: "${KIE_SERVER_USER}"
- name: KIE_SERVER_PWD
value: "${DEFAULT_PASSWORD}"
- name: KIE_SERVER_CONTAINER_DEPLOYMENT
value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}"
- name: MAVEN_REPOS
value: "RHPAMCENTR,EXTERNAL"
- name: RHPAMCENTR_MAVEN_REPO_SERVICE
value: "${APPLICATION_NAME}-rhpamcentr"
- name: RHPAMCENTR_MAVEN_REPO_PATH
value: "/maven2/"
- name: RHPAMCENTR_MAVEN_REPO_USERNAME
value: "${BUSINESS_CENTRAL_MAVEN_USERNAME}"
- name: RHPAMCENTR_MAVEN_REPO_PASSWORD
value: "${DEFAULT_PASSWORD}"
- name: EXTERNAL_MAVEN_REPO_URL
value: "${MAVEN_REPO_URL}"
- name: EXTERNAL_MAVEN_REPO_USERNAME
value: "${MAVEN_REPO_USERNAME}"
- name: MAVEN_REPO_PASSWORD
value: "${MAVEN_REPO_PASSWORD}"
- name: SSO_URL
value: "${SSO_URL}"
- name: SSO_OPENIDCONNECT_DEPLOYMENTS
value: "ROOT.war"
- name: SSO_REALM
value: "${SSO_REALM}"
- name: SSO_SECRET
value: "${KIE_SERVER_SSO_SECRET}"
- name: SSO_CLIENT
value: "${KIE_SERVER_SSO_CLIENT}"
- name: SSO_USERNAME
value: "${SSO_USERNAME}"
- name: SSO_PASSWORD
value: "${SSO_PASSWORD}"
- name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
- name: HOSTNAME_HTTP
value: "${EXECUTION_SERVER_HOSTNAME_HTTP}"