From 8b6fd1a7657cd003215a1a23b8bc0d7d2084eb20 Mon Sep 17 00:00:00 2001 From: Babak Mozaffari Date: Fri, 13 Apr 2018 00:58:23 -0700 Subject: [PATCH] Created rhpam70-prod-immutable-monitor template with support for SSO, and rhpam70-prod-immutable-kieserver.yaml, with support for RHPAM-794 Signed-off-by: Babak Mozaffari --- ... => rhpam70-prod-immutable-kieserver.yaml} | 311 +++++++++--- templates/rhpam70-prod-immutable-monitor.yaml | 471 ++++++++++++++++++ 2 files changed, 714 insertions(+), 68 deletions(-) rename templates/{rhpam70-kieserver-https-s2i.yaml => rhpam70-prod-immutable-kieserver.yaml} (54%) create mode 100644 templates/rhpam70-prod-immutable-monitor.yaml diff --git a/templates/rhpam70-kieserver-https-s2i.yaml b/templates/rhpam70-prod-immutable-kieserver.yaml similarity index 54% rename from templates/rhpam70-kieserver-https-s2i.yaml rename to templates/rhpam70-prod-immutable-kieserver.yaml index 62ef29df..18b386b7 100644 --- a/templates/rhpam70-kieserver-https-s2i.yaml +++ b/templates/rhpam70-prod-immutable-kieserver.yaml @@ -1,19 +1,18 @@ +--- kind: Template apiVersion: v1 metadata: annotations: - description: Application template for Red Hat Process Automation Manager Execution Server 7.0 application built using S2I. + description: Application template for an immultable KIE server in a production environment, for Red Hat Process Automation Manager 7.0 iconClass: icon-jboss tags: rhpam,jboss,xpaas version: 1.4.0 - openshift.io/display-name: Red Hat Process Automation Manager Execution Server 7.0 S2I (Ephemeral with https) - name: rhpam70-kieserver-https-s2i + openshift.io/display-name: Red Hat Process Automation Manager 7.0 immutable production environment + name: rhpam70-prod-immutable-kieserver labels: - template: rhpam70-kieserver-https-s2i + template: rhpam70-prod-immutable-kieserver xpaas: 1.4.0 -message: A new Process Automation Manager Execution Server application has been created in your - project. Please be sure to create the secret named "${HTTPS_SECRET}" containing the ${HTTPS_KEYSTORE} file used for - serving secure content. The username/password for accessing the KIE Server REST interface is ${KIE_SERVER_USER}/${KIE_SERVER_PWD}. +message: A new environment has been set up for Red Hat Process Automation Manager 7. The username/password for accessing the KIE server is ${KIE_SERVER_USER}/${KIE_SERVER_PWD}. parameters: - displayName: Application Name description: The name for the application. @@ -43,91 +42,143 @@ parameters: generate: expression required: false - displayName: KIE Server User - description: KIE execution server username (Sets the org.kie.server.user system - property) + description: KIE execution server username (Sets the org.kie.server.user system property) name: KIE_SERVER_USER value: executionUser required: false - displayName: KIE Server Password - description: KIE execution server password (Sets the org.kie.server.pwd system property) + description: KIE execution server password, used to connect to KIE servers. Generated value can be a suggestion to use for thew s2i various (Sets the org.kie.server.pwd system property) name: KIE_SERVER_PWD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: false - displayName: KIE Server ID - description: Business server identifier. Determines the template ID in Business Central or controller. If this parameter is left blank, it is set using the $HOSTNAME environment variable or a random value. (Sets the org.kie.server.id system property). + description: The KIE server ID to use, which defaults to ${APPLICATION_NAME}-kieserver if not specified (Sets the org.kie.server.id system property). name: KIE_SERVER_ID value: '' required: false -- displayName: KIE Server Bypass Auth User - description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user - system property) - name: KIE_SERVER_BYPASS_AUTH_USER - value: 'false' +- displayName: ImageStream Namespace + description: Namespace in which the ImageStreams for Red Hat Middleware images are + installed. These ImageStreams are normally installed in the openshift namespace. + You should only need to modify this if you've installed the ImageStreams in a + different namespace/project. + name: IMAGE_STREAM_NAMESPACE + value: openshift + required: true +- displayName: ImageStream Tag + description: A named pointer to an image in an image stream. Default is "1.0". + name: IMAGE_STREAM_TAG + value: "1.0" required: false -- displayName: KIE MBeans - description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and - kie.scanner.mbeans system properties) - name: KIE_MBEANS - value: enabled +- displayName: PostgreSQL ImageStream Tag + description: The PostgreSQL image version, which is intended to correspond to the PostgreSQL version. Default is "9.6". + name: POSTGRESQL_IMAGE_STREAM_TAG + value: "9.6" + required: false +- displayName: KIE Server Monitor User + description: KIE server monitor username, for optional use of the business-central-monitor (Sets the org.kie.server.controller.user system property) + name: KIE_SERVER_MONITOR_USER + value: monitorUser + required: false +- displayName: KIE Server Monitor Password + description: KIE server monitor password, for optional use of the business-central-monitor (Sets the org.kie.server.controller.pwd system property) + name: KIE_SERVER_MONITOR_PWD + required: false +- displayName: KIE Server Monitor Service + description: The service name for the optional business-central-monitor, where it can be reached and registered with, to allow monitoring console functionality + name: KIE_SERVER_MONITOR_SERVICE + required: false +- displayName: KIE Server Smart Router Service + description: The service name for the optional smart router, where it can be reached, to allow smart routing + name: KIE_SERVER_ROUTER_SERVICE + required: false +- displayName: KIE Server Persistence DS + description: KIE execution server persistence datasource (Sets the org.kie.server.persistence.ds system property) + name: KIE_SERVER_PERSISTENCE_DS + value: java:/jboss/datasources/rhpam + required: false +- displayName: KIE Server PostgreSQL Database User + description: KIE execution server PostgreSQL database username + name: KIE_SERVER_POSTGRESQL_USER + value: rhpam + required: false +- displayName: KIE Server PostgreSQL Database Password + description: KIE execution server PostgreSQL database password + name: KIE_SERVER_POSTGRESQL_PWD + from: "[a-zA-Z]{6}[0-9]{1}!" + generate: expression + required: false +- displayName: KIE Server PostgreSQL Database Name + description: KIE execution server PostgreSQL database name + name: KIE_SERVER_POSTGRESQL_DB + value: rhpam7 required: false - displayName: Drools Server Filter Classes - description: KIE execution server class filtering (Sets the org.drools.server.filter.classes - system property) + description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property) name: DROOLS_SERVER_FILTER_CLASSES value: 'true' required: false +- displayName: KIE MBeans + description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties) + name: KIE_MBEANS + value: enabled + required: false - displayName: Execution Server Custom http Route Hostname description: 'Custom hostname for http service route. Leave blank for default hostname, - e.g.: -execserv-.' + e.g.: -kieserver-.' name: EXECUTION_SERVER_HOSTNAME_HTTP value: '' required: false - displayName: Execution Server Custom https Route Hostname description: 'Custom hostname for https service route. Leave blank for default - hostname, e.g.: secure--execserv-.' + hostname, e.g.: secure--kieserver-.' name: EXECUTION_SERVER_HOSTNAME_HTTPS value: '' required: false -- displayName: Server Keystore Secret Name +- displayName: KIE Server Keystore Secret Name description: The name of the secret containing the keystore file - name: HTTPS_SECRET + name: KIE_SERVER_HTTPS_SECRET value: kieserver-app-secret required: false -- displayName: Server Keystore Filename +- displayName: KIE Server Keystore Filename description: The name of the keystore file within the secret - name: HTTPS_KEYSTORE + name: KIE_SERVER_HTTPS_KEYSTORE value: keystore.jks required: false -- displayName: Server Certificate Name +- displayName: KIE Server Certificate Name description: The name associated with the server certificate - name: HTTPS_NAME + name: KIE_SERVER_HTTPS_NAME value: jboss required: false -- displayName: Server Keystore Password +- displayName: KIE Server Keystore Password description: The password for the keystore and certificate - name: HTTPS_PASSWORD + name: KIE_SERVER_HTTPS_PASSWORD value: mykeystorepass required: false +- displayName: KIE Server Bypass Auth User + description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property) + name: KIE_SERVER_BYPASS_AUTH_USER + value: 'false' + required: false - displayName: KIE Server Container Deployment description: 'KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2' name: KIE_SERVER_CONTAINER_DEPLOYMENT - value: rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.4.0-SNAPSHOT - required: false + example: rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.4.0-SNAPSHOT + required: true - displayName: Git Repository URL description: Git source URI for application name: SOURCE_REPOSITORY_URL - value: https://github.com/jboss-container-images/rhpam-7-openshift-image.git + example: https://github.com/jboss-container-images/rhpam-7-openshift-image.git required: true - displayName: Git Reference description: Git branch/tag reference name: SOURCE_REPOSITORY_REF - value: rhpam70-dev + example: rhpam70-dev required: false - displayName: Context Directory description: Path within Git project to build; empty for root project directory. name: CONTEXT_DIR - value: quickstarts/library-process/library + example: quickstarts/library-process/library required: false - displayName: Github Webhook Secret description: GitHub trigger secret @@ -141,19 +192,6 @@ parameters: from: "[a-zA-Z0-9]{8}" generate: expression required: true -- displayName: ImageStream Namespace - description: Namespace in which the ImageStreams for Red Hat Middleware images are - installed. These ImageStreams are normally installed in the openshift namespace. - You should only need to modify this if you've installed the ImageStreams in a - different namespace/project. - name: IMAGE_STREAM_NAMESPACE - value: openshift - required: true -- displayName: ImageStream Tag - description: A named pointer to an image in an image stream. Default is "1.0". - name: IMAGE_STREAM_TAG - value: "1.0" - required: false - displayName: Maven mirror URL description: Maven mirror to use for S2I builds name: MAVEN_MIRROR_URL @@ -174,16 +212,35 @@ parameters: name: MAVEN_REPO_PASSWORD value: '' required: false -- description: List of directories from which archives will be copied into the deployment - folder. If unspecified, all archives in /target will be copied. +- description: List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied. name: ARTIFACT_DIR value: '' required: false +- displayName: Database Volume Capacity + description: Size of persistent storage for database volume. + name: DB_VOLUME_CAPACITY + value: 512Mi + required: true +- displayName: "Timer service data store refresh interval (in milliseconds)" + description: "Sets refresh-interval for the EJB timer service database-data-store." + name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL + value: '30000' + required: false - displayName: Execution Server Container Memory Limit description: Execution Server Container memory limit - name: EXCECUTION_SERVER_MEMORY_LIMIT + name: EXECUTION_SERVER_MEMORY_LIMIT value: 1Gi required: false +- displayName: Disable KIE Server Management + description: "Disable management api and don't allow KIE containers to be deployed/undeployed or started/stopped" + name: KIE_SERVER_MGMT_DISABLED + value: "true" + required: true +- displayName: KIE Server Startup Strategy + description: "When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable" + name: KIE_SERVER_STARTUP_STRATEGY + value: "LocalContainersStartupStrategy" + required: true objects: - kind: ServiceAccount apiVersion: v1 @@ -214,11 +271,25 @@ objects: selector: deploymentConfig: "${APPLICATION_NAME}-kieserver" metadata: - name: secure-${APPLICATION_NAME}-kieserver + name: "secure-${APPLICATION_NAME}-kieserver" labels: application: "${APPLICATION_NAME}" annotations: description: The execution server web server's https port. +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: The database server's port. + labels: + application: ${APPLICATION_NAME} + name: ${APPLICATION_NAME}-postgresql + spec: + ports: + - port: 5432 + targetPort: 5432 + selector: + deploymentConfig: ${APPLICATION_NAME}-postgresql - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-kieserver-http" @@ -236,7 +307,7 @@ objects: apiVersion: v1 id: "${APPLICATION_NAME}-kieserver-https" metadata: - name: secure-${APPLICATION_NAME}-kieserver + name: "secure-${APPLICATION_NAME}-kieserver" labels: application: "${APPLICATION_NAME}" annotations: @@ -244,7 +315,7 @@ objects: spec: host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}" to: - name: secure-${APPLICATION_NAME}-kieserver + name: "secure-${APPLICATION_NAME}-kieserver" tls: termination: passthrough - kind: ImageStream @@ -314,7 +385,7 @@ objects: kind: ImageStream name: "${APPLICATION_NAME}-kieserver" - type: ConfigChange - replicas: 1 + replicas: 2 selector: deploymentConfig: "${APPLICATION_NAME}-kieserver" template: @@ -332,7 +403,7 @@ objects: imagePullPolicy: Always resources: limits: - memory: "${EXCECUTION_SERVER_MEMORY_LIMIT}" + memory: "${EXECUTION_SERVER_MEMORY_LIMIT}" volumeMounts: - name: kieserver-keystore-volume mountPath: "/etc/kieserver-secret-volume" @@ -370,18 +441,24 @@ objects: value: "${KIE_MBEANS}" - name: KIE_SERVER_BYPASS_AUTH_USER value: "${KIE_SERVER_BYPASS_AUTH_USER}" + - name: KIE_SERVER_CONTROLLER_USER + value: "${KIE_SERVER_MONITOR_USER}" + - name: KIE_SERVER_CONTROLLER_PWD + value: "${KIE_SERVER_MONITOR_PWD}" + - name: KIE_SERVER_CONTROLLER_SERVICE + value: "${KIE_SERVER_MONITOR_SERVICE}" - name: KIE_SERVER_ID value: "${KIE_SERVER_ID}" - name: KIE_SERVER_HOST valueFrom: fieldRef: fieldPath: status.podIP - - name: KIE_SERVER_CONTAINER_DEPLOYMENT - value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}" - - name: KIE_SERVER_PWD - value: "${KIE_SERVER_PWD}" - name: KIE_SERVER_USER value: "${KIE_SERVER_USER}" + - name: KIE_SERVER_PWD + value: "${KIE_SERVER_PWD}" + - name: KIE_SERVER_CONTAINER_DEPLOYMENT + value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}" - name: MAVEN_REPO_URL value: "${MAVEN_REPO_URL}" - name: MAVEN_REPO_USERNAME @@ -389,18 +466,116 @@ objects: - name: MAVEN_REPO_PASSWORD value: "${MAVEN_REPO_PASSWORD}" - name: MAVEN_REPO_SERVICE - value: "${APPLICATION_NAME}-rhpamcentr" + value: "" - name: MAVEN_REPO_PATH value: "/maven2/" + - name: KIE_SERVER_ROUTER_SERVICE + value: "${KIE_SERVER_ROUTER_SERVICE}" + - name: KIE_SERVER_PERSISTENCE_DIALECT + value: "org.hibernate.dialect.PostgreSQLDialect" + - name: KIE_SERVER_PERSISTENCE_DS + value: "${KIE_SERVER_PERSISTENCE_DS}" + - name: DATASOURCES + value: "RHPAM" + - name: RHPAM_DATABASE + value: "${KIE_SERVER_POSTGRESQL_DB}" + - name: RHPAM_JNDI + value: "${KIE_SERVER_PERSISTENCE_DS}" + - name: RHPAM_DRIVER + value: "postgresql" + - name: RHPAM_JTA + value: "true" + - name: RHPAM_TX_ISOLATION + value: "TRANSACTION_READ_UNCOMMITTED" + - name: RHPAM_USERNAME + value: "${KIE_SERVER_POSTGRESQL_USER}" + - name: RHPAM_PASSWORD + value: "${KIE_SERVER_POSTGRESQL_PWD}" + - name: RHPAM_SERVICE_HOST + value: "${APPLICATION_NAME}-postgresql" + - name: RHPAM_SERVICE_PORT + value: "5432" + - name: TIMER_SERVICE_DATA_STORE + value: "${APPLICATION_NAME}-postgresql" + - name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL + value: "${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}" - name: HTTPS_KEYSTORE_DIR value: "/etc/kieserver-secret-volume" - name: HTTPS_KEYSTORE - value: "${HTTPS_KEYSTORE}" + value: "${KIE_SERVER_HTTPS_KEYSTORE}" - name: HTTPS_NAME - value: "${HTTPS_NAME}" + value: "${KIE_SERVER_HTTPS_NAME}" - name: HTTPS_PASSWORD - value: "${HTTPS_PASSWORD}" + value: "${KIE_SERVER_HTTPS_PASSWORD}" + - name: KIE_SERVER_MGMT_DISABLED + value: "${KIE_SERVER_MGMT_DISABLED}" + - name: KIE_SERVER_STARTUP_STRATEGY + value: "${KIE_SERVER_STARTUP_STRATEGY}" volumes: - name: kieserver-keystore-volume secret: - secretName: "${HTTPS_SECRET}" + secretName: "${KIE_SERVER_HTTPS_SECRET}" +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "${APPLICATION_NAME}-postgresql" + labels: + application: "${APPLICATION_NAME}" + spec: + strategy: + type: Recreate + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - "${APPLICATION_NAME}-postgresql" + from: + kind: ImageStreamTag + namespace: "${IMAGE_STREAM_NAMESPACE}" + name: "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + - type: ConfigChange + replicas: 1 + selector: + deploymentConfig: "${APPLICATION_NAME}-postgresql" + template: + metadata: + name: "${APPLICATION_NAME}-postgresql" + labels: + deploymentConfig: "${APPLICATION_NAME}-postgresql" + application: "${APPLICATION_NAME}" + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: "${APPLICATION_NAME}-postgresql" + image: postgresql + imagePullPolicy: Always + ports: + - containerPort: 5432 + protocol: TCP + volumeMounts: + - mountPath: "/var/lib/postgresql/data" + name: "${APPLICATION_NAME}-postgresql-pvol" + env: + - name: POSTGRESQL_USER + value: "${KIE_SERVER_POSTGRESQL_USER}" + - name: POSTGRESQL_PASSWORD + value: "${KIE_SERVER_POSTGRESQL_PWD}" + - name: POSTGRESQL_DATABASE + value: "${KIE_SERVER_POSTGRESQL_DB}" + volumes: + - name: "${APPLICATION_NAME}-postgresql-pvol" + persistentVolumeClaim: + claimName: "${APPLICATION_NAME}-postgresql-claim" +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: "${APPLICATION_NAME}-postgresql-claim" + labels: + application: "${APPLICATION_NAME}" + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${DB_VOLUME_CAPACITY}" diff --git a/templates/rhpam70-prod-immutable-monitor.yaml b/templates/rhpam70-prod-immutable-monitor.yaml new file mode 100644 index 00000000..463d7a76 --- /dev/null +++ b/templates/rhpam70-prod-immutable-monitor.yaml @@ -0,0 +1,471 @@ +--- +kind: Template +apiVersion: v1 +metadata: + annotations: + description: Application template for a router and monitoring console in a production environment, for Red Hat Process Automation Manager 7.0 + iconClass: icon-jboss + tags: rhpam,jboss,xpaas + version: 1.4.0 + openshift.io/display-name: Red Hat Process Automation Manager 7.0 production monitoring environment + name: rhpam70-prod-immutable-monitor +labels: + template: rhpam70-prod-immutable-monitor + xpaas: 1.4.0 +message: A new environment has been set up for Red Hat Process Automation Manager 7. To create a new KIE server and connect to this monitoring console/router, enter + oc new-app -f rhpam70-prod-immutable-kieserver.yaml -p KIE_SERVER_PWD=${KIE_SERVER_PWD} -p KIE_SERVER_MONITOR_PWD=${KIE_SERVER_MONITOR_PWD} -p KIE_SERVER_MONITOR_SERVICE=${APPLICATION_NAME}-rhpamcentrmon -p KIE_SERVER_ROUTER_SERVICE=${APPLICATION_NAME}-smartrouter -p SOURCE_REPOSITORY_URL=https://example.com/xxxx.git -p CONTEXT_DIR=rootDir -p KIE_SERVER_CONTAINER_DEPLOYMENT=containerId=G:A:V +parameters: +- displayName: Application Name + description: The name for the application. + name: APPLICATION_NAME + value: myapp + required: true +- displayName: Maven repository URL + description: Fully qualified URL to a Maven repository or service. + name: MAVEN_REPO_URL + example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/ + required: true +- displayName: Maven repository username + description: Username to access the Maven repository, if required. + name: MAVEN_REPO_USERNAME + required: false +- displayName: Maven repository password + description: Password to access the Maven repository, if required. + name: MAVEN_REPO_PASSWORD + required: false +- displayName: EAP Admin User + description: EAP administrator username + name: ADMIN_USERNAME + value: eapadmin + required: false +- displayName: EAP Admin Password + description: EAP administrator password + name: ADMIN_PASSWORD + from: "[a-zA-Z]{6}[0-9]{1}!" + generate: expression + required: false +- displayName: KIE Admin User + description: KIE administrator username + name: KIE_ADMIN_USER + value: adminUser + required: false +- displayName: KIE Admin Password + description: KIE administrator password + name: KIE_ADMIN_PWD + from: "[a-zA-Z]{6}[0-9]{1}!" + generate: expression + required: false +- displayName: KIE Server User + description: KIE execution server username (Sets the org.kie.server.user system property) + name: KIE_SERVER_USER + value: executionUser + required: false +- displayName: KIE Server Password + description: KIE execution server password, used to connect to KIE servers. Generated value can be a suggestion to use for thew s2i various (Sets the org.kie.server.pwd system property) + name: KIE_SERVER_PWD + from: "[a-zA-Z]{6}[0-9]{1}!" + generate: expression + required: false +- displayName: ImageStream Namespace + description: Namespace in which the ImageStreams for Red Hat Middleware images are + installed. These ImageStreams are normally installed in the openshift namespace. + You should only need to modify this if you've installed the ImageStreams in a + different namespace/project. + name: IMAGE_STREAM_NAMESPACE + value: openshift + required: true +- displayName: ImageStream Tag + description: A named pointer to an image in an image stream. Default is "1.0". + name: IMAGE_STREAM_TAG + value: "1.0" + required: false +- displayName: Smart Router Custom http Route Hostname + description: Custom hostname for http service route. Leave blank for default hostname, e.g. -smartrouter-.' + name: SMART_ROUTER_HOSTNAME_HTTP + value: '' + required: false +- displayName: Smart Router ID + description: Router ID used when connecting to the controller (router property org.kie.server.router.id) + name: KIE_SERVER_ROUTER_ID + value: kie-server-router +- displayName: Smart Router listening port + description: Port in which the smart router server listens (router property org.kie.server.router.port) + name: KIE_SERVER_ROUTER_PORT + example: "9000" + required: false +- displayName: Smart Router protocol + description: KIE server router protocol (Used to build the org.kie.server.router.url.external property) + name: KIE_SERVER_ROUTER_PROTOCOL + example: "http" + required: false +- displayName: Smart Router external URL + description: Public URL where the router can be found. Format http://: (router property org.kie.server.router.url.external) + name: KIE_SERVER_ROUTER_URL_EXTERNAL +- displayName: Smart Router name + description: Router name used when connecting to the controller (router property org.kie.server.router.name) + name: KIE_SERVER_ROUTER_NAME + value: KIE Server Router +- displayName: KIE Server Monitor User + description: KIE server monitor username (Sets the org.kie.server.controller.user system property) + name: KIE_SERVER_MONITOR_USER + value: monitorUser + required: false +- displayName: KIE Server Monitor Password + description: KIE server monitor password (Sets the org.kie.server.controller.pwd system property) + name: KIE_SERVER_MONITOR_PWD + from: "[a-zA-Z]{6}[0-9]{1}!" + generate: expression + required: false +- displayName: JGroups Cluster Password + description: JGroups Cluster Password, used to establish an EAP cluster on OpenShift + name: JGROUPS_CLUSTER_PASSWORD + from: "[a-zA-Z]{6}[0-9]{1}!" + generate: expression + required: true +- displayName: KIE MBeans + description: KIE mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties) + name: KIE_MBEANS + value: enabled + required: false +- displayName: Business Central Custom http Route Hostname + description: 'Custom hostname for http service route. Leave blank for default hostname, + e.g.: -rhpamcentrmon-.' + name: BUSINESS_CENTRAL_HOSTNAME_HTTP + value: '' + required: false +- displayName: Business Central Custom https Route Hostname + description: 'Custom hostname for https service route. Leave blank for default + hostname, e.g.: secure--rhpamcentrmon-.' + name: BUSINESS_CENTRAL_HOSTNAME_HTTPS + value: '' + required: false +- displayName: Business Central Server Keystore Secret Name + description: The name of the secret containing the keystore file + name: BUSINESS_CENTRAL_HTTPS_SECRET + value: businesscentral-app-secret + required: false +- displayName: Business Central Server Keystore Filename + description: The name of the keystore file within the secret + name: BUSINESS_CENTRAL_HTTPS_KEYSTORE + value: keystore.jks + required: false +- displayName: Business Central Server Certificate Name + description: The name associated with the server certificate + name: BUSINESS_CENTRAL_HTTPS_NAME + value: jboss + required: false +- displayName: Business Central Server Keystore Password + description: The password for the keystore and certificate + name: BUSINESS_CENTRAL_HTTPS_PASSWORD + value: mykeystorepass + required: false +- displayName: Smart Router Custom http Route Hostname + description: 'Custom hostname for http service route. Leave blank for default hostname, + e.g.: -rhpamcentrmon-.' + name: SMART_ROUTER_HOSTNAME_HTTP + value: '' + required: false +- displayName: Business Central Container Memory Limit + description: Business Central Container memory limit + name: BUSINESS_CENTRAL_MEMORY_LIMIT + value: 2Gi + required: false +- displayName: Smart Router Container Memory Limit + description: Smart Router Container memory limit + name: SMART_ROUTER_MEMORY_LIMIT + value: 512Mi + required: false +- displayName: Red Hat Single Sign-On (RH-SSO) URL + description: Red Hat Single Sign-On (RH-SSO) URL + name: SSO_URL + example: "https://secure-sso-rh-sso.example.com/auth" + required: false +- displayName: RH-SSO Secret Value + description: Secret value generated by RH-SSO for the corresponding SSO Client + name: SSO_SECRET + example: "252793ed-7118-4ca8-8dab-5622fa97d892" + required: false +- displayName: RH-SSO Realm + description: RH-SSO Realm designated for this application + name: SSO_REALM + example: "rhpam-production" + required: false +- displayName: RH-SSO Client name + description: RH-SSO Client is a name identifying this application within RH-SSO + name: SSO_CLIENT + example: "rhpam-myapp-monitor" + required: false +objects: +- kind: ServiceAccount + apiVersion: v1 + metadata: + name: "${APPLICATION_NAME}-rhpamcentr" + labels: + application: "${APPLICATION_NAME}" +- kind: Service + apiVersion: v1 + spec: + ports: + - port: 8080 + targetPort: 8080 + selector: + deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon" + metadata: + name: "${APPLICATION_NAME}-rhpamcentrmon" + labels: + application: "${APPLICATION_NAME}" + annotations: + description: The Business Central Monitoring web server's http port. +- kind: Service + apiVersion: v1 + spec: + ports: + - port: 8443 + targetPort: 8443 + selector: + deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon" + metadata: + name: "secure-${APPLICATION_NAME}-rhpamcentrmon" + labels: + application: "${APPLICATION_NAME}" + annotations: + description: The Business Central Monitoring web server's https port. +- kind: Service + apiVersion: v1 + spec: + ports: + - port: 9000 + targetPort: 9000 + selector: + deploymentConfig: "${APPLICATION_NAME}-smartrouter" + metadata: + name: "${APPLICATION_NAME}-smartrouter" + labels: + application: "${APPLICATION_NAME}" + annotations: + description: The smart router server http port. +- kind: Route + apiVersion: v1 + id: "${APPLICATION_NAME}-rhpamcentrmon-http" + metadata: + name: "${APPLICATION_NAME}-rhpamcentrmon" + labels: + application: "${APPLICATION_NAME}" + annotations: + description: Route for Business Central Monitoring's http service. + spec: + host: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}" + to: + name: "${APPLICATION_NAME}-rhpamcentrmon" +- kind: Route + apiVersion: v1 + id: "${APPLICATION_NAME}-rhpamcentrmon-https" + metadata: + name: "secure-${APPLICATION_NAME}-rhpamcentrmon" + labels: + application: "${APPLICATION_NAME}" + annotations: + description: Route for Business Central Monitoring's https service. + spec: + host: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}" + to: + name: "secure-${APPLICATION_NAME}-rhpamcentrmon" + tls: + termination: passthrough +- kind: Route + apiVersion: v1 + id: "${APPLICATION_NAME}-smartrouter-http" + metadata: + name: "${APPLICATION_NAME}-smartrouter" + labels: + application: "${APPLICATION_NAME}" + annotations: + description: Route for Smart Router's http service. + spec: + host: "${SMART_ROUTER_HOSTNAME_HTTP}" + to: + name: "${APPLICATION_NAME}-smartrouter" +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "${APPLICATION_NAME}-rhpamcentrmon" + labels: + application: "${APPLICATION_NAME}" + spec: + strategy: + type: Recreate + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - "${APPLICATION_NAME}-rhpamcentrmon" + from: + kind: ImageStreamTag + namespace: "${IMAGE_STREAM_NAMESPACE}" + name: "rhpam70-businesscentral-monitoring-openshift:${IMAGE_STREAM_TAG}" + - type: ConfigChange + replicas: 3 + selector: + deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon" + template: + metadata: + name: "${APPLICATION_NAME}-rhpamcentrmon" + labels: + deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon" + application: "${APPLICATION_NAME}" + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: "${APPLICATION_NAME}-rhpamcentrmon" + image: rhpam70-businesscentral-monitoring-openshift + imagePullPolicy: Always + resources: + limits: + memory: "${BUSINESS_CENTRAL_MEMORY_LIMIT}" + volumeMounts: + - name: businesscentral-keystore-volume + mountPath: "/etc/businesscentral-secret-volume" + readOnly: true + livenessProbe: + exec: + command: + - "/bin/bash" + - "-c" + - "/opt/eap/bin/livenessProbe.sh" + readinessProbe: + exec: + command: + - "/bin/bash" + - "-c" + - "/opt/eap/bin/readinessProbe.sh" + ports: + - name: jolokia + containerPort: 8778 + protocol: TCP + - name: http + containerPort: 8080 + protocol: TCP + - name: https + containerPort: 8443 + protocol: TCP + env: + - name: KIE_ADMIN_PWD + value: "${KIE_ADMIN_PWD}" + - name: KIE_ADMIN_USER + value: "${KIE_ADMIN_USER}" + - name: KIE_SERVER_PWD + value: "${KIE_SERVER_PWD}" + - name: KIE_SERVER_USER + value: "${KIE_SERVER_USER}" + - name: MAVEN_REPO_URL + value: "${MAVEN_REPO_URL}" + - name: MAVEN_REPO_USERNAME + value: "${MAVEN_REPO_USERNAME}" + - name: MAVEN_REPO_PASSWORD + value: "${MAVEN_REPO_PASSWORD}" + - name: ADMIN_USERNAME + value: "${ADMIN_USERNAME}" + - name: ADMIN_PASSWORD + value: "${ADMIN_PASSWORD}" + - name: KIE_SERVER_CONTROLLER_USER + value: "${KIE_SERVER_MONITOR_USER}" + - name: KIE_SERVER_CONTROLLER_PWD + value: "${KIE_SERVER_MONITOR_PWD}" + - name: PROBE_IMPL + value: probe.eap.jolokia.EapProbe + - name: PROBE_DISABLE_BOOT_ERRORS_CHECK + value: 'true' + - name: HTTPS_KEYSTORE_DIR + value: "/etc/businesscentral-secret-volume" + - name: HTTPS_KEYSTORE + value: "${BUSINESS_CENTRAL_HTTPS_KEYSTORE}" + - name: HTTPS_NAME + value: "${BUSINESS_CENTRAL_HTTPS_NAME}" + - name: HTTPS_PASSWORD + value: "${BUSINESS_CENTRAL_HTTPS_PASSWORD}" + - name: OPENSHIFT_KUBE_PING_LABELS + value: "app=${APPLICATION_NAME}-rhpamcentrmon" + - name: OPENSHIFT_KUBE_PING_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: JGROUPS_CLUSTER_PASSWORD + value: "${JGROUPS_CLUSTER_PASSWORD}" + - name: SSO_URL + value: "${SSO_URL}" + - name: SSO_SECRET + value: "${SSO_SECRET}" + - name: SSO_REALM + value: "${SSO_REALM}" + - name: SSO_CLIENT + value: "${SSO_CLIENT}" + - name: SSO_OPENIDCONNECT_DEPLOYMENTS + value: "ROOT.war" + volumes: + - name: businesscentral-keystore-volume + secret: + secretName: "${BUSINESS_CENTRAL_HTTPS_SECRET}" +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: ${APPLICATION_NAME}-smartrouter + labels: + application: "${APPLICATION_NAME}" + spec: + strategy: + type: Recreate + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - "${APPLICATION_NAME}-smartrouter" + from: + kind: ImageStreamTag + namespace: "${IMAGE_STREAM_NAMESPACE}" + name: "rhpam70-smartrouter-openshift:${IMAGE_STREAM_TAG}" + - type: ConfigChange + replicas: 2 + selector: + deploymentConfig: "${APPLICATION_NAME}-smartrouter" + template: + metadata: + name: "${APPLICATION_NAME}-smartrouter" + labels: + application: "${APPLICATION_NAME}" + deploymentConfig: "${APPLICATION_NAME}-smartrouter" + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: "${APPLICATION_NAME}-smartrouter" + image: rhpam70-smartrouter-openshift + imagePullPolicy: Always + resources: + limits: + memory: "${SMART_ROUTER_MEMORY_LIMIT}" + ports: + - name: http + containerPort: 9000 + protocol: TCP + env: + - name: KIE_SERVER_ROUTER_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: KIE_SERVER_ROUTER_PORT + value: "${KIE_SERVER_ROUTER_PORT}" + - name: KIE_SERVER_ROUTER_URL_EXTERNAL + value: "${KIE_SERVER_ROUTER_URL_EXTERNAL}" + - name: KIE_SERVER_ROUTER_ID + value: "${KIE_SERVER_ROUTER_ID}" + - name: KIE_SERVER_ROUTER_NAME + value: "${KIE_SERVER_ROUTER_NAME}" + - name: KIE_SERVER_ROUTER_PROTOCOL + value: "${KIE_SERVER_ROUTER_PROTOCOL}" + - name: KIE_SERVER_CONTROLLER_USER + value: "${KIE_SERVER_MONITOR_USER}" + - name: KIE_SERVER_CONTROLLER_PWD + value: "${KIE_SERVER_MONITOR_PWD}" + - name: KIE_SERVER_CONTROLLER_SERVICE + value: "${APPLICATION_NAME}-rhpamcentrmon"