This repository is not longer active and has been moved to https://github.com/syndesisio/syndesis (code & issues)
Syndesis OpenShift Templates
This repository is about the canonical way to install Syndesis by using OpenShift templates for deploying on an OpenShift cluster.
There exist different flavours of OpenShift templates, with the following characteristics:
|syndesis.yml||Full production when setting up on a cluster with full access rights. Uses image streams under the hoods.|
|syndesis-dev.yml||Same as above, but with direct references to Docker images so that they locally created images (e.g. against a Minishift Docker daemon) can be used directly.|
|syndesis-restricted.yml||If running in an restricted environment without admin access this template should be used. See the section below for detailed usage instructions.|
|syndesis-dev-restricted.yml||Same as above, but as a developer version with using direct Docker images|
|syndesis-restricted-ephemeral.yml||A variant of
|syndesis-ci.yml||A variant of
More about the differences can be found in this issue
In order to apply the templates you can directly refer to the given files via its GitHub URL:
$ oc create -f https://raw.githubusercontent.com/syndesisio/syndesis-openshift-templates/master/syndesis.yml
All of these templates are generated from a single source syndesis.yml.mustache. So instead of editing individual descriptors you have to change this master template and then run
All template parameters are required. Most of them have sane defaults, but some of them have not. These must be provided during instantiation with
Required input parametes
|ROUTE_HOSTNAME||The external hostname to access Syndesis|
In order to one of the templates described above these parameters must be provided:
$ oc new-app syndesis -p \ ROUTE_HOSTNAME=<external hostname>
Replace <external hostname> with a value that will resolve to the address of the OpenShift router.
You have to chose an address or <external hostname> which is routable on your system (and also resolvable from inside your cluster). For a development setup you can use an external DNS resolving service like xip.io or nip.io:
Assuming that your OpenShift cluster is reachable under the IP address ip then use
syndesis.127.0.0.1.nip.io if your cluster is listening on localhost). With minishift you can retrieve the IP of the cluster with
Once all pods are started up, you should be able to access the Syndesis at
Parameters with default values
|OPENSHIFT_MASTER||Public OpenShift master address||https://localhost:8443|
|OPENSHIFT_OAUTH_CLIENT_ID||OpenShift OAuth client ID||syndesis|
|OPENSHIFT_OAUTH_CLIENT_SECRET||OpenShift OAuth client secret||(generated)|
|OPENSHIFT_OAUTH_DEFAULT_SCOPES||OpenShift OAuth default scopes||user:full|
|POSTGRESQL_MEMORY_LIMIT||Maximum amount of memory the PostgreSQL container can use||512Mi|
|POSTGRESQL_IMAGE_STREAM_NAMESPACE||The OpenShift Namespace where the PostgreSQL ImageStream resides||openshift|
|POSTGRESQL_USER||Username for PostgreSQL user that will be used for accessing the database||syndesis|
|POSTGRESQL_PASSWORD||Password for the PostgreSQL connection user||(generated)|
|POSTGRESQL_DATABASE||Name of the PostgreSQL database accessed||syndesis|
|POSTGRESQL_VOLUME_CAPACITY||Volume space available for PostgreSQL data, e.g. 512Mi, 2Gi||1Gi|
|INSECURE_SKIP_VERIFY||Whether to skip the verification of SSL certificates for internal services||false|
|TEST_SUPPORT_ENABLED||Whether test support for e2e test is enabled||false|
|DEMO_DATA_ENABLED||Whether demo data is automatically imported on startup||true|
|SYNDESIS_REGISTRY||Registry from where to fetch Syndesis images||docker.io|
|CONTROLLERS_INTEGRATION_ENABLED||Should deployment of integrations be enabled?||true|
|SYNDESIS_ENCRYPT_KEY||The encryption key used to encrypt/decrypt stored secrets||(generated)|
Running as a Cluster Admin
Once they are started and you have logged in with
oc login -u system:admin, run:
$ oc create -n openshift -f https://raw.githubusercontent.com/syndesisio/syndesis-openshift-templates/master/syndesis.yml $ oc new-project syndesis # Create app with the required params $ oc new-app syndesis -p ROUTE_HOSTNAME=syndesis.127.0.0.1.nip.io # Wait until all started $ oc get pods -w
If you want to use the development version which refers directly to Docker images substitute
syndesis-dev in the example above.
Once everything is running, you should be able to access Syndesis at https://syndesis.127.0.0.1.nip.io and log in with the OpenShift user
developer using any password.
Running in a Restricted environment
If you don't have cluster admin privileges, then you can run the Syndesis as a single tenant deployment which only needs admin role in a project. This restricts all access to the single project and as such acts as a single tenant. The drawback to this is of course that you need to deploy the Syndesis services and pods into every project that you want to provision integrations in, but this is fine for a single, local deployment.
Deployment is a bit more complicated because it requires a few extra steps to set stuff up:
(Optional) Create a project
It is advisable to run the Syndesis in its own project so that it can adhere to cluster quotas:
$ oc new-project syndesis-restricted
Create service account to use as OAuth client
OpenShift includes the ability for a service account to act as a limited OAuthClient (see here for more details). Let's create the service account with the correct redirect URIs enabled:
$ oc create -f https://raw.githubusercontent.com/syndesisio/syndesis-openshift-templates/master/support/serviceaccount-as-oauthclient-restricted.yml
Create the template to use
We will create the template in the project, rather than in the openshift namespace as it is assumed the user does not have cluster-admin rights:
$ oc create -f https://raw.githubusercontent.com/syndesisio/syndesis-openshift-templates/master/syndesis-dev-restricted.yml
Create the new app
You can now use the template and the ServiceAccount created above to deploy the restricted Syndesis for a single tenant Syndesis:
$ oc new-app syndesis-dev-restricted \ -p ROUTE_HOSTNAME=<EXTERNAL_HOSTNAME> \ -p OPENSHIFT_MASTER=$(oc whoami --show-server) \ -p OPENSHIFT_PROJECT=$(oc project -q) \ -p OPENSHIFT_OAUTH_CLIENT_SECRET=$(oc sa get-token syndesis-oauth-client) \ -p INSECURE_SKIP_VERIFY=true
EXTERNAL_HOSTNAME appropriately with your public Syndesis address (something like
syndesis.127.0.0.1.nip.io works great if you are using
oc cluster up locally).
You should be able to log in at
With Minishift you can easily try out Syndesis.
The template to use in the installation instructions depend on your use case:
Developer : Use the template
syndesis-dev-restrictedwhich directly references Docker images without image streams. The restricted variant should be used when running in an OpenShift environment where you don't have or don't want to use admin access. Then when before building you images e.g. with
mvn fabric8:buildset your
DOCKER_HOSTenvvar to use the Minishift Docker daemon via
eval $(minishift docker-env). After you have created a new image you simply only need to kill the appropriate pod so that the new pod spinning up will use the freshly created image.
Tester / User : In case you only want to have the latest version of Syndesis on your local Minishift installation, use the template
syndesiswhich uses image stream refering to the published Docker Hub images. Minishift will update its images and trigger a redeployment when the images at Docker Hub changes. Therefore it checks every 15 minutes for a change image. You do not have to do anything to get your application updated except for waiting on Minishift to pick up new images.
Depending on your role please use the appropriate template in the instructions below.
Here are step-by-step the installation instructions for setting up a Minishift installation in an restricted OpenShift environment:
# Fire up minishift if not alread running. # 4 MB of memories are recommended minishift start --memory 4192 # Add a serviceaccount as OAuth client to OpenShift oc create -f https://raw.githubusercontent.com/syndesisio/syndesis-openshift-templates/master/support/serviceaccount-as-oauthclient-restricted.yml # Install the OpenShift template oc create -f https://raw.githubusercontent.com/syndesisio/syndesis-openshift-templates/master/syndesis-dev-restricted.yml # Create an App. Use "syndesis-dev" or "syndesis" depending on the template # you have installed oc new-app syndesis-dev-restricted \ -p ROUTE_HOSTNAME=syndesis.$(minishift ip).nip.io \ -p OPENSHIFT_MASTER=$(oc whoami --show-server) # Wait until all pods are running. Some pods are crashing at first, but are restarted # so that the system will eventually converts to a stable state ;-). Especially the proxies # need up to 5 restarts watch oc get pods # Open browser pointing ot the app open https://syndesis.$(minishift ip).nip.io