| commit | author | age | ||
| 9e7a28 | 1 | apiVersion: v1 |
| RJ | 2 | kind: Template |
| 3 | labels: | |
| 4 | template: rhdm7-only | |
| 5 | xpaas: 1.4.0 | |
| 6 | message: A new persistent Decision Manager applications have been created in your project. | |
| 7 | The username/password for accessing the KIE Server / Decision Central interface is ${KIE_ADMIN_USER}/${KIE_ADMIN_PWD}. | |
| 8 | Please be sure to create the "decisioncentral-service-account" and "kieserver-service-account" service accounts | |
| 9 | and the secrets named "${DECISION_CENTRAL_HTTPS_SECRET}" and "${KIE_SERVER_HTTPS_SECRET}" containing the | |
| 10 | ${DECISION_CENTRAL_HTTPS_KEYSTORE} and ${KIE_SERVER_HTTPS_KEYSTORE}files used for serving secure content. | |
| 11 | metadata: | |
| 12 | annotations: | |
| 13 | description: Application template for Red Hat JBoss Decision Management 7.0. | |
| 14 | iconClass: icon-jboss | |
| 15 | openshift.io/display-name: Red Hat Decision Manager 7.0 applications (Persistent with https) | |
| 16 | tags: rhdm,jboss,xpaas | |
| 17 | version: 1.4.0 | |
| 18 | name: rhdm7-only | |
| 19 | objects: | |
| 20 | # dtorresf: Adding the service account and secrets to the template. | |
| 21 | # I like having a more centralized approach for all the required assets to | |
| 22 | # instantiate the environment, instead of having to break into different | |
| 23 | # execution steps. | |
| 24 | - kind: ServiceAccount | |
| 25 | apiVersion: v1 | |
| 26 | metadata: | |
| 27 | name: decisioncentral-service-account | |
| 28 | labels: | |
| 29 | application: "${APPLICATION_NAME}" | |
| 30 | secrets: | |
| 31 | - name: decisioncentral-app-secret | |
| 32 | - kind: Secret | |
| 33 | apiVersion: v1 | |
| 34 | metadata: | |
| 35 | annotations: | |
| 36 | description: Default secret file with name 'jboss' and password 'mykeystorepass' | |
| 37 | name: decisioncentral-app-secret | |
| 38 | labels: | |
| 39 | application: "${APPLICATION_NAME}" | |
| 40 | data: | |
| 41 | keystore.jks: "/u3+7QAAAAIAAAABAAAAAQAFamJvc3MAAAFNbVtLLAAABQMwggT/MA4GCisGAQQBKgIRAQEFAASCBOsxl4wqa+E+XP8+qMZY9XLhvKrRX8V1MHdwFZQaLTEVURCizqYXoMnbhtfV0oMAUFsE7013TTA9Q2l+pSs+cqz6HH/vwjEEIkqJx5wD8WcD/bu9e9F9EHQ+zrjZFmpMFvXsvj9+ux1o/YLBDGY3kd4MoDcJy0yJ/ZpzNYLkXanlrMhWqxC7MAliCBsdyVgNn5RFb4Nn+JZgJuNSIGo/K292+0IFaFv9vsXbX889W9HPCvfO0mQIzoy8In0NhzdKli/67y4kbDkWaI0fRONckZTxNpxn6rMc0nN9zKrGVToLxj1Ufcoj/tCvR8agtPpv7KIWUqBYDg83ad+i4EE5XYISovlsl6RmtrrTb39PJcL86+wJ+x2ZrLuyzh6C9sAOdSBiKt/DY97ICIYltRMrb+cNwWdnJvT+PeYvv3vKo7YThha+akoJDjsWMp1HWpbIC9zg9ZjugU+/ao6nHtmoZmCaYjLuEE+sYl5s179uyQjE3LRc+0cVY2+bYCOD6P6JLH9GdfjkR40OhjryiWy2Md6vAGaATh6kjjreRHfSie4KCgIZx9Ngb1+uAwauYSM8d9OIwT5lRmLd4Go9CaFXtFdq/IZv3x5ZEPVqMjxcq0KXcs1QcfK3oSYL/rrkxXxKFTrd0N3KgvwATWx/KS90tdHBg65dF3PpBjK1AYQL3Q7KV3t45SVyYHd92TUsaduY1nUQk4TukNC8l9f8xYVeOFXoFHZRx9edqn8fjDMmCYn5PTPNuMPHQm7nKxeWhV2URY5jt774gmvHLNcXeEgrM7US81wOvs2y1jY/paJWn+OACf2x2a75MWFFkZH67bZoh9pPWAwOUEtegXTL5QVicHjzZrop8Qb7K7hlGgD0RP5YYOFYF4DD+SL5BHKr6fw/LS6MMJaK1wKsJd0oGg9HcHXjph9Kb+mqXrQ54C1KI42LpFftU3DCg8wGoqvg/zO/UtVeHX3rBZDUIkeQrCULEkki9oL5diDxe9mNx9Qua5FJ6FJGIffQmsC4b0+Xys6NyqUu1aeWLcAPA/5hcs6ZTiSRTHTBe3vxapyBjnAL5uij4ILbWbEGH1e0mAHBeiihRx+w4oxH4OGCvXOhwIDHETLJJUcnJe1CouECdqdfVy/eEsIfiEheVs8OwogJLiWgzB7PoebXM4SKsAWL3NcDtC1LV3KuPgFuTDH7MjPIR83eSxkKlJLMNGfEpUHyg+lm7aJ98PVIS+l1YV9oUzLfbo3S6S2sMjVgyviS90vNIPo5JOTEFHsg5aWJNHL0OV4zRUeILzwwdQz+VkTk9DobnkLWUeLnwUNWheOpaQh79Mk0IfwfLj4D0Vx9p+PShKKZCGs0wjckmCFBM5Pc1x2lwMdaP5yATzrw+jUc+/3UY4PF/4Ya66m/DRsBKEcXjVAHcTce6OdNdGlBNT8VgkxPiylwO8hvyvpf6j+wdb9iXi6eOnk0AiEJ6mUAXs/eyDD/cqQjnUBKRGLQUSdHhvtpw8RfvyVhAAxNOnBsOT0WYol9iK6pSclGTF5mZleASRzZhH69GgdebfFhXimb0j/wYj3uLgf6mrKMDwlrXJ80SiWkXxd5TX/7XtB9lbPzNpaR12M8U8UVg16VOtMwCR2Gss2vmhqQnQFLsUsAKcYM0TRp1pWqbzpGebCvJkVWiIYocN3ZI1csAhGX3G86ewAAAAEABVguNTA5AAADeTCCA3UwggJdoAMCAQICBGekovEwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMB4XDTE1MDUxOTE4MDYxOFoXDTE1MDgxNzE4MDYxOFowazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0zbGtem+If//jw0OTszIcpX4ydOCC0PeqktulYkm4pG0qEVBB+HuMj7yeTBc1KCDl2xm+Q6LPeTzUufk7BXFEg4Ru1l3PSW70LyJBfHy5ns0dYE5M1I0Avv9rvjgC1VTsiBmdXh+tIIQDPknIKpWpcs79XPOURGLvuGjfyj08EZWFvAZzYrk3lKwkceDHpYYb5i+zxFRz5K6of/h9gQ9CzslqNd7uxxvyy/yTtNFk2J797Vk3hKtbiATqc9+egEHcEQrzADejPYol5ke3DA1NPRBqFGku5n215i2eYzYvVV1xmifID/3lzvNWN0bWlOxl74VsPnWa/2JPP3hZ6p5QIDAQABoyEwHzAdBgNVHQ4EFgQURLJKk/gaSrMjDyX8iYtCzPtTBqAwDQYJKoZIhvcNAQELBQADggEBAA4ESTKsWevv40hFv11t+lGNHT16u8Xk+WnvB4Ko5sZjVhvRWTTKOEBE5bDYfMhf0esn8gg0B4Qtm4Rb5t9PeaG/0d6xxD0BIV6eWihJVtEGOH47Wf/UzfC88fqoIxZ6MMBPik/WeafvOK+HIHfZSwAmqlXgl4nNVDdMNHtBhNAvikL3osxrSbqdi3eyI7rqSpb41Lm9v+PF+vZTOGRQf22Gq30/Ie85DlqugtRKimWHJYL2HeL4ywTtQKgde6JDRCOHwbDcsl6CbMjugt3yyI7Yo9EJdKb5p6YoVOpnCz7369W9Uim+Xrl2ELZWM5WTiQFxd6S36Ql2TUk+s8zj/GoN9ov0Y/yNNCxAibwyzo94N+Q4vA==" | |
| 42 | - kind: ServiceAccount | |
| 43 | apiVersion: v1 | |
| 44 | metadata: | |
| 45 | name: kieserver-service-account | |
| 46 | labels: | |
| 47 | application: "${APPLICATION_NAME}" | |
| 48 | secrets: | |
| 49 | - name: kieserver-app-secret | |
| 50 | - kind: Secret | |
| 51 | apiVersion: v1 | |
| 52 | metadata: | |
| 53 | annotations: | |
| 54 | description: Default secret file with name 'jboss' and password 'mykeystorepass' | |
| 55 | name: kieserver-app-secret | |
| 56 | labels: | |
| 57 | application: "${APPLICATION_NAME}" | |
| 58 | data: | |
| 59 | keystore.jks: "/u3+7QAAAAIAAAABAAAAAQAFamJvc3MAAAFNbVtLLAAABQMwggT/MA4GCisGAQQBKgIRAQEFAASCBOsxl4wqa+E+XP8+qMZY9XLhvKrRX8V1MHdwFZQaLTEVURCizqYXoMnbhtfV0oMAUFsE7013TTA9Q2l+pSs+cqz6HH/vwjEEIkqJx5wD8WcD/bu9e9F9EHQ+zrjZFmpMFvXsvj9+ux1o/YLBDGY3kd4MoDcJy0yJ/ZpzNYLkXanlrMhWqxC7MAliCBsdyVgNn5RFb4Nn+JZgJuNSIGo/K292+0IFaFv9vsXbX889W9HPCvfO0mQIzoy8In0NhzdKli/67y4kbDkWaI0fRONckZTxNpxn6rMc0nN9zKrGVToLxj1Ufcoj/tCvR8agtPpv7KIWUqBYDg83ad+i4EE5XYISovlsl6RmtrrTb39PJcL86+wJ+x2ZrLuyzh6C9sAOdSBiKt/DY97ICIYltRMrb+cNwWdnJvT+PeYvv3vKo7YThha+akoJDjsWMp1HWpbIC9zg9ZjugU+/ao6nHtmoZmCaYjLuEE+sYl5s179uyQjE3LRc+0cVY2+bYCOD6P6JLH9GdfjkR40OhjryiWy2Md6vAGaATh6kjjreRHfSie4KCgIZx9Ngb1+uAwauYSM8d9OIwT5lRmLd4Go9CaFXtFdq/IZv3x5ZEPVqMjxcq0KXcs1QcfK3oSYL/rrkxXxKFTrd0N3KgvwATWx/KS90tdHBg65dF3PpBjK1AYQL3Q7KV3t45SVyYHd92TUsaduY1nUQk4TukNC8l9f8xYVeOFXoFHZRx9edqn8fjDMmCYn5PTPNuMPHQm7nKxeWhV2URY5jt774gmvHLNcXeEgrM7US81wOvs2y1jY/paJWn+OACf2x2a75MWFFkZH67bZoh9pPWAwOUEtegXTL5QVicHjzZrop8Qb7K7hlGgD0RP5YYOFYF4DD+SL5BHKr6fw/LS6MMJaK1wKsJd0oGg9HcHXjph9Kb+mqXrQ54C1KI42LpFftU3DCg8wGoqvg/zO/UtVeHX3rBZDUIkeQrCULEkki9oL5diDxe9mNx9Qua5FJ6FJGIffQmsC4b0+Xys6NyqUu1aeWLcAPA/5hcs6ZTiSRTHTBe3vxapyBjnAL5uij4ILbWbEGH1e0mAHBeiihRx+w4oxH4OGCvXOhwIDHETLJJUcnJe1CouECdqdfVy/eEsIfiEheVs8OwogJLiWgzB7PoebXM4SKsAWL3NcDtC1LV3KuPgFuTDH7MjPIR83eSxkKlJLMNGfEpUHyg+lm7aJ98PVIS+l1YV9oUzLfbo3S6S2sMjVgyviS90vNIPo5JOTEFHsg5aWJNHL0OV4zRUeILzwwdQz+VkTk9DobnkLWUeLnwUNWheOpaQh79Mk0IfwfLj4D0Vx9p+PShKKZCGs0wjckmCFBM5Pc1x2lwMdaP5yATzrw+jUc+/3UY4PF/4Ya66m/DRsBKEcXjVAHcTce6OdNdGlBNT8VgkxPiylwO8hvyvpf6j+wdb9iXi6eOnk0AiEJ6mUAXs/eyDD/cqQjnUBKRGLQUSdHhvtpw8RfvyVhAAxNOnBsOT0WYol9iK6pSclGTF5mZleASRzZhH69GgdebfFhXimb0j/wYj3uLgf6mrKMDwlrXJ80SiWkXxd5TX/7XtB9lbPzNpaR12M8U8UVg16VOtMwCR2Gss2vmhqQnQFLsUsAKcYM0TRp1pWqbzpGebCvJkVWiIYocN3ZI1csAhGX3G86ewAAAAEABVguNTA5AAADeTCCA3UwggJdoAMCAQICBGekovEwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMB4XDTE1MDUxOTE4MDYxOFoXDTE1MDgxNzE4MDYxOFowazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0zbGtem+If//jw0OTszIcpX4ydOCC0PeqktulYkm4pG0qEVBB+HuMj7yeTBc1KCDl2xm+Q6LPeTzUufk7BXFEg4Ru1l3PSW70LyJBfHy5ns0dYE5M1I0Avv9rvjgC1VTsiBmdXh+tIIQDPknIKpWpcs79XPOURGLvuGjfyj08EZWFvAZzYrk3lKwkceDHpYYb5i+zxFRz5K6of/h9gQ9CzslqNd7uxxvyy/yTtNFk2J797Vk3hKtbiATqc9+egEHcEQrzADejPYol5ke3DA1NPRBqFGku5n215i2eYzYvVV1xmifID/3lzvNWN0bWlOxl74VsPnWa/2JPP3hZ6p5QIDAQABoyEwHzAdBgNVHQ4EFgQURLJKk/gaSrMjDyX8iYtCzPtTBqAwDQYJKoZIhvcNAQELBQADggEBAA4ESTKsWevv40hFv11t+lGNHT16u8Xk+WnvB4Ko5sZjVhvRWTTKOEBE5bDYfMhf0esn8gg0B4Qtm4Rb5t9PeaG/0d6xxD0BIV6eWihJVtEGOH47Wf/UzfC88fqoIxZ6MMBPik/WeafvOK+HIHfZSwAmqlXgl4nNVDdMNHtBhNAvikL3osxrSbqdi3eyI7rqSpb41Lm9v+PF+vZTOGRQf22Gq30/Ie85DlqugtRKimWHJYL2HeL4ywTtQKgde6JDRCOHwbDcsl6CbMjugt3yyI7Yo9EJdKb5p6YoVOpnCz7369W9Uim+Xrl2ELZWM5WTiQFxd6S36Ql2TUk+s8zj/GoN9ov0Y/yNNCxAibwyzo94N+Q4vA==" | |
| 60 | - kind: Service | |
| 61 | apiVersion: v1 | |
| 62 | spec: | |
| 63 | ports: | |
| 64 | - port: 8080 | |
| 65 | targetPort: 8080 | |
| 66 | selector: | |
| 67 | deploymentConfig: "${APPLICATION_NAME}-rhdmcentr" | |
| 68 | metadata: | |
| 69 | name: "${APPLICATION_NAME}-rhdmcentr" | |
| 70 | labels: | |
| 71 | application: "${APPLICATION_NAME}" | |
| 72 | annotations: | |
| 73 | description: The Decision Central web server's http port. | |
| 74 | - kind: Service | |
| 75 | apiVersion: v1 | |
| 76 | spec: | |
| 77 | ports: | |
| 78 | - port: 8443 | |
| 79 | targetPort: 8443 | |
| 80 | selector: | |
| 81 | deploymentConfig: "${APPLICATION_NAME}-rhdmcentr" | |
| 82 | metadata: | |
| 83 | name: secure-${APPLICATION_NAME}-rhdmcentr | |
| 84 | labels: | |
| 85 | application: "${APPLICATION_NAME}" | |
| 86 | annotations: | |
| 87 | description: The Decision Central web server's https port. | |
| 88 | - kind: Service | |
| 89 | apiVersion: v1 | |
| 90 | spec: | |
| 91 | ports: | |
| 92 | - port: 8080 | |
| 93 | targetPort: 8080 | |
| 94 | selector: | |
| 95 | deploymentConfig: "${APPLICATION_NAME}-kieserver" | |
| 96 | metadata: | |
| 97 | name: "${APPLICATION_NAME}-kieserver" | |
| 98 | labels: | |
| 99 | application: "${APPLICATION_NAME}" | |
| 100 | annotations: | |
| 101 | description: The KIE server web server's http port. | |
| 102 | - kind: Service | |
| 103 | apiVersion: v1 | |
| 104 | spec: | |
| 105 | ports: | |
| 106 | - port: 8443 | |
| 107 | targetPort: 8443 | |
| 108 | selector: | |
| 109 | deploymentConfig: "${APPLICATION_NAME}-kieserver" | |
| 110 | metadata: | |
| 111 | name: secure-${APPLICATION_NAME}-kieserver | |
| 112 | labels: | |
| 113 | application: "${APPLICATION_NAME}" | |
| 114 | annotations: | |
| 115 | description: The KIE server web server's https port. | |
| 116 | - kind: Route | |
| 117 | apiVersion: v1 | |
| 118 | id: "${APPLICATION_NAME}-rhdmcentr-http" | |
| 119 | metadata: | |
| 120 | name: "${APPLICATION_NAME}-rhdmcentr" | |
| 121 | labels: | |
| 122 | application: "${APPLICATION_NAME}" | |
| 123 | annotations: | |
| 124 | description: Route for Decision Central's http service. | |
| 125 | haproxy.router.openshift.io/timeout: 60s | |
| 126 | spec: | |
| 127 | host: "${DECISION_CENTRAL_HOSTNAME_HTTP}" | |
| 128 | to: | |
| 129 | name: "${APPLICATION_NAME}-rhdmcentr" | |
| 130 | - kind: Route | |
| 131 | apiVersion: v1 | |
| 132 | id: "${APPLICATION_NAME}-rhdmcentr-https" | |
| 133 | metadata: | |
| 134 | name: secure-${APPLICATION_NAME}-rhdmcentr | |
| 135 | labels: | |
| 136 | application: "${APPLICATION_NAME}" | |
| 137 | annotations: | |
| 138 | description: Route for Decision Central's https service. | |
| 139 | haproxy.router.openshift.io/timeout: 60s | |
| 140 | spec: | |
| 141 | host: "${DECISION_CENTRAL_HOSTNAME_HTTPS}" | |
| 142 | to: | |
| 143 | name: secure-${APPLICATION_NAME}-rhdmcentr | |
| 144 | tls: | |
| 145 | termination: passthrough | |
| 146 | - kind: Route | |
| 147 | apiVersion: v1 | |
| 148 | id: "${APPLICATION_NAME}-kieserver-http" | |
| 149 | metadata: | |
| 150 | name: "${APPLICATION_NAME}-kieserver" | |
| 151 | labels: | |
| 152 | application: "${APPLICATION_NAME}" | |
| 153 | annotations: | |
| 154 | description: Route for KIE server's http service. | |
| 155 | spec: | |
| 156 | host: "${EXECUTION_SERVER_HOSTNAME_HTTP}" | |
| 157 | to: | |
| 158 | name: "${APPLICATION_NAME}-kieserver" | |
| 159 | - kind: Route | |
| 160 | apiVersion: v1 | |
| 161 | id: "${APPLICATION_NAME}-kieserver-https" | |
| 162 | metadata: | |
| 163 | name: secure-${APPLICATION_NAME}-kieserver | |
| 164 | labels: | |
| 165 | application: "${APPLICATION_NAME}" | |
| 166 | annotations: | |
| 167 | description: Route for KIE server's https service. | |
| 168 | spec: | |
| 169 | host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}" | |
| 170 | to: | |
| 171 | name: secure-${APPLICATION_NAME}-kieserver | |
| 172 | tls: | |
| 173 | termination: passthrough | |
| 174 | ||
| 175 | ||
| 176 | - apiVersion: v1 | |
| 177 | kind: DeploymentConfig | |
| 178 | metadata: | |
| 179 | labels: | |
| 180 | application: ${APPLICATION_NAME} | |
| 181 | name: ${APPLICATION_NAME}-rhdmcentr | |
| 182 | spec: | |
| 183 | # JA Bride: setting all DCs to paused. Will then start each one via ansible | |
| 184 | paused: true | |
| 185 | replicas: 1 | |
| 186 | selector: | |
| 187 | deploymentConfig: ${APPLICATION_NAME}-rhdmcentr | |
| 188 | strategy: | |
| 189 | # https://github.com/redhat-gpe/bxms_decision_mgmt_foundations/issues/39 | |
| 190 | type: Rolling | |
| 191 | template: | |
| 192 | metadata: | |
| 193 | labels: | |
| 194 | application: ${APPLICATION_NAME} | |
| 195 | deploymentConfig: ${APPLICATION_NAME}-rhdmcentr | |
| 196 | name: ${APPLICATION_NAME}-rhdmcentr | |
| 197 | spec: | |
| 198 | containers: | |
| 199 | - env: | |
| 200 | # Can expect -Xmx of 2458MB based on 3Gi memory limit | |
| 201 | - name: JAVA_MAX_MEM_RATIO | |
| 202 | value: "80" | |
| 203 | - name: JAVA_INITIAL_MEM_RATIO | |
| 204 | value: "0" | |
| 205 | - name: GC_MAX_METASPACE_SIZE | |
| 206 | value: "500" | |
| 207 | - name: KIE_ADMIN_PWD | |
| 208 | value: "${KIE_ADMIN_PWD}" | |
| 209 | - name: KIE_ADMIN_USER | |
| 210 | value: "${KIE_ADMIN_USER}" | |
| 211 | - name: KIE_MBEANS | |
| 212 | value: "${KIE_MBEANS}" | |
| 213 | - name: KIE_SERVER_CONTROLLER_PWD | |
| 214 | value: "${KIE_SERVER_CONTROLLER_PWD}" | |
| 215 | - name: KIE_SERVER_CONTROLLER_USER | |
| 216 | value: "${KIE_SERVER_CONTROLLER_USER}" | |
| 217 | - name: KIE_SERVER_PWD | |
| 218 | value: "${KIE_SERVER_PWD}" | |
| 219 | - name: KIE_SERVER_USER | |
| 220 | value: "${KIE_SERVER_USER}" | |
| 221 | - name: HTTPS_KEYSTORE_DIR | |
| 222 | value: "/etc/decisioncentral-secret-volume" | |
| 223 | - name: HTTPS_KEYSTORE | |
| 224 | value: "${DECISION_CENTRAL_HTTPS_KEYSTORE}" | |
| 225 | - name: HTTPS_NAME | |
| 226 | value: "${DECISION_CENTRAL_HTTPS_NAME}" | |
| 227 | - name: HTTPS_PASSWORD | |
| 228 | value: "${DECISION_CENTRAL_HTTPS_PASSWORD}" | |
| 229 | - name: ADMIN_USERNAME | |
| 230 | value: "${ADMIN_USERNAME}" | |
| 231 | - name: ADMIN_PASSWORD | |
| 232 | value: "${ADMIN_PASSWORD}" | |
| 233 | - name: PROBE_IMPL | |
| 234 | value: probe.eap.jolokia.EapProbe | |
| 235 | - name: PROBE_DISABLE_BOOT_ERRORS_CHECK | |
| 236 | value: 'true' | |
| 237 | # dtorresf: Enable ssh access through external tools like JBDS | |
| 238 | - name: JAVA_OPTS_APPEND | |
| 239 | value: '-Dorg.uberfire.nio.git.ssh.algorithm=RSA -Dorg.uberfire.nio.git.ssh.host=0.0.0.0' | |
| 240 | image: rhdm70-decisioncentral-openshift:1.0 | |
| 241 | imagePullPolicy: Always | |
| 242 | livenessProbe: | |
| 243 | exec: | |
| 244 | command: | |
| 245 | - /bin/bash | |
| 246 | - -c | |
| 247 | - /opt/eap/bin/livenessProbe.sh | |
| 248 | ||
| 249 | # JA Bride: Bumping up resources | |
| 250 | resources: | |
| 251 | limits: | |
| 252 | cpu: "1" | |
| 253 | # Utilized when determining -XmX | |
| 254 | memory: 3Gi | |
| 255 | requests: | |
| 256 | cpu: "1" | |
| 257 | memory: 2Gi | |
| 258 | ||
| 259 | name: ${APPLICATION_NAME}-rhdmcentr | |
| 260 | ports: | |
| 261 | - containerPort: 8778 | |
| 262 | name: jolokia | |
| 263 | protocol: TCP | |
| 264 | - containerPort: 8080 | |
| 265 | name: http | |
| 266 | protocol: TCP | |
| 267 | - containerPort: 8443 | |
| 268 | name: https | |
| 269 | protocol: TCP | |
| 270 | readinessProbe: | |
| 271 | exec: | |
| 272 | command: | |
| 273 | - /bin/bash | |
| 274 | - -c | |
| 275 | - /opt/eap/bin/readinessProbe.sh | |
| 276 | volumeMounts: | |
| 277 | - mountPath: /etc/decisioncentral-secret-volume | |
| 278 | name: decisioncentral-keystore-volume | |
| 279 | readOnly: true | |
| 280 | - name: "${APPLICATION_NAME}-rhdmcentr-pvol" | |
| 281 | mountPath: "/opt/eap/standalone/data/bpmsuite" | |
| 282 | serviceAccountName: decisioncentral-service-account | |
| 283 | terminationGracePeriodSeconds: 60 | |
| 284 | volumes: | |
| 285 | - name: decisioncentral-keystore-volume | |
| 286 | secret: | |
| 287 | secretName: ${DECISION_CENTRAL_HTTPS_SECRET} | |
| 288 | - name: "${APPLICATION_NAME}-rhdmcentr-pvol" | |
| 289 | persistentVolumeClaim: | |
| 290 | claimName: "${APPLICATION_NAME}-rhdmcentr-claim" | |
| 291 | triggers: | |
| 292 | - imageChangeParams: | |
| 293 | automatic: true | |
| 294 | containerNames: | |
| 295 | - ${APPLICATION_NAME}-rhdmcentr | |
| 296 | from: | |
| 297 | kind: ImageStreamTag | |
| 298 | name: rhdm70-decisioncentral-openshift:1.0 | |
| 299 | namespace: ${RHT_IMAGE_STREAM_NAMESPACE} | |
| 300 | type: ImageChange | |
| 301 | - type: ConfigChange | |
| 302 | ||
| 303 | # JA Bride: Defining a BC to layer custom run script on kieserver image | |
| 304 | - apiVersion: v1 | |
| 305 | kind: BuildConfig | |
| 306 | metadata: | |
| 307 | labels: | |
| 308 | application: ${APPLICATION_NAME} | |
| 309 | name: ${APPLICATION_NAME}-custom-kieserver | |
| 310 | spec: | |
| 311 | output: | |
| 312 | to: | |
| 313 | kind: ImageStreamTag | |
| 314 | name: custom-kieserver:latest | |
| 315 | postCommit: {} | |
| 316 | ||
| 317 | # JA Bride: Bumping up limit and request so tht node app builds in a timely manner without timing out | |
| 318 | resources: | |
| 319 | limits: | |
| 320 | cpu: "1" | |
| 321 | memory: 1Gi | |
| 322 | requests: | |
| 323 | cpu: "1" | |
| 324 | memory: 1Gi | |
| 325 | ||
| 326 | # JA Bride: The BPM exec server build config object is comprised of the bpmsuite7 exec server layered with the source code of this project. | |
| 327 | # The only thing this project source code does is provide a run script to customize the standalone-openshift.xml config file of JBoss EAP. | |
| 328 | runPolicy: Serial | |
| 329 | source: | |
| 330 | contextDir: exec-server | |
| 331 | git: | |
| 332 | ref: master | |
| 333 | type: Git | |
| 334 | uri: https://github.com/gpe-mw-training/bxms_decision_mgmt_foundations_lab.git | |
| 335 | strategy: | |
| 336 | sourceStrategy: | |
| 337 | from: | |
| 338 | kind: ImageStreamTag | |
| 339 | name: rhdm70-kieserver-openshift:1.0 | |
| 340 | namespace: ${RHT_IMAGE_STREAM_NAMESPACE} | |
| 341 | type: Source | |
| 342 | triggers: | |
| 343 | - type: ImageChange | |
| 344 | - type: ConfigChange | |
| 345 | ||
| 346 | # JA Bride: imagestream for customized kieserver created from BC resource defined in this template | |
| 347 | - apiVersion: v1 | |
| 348 | kind: ImageStream | |
| 349 | metadata: | |
| 350 | labels: | |
| 351 | application: ${APPLICATION_NAME} | |
| 352 | name: custom-kieserver | |
| 353 | spec: | |
| 354 | lookupPolicy: | |
| 355 | local: false | |
| 356 | ||
| 357 | # dtorresf: Having the ConfigMap in the same template to reduce instantiation steps | |
| 358 | - apiVersion: v1 | |
| 359 | kind: ConfigMap | |
| 360 | data: | |
| 361 | undertow-cors.cli: > | |
| 362 | batch | |
| 363 | ||
| 364 | /subsystem=undertow/configuration=filter/response-header=Access-Control-Allow-Origin:add(header-name="Access-Control-Allow-Origin", | |
| 365 | header-value="*") | |
| 366 | ||
| 367 | /subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Allow-Origin/:add() | |
| 368 | ||
| 369 | /subsystem=undertow/configuration=filter/response-header=Access-Control-Allow-Methods:add(header-name="Access-Control-Allow-Methods", | |
| 370 | header-value="GET, POST, OPTIONS, PUT, DELETE") | |
| 371 | ||
| 372 | /subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Allow-Methods/:add() | |
| 373 | ||
| 374 | /subsystem=undertow/configuration=filter/response-header=Access-Control-Allow-Headers:add(header-name="Access-Control-Allow-Headers", | |
| 375 | header-value="accept, authorization, content-type, x-requested-with") | |
| 376 | ||
| 377 | /subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Allow-Headers/:add() | |
| 378 | ||
| 379 | /subsystem=undertow/configuration=filter/response-header=Access-Control-Allow-Credentials:add(header-name="Access-Control-Allow-Credentials", | |
| 380 | header-value="true") | |
| 381 | ||
| 382 | /subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Allow-Credentials/:add() | |
| 383 | ||
| 384 | /subsystem=undertow/configuration=filter/response-header=Access-Control-Max-Age:add(header-name="Access-Control-Max-Age", | |
| 385 | header-value="2") | |
| 386 | ||
| 387 | /subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Max-Age/:add() | |
| 388 | ||
| 389 | run-batch | |
| 390 | metadata: | |
| 391 | labels: | |
| 392 | application: ${APPLICATION_NAME} | |
| 393 | name: undertow-cors | |
| 394 | ||
| 395 | - apiVersion: v1 | |
| 396 | kind: DeploymentConfig | |
| 397 | metadata: | |
| 398 | labels: | |
| 399 | application: ${APPLICATION_NAME} | |
| 400 | name: ${APPLICATION_NAME}-kieserver | |
| 401 | spec: | |
| 402 | # JA Bride: setting all DCs to paused. Will then start each one via ansible | |
| 403 | paused: true | |
| 404 | replicas: 1 | |
| 405 | selector: | |
| 406 | deploymentConfig: ${APPLICATION_NAME}-kieserver | |
| 407 | strategy: | |
| 408 | # https://github.com/redhat-gpe/bxms_decision_mgmt_foundations/issues/39 | |
| 409 | type: Rolling | |
| 410 | template: | |
| 411 | metadata: | |
| 412 | labels: | |
| 413 | application: ${APPLICATION_NAME} | |
| 414 | deploymentConfig: ${APPLICATION_NAME}-kieserver | |
| 415 | name: ${APPLICATION_NAME}-kieserver | |
| 416 | spec: | |
| 417 | containers: | |
| 418 | - env: | |
| 419 | # Can expect -Xmx of 1600MB based on 2Gi memory limit | |
| 420 | - name: JAVA_MAX_MEM_RATIO | |
| 421 | value: "80" | |
| 422 | - name: JAVA_INITIAL_MEM_RATIO | |
| 423 | value: "0" | |
| 424 | - name: DROOLS_SERVER_FILTER_CLASSES | |
| 425 | value: "${DROOLS_SERVER_FILTER_CLASSES}" | |
| 426 | - name: KIE_ADMIN_PWD | |
| 427 | value: "${KIE_ADMIN_PWD}" | |
| 428 | - name: KIE_ADMIN_USER | |
| 429 | value: "${KIE_ADMIN_USER}" | |
| 430 | - name: KIE_MBEANS | |
| 431 | value: "${KIE_MBEANS}" | |
| 432 | - name: KIE_SERVER_BYPASS_AUTH_USER | |
| 433 | value: "${KIE_SERVER_BYPASS_AUTH_USER}" | |
| 434 | - name: KIE_SERVER_CONTROLLER_PWD | |
| 435 | value: "${KIE_SERVER_CONTROLLER_PWD}" | |
| 436 | - name: KIE_SERVER_CONTROLLER_SERVICE | |
| 437 | value: "${APPLICATION_NAME}-rhdmcentr" | |
| 438 | - name: KIE_SERVER_CONTROLLER_USER | |
| 439 | value: "${KIE_SERVER_CONTROLLER_USER}" | |
| 440 | - name: KIE_SERVER_HOST | |
| 441 | valueFrom: | |
| 442 | fieldRef: | |
| 443 | fieldPath: status.podIP | |
| 444 | - name: KIE_SERVER_PWD | |
| 445 | value: "${KIE_SERVER_PWD}" | |
| 446 | - name: KIE_SERVER_USER | |
| 447 | value: "${KIE_SERVER_USER}" | |
| 448 | - name: MAVEN_REPO_URL | |
| 449 | value: "${MAVEN_REPO_URL}" | |
| 450 | - name: MAVEN_REPO_SERVICE | |
| 451 | value: "${APPLICATION_NAME}-rhdmcentr" | |
| 452 | - name: MAVEN_REPO_PATH | |
| 453 | value: "/maven2/" | |
| 454 | - name: MAVEN_REPO_USERNAME | |
| 455 | value: "${MAVEN_REPO_USERNAME}" | |
| 456 | - name: MAVEN_REPO_PASSWORD | |
| 457 | value: "${MAVEN_REPO_PASSWORD}" | |
| 458 | - name: HTTPS_KEYSTORE_DIR | |
| 459 | value: "/etc/kieserver-secret-volume" | |
| 460 | - name: HTTPS_KEYSTORE | |
| 461 | value: "${KIE_SERVER_HTTPS_KEYSTORE}" | |
| 462 | - name: HTTPS_NAME | |
| 463 | value: "${KIE_SERVER_HTTPS_NAME}" | |
| 464 | - name: HTTPS_PASSWORD | |
| 465 | value: "${KIE_SERVER_HTTPS_PASSWORD}" | |
| 466 | image: custom-kieserver:latest | |
| 467 | imagePullPolicy: Always | |
| 468 | livenessProbe: | |
| 469 | exec: | |
| 470 | command: | |
| 471 | - /bin/bash | |
| 472 | - -c | |
| 473 | - /opt/eap/bin/livenessProbe.sh | |
| 474 | resources: | |
| 475 | limits: | |
| 476 | cpu: "1" | |
| 477 | memory: 2Gi | |
| 478 | requests: | |
| 479 | cpu: "1" | |
| 480 | memory: 1Gi | |
| 481 | ||
| 482 | name: ${APPLICATION_NAME}-kieserver | |
| 483 | ports: | |
| 484 | - containerPort: 8778 | |
| 485 | name: jolokia | |
| 486 | protocol: TCP | |
| 487 | - containerPort: 8080 | |
| 488 | name: http | |
| 489 | protocol: TCP | |
| 490 | - containerPort: 8443 | |
| 491 | name: https | |
| 492 | protocol: TCP | |
| 493 | readinessProbe: | |
| 494 | exec: | |
| 495 | command: | |
| 496 | - /bin/bash | |
| 497 | - -c | |
| 498 | - /opt/eap/bin/readinessProbe.sh | |
| 499 | volumeMounts: | |
| 500 | - mountPath: /etc/kieserver-secret-volume | |
| 501 | name: kieserver-keystore-volume | |
| 502 | readOnly: true | |
| 503 | - mountPath: /data | |
| 504 | name: cors-volume | |
| 505 | serviceAccountName: decisioncentral-service-account | |
| 506 | terminationGracePeriodSeconds: 60 | |
| 507 | volumes: | |
| 508 | - name: kieserver-keystore-volume | |
| 509 | secret: | |
| 510 | secretName: ${KIE_SERVER_HTTPS_SECRET} | |
| 511 | - configMap: | |
| 512 | name: undertow-cors | |
| 513 | name: cors-volume | |
| 514 | triggers: | |
| 515 | - imageChangeParams: | |
| 516 | automatic: true | |
| 517 | containerNames: | |
| 518 | - ${APPLICATION_NAME}-kieserver | |
| 519 | from: | |
| 520 | kind: ImageStreamTag | |
| 521 | name: custom-kieserver:latest | |
| 522 | type: ImageChange | |
| 523 | - type: ConfigChange | |
| 524 | - apiVersion: v1 | |
| 525 | kind: PersistentVolumeClaim | |
| 526 | metadata: | |
| 527 | name: "${APPLICATION_NAME}-rhdmcentr-claim" | |
| 528 | labels: | |
| 529 | application: ${APPLICATION_NAME} | |
| 530 | spec: | |
| 531 | accessModes: | |
| 532 | - ReadWriteOnce | |
| 533 | resources: | |
| 534 | requests: | |
| 535 | storage: "${DECISION_CENTRAL_VOLUME_CAPACITY}" | |
| 536 | ||
| 537 | ||
| 538 | parameters: | |
| 539 | - displayName: Application Name | |
| 540 | description: The name for the application. | |
| 541 | name: APPLICATION_NAME | |
| 542 | value: myapp | |
| 543 | required: true | |
| 544 | - displayName: EAP Admin User | |
| 545 | description: EAP administrator username | |
| 546 | name: ADMIN_USERNAME | |
| 547 | value: eapadmin | |
| 548 | required: false | |
| 549 | - displayName: EAP Admin Password | |
| 550 | description: EAP administrator password | |
| 551 | name: ADMIN_PASSWORD | |
| 552 | from: "[a-zA-Z]{6}[0-9]{1}!" | |
| 553 | generate: expression | |
| 554 | required: false | |
| 555 | - displayName: KIE Admin User | |
| 556 | description: KIE administrator username | |
| 557 | name: KIE_ADMIN_USER | |
| 558 | value: adminUser | |
| 559 | required: false | |
| 560 | - displayName: KIE Admin Password | |
| 561 | description: KIE administrator password | |
| 562 | name: KIE_ADMIN_PWD | |
| 563 | from: "[a-zA-Z]{6}[0-9]{1}!" | |
| 564 | generate: expression | |
| 565 | required: false | |
| 566 | - displayName: KIE Server Controller User | |
| 567 | description: KIE server controller username (Sets the org.kie.server.controller.user system property) | |
| 568 | name: KIE_SERVER_CONTROLLER_USER | |
| 569 | value: controllerUser | |
| 570 | required: false | |
| 571 | - displayName: KIE Server Controller Password | |
| 572 | description: KIE server controller password (Sets the org.kie.server.controller.pwd system property) | |
| 573 | name: KIE_SERVER_CONTROLLER_PWD | |
| 574 | from: "[a-zA-Z]{6}[0-9]{1}!" | |
| 575 | generate: expression | |
| 576 | required: false | |
| 577 | - displayName: KIE Server User | |
| 578 | description: KIE execution server username (Sets the org.kie.server.user system property) | |
| 579 | name: KIE_SERVER_USER | |
| 580 | value: executionUser | |
| 581 | required: false | |
| 582 | - displayName: KIE Server Password | |
| 583 | description: KIE execution server password (Sets the org.kie.server.pwd system property) | |
| 584 | name: KIE_SERVER_PWD | |
| 585 | from: "[a-zA-Z]{6}[0-9]{1}!" | |
| 586 | generate: expression | |
| 587 | required: false | |
| 588 | - displayName: KIE Server Bypass Auth User | |
| 589 | description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property) | |
| 590 | name: KIE_SERVER_BYPASS_AUTH_USER | |
| 591 | value: 'false' | |
| 592 | required: false | |
| 593 | - displayName: KIE MBeans | |
| 594 | description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties) | |
| 595 | name: KIE_MBEANS | |
| 596 | value: enabled | |
| 597 | required: false | |
| 598 | - displayName: Drools Server Filter Classes | |
| 599 | description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property) | |
| 600 | name: DROOLS_SERVER_FILTER_CLASSES | |
| 601 | value: 'true' | |
| 602 | required: false | |
| 603 | - displayName: Decision Central Custom http Route Hostname | |
| 604 | description: 'Custom hostname for http service route. Leave blank for default hostname, | |
| 605 | e.g.: <application-name>-rhdmcentr-<project>.<default-domain-suffix>' | |
| 606 | name: DECISION_CENTRAL_HOSTNAME_HTTP | |
| 607 | value: '' | |
| 608 | required: false | |
| 609 | - displayName: Decision Central Custom https Route Hostname | |
| 610 | description: 'Custom hostname for https service route. Leave blank for default | |
| 611 | hostname, e.g.: secure-<application-name>-rhdmcentr-<project>.<default-domain-suffix>' | |
| 612 | name: DECISION_CENTRAL_HOSTNAME_HTTPS | |
| 613 | value: '' | |
| 614 | required: false | |
| 615 | - displayName: Execution Server Custom http Route Hostname | |
| 616 | description: 'Custom hostname for http service route. Leave blank for default hostname, | |
| 617 | e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>' | |
| 618 | name: EXECUTION_SERVER_HOSTNAME_HTTP | |
| 619 | value: '' | |
| 620 | required: false | |
| 621 | - displayName: Execution Server Custom https Route Hostname | |
| 622 | description: 'Custom hostname for https service route. Leave blank for default | |
| 623 | hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>' | |
| 624 | name: EXECUTION_SERVER_HOSTNAME_HTTPS | |
| 625 | value: '' | |
| 626 | required: false | |
| 627 | - displayName: Decision Central Server Keystore Secret Name | |
| 628 | description: The name of the secret containing the keystore file | |
| 629 | name: DECISION_CENTRAL_HTTPS_SECRET | |
| 630 | value: decisioncentral-app-secret | |
| 631 | required: false | |
| 632 | - displayName: Decision Central Server Keystore Filename | |
| 633 | description: The name of the keystore file within the secret | |
| 634 | name: DECISION_CENTRAL_HTTPS_KEYSTORE | |
| 635 | value: keystore.jks | |
| 636 | required: false | |
| 637 | - displayName: Decision Central Server Certificate Name | |
| 638 | description: The name associated with the server certificate | |
| 639 | name: DECISION_CENTRAL_HTTPS_NAME | |
| 640 | value: jboss | |
| 641 | required: false | |
| 642 | - displayName: Decision Central Server Keystore Password | |
| 643 | description: The password for the keystore and certificate | |
| 644 | name: DECISION_CENTRAL_HTTPS_PASSWORD | |
| 645 | value: mykeystorepass | |
| 646 | required: false | |
| 647 | - displayName: KIE Server Keystore Secret Name | |
| 648 | description: The name of the secret containing the keystore file | |
| 649 | name: KIE_SERVER_HTTPS_SECRET | |
| 650 | value: kieserver-app-secret | |
| 651 | required: false | |
| 652 | - displayName: KIE Server Keystore Filename | |
| 653 | description: The name of the keystore file within the secret | |
| 654 | name: KIE_SERVER_HTTPS_KEYSTORE | |
| 655 | value: keystore.jks | |
| 656 | required: false | |
| 657 | - displayName: KIE Server Certificate Name | |
| 658 | description: The name associated with the server certificate | |
| 659 | name: KIE_SERVER_HTTPS_NAME | |
| 660 | value: jboss | |
| 661 | required: false | |
| 662 | - displayName: KIE Server Keystore Password | |
| 663 | description: The password for the keystore and certificate | |
| 664 | name: KIE_SERVER_HTTPS_PASSWORD | |
| 665 | value: mykeystorepass | |
| 666 | required: false | |
| 667 | - displayName: RHT ImageStream Namespace | |
| 668 | description: Namespace in which the ImageStreams for Red Hat Middleware images are | |
| 669 | installed. These ImageStreams are normally installed in the openshift namespace. | |
| 670 | You should only need to modify this if you've installed the ImageStreams in a | |
| 671 | different namespace/project. | |
| 672 | name: RHT_IMAGE_STREAM_NAMESPACE | |
| 673 | value: openshift | |
| 674 | required: true | |
| 675 | - displayName: Maven repository URL | |
| 676 | description: Fully qualified URL to a Maven repository. If unspecified, will fall back to Decision Central service. | |
| 677 | name: MAVEN_REPO_URL | |
| 678 | required: false | |
| 679 | - displayName: Maven repository username | |
| 680 | description: Username to access the Maven repository. If using Decision Central, will have to match KIE_ADMIN_USER. | |
| 681 | Default is "adminUser". | |
| 682 | name: MAVEN_REPO_USERNAME | |
| 683 | value: adminUser | |
| 684 | required: false | |
| 685 | - displayName: Maven repository password | |
| 686 | description: Password to access the Maven repository. If using Decision Central, will have to match KIE_ADMIN_PWD. | |
| 687 | No default specified. | |
| 688 | name: MAVEN_REPO_PASSWORD | |
| 689 | required: false | |
| 690 | - displayName: Decision Central Volume Capacity | |
| 691 | description: Size of the persistent storage for Decision Central's runtime data. | |
| 692 | name: DECISION_CENTRAL_VOLUME_CAPACITY | |
| 693 | value: 512Mi | |
| 694 | required: true | |
