apiVersion: v1
|
kind: Template
|
labels:
|
template: rhdm7-full-ng
|
xpaas: 1.4.0
|
message: A new persistent Decision Manager applications have been created in your project.
|
The username/password for accessing the KIE Server / Decision Central interface is ${KIE_ADMIN_USER}/${KIE_ADMIN_PWD}.
|
Please be sure to create the "decisioncentral-service-account" and "kieserver-service-account" service accounts
|
and the secrets named "${DECISION_CENTRAL_HTTPS_SECRET}" and "${KIE_SERVER_HTTPS_SECRET}" containing the
|
${DECISION_CENTRAL_HTTPS_KEYSTORE} and ${KIE_SERVER_HTTPS_KEYSTORE}files used for serving secure content.
|
metadata:
|
annotations:
|
description: Application template for Red Hat JBoss Decision Management 7.0.
|
iconClass: icon-jboss
|
openshift.io/display-name: Red Hat Decision Manager 7.0 applications (Persistent with https)
|
tags: rhdm,jboss,xpaas
|
version: 1.4.0
|
name: rhdm7-full-ng
|
objects:
|
# dtorresf: Adding the service account and secrets to the template.
|
# I like having a more centralized approach for all the required assets to
|
# instantiate the environment, instead of having to break into different
|
# execution steps.
|
- kind: ServiceAccount
|
apiVersion: v1
|
metadata:
|
name: decisioncentral-service-account
|
labels:
|
application: "${APPLICATION_NAME}"
|
secrets:
|
- name: decisioncentral-app-secret
|
- kind: Secret
|
apiVersion: v1
|
metadata:
|
annotations:
|
description: Default secret file with name 'jboss' and password 'mykeystorepass'
|
name: decisioncentral-app-secret
|
labels:
|
application: "${APPLICATION_NAME}"
|
data:
|
keystore.jks: "/u3+7QAAAAIAAAABAAAAAQAFamJvc3MAAAFNbVtLLAAABQMwggT/MA4GCisGAQQBKgIRAQEFAASCBOsxl4wqa+E+XP8+qMZY9XLhvKrRX8V1MHdwFZQaLTEVURCizqYXoMnbhtfV0oMAUFsE7013TTA9Q2l+pSs+cqz6HH/vwjEEIkqJx5wD8WcD/bu9e9F9EHQ+zrjZFmpMFvXsvj9+ux1o/YLBDGY3kd4MoDcJy0yJ/ZpzNYLkXanlrMhWqxC7MAliCBsdyVgNn5RFb4Nn+JZgJuNSIGo/K292+0IFaFv9vsXbX889W9HPCvfO0mQIzoy8In0NhzdKli/67y4kbDkWaI0fRONckZTxNpxn6rMc0nN9zKrGVToLxj1Ufcoj/tCvR8agtPpv7KIWUqBYDg83ad+i4EE5XYISovlsl6RmtrrTb39PJcL86+wJ+x2ZrLuyzh6C9sAOdSBiKt/DY97ICIYltRMrb+cNwWdnJvT+PeYvv3vKo7YThha+akoJDjsWMp1HWpbIC9zg9ZjugU+/ao6nHtmoZmCaYjLuEE+sYl5s179uyQjE3LRc+0cVY2+bYCOD6P6JLH9GdfjkR40OhjryiWy2Md6vAGaATh6kjjreRHfSie4KCgIZx9Ngb1+uAwauYSM8d9OIwT5lRmLd4Go9CaFXtFdq/IZv3x5ZEPVqMjxcq0KXcs1QcfK3oSYL/rrkxXxKFTrd0N3KgvwATWx/KS90tdHBg65dF3PpBjK1AYQL3Q7KV3t45SVyYHd92TUsaduY1nUQk4TukNC8l9f8xYVeOFXoFHZRx9edqn8fjDMmCYn5PTPNuMPHQm7nKxeWhV2URY5jt774gmvHLNcXeEgrM7US81wOvs2y1jY/paJWn+OACf2x2a75MWFFkZH67bZoh9pPWAwOUEtegXTL5QVicHjzZrop8Qb7K7hlGgD0RP5YYOFYF4DD+SL5BHKr6fw/LS6MMJaK1wKsJd0oGg9HcHXjph9Kb+mqXrQ54C1KI42LpFftU3DCg8wGoqvg/zO/UtVeHX3rBZDUIkeQrCULEkki9oL5diDxe9mNx9Qua5FJ6FJGIffQmsC4b0+Xys6NyqUu1aeWLcAPA/5hcs6ZTiSRTHTBe3vxapyBjnAL5uij4ILbWbEGH1e0mAHBeiihRx+w4oxH4OGCvXOhwIDHETLJJUcnJe1CouECdqdfVy/eEsIfiEheVs8OwogJLiWgzB7PoebXM4SKsAWL3NcDtC1LV3KuPgFuTDH7MjPIR83eSxkKlJLMNGfEpUHyg+lm7aJ98PVIS+l1YV9oUzLfbo3S6S2sMjVgyviS90vNIPo5JOTEFHsg5aWJNHL0OV4zRUeILzwwdQz+VkTk9DobnkLWUeLnwUNWheOpaQh79Mk0IfwfLj4D0Vx9p+PShKKZCGs0wjckmCFBM5Pc1x2lwMdaP5yATzrw+jUc+/3UY4PF/4Ya66m/DRsBKEcXjVAHcTce6OdNdGlBNT8VgkxPiylwO8hvyvpf6j+wdb9iXi6eOnk0AiEJ6mUAXs/eyDD/cqQjnUBKRGLQUSdHhvtpw8RfvyVhAAxNOnBsOT0WYol9iK6pSclGTF5mZleASRzZhH69GgdebfFhXimb0j/wYj3uLgf6mrKMDwlrXJ80SiWkXxd5TX/7XtB9lbPzNpaR12M8U8UVg16VOtMwCR2Gss2vmhqQnQFLsUsAKcYM0TRp1pWqbzpGebCvJkVWiIYocN3ZI1csAhGX3G86ewAAAAEABVguNTA5AAADeTCCA3UwggJdoAMCAQICBGekovEwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMB4XDTE1MDUxOTE4MDYxOFoXDTE1MDgxNzE4MDYxOFowazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0zbGtem+If//jw0OTszIcpX4ydOCC0PeqktulYkm4pG0qEVBB+HuMj7yeTBc1KCDl2xm+Q6LPeTzUufk7BXFEg4Ru1l3PSW70LyJBfHy5ns0dYE5M1I0Avv9rvjgC1VTsiBmdXh+tIIQDPknIKpWpcs79XPOURGLvuGjfyj08EZWFvAZzYrk3lKwkceDHpYYb5i+zxFRz5K6of/h9gQ9CzslqNd7uxxvyy/yTtNFk2J797Vk3hKtbiATqc9+egEHcEQrzADejPYol5ke3DA1NPRBqFGku5n215i2eYzYvVV1xmifID/3lzvNWN0bWlOxl74VsPnWa/2JPP3hZ6p5QIDAQABoyEwHzAdBgNVHQ4EFgQURLJKk/gaSrMjDyX8iYtCzPtTBqAwDQYJKoZIhvcNAQELBQADggEBAA4ESTKsWevv40hFv11t+lGNHT16u8Xk+WnvB4Ko5sZjVhvRWTTKOEBE5bDYfMhf0esn8gg0B4Qtm4Rb5t9PeaG/0d6xxD0BIV6eWihJVtEGOH47Wf/UzfC88fqoIxZ6MMBPik/WeafvOK+HIHfZSwAmqlXgl4nNVDdMNHtBhNAvikL3osxrSbqdi3eyI7rqSpb41Lm9v+PF+vZTOGRQf22Gq30/Ie85DlqugtRKimWHJYL2HeL4ywTtQKgde6JDRCOHwbDcsl6CbMjugt3yyI7Yo9EJdKb5p6YoVOpnCz7369W9Uim+Xrl2ELZWM5WTiQFxd6S36Ql2TUk+s8zj/GoN9ov0Y/yNNCxAibwyzo94N+Q4vA=="
|
- kind: ServiceAccount
|
apiVersion: v1
|
metadata:
|
name: kieserver-service-account
|
labels:
|
application: "${APPLICATION_NAME}"
|
secrets:
|
- name: kieserver-app-secret
|
- kind: Secret
|
apiVersion: v1
|
metadata:
|
annotations:
|
description: Default secret file with name 'jboss' and password 'mykeystorepass'
|
name: kieserver-app-secret
|
labels:
|
application: "${APPLICATION_NAME}"
|
data:
|
keystore.jks: "/u3+7QAAAAIAAAABAAAAAQAFamJvc3MAAAFNbVtLLAAABQMwggT/MA4GCisGAQQBKgIRAQEFAASCBOsxl4wqa+E+XP8+qMZY9XLhvKrRX8V1MHdwFZQaLTEVURCizqYXoMnbhtfV0oMAUFsE7013TTA9Q2l+pSs+cqz6HH/vwjEEIkqJx5wD8WcD/bu9e9F9EHQ+zrjZFmpMFvXsvj9+ux1o/YLBDGY3kd4MoDcJy0yJ/ZpzNYLkXanlrMhWqxC7MAliCBsdyVgNn5RFb4Nn+JZgJuNSIGo/K292+0IFaFv9vsXbX889W9HPCvfO0mQIzoy8In0NhzdKli/67y4kbDkWaI0fRONckZTxNpxn6rMc0nN9zKrGVToLxj1Ufcoj/tCvR8agtPpv7KIWUqBYDg83ad+i4EE5XYISovlsl6RmtrrTb39PJcL86+wJ+x2ZrLuyzh6C9sAOdSBiKt/DY97ICIYltRMrb+cNwWdnJvT+PeYvv3vKo7YThha+akoJDjsWMp1HWpbIC9zg9ZjugU+/ao6nHtmoZmCaYjLuEE+sYl5s179uyQjE3LRc+0cVY2+bYCOD6P6JLH9GdfjkR40OhjryiWy2Md6vAGaATh6kjjreRHfSie4KCgIZx9Ngb1+uAwauYSM8d9OIwT5lRmLd4Go9CaFXtFdq/IZv3x5ZEPVqMjxcq0KXcs1QcfK3oSYL/rrkxXxKFTrd0N3KgvwATWx/KS90tdHBg65dF3PpBjK1AYQL3Q7KV3t45SVyYHd92TUsaduY1nUQk4TukNC8l9f8xYVeOFXoFHZRx9edqn8fjDMmCYn5PTPNuMPHQm7nKxeWhV2URY5jt774gmvHLNcXeEgrM7US81wOvs2y1jY/paJWn+OACf2x2a75MWFFkZH67bZoh9pPWAwOUEtegXTL5QVicHjzZrop8Qb7K7hlGgD0RP5YYOFYF4DD+SL5BHKr6fw/LS6MMJaK1wKsJd0oGg9HcHXjph9Kb+mqXrQ54C1KI42LpFftU3DCg8wGoqvg/zO/UtVeHX3rBZDUIkeQrCULEkki9oL5diDxe9mNx9Qua5FJ6FJGIffQmsC4b0+Xys6NyqUu1aeWLcAPA/5hcs6ZTiSRTHTBe3vxapyBjnAL5uij4ILbWbEGH1e0mAHBeiihRx+w4oxH4OGCvXOhwIDHETLJJUcnJe1CouECdqdfVy/eEsIfiEheVs8OwogJLiWgzB7PoebXM4SKsAWL3NcDtC1LV3KuPgFuTDH7MjPIR83eSxkKlJLMNGfEpUHyg+lm7aJ98PVIS+l1YV9oUzLfbo3S6S2sMjVgyviS90vNIPo5JOTEFHsg5aWJNHL0OV4zRUeILzwwdQz+VkTk9DobnkLWUeLnwUNWheOpaQh79Mk0IfwfLj4D0Vx9p+PShKKZCGs0wjckmCFBM5Pc1x2lwMdaP5yATzrw+jUc+/3UY4PF/4Ya66m/DRsBKEcXjVAHcTce6OdNdGlBNT8VgkxPiylwO8hvyvpf6j+wdb9iXi6eOnk0AiEJ6mUAXs/eyDD/cqQjnUBKRGLQUSdHhvtpw8RfvyVhAAxNOnBsOT0WYol9iK6pSclGTF5mZleASRzZhH69GgdebfFhXimb0j/wYj3uLgf6mrKMDwlrXJ80SiWkXxd5TX/7XtB9lbPzNpaR12M8U8UVg16VOtMwCR2Gss2vmhqQnQFLsUsAKcYM0TRp1pWqbzpGebCvJkVWiIYocN3ZI1csAhGX3G86ewAAAAEABVguNTA5AAADeTCCA3UwggJdoAMCAQICBGekovEwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMB4XDTE1MDUxOTE4MDYxOFoXDTE1MDgxNzE4MDYxOFowazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0zbGtem+If//jw0OTszIcpX4ydOCC0PeqktulYkm4pG0qEVBB+HuMj7yeTBc1KCDl2xm+Q6LPeTzUufk7BXFEg4Ru1l3PSW70LyJBfHy5ns0dYE5M1I0Avv9rvjgC1VTsiBmdXh+tIIQDPknIKpWpcs79XPOURGLvuGjfyj08EZWFvAZzYrk3lKwkceDHpYYb5i+zxFRz5K6of/h9gQ9CzslqNd7uxxvyy/yTtNFk2J797Vk3hKtbiATqc9+egEHcEQrzADejPYol5ke3DA1NPRBqFGku5n215i2eYzYvVV1xmifID/3lzvNWN0bWlOxl74VsPnWa/2JPP3hZ6p5QIDAQABoyEwHzAdBgNVHQ4EFgQURLJKk/gaSrMjDyX8iYtCzPtTBqAwDQYJKoZIhvcNAQELBQADggEBAA4ESTKsWevv40hFv11t+lGNHT16u8Xk+WnvB4Ko5sZjVhvRWTTKOEBE5bDYfMhf0esn8gg0B4Qtm4Rb5t9PeaG/0d6xxD0BIV6eWihJVtEGOH47Wf/UzfC88fqoIxZ6MMBPik/WeafvOK+HIHfZSwAmqlXgl4nNVDdMNHtBhNAvikL3osxrSbqdi3eyI7rqSpb41Lm9v+PF+vZTOGRQf22Gq30/Ie85DlqugtRKimWHJYL2HeL4ywTtQKgde6JDRCOHwbDcsl6CbMjugt3yyI7Yo9EJdKb5p6YoVOpnCz7369W9Uim+Xrl2ELZWM5WTiQFxd6S36Ql2TUk+s8zj/GoN9ov0Y/yNNCxAibwyzo94N+Q4vA=="
|
- kind: Service
|
apiVersion: v1
|
spec:
|
ports:
|
- port: 8080
|
targetPort: 8080
|
selector:
|
deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
|
metadata:
|
name: "${APPLICATION_NAME}-rhdmcentr"
|
labels:
|
application: "${APPLICATION_NAME}"
|
annotations:
|
description: The Decision Central web server's http port.
|
- kind: Service
|
apiVersion: v1
|
spec:
|
ports:
|
- port: 8443
|
targetPort: 8443
|
selector:
|
deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
|
metadata:
|
name: secure-${APPLICATION_NAME}-rhdmcentr
|
labels:
|
application: "${APPLICATION_NAME}"
|
annotations:
|
description: The Decision Central web server's https port.
|
- kind: Service
|
apiVersion: v1
|
spec:
|
ports:
|
- port: 8080
|
targetPort: 8080
|
selector:
|
deploymentConfig: "${APPLICATION_NAME}-kieserver"
|
metadata:
|
name: "${APPLICATION_NAME}-kieserver"
|
labels:
|
application: "${APPLICATION_NAME}"
|
annotations:
|
description: The KIE server web server's http port.
|
- kind: Service
|
apiVersion: v1
|
spec:
|
ports:
|
- port: 8443
|
targetPort: 8443
|
selector:
|
deploymentConfig: "${APPLICATION_NAME}-kieserver"
|
metadata:
|
name: secure-${APPLICATION_NAME}-kieserver
|
labels:
|
application: "${APPLICATION_NAME}"
|
annotations:
|
description: The KIE server web server's https port.
|
- apiVersion: v1
|
kind: Service
|
metadata:
|
annotations:
|
description: The nodejs web server's http port for the angular application demo.
|
labels:
|
application: ${APPLICATION_NAME}
|
# dtorresf: Now the angular2 application does not only is integrated with the
|
# mortgages kie container, but also with the other kie containers:
|
# customer-greeting, mortgages and policy-quote
|
name: ${APPLICATION_NAME}-ng-dmf
|
spec:
|
ports:
|
- port: 8080
|
targetPort: 8080
|
selector:
|
deploymentConfig: ${APPLICATION_NAME}-ng-dmf
|
- kind: Route
|
apiVersion: v1
|
id: "${APPLICATION_NAME}-rhdmcentr-http"
|
metadata:
|
name: "${APPLICATION_NAME}-rhdmcentr"
|
labels:
|
application: "${APPLICATION_NAME}"
|
annotations:
|
description: Route for Decision Central's http service.
|
haproxy.router.openshift.io/timeout: 60s
|
spec:
|
host: "${DECISION_CENTRAL_HOSTNAME_HTTP}"
|
to:
|
name: "${APPLICATION_NAME}-rhdmcentr"
|
- kind: Route
|
apiVersion: v1
|
id: "${APPLICATION_NAME}-rhdmcentr-https"
|
metadata:
|
name: secure-${APPLICATION_NAME}-rhdmcentr
|
labels:
|
application: "${APPLICATION_NAME}"
|
annotations:
|
description: Route for Decision Central's https service.
|
haproxy.router.openshift.io/timeout: 60s
|
spec:
|
host: "${DECISION_CENTRAL_HOSTNAME_HTTPS}"
|
to:
|
name: secure-${APPLICATION_NAME}-rhdmcentr
|
tls:
|
termination: passthrough
|
- kind: Route
|
apiVersion: v1
|
id: "${APPLICATION_NAME}-kieserver-http"
|
metadata:
|
name: "${APPLICATION_NAME}-kieserver"
|
labels:
|
application: "${APPLICATION_NAME}"
|
annotations:
|
description: Route for KIE server's http service.
|
spec:
|
host: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
|
to:
|
name: "${APPLICATION_NAME}-kieserver"
|
- kind: Route
|
apiVersion: v1
|
id: "${APPLICATION_NAME}-kieserver-https"
|
metadata:
|
name: secure-${APPLICATION_NAME}-kieserver
|
labels:
|
application: "${APPLICATION_NAME}"
|
annotations:
|
description: Route for KIE server's https service.
|
spec:
|
host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}"
|
to:
|
name: secure-${APPLICATION_NAME}-kieserver
|
tls:
|
termination: passthrough
|
- apiVersion: v1
|
id: ${APPLICATION_NAME}-ng-dmf-http
|
kind: Route
|
metadata:
|
annotations:
|
description: Route for nodejs mortgages http service.
|
labels:
|
application: ${APPLICATION_NAME}
|
name: ${APPLICATION_NAME}-ng-dmf
|
spec:
|
host: ${DECISION_CENTRAL_HOSTNAME_HTTP}
|
to:
|
name: ${APPLICATION_NAME}-ng-dmf
|
|
|
- apiVersion: v1
|
kind: DeploymentConfig
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
name: ${APPLICATION_NAME}-rhdmcentr
|
spec:
|
# JA Bride: setting all DCs to paused. Will then start each one via ansible
|
paused: true
|
replicas: 1
|
selector:
|
deploymentConfig: ${APPLICATION_NAME}-rhdmcentr
|
strategy:
|
|
# When redeploying, a new decision central deployment will fail if set to rolling because the Lucene indexer cannot obtain a lock on a file, as the lock is held by the current deployment
|
type: Recreate
|
|
template:
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
deploymentConfig: ${APPLICATION_NAME}-rhdmcentr
|
name: ${APPLICATION_NAME}-rhdmcentr
|
spec:
|
containers:
|
- env:
|
# Can expect -Xmx of 2458MB based on 3Gi memory limit
|
- name: JAVA_MAX_MEM_RATIO
|
value: "80"
|
- name: JAVA_INITIAL_MEM_RATIO
|
value: "0"
|
- name: GC_MAX_METASPACE_SIZE
|
value: "500"
|
- name: KIE_ADMIN_PWD
|
value: "${KIE_ADMIN_PWD}"
|
- name: KIE_ADMIN_USER
|
value: "${KIE_ADMIN_USER}"
|
- name: KIE_MBEANS
|
value: "${KIE_MBEANS}"
|
- name: KIE_SERVER_CONTROLLER_PWD
|
value: "${KIE_SERVER_CONTROLLER_PWD}"
|
- name: KIE_SERVER_CONTROLLER_USER
|
value: "${KIE_SERVER_CONTROLLER_USER}"
|
|
|
# Default is http:
|
# When KIE server is bounced, idled or rescheduled, the new instance will register with Decision Central, but the old, no longer existing instance is not removed from the server list by Decision Central.
|
# As a result, Decision Central has stale entries.
|
# When sing WebSockets as protocol, when a KIE server disappears, this is detected by Decision Central, and the server is removed from the server list.
|
- name: KIE_SERVER_CONTROLLER_PROTOCOL
|
value: ws
|
|
|
- name: KIE_SERVER_PWD
|
value: "${KIE_SERVER_PWD}"
|
- name: KIE_SERVER_USER
|
value: "${KIE_SERVER_USER}"
|
- name: HTTPS_KEYSTORE_DIR
|
value: "/etc/decisioncentral-secret-volume"
|
- name: HTTPS_KEYSTORE
|
value: "${DECISION_CENTRAL_HTTPS_KEYSTORE}"
|
- name: HTTPS_NAME
|
value: "${DECISION_CENTRAL_HTTPS_NAME}"
|
- name: HTTPS_PASSWORD
|
value: "${DECISION_CENTRAL_HTTPS_PASSWORD}"
|
- name: ADMIN_USERNAME
|
value: "${ADMIN_USERNAME}"
|
- name: ADMIN_PASSWORD
|
value: "${ADMIN_PASSWORD}"
|
- name: PROBE_IMPL
|
value: probe.eap.jolokia.EapProbe
|
- name: PROBE_DISABLE_BOOT_ERRORS_CHECK
|
value: 'true'
|
# dtorresf: Enable ssh access through external tools like JBDS
|
- name: JAVA_OPTS_APPEND
|
value: '-Dorg.uberfire.nio.git.ssh.algorithm=RSA -Dorg.uberfire.nio.git.ssh.host=0.0.0.0'
|
image: rhdm70-decisioncentral-openshift:1.1
|
imagePullPolicy: Always
|
livenessProbe:
|
exec:
|
command:
|
- /bin/bash
|
- -c
|
- /opt/eap/bin/livenessProbe.sh
|
|
# JA Bride: Bumping up resources
|
resources:
|
limits:
|
cpu: "1"
|
# Utilized when determining -XmX
|
memory: 3Gi
|
requests:
|
cpu: "1"
|
memory: 2Gi
|
|
name: ${APPLICATION_NAME}-rhdmcentr
|
ports:
|
- containerPort: 8778
|
name: jolokia
|
protocol: TCP
|
- containerPort: 8080
|
name: http
|
protocol: TCP
|
- containerPort: 8443
|
name: https
|
protocol: TCP
|
readinessProbe:
|
exec:
|
command:
|
- /bin/bash
|
- -c
|
- /opt/eap/bin/readinessProbe.sh
|
volumeMounts:
|
- mountPath: /etc/decisioncentral-secret-volume
|
name: decisioncentral-keystore-volume
|
readOnly: true
|
- name: "${APPLICATION_NAME}-rhdmcentr-pvol"
|
mountPath: "/opt/eap/standalone/data/bpmsuite"
|
serviceAccountName: decisioncentral-service-account
|
terminationGracePeriodSeconds: 60
|
volumes:
|
- name: decisioncentral-keystore-volume
|
secret:
|
secretName: ${DECISION_CENTRAL_HTTPS_SECRET}
|
- name: "${APPLICATION_NAME}-rhdmcentr-pvol"
|
persistentVolumeClaim:
|
claimName: "${APPLICATION_NAME}-rhdmcentr-claim"
|
triggers:
|
- imageChangeParams:
|
automatic: true
|
containerNames:
|
- ${APPLICATION_NAME}-rhdmcentr
|
from:
|
kind: ImageStreamTag
|
name: rhdm70-decisioncentral-openshift:1.1
|
namespace: ${RHT_IMAGE_STREAM_NAMESPACE}
|
type: ImageChange
|
- type: ConfigChange
|
|
# JA Bride: Defining a BC to layer custom run script on kieserver image
|
- apiVersion: v1
|
kind: BuildConfig
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
name: ${APPLICATION_NAME}-custom-kieserver
|
spec:
|
output:
|
to:
|
kind: ImageStreamTag
|
name: custom-kieserver:latest
|
postCommit: {}
|
|
# JA Bride: Bumping up limit and request so tht node app builds in a timely manner without timing out
|
resources:
|
limits:
|
cpu: "1"
|
memory: 1Gi
|
requests:
|
cpu: "1"
|
memory: 1Gi
|
|
# JA Bride: The BPM exec server build config object is comprised of the bpmsuite7 exec server layered with the source code of this project.
|
# The only thing this project source code does is provide a run script to customize the standalone-openshift.xml config file of JBoss EAP.
|
runPolicy: Serial
|
source:
|
contextDir: exec-server
|
git:
|
ref: master
|
type: Git
|
uri: https://github.com/gpe-mw-training/bxms_decision_mgmt_foundations_lab.git
|
strategy:
|
sourceStrategy:
|
from:
|
kind: ImageStreamTag
|
name: rhdm70-kieserver-openshift:1.1
|
namespace: ${RHT_IMAGE_STREAM_NAMESPACE}
|
type: Source
|
triggers:
|
- type: ImageChange
|
- type: ConfigChange
|
|
# JA Bride: imagestream for customized kieserver created from BC resource defined in this template
|
- apiVersion: v1
|
kind: ImageStream
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
name: custom-kieserver
|
spec:
|
lookupPolicy:
|
local: false
|
|
# dtorresf: Having the ConfigMap in the same template to reduce instantiation steps
|
- apiVersion: v1
|
kind: ConfigMap
|
data:
|
undertow-cors.cli: >
|
batch
|
|
/subsystem=undertow/configuration=filter/response-header=Access-Control-Allow-Origin:add(header-name="Access-Control-Allow-Origin",
|
header-value="*")
|
|
/subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Allow-Origin/:add()
|
|
/subsystem=undertow/configuration=filter/response-header=Access-Control-Allow-Methods:add(header-name="Access-Control-Allow-Methods",
|
header-value="GET, POST, OPTIONS, PUT, DELETE")
|
|
/subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Allow-Methods/:add()
|
|
/subsystem=undertow/configuration=filter/response-header=Access-Control-Allow-Headers:add(header-name="Access-Control-Allow-Headers",
|
header-value="accept, authorization, content-type, x-requested-with")
|
|
/subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Allow-Headers/:add()
|
|
/subsystem=undertow/configuration=filter/response-header=Access-Control-Allow-Credentials:add(header-name="Access-Control-Allow-Credentials",
|
header-value="true")
|
|
/subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Allow-Credentials/:add()
|
|
/subsystem=undertow/configuration=filter/response-header=Access-Control-Max-Age:add(header-name="Access-Control-Max-Age",
|
header-value="2")
|
|
/subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Max-Age/:add()
|
|
run-batch
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
name: undertow-cors
|
|
- apiVersion: v1
|
kind: DeploymentConfig
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
name: ${APPLICATION_NAME}-kieserver
|
spec:
|
# JA Bride: setting all DCs to paused. Will then start each one via ansible
|
paused: true
|
replicas: 1
|
selector:
|
deploymentConfig: ${APPLICATION_NAME}-kieserver
|
strategy:
|
# https://github.com/redhat-gpe/bxms_decision_mgmt_foundations/issues/39
|
type: Rolling
|
template:
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
deploymentConfig: ${APPLICATION_NAME}-kieserver
|
name: ${APPLICATION_NAME}-kieserver
|
spec:
|
containers:
|
- env:
|
# Can expect -Xmx of 1600MB based on 2Gi memory limit
|
- name: JAVA_MAX_MEM_RATIO
|
value: "80"
|
- name: JAVA_INITIAL_MEM_RATIO
|
value: "0"
|
- name: DROOLS_SERVER_FILTER_CLASSES
|
value: "${DROOLS_SERVER_FILTER_CLASSES}"
|
- name: KIE_ADMIN_PWD
|
value: "${KIE_ADMIN_PWD}"
|
- name: KIE_ADMIN_USER
|
value: "${KIE_ADMIN_USER}"
|
- name: KIE_MBEANS
|
value: "${KIE_MBEANS}"
|
- name: KIE_SERVER_BYPASS_AUTH_USER
|
value: "${KIE_SERVER_BYPASS_AUTH_USER}"
|
- name: KIE_SERVER_CONTROLLER_PWD
|
value: "${KIE_SERVER_CONTROLLER_PWD}"
|
- name: KIE_SERVER_CONTROLLER_SERVICE
|
value: "${APPLICATION_NAME}-rhdmcentr"
|
- name: KIE_SERVER_CONTROLLER_USER
|
value: "${KIE_SERVER_CONTROLLER_USER}"
|
|
|
# Default is http:
|
# When KIE server is bounced, idled or rescheduled, the new instance will register with Decision Central, but the old, no longer existing instance is not removed from the server list by Decision Central.
|
# As a result, Decision Central has stale entries.
|
# When sing WebSockets as protocol, when a KIE server disappears, this is detected by Decision Central, and the server is removed from the server list.
|
- name: KIE_SERVER_CONTROLLER_PROTOCOL
|
value: ws
|
|
- name: KIE_SERVER_HOST
|
valueFrom:
|
fieldRef:
|
fieldPath: status.podIP
|
- name: KIE_SERVER_PWD
|
value: "${KIE_SERVER_PWD}"
|
- name: KIE_SERVER_USER
|
value: "${KIE_SERVER_USER}"
|
- name: MAVEN_REPO_URL
|
value: "${MAVEN_REPO_URL}"
|
- name: MAVEN_REPO_SERVICE
|
value: "${APPLICATION_NAME}-rhdmcentr"
|
- name: MAVEN_REPO_PATH
|
value: "/maven2/"
|
- name: MAVEN_REPO_USERNAME
|
value: "${MAVEN_REPO_USERNAME}"
|
- name: MAVEN_REPO_PASSWORD
|
value: "${MAVEN_REPO_PASSWORD}"
|
- name: HTTPS_KEYSTORE_DIR
|
value: "/etc/kieserver-secret-volume"
|
- name: HTTPS_KEYSTORE
|
value: "${KIE_SERVER_HTTPS_KEYSTORE}"
|
- name: HTTPS_NAME
|
value: "${KIE_SERVER_HTTPS_NAME}"
|
- name: HTTPS_PASSWORD
|
value: "${KIE_SERVER_HTTPS_PASSWORD}"
|
image: custom-kieserver:latest
|
imagePullPolicy: Always
|
livenessProbe:
|
exec:
|
command:
|
- /bin/bash
|
- -c
|
- /opt/eap/bin/livenessProbe.sh
|
resources:
|
limits:
|
cpu: "1"
|
memory: 2Gi
|
requests:
|
cpu: "1"
|
memory: 1Gi
|
|
name: ${APPLICATION_NAME}-kieserver
|
ports:
|
- containerPort: 8778
|
name: jolokia
|
protocol: TCP
|
- containerPort: 8080
|
name: http
|
protocol: TCP
|
- containerPort: 8443
|
name: https
|
protocol: TCP
|
readinessProbe:
|
exec:
|
command:
|
- /bin/bash
|
- -c
|
- /opt/eap/bin/readinessProbe.sh
|
volumeMounts:
|
- mountPath: /etc/kieserver-secret-volume
|
name: kieserver-keystore-volume
|
readOnly: true
|
- mountPath: /data
|
name: cors-volume
|
serviceAccountName: decisioncentral-service-account
|
terminationGracePeriodSeconds: 60
|
volumes:
|
- name: kieserver-keystore-volume
|
secret:
|
secretName: ${KIE_SERVER_HTTPS_SECRET}
|
- configMap:
|
name: undertow-cors
|
name: cors-volume
|
triggers:
|
- imageChangeParams:
|
automatic: true
|
containerNames:
|
- ${APPLICATION_NAME}-kieserver
|
from:
|
kind: ImageStreamTag
|
name: custom-kieserver:latest
|
type: ImageChange
|
- type: ConfigChange
|
- apiVersion: v1
|
kind: PersistentVolumeClaim
|
metadata:
|
name: "${APPLICATION_NAME}-rhdmcentr-claim"
|
labels:
|
application: ${APPLICATION_NAME}
|
spec:
|
accessModes:
|
- ReadWriteOnce
|
resources:
|
requests:
|
storage: "${DECISION_CENTRAL_VOLUME_CAPACITY}"
|
|
# dtorresf: configmap replaced by environment variables in BuildConfig
|
|
- apiVersion: v1
|
kind: BuildConfig
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
name: ${APPLICATION_NAME}-ng-dmf
|
spec:
|
nodeSelector: null
|
output:
|
to:
|
kind: ImageStreamTag
|
name: ng-dmf:latest
|
postCommit: {}
|
resources:
|
|
# JA Bride / dtorresf: bumping to 2 cpu and 2Gi
|
# The new version of this node app has more javascript components and pre-evaluations.
|
# the new application has a menu for the demos and centralizes the demos for our course.
|
limits:
|
cpu: "2"
|
memory: 2Gi
|
requests:
|
cpu: "1"
|
memory: 1Gi
|
runPolicy: Serial
|
source:
|
git:
|
ref: security-fix
|
# dtorresf: new git repository with templated angular2 application
|
uri: 'https://github.com/gpe-mw-training/gpte-ng-dmf.git'
|
type: Git
|
strategy:
|
sourceStrategy:
|
# dtorresf: use environment variables to obtain namespace and cluster name for kie-server endpoint configuration
|
# replaces the old ng-environment configmap
|
env:
|
- name: OCP_NAMESPACE
|
valueFrom:
|
fieldRef:
|
fieldPath: metadata.namespace
|
- name: NPM_MIRROR
|
value: 'http:services.lab.example.com:8081/nexus/content/groups/nodejs'
|
- name: REST_API_URL
|
value: 'http://${APPLICATION_NAME}-kieserver-$(OCP_NAMESPACE).${CLUSTER}/'
|
- name: REST_API_USER
|
value: '${KIE_ADMIN_USER}'
|
- name: REST_API_PWD
|
value: '${KIE_ADMIN_PWD}'
|
from:
|
# dtorresf: Using the available ImageStreamTag from the openshift registry
|
kind: ImageStreamTag
|
name: 'node:latest'
|
namespace: openshift
|
type: Source
|
triggers:
|
- type: ImageChange
|
- apiVersion: v1
|
kind: ImageStream
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
name: ng-dmf
|
spec:
|
lookupPolicy:
|
local: false
|
|
- apiVersion: v1
|
kind: DeploymentConfig
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
name: ${APPLICATION_NAME}-ng-dmf
|
spec:
|
# JA Bride: setting all DCs to paused. Will then start each one via ansible
|
paused: true
|
replicas: 1
|
selector:
|
deploymentConfig: ${APPLICATION_NAME}-ng-dmf
|
strategy:
|
# https://github.com/redhat-gpe/bxms_decision_mgmt_foundations/issues/39
|
type: Rolling
|
template:
|
metadata:
|
labels:
|
application: ${APPLICATION_NAME}
|
deploymentConfig: ${APPLICATION_NAME}-ng-dmf
|
name: ${APPLICATION_NAME}-ng-dmf
|
spec:
|
containers:
|
- image: ng-dmf:latest
|
imagePullPolicy: Always
|
livenessProbe:
|
failureThreshold: 10
|
initialDelaySeconds: 50
|
periodSeconds: 10
|
tcpSocket:
|
port: 8080
|
timeoutSeconds: 1
|
name: ${APPLICATION_NAME}-ng-dmf
|
ports:
|
- containerPort: 8080
|
name: http
|
protocol: TCP
|
readinessProbe:
|
initialDelaySeconds: 50
|
failureThreshold: 30
|
periodSeconds: 10
|
tcpSocket:
|
port: 8080
|
timeoutSeconds: 1
|
resources:
|
limits:
|
cpu: "1"
|
memory: 2Gi
|
requests:
|
cpu: "1"
|
memory: 256Mi
|
# dtorresf: ng-environment configMap replaced by environment variables at BuildConfig
|
triggers:
|
- imageChangeParams:
|
automatic: true
|
containerNames:
|
- ${APPLICATION_NAME}-ng-dmf
|
from:
|
kind: ImageStreamTag
|
name: ng-dmf:latest
|
type: ImageChange
|
- type: ConfigChange
|
parameters:
|
- displayName: Application Name
|
description: The name for the application.
|
name: APPLICATION_NAME
|
value: myapp
|
required: true
|
- displayName: EAP Admin User
|
description: EAP administrator username
|
name: ADMIN_USERNAME
|
value: eapadmin
|
required: false
|
- displayName: EAP Admin Password
|
description: EAP administrator password
|
name: ADMIN_PASSWORD
|
from: "[a-zA-Z]{6}[0-9]{1}!"
|
generate: expression
|
required: false
|
- displayName: KIE Admin User
|
description: KIE administrator username
|
name: KIE_ADMIN_USER
|
value: adminUser
|
required: false
|
- displayName: KIE Admin Password
|
description: KIE administrator password
|
name: KIE_ADMIN_PWD
|
from: "[a-zA-Z]{6}[0-9]{1}!"
|
generate: expression
|
required: false
|
- displayName: KIE Server Controller User
|
description: KIE server controller username (Sets the org.kie.server.controller.user system property)
|
name: KIE_SERVER_CONTROLLER_USER
|
value: controllerUser
|
required: false
|
- displayName: KIE Server Controller Password
|
description: KIE server controller password (Sets the org.kie.server.controller.pwd system property)
|
name: KIE_SERVER_CONTROLLER_PWD
|
from: "[a-zA-Z]{6}[0-9]{1}!"
|
generate: expression
|
required: false
|
- displayName: KIE Server User
|
description: KIE execution server username (Sets the org.kie.server.user system property)
|
name: KIE_SERVER_USER
|
value: executionUser
|
required: false
|
- displayName: KIE Server Password
|
description: KIE execution server password (Sets the org.kie.server.pwd system property)
|
name: KIE_SERVER_PWD
|
from: "[a-zA-Z]{6}[0-9]{1}!"
|
generate: expression
|
required: false
|
- displayName: KIE Server Bypass Auth User
|
description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)
|
name: KIE_SERVER_BYPASS_AUTH_USER
|
value: 'false'
|
required: false
|
- displayName: KIE MBeans
|
description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
|
name: KIE_MBEANS
|
value: enabled
|
required: false
|
- displayName: Drools Server Filter Classes
|
description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property)
|
name: DROOLS_SERVER_FILTER_CLASSES
|
value: 'true'
|
required: false
|
- displayName: Decision Central Custom http Route Hostname
|
description: 'Custom hostname for http service route. Leave blank for default hostname,
|
e.g.: <application-name>-rhdmcentr-<project>.<default-domain-suffix>'
|
name: DECISION_CENTRAL_HOSTNAME_HTTP
|
value: ''
|
required: false
|
- displayName: Decision Central Custom https Route Hostname
|
description: 'Custom hostname for https service route. Leave blank for default
|
hostname, e.g.: secure-<application-name>-rhdmcentr-<project>.<default-domain-suffix>'
|
name: DECISION_CENTRAL_HOSTNAME_HTTPS
|
value: ''
|
required: false
|
- displayName: Execution Server Custom http Route Hostname
|
description: 'Custom hostname for http service route. Leave blank for default hostname,
|
e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
|
name: EXECUTION_SERVER_HOSTNAME_HTTP
|
value: ''
|
required: false
|
- displayName: Execution Server Custom https Route Hostname
|
description: 'Custom hostname for https service route. Leave blank for default
|
hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
|
name: EXECUTION_SERVER_HOSTNAME_HTTPS
|
value: ''
|
required: false
|
- displayName: Decision Central Server Keystore Secret Name
|
description: The name of the secret containing the keystore file
|
name: DECISION_CENTRAL_HTTPS_SECRET
|
value: decisioncentral-app-secret
|
required: false
|
- displayName: Decision Central Server Keystore Filename
|
description: The name of the keystore file within the secret
|
name: DECISION_CENTRAL_HTTPS_KEYSTORE
|
value: keystore.jks
|
required: false
|
- displayName: Decision Central Server Certificate Name
|
description: The name associated with the server certificate
|
name: DECISION_CENTRAL_HTTPS_NAME
|
value: jboss
|
required: false
|
- displayName: Decision Central Server Keystore Password
|
description: The password for the keystore and certificate
|
name: DECISION_CENTRAL_HTTPS_PASSWORD
|
value: mykeystorepass
|
required: false
|
- displayName: KIE Server Keystore Secret Name
|
description: The name of the secret containing the keystore file
|
name: KIE_SERVER_HTTPS_SECRET
|
value: kieserver-app-secret
|
required: false
|
- displayName: KIE Server Keystore Filename
|
description: The name of the keystore file within the secret
|
name: KIE_SERVER_HTTPS_KEYSTORE
|
value: keystore.jks
|
required: false
|
- displayName: KIE Server Certificate Name
|
description: The name associated with the server certificate
|
name: KIE_SERVER_HTTPS_NAME
|
value: jboss
|
required: false
|
- displayName: KIE Server Keystore Password
|
description: The password for the keystore and certificate
|
name: KIE_SERVER_HTTPS_PASSWORD
|
value: mykeystorepass
|
required: false
|
- displayName: RHT ImageStream Namespace
|
description: Namespace in which the ImageStreams for Red Hat Middleware images are
|
installed. These ImageStreams are normally installed in the openshift namespace.
|
You should only need to modify this if you've installed the ImageStreams in a
|
different namespace/project.
|
name: RHT_IMAGE_STREAM_NAMESPACE
|
value: openshift
|
required: true
|
- displayName: GPTE ImageStream Namespace
|
description: Namespace in which the ImageStreams for RHT GPTE images are installed.
|
name: GPTE_IMAGE_STREAM_NAMESPACE
|
value: openshift
|
required: true
|
- displayName: Maven repository URL
|
description: Fully qualified URL to a Maven repository. If unspecified, will fall back to Decision Central service.
|
name: MAVEN_REPO_URL
|
required: false
|
- displayName: Maven repository username
|
description: Username to access the Maven repository. If using Decision Central, will have to match KIE_ADMIN_USER.
|
Default is "adminUser".
|
name: MAVEN_REPO_USERNAME
|
value: adminUser
|
required: false
|
- displayName: Maven repository password
|
description: Password to access the Maven repository. If using Decision Central, will have to match KIE_ADMIN_PWD.
|
No default specified.
|
name: MAVEN_REPO_PASSWORD
|
required: false
|
- displayName: Decision Central Volume Capacity
|
description: Size of the persistent storage for Decision Central's runtime data.
|
name: DECISION_CENTRAL_VOLUME_CAPACITY
|
value: 512Mi
|
required: true
|
# dtorresf: PROJECT name parameter replace by metadata namespace.
|
# dtorresf: These parameters enable the setup of project and cluster properties for the angular2
|
- displayName: Project name
|
name: PROJECT
|
required: false
|
value: ''
|
- displayName: Cluster name
|
name: CLUSTER
|
value: apps.dev37.openshift.opentlc.com
|
required: true
|