ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/defaults/main.yml
New file @@ -0,0 +1,44 @@ --- ocp_username: snandaku-redhat.com ocp_user_needs_quota: True ocp_user_groups: - OPENTLC-PROJECT-PROVISIONERS quota_requests_cpu: 8 #quota_limits_cpu: 6 quota_limits_cpu: 16 quota_requests_memory: '16Gi' #quota_limits_memory: '12Gi' quota_limits_memory: '48Gi' quota_configmaps: 10 #quota_pods: 8 quota_pods: 25 quota_persistentvolumeclaims: 8 quota_services: 15 quota_secrets: 50 quota_requests_storage: 10Gi build_status_retries: 40 build_status_delay: 30 deploy_status_retries: 30 deploy_status_delay: 45 ##### Demo properties application_name: rhpam7-offer-management-dmn-pmml kie_admin_user: pamAdmin kie_admin_pwd: redhatpam1! kie_server_controller_user: controllerUser kie_server_controller_pwd: test1234! kie_server_user: kieserver kie_server_pwd: kieserver1! pv_capacity: 512Mi pam_version_tag: 7.5.0.GA pam_imagestreams_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/{{pam_version_tag}}/rhpam75-image-streams.yaml pam_template_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/{{pam_version_tag}}/templates/rhpam75-trial-ephemeral.yaml pam_secrets_template_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/{{pam_version_tag}}/example-app-secret-template.yaml pam_app_name: rhpam7 pam_imagestreams_tag: 7.5.0 ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/customer-hist-repo-config-template.json
New file @@ -0,0 +1,67 @@ { "Kind": "Template", "apiVersion": "v1", "metadata": { "name": "customerHistoryRepoTemplate", "creationTimestamp": null, "annotations": { "description": "This template will create a single buildConfig for our Customer History repo.", "tags": "" } }, "objects": [ { "apiVersion": "build.openshift.io/v1", "kind": "BuildConfig", "metadata": { "creationTimestamp": null, "labels": { "app": "cache-load-service" }, "name": "cache-load-service" }, "spec": { "failedBuildsHistoryLimit": 5, "nodeSelector": null, "output": {}, "postCommit": {}, "resources": {}, "runPolicy": "Serial", "source": { "git": { "uri": "https://github.com/snandakumar87/customer-hist-repo" }, "type": "Git" }, "strategy": { "sourceStrategy": { "env": [ { "name": "NEXUSREPO", "value": "${NEXUSREPO}" } ], "from": { "kind": "ImageStreamTag", "name": "java:8", "namespace": "openshift" } }, "type": "Source" }, "successfulBuildsHistoryLimit": 5 } } ], "parameters": [ { "name": "NEXUSREPO", "description": "Location of the Nexus repository", "required": true } ], "labels": { "template": "buildConfigTemplate" } } ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/dc-clone-git-repository.sh
New file @@ -0,0 +1,84 @@ #!/bin/sh SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" . $SCRIPT_DIR/provision-properties-static.sh STARTUP_WAIT=180 #First check if the PAM 7 Decision Central REST API is available. We'll wait for 60 seconds echo "Locating Decision Central REST API." count=0 launched=false echo "Trying to connect to spaces URL at: $Decision_CENTRAL_REST_URL/spaces" until [ $count -gt $STARTUP_WAIT ] do curl -u $USERNAME:$PASSWORD --output /dev/null --silent --head --fail "$DECISION_CENTRAL_REST_URL/spaces" if [ $? -eq 0 ] ; then echo "PAM 7 Decision Central REST API started." launched=true break fi printf '.' sleep 5 let count=$count+5; done #Check that the platform has started, otherwise exit. if [ $launched = "false" ] then echo "PAM 7 Decision Central did not start correctly. Exiting." exit 1 else echo "PAM 7 Decision Central started." fi #CREATE_SPACE_JSON="{ \"name\":\"$SPACE\", \"description\":null, \"projects\":[], \"owner\":\"adminUser\", \"defaultGroupId\":\"$DEFAULT_GROUPID\"}" CREATE_SPACE_JSON="{ \"name\":\"$SPACE\", \"description\":null, \"projects\":[], \"owner\":\"$USERNAME\", \"defaultGroupId\":\"$DEFAULT_GROUPID\"}" #Create a space STATUSCODE=$(curl -H "Accept: application/json" -H "Content-Type: application/json" -f -X POST -d "$CREATE_SPACE_JSON" -u "$USERNAME:$PASSWORD" --silent --output /dev/null --write-out "%{http_code}" "$DECISION_CENTRAL_REST_URL/spaces") if [ $STATUSCODE -ne 202 ] ; then echo "Error creating new Space. HTTP Status Code: $STATUSCODE. Exiting" exit 1 else echo "Creating new Space." fi # Wait for the space to be created echo "Waiting for space to be created." count=0 created=false until [ $count -gt $STARTUP_WAIT ] do #curl -u adminUser:test1234! --output /dev/null --silent --head --fail "$Decision_CENTRAL_REST_URL/spaces/$SPACE" curl -u $USERNAME:$PASSWORD --output /dev/null --silent --head --fail "$DECISION_CENTRAL_REST_URL/spaces/$SPACE" if [ $? -eq 0 ] ; then echo "\nSpace created." created=true break fi printf '.' sleep 5 let count=$count+5; done # Give the platform a bit of time before we request the project to be cloned. Not pretty, but don't see another way atm ... sleep 3 # Check if the project is already present. If it is, we simply skip cloning #Create a space curl -u $USERNAME:$PASSWORD --output /dev/null --silent --fail "$DECISION_CENTRAL_REST_URL/spaces/$SPACE/projects/$PROJECT_ID" if [ $? -ne 0 ] ; then echo "Cloning project.." # And clone the project into that space CLONE_GIT_JSON="{\"name\":\"$PROJECT_ID\", \"gitURL\":\"$PROJECT_GIT\"}" #STATUSCODE=$(curl -H "Accept: application/json" -H "Content-Type: application/json" -f -X POST -d "$CLONE_GIT_JSON" -u "adminUser:test1234!" --silent --output /dev/null --write-out "%{http_code}" "$Decision_CENTRAL_REST_URL/spaces/$SPACE/git/clone") STATUSCODE=$(curl -H "Accept: application/json" -H "Content-Type: application/json" -f -X POST -d "$CLONE_GIT_JSON" -u "$USERNAME:$PASSWORD" --silent --output /dev/null --write-out "%{http_code}" "$DECISION_CENTRAL_REST_URL/spaces/$SPACE/git/clone") if [ $STATUSCODE -ne 202 ] ; then echo "Error cloning Demo Git repository. Exiting" exit 1 else echo "Demo project cloned." fi else echo "Project already exists. Not cloning again." fi ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/deploy_kibana.yaml
New file @@ -0,0 +1,31 @@ apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana-sample spec: version: 7.5.2 count: 1 elasticsearchRef: name: "elasticsearch-sample" podTemplate: spec: containers: - name: kibana resources: limits: memory: 1Gi cpu: 1 --- apiVersion: v1 kind: Route metadata: name: kibana-sample spec: #host: kibana.example.com # override if you don't want to use the host that is automatically generated by OpenShift (<route-name>[-<namespace>].<suffix>) tls: termination: passthrough # Kibana is the TLS endpoint insecureEdgeTerminationPolicy: Redirect to: kind: Service name: kibana-sample-kb-http ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/elastic_deploy.yaml
New file @@ -0,0 +1,27 @@ apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch-sample spec: version: 7.5.2 nodeSets: - name: default count: 1 config: node.master: true node.data: true node.ingest: true node.store.allow_mmap: false --- apiVersion: route.openshift.io/v1 kind: Route metadata: name: elasticsearch-sample spec: #host: elasticsearch.example.com # override if you don't want to use the host that is automatically generated by OpenShift (<route-name>[-<namespace>].<suffix>) tls: termination: passthrough # Elasticsearch is the TLS endpoint insecureEdgeTerminationPolicy: Redirect to: kind: Service name: elasticsearch-sample-es-http ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/examples/kafka/kafka-ephemeral.yaml
New file @@ -0,0 +1,25 @@ apiVersion: kafka.strimzi.io/v1alpha1 kind: Kafka metadata: name: my-cluster spec: kafka: version: 2.1.1 replicas: 3 listeners: plain: {} tls: {} config: offsets.topic.replication.factor: 3 transaction.state.log.replication.factor: 3 transaction.state.log.min.isr: 2 log.message.format.version: "2.1" storage: type: ephemeral zookeeper: replicas: 3 storage: type: ephemeral entityOperator: topicOperator: {} userOperator: {} ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/examples/templates/cluster-operator/ephemeral-template.yaml
New file @@ -0,0 +1,103 @@ apiVersion: v1 kind: Template metadata: name: strimzi-ephemeral annotations: openshift.io/display-name: "Apache Kafka (Ephemeral storage)" description: >- This template installs Apache Zookeeper and Apache Kafka clusters. For more information about using this template see http://strimzi.io WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing." tags: "messaging,datastore" iconClass: "fa fa-share-alt fa-flip-horizontal" template.openshift.io/documentation-url: "http://strimzi.io" message: "Kafka cluster ${CLUSTER_NAME} is being deployed. Use '${CLUSTER_NAME}-kafka-bootstrap:9092' as bootstrap server in your application" parameters: - description: All Kubernetes resources will be named after the cluster name displayName: Name of the cluster name: CLUSTER_NAME value: my-cluster - description: Number of Zookeeper cluster nodes which will be deployed (odd number of nodes is recommended) displayName: Number of Zookeeper cluster nodes (odd number of nodes is recommended) name: ZOOKEEPER_NODE_COUNT required: true value: "3" - description: Number of Kafka cluster nodes which will be deployed displayName: Number of Kafka cluster nodes name: KAFKA_NODE_COUNT required: true value: "3" - description: The Kafka version to use for this cluster. displayName: The Kafka version to use name: KAFKA_VERSION required: true value: "2.1.1" - description: Number of seconds after the container has started before healthcheck probes are initiated. displayName: Zookeeper healthcheck initial delay name: ZOOKEEPER_HEALTHCHECK_DELAY value: "15" - description: Number of seconds after which the probe times out. displayName: Zookeeper healthcheck timeout name: ZOOKEEPER_HEALTHCHECK_TIMEOUT value: "5" - description: Number of seconds after the container has started before healthcheck probes are initiated. displayName: Kafka healthcheck initial delay name: KAFKA_HEALTHCHECK_DELAY value: "15" - description: Number of seconds after which the probe times out. displayName: Kafka healthcheck timeout name: KAFKA_HEALTHCHECK_TIMEOUT value: "5" - description: Default replication factor for newly created topics displayName: Default replication factor name: KAFKA_DEFAULT_REPLICATION_FACTOR value: "1" - description: Replication factor for offsets topic displayName: Offsets replication factor name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR value: "3" - description: Replication factor for transactions state log topic displayName: Transaction state replication factor name: KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR value: "3" objects: - apiVersion: kafka.strimzi.io/v1alpha1 kind: Kafka metadata: name: ${CLUSTER_NAME} spec: kafka: version: ${{KAFKA_VERSION}} replicas: ${{KAFKA_NODE_COUNT}} listeners: plain: {} tls: {} livenessProbe: initialDelaySeconds: ${{KAFKA_HEALTHCHECK_DELAY}} timeoutSeconds: ${{KAFKA_HEALTHCHECK_TIMEOUT}} readinessProbe: initialDelaySeconds: ${{KAFKA_HEALTHCHECK_DELAY}} timeoutSeconds: ${{KAFKA_HEALTHCHECK_TIMEOUT}} storage: type: ephemeral config: default.replication.factor: ${KAFKA_DEFAULT_REPLICATION_FACTOR} offsets.topic.replication.factor: ${KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR} transaction.state.log.replication.factor: ${KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR} log.message.format.version: ${KAFKA_VERSION} zookeeper: replicas: ${{ZOOKEEPER_NODE_COUNT}} livenessProbe: initialDelaySeconds: ${{ZOOKEEPER_HEALTHCHECK_DELAY}} timeoutSeconds: ${{ZOOKEEPER_HEALTHCHECK_TIMEOUT}} readinessProbe: initialDelaySeconds: ${{ZOOKEEPER_HEALTHCHECK_DELAY}} timeoutSeconds: ${{ZOOKEEPER_HEALTHCHECK_TIMEOUT}} storage: type: ephemeral entityOperator: topicOperator: {} userOperator: {} ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/examples/templates/topic-operator/topic-template.yaml
New file @@ -0,0 +1,54 @@ apiVersion: v1 kind: Template metadata: name: strimzi-topic annotations: openshift.io/display-name: "Apache Kafka Topic" description: >- This template creates a "Topic ConfigMap". Used in conjunction with the Strimzi topic operator this will create a corresponding topic in a Strimzi Kafka cluster. For more information about using this template see http://strimzi.io tags: "messaging" iconClass: "fa fa-exchange" template.openshift.io/documentation-url: "http://strimzi.io" parameters: - name: CLUSTER_NAME displayName: Name of the Kafka cluster description: Specifies the name of the Kafka cluster in which the topic should be created. required: true value: my-cluster - name: TOPIC_NAME displayName: Name of the topic description: Specifies the name of the topic in the Kafka cluster. This should be a valid Kubernetes resource name. required: true value: my-topic - name: TOPIC_PARTITIONS displayName: Number of partitions description: The number of partitions in the created topic. required: true value: "1" - name: TOPIC_REPLICAS displayName: Number of replicas description: The number of replicas in the created topic. required: true value: "1" - name: TOPIC_CONFIG displayName: Topic config description: >- The topic config as a JSON map, for example: { "retention.ms":"345600000" } See https://kafka.apache.org/10/documentation/#topicconfigs for config key names and value syntax. required: true value: "{}" objects: - apiVersion: kafka.strimzi.io/v1alpha1 kind: KafkaTopic metadata: name: ${TOPIC_NAME} labels: strimzi.io/cluster: "${CLUSTER_NAME}" spec: partitions: ${{TOPIC_PARTITIONS}} replicas: ${{TOPIC_REPLICAS}} config: ${{TOPIC_CONFIG}} ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/examples/topic/kafka-topic.yaml
New file @@ -0,0 +1,14 @@ apiVersion: kafka.strimzi.io/v1alpha1 kind: KafkaTopic metadata: name: my-topic labels: strimzi.io/cluster: my-cluster spec: partitions: 1 replicas: 1 config: retention.ms: 7200000 segment.bytes: 1073741824 ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/examples/user/kafka-user.yaml
New file @@ -0,0 +1,50 @@ apiVersion: kafka.strimzi.io/v1alpha1 kind: KafkaUser metadata: name: my-user labels: strimzi.io/cluster: my-cluster spec: authentication: type: tls authorization: type: simple acls: # Example consumer Acls for topic my-topic suing consumer group my-group - resource: type: topic name: my-topic patternType: literal operation: Read host: "*" - resource: type: topic name: my-topic patternType: literal operation: Describe host: "*" - resource: type: group name: my-group patternType: literal operation: Read host: "*" # Example Producer Acls for topic my-topic - resource: type: topic name: my-topic patternType: literal operation: Write host: "*" - resource: type: topic name: my-topic patternType: literal operation: Create host: "*" - resource: type: topic name: my-topic patternType: literal operation: Describe host: "*" ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/010-ServiceAccount-strimzi-cluster-operator.yaml
New file @@ -0,0 +1,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: strimzi-cluster-operator labels: app: strimzi ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/020-ClusterRole-strimzi-cluster-operator-role.yaml
New file @@ -0,0 +1,254 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: strimzi-cluster-operator-namespaced labels: app: strimzi rules: - apiGroups: - "" resources: - serviceaccounts verbs: - get - create - delete - patch - update - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings verbs: - get - create - delete - patch - update - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - delete - patch - update - apiGroups: - kafka.strimzi.io resources: - kafkas - kafkaconnects - kafkaconnects2is - kafkamirrormakers verbs: - get - list - watch - create - delete - patch - update - apiGroups: - "" resources: - pods verbs: - get - list - watch - delete - apiGroups: - "" resources: - services verbs: - get - list - watch - create - delete - patch - update - apiGroups: - "" resources: - endpoints verbs: - get - list - watch - apiGroups: - extensions resources: - deployments - deployments/scale - replicasets verbs: - get - list - watch - create - delete - patch - update - apiGroups: - apps resources: - deployments - deployments/scale - deployments/status - statefulsets - replicasets verbs: - get - list - watch - create - delete - patch - update - apiGroups: - "" resources: - events verbs: - create - apiGroups: - extensions resources: - replicationcontrollers verbs: - get - list - watch - create - delete - patch - update - apiGroups: - apps.openshift.io resources: - deploymentconfigs - deploymentconfigs/scale - deploymentconfigs/status - deploymentconfigs/finalizers verbs: - get - list - watch - create - delete - patch - update - apiGroups: - build.openshift.io resources: - buildconfigs - builds verbs: - create - delete - get - list - patch - watch - update - apiGroups: - image.openshift.io resources: - imagestreams - imagestreams/status verbs: - create - delete - get - list - watch - patch - update - apiGroups: - "" resources: - replicationcontrollers verbs: - get - list - watch - create - delete - patch - update - apiGroups: - "" resources: - secrets verbs: - get - list - create - delete - patch - update - apiGroups: - extensions resources: - networkpolicies verbs: - get - list - watch - create - delete - patch - update - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - get - list - watch - create - delete - patch - update - apiGroups: - route.openshift.io resources: - routes - routes/custom-host verbs: - get - list - create - delete - patch - update - apiGroups: - "" resources: - persistentvolumeclaims verbs: - get - list - create - delete - patch - update - apiGroups: - policy resources: - poddisruptionbudgets verbs: - get - list - watch - create - delete - patch - update ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/020-RoleBinding-strimzi-cluster-operator.yaml
New file @@ -0,0 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: strimzi-cluster-operator labels: app: strimzi subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: myproject roleRef: kind: ClusterRole name: strimzi-cluster-operator-namespaced apiGroup: rbac.authorization.k8s.io ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/021-ClusterRole-strimzi-cluster-operator-role.yaml
New file @@ -0,0 +1,17 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: strimzi-cluster-operator-global labels: app: strimzi rules: - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings verbs: - get - create - delete - patch - update ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/021-ClusterRoleBinding-strimzi-cluster-operator.yaml
New file @@ -0,0 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: strimzi-cluster-operator labels: app: strimzi subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: myproject roleRef: kind: ClusterRole name: strimzi-cluster-operator-global apiGroup: rbac.authorization.k8s.io ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/030-ClusterRole-strimzi-kafka-broker.yaml
New file @@ -0,0 +1,13 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: strimzi-kafka-broker labels: app: strimzi rules: - apiGroups: - "" resources: - nodes verbs: - get ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/030-ClusterRoleBinding-strimzi-cluster-operator-kafka-broker-delegation.yaml
New file @@ -0,0 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: strimzi-cluster-operator-kafka-broker-delegation labels: app: strimzi subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: myproject roleRef: kind: ClusterRole name: strimzi-kafka-broker apiGroup: rbac.authorization.k8s.io ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/031-ClusterRole-strimzi-entity-operator.yaml
New file @@ -0,0 +1,48 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: strimzi-entity-operator labels: app: strimzi rules: - apiGroups: - kafka.strimzi.io resources: - kafkatopics verbs: - get - list - watch - create - patch - update - delete - apiGroups: - "" resources: - events verbs: - create - apiGroups: - kafka.strimzi.io resources: - kafkausers verbs: - get - list - watch - create - patch - update - delete - apiGroups: - "" resources: - secrets verbs: - get - list - create - patch - update - delete ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/031-RoleBinding-strimzi-cluster-operator-entity-operator-delegation.yaml
New file @@ -0,0 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: strimzi-cluster-operator-entity-operator-delegation labels: app: strimzi subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: myproject roleRef: kind: ClusterRole name: strimzi-entity-operator apiGroup: rbac.authorization.k8s.io ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/032-ClusterRole-strimzi-topic-operator.yaml
New file @@ -0,0 +1,25 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: strimzi-topic-operator labels: app: strimzi rules: - apiGroups: - kafka.strimzi.io resources: - kafkatopics verbs: - get - list - watch - create - patch - update - delete - apiGroups: - "" resources: - events verbs: - create ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/032-RoleBinding-strimzi-cluster-operator-topic-operator-delegation.yaml
New file @@ -0,0 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: strimzi-cluster-operator-topic-operator-delegation labels: app: strimzi subjects: - kind: ServiceAccount name: strimzi-cluster-operator namespace: myproject roleRef: kind: ClusterRole name: strimzi-topic-operator apiGroup: rbac.authorization.k8s.io ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/040-Crd-kafka.yaml
New file @@ -0,0 +1,2116 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: kafkas.kafka.strimzi.io labels: app: strimzi spec: group: kafka.strimzi.io version: v1alpha1 scope: Namespaced names: kind: Kafka listKind: KafkaList singular: kafka plural: kafkas shortNames: - k validation: openAPIV3Schema: properties: spec: type: object properties: kafka: type: object properties: replicas: type: integer minimum: 1 image: type: string storage: type: object properties: class: type: string deleteClaim: type: boolean id: type: integer minimum: 0 selector: type: object size: type: string type: type: string enum: - ephemeral - persistent-claim - jbod volumes: type: array items: type: object properties: class: type: string deleteClaim: type: boolean id: type: integer minimum: 0 selector: type: object size: type: string type: type: string enum: - ephemeral - persistent-claim required: - type required: - type listeners: type: object properties: plain: type: object properties: authentication: type: object properties: type: type: string enum: - tls - scram-sha-512 required: - type networkPolicyPeers: type: array items: type: object properties: ipBlock: type: object properties: cidr: type: string except: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object podSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object tls: type: object properties: authentication: type: object properties: type: type: string enum: - tls - scram-sha-512 required: - type networkPolicyPeers: type: array items: type: object properties: ipBlock: type: object properties: cidr: type: string except: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object podSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object external: type: object properties: authentication: type: object properties: type: type: string enum: - tls - scram-sha-512 required: - type networkPolicyPeers: type: array items: type: object properties: ipBlock: type: object properties: cidr: type: string except: type: array items: type: string namespaceSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object podSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object overrides: type: object properties: bootstrap: type: object properties: address: type: string nodePort: type: integer brokers: type: array items: type: object properties: broker: type: integer advertisedHost: type: string advertisedPort: type: integer nodePort: type: integer tls: type: boolean type: type: string enum: - route - loadbalancer - nodeport required: - type authorization: type: object properties: superUsers: type: array items: type: string type: type: string enum: - simple required: - type config: type: object rack: type: object properties: topologyKey: type: string example: failure-domain.beta.kubernetes.io/zone required: - topologyKey brokerRackInitImage: type: string affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 jvmOptions: type: object properties: -XX: type: object -Xms: type: string pattern: '[0-9]+[mMgG]?' -Xmx: type: string pattern: '[0-9]+[mMgG]?' gcLoggingEnabled: type: boolean resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' metrics: type: object logging: type: object properties: loggers: type: object name: type: string type: type: string enum: - inline - external required: - type tlsSidecar: type: object properties: image: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 logLevel: type: string enum: - emerg - alert - crit - err - warning - notice - info - debug readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' template: type: object properties: statefulset: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object pod: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: fsGroup: type: integer runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string supplementalGroups: type: array items: type: integer sysctls: type: array items: type: object properties: name: type: string value: type: string terminationGracePeriodSeconds: type: integer minimum: 0 bootstrapService: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object brokersService: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object externalBootstrapRoute: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object externalBootstrapService: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object perPodRoute: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object perPodService: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object maxUnavailable: type: integer minimum: 0 version: type: string required: - replicas - storage - listeners zookeeper: type: object properties: replicas: type: integer minimum: 1 image: type: string storage: type: object properties: class: type: string deleteClaim: type: boolean id: type: integer minimum: 0 selector: type: object size: type: string type: type: string enum: - ephemeral - persistent-claim required: - type config: type: object affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 jvmOptions: type: object properties: -XX: type: object -Xms: type: string pattern: '[0-9]+[mMgG]?' -Xmx: type: string pattern: '[0-9]+[mMgG]?' gcLoggingEnabled: type: boolean resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' metrics: type: object logging: type: object properties: loggers: type: object name: type: string type: type: string enum: - inline - external required: - type tlsSidecar: type: object properties: image: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 logLevel: type: string enum: - emerg - alert - crit - err - warning - notice - info - debug readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' template: type: object properties: statefulset: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object pod: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: fsGroup: type: integer runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string supplementalGroups: type: array items: type: integer sysctls: type: array items: type: object properties: name: type: string value: type: string terminationGracePeriodSeconds: type: integer minimum: 0 clientService: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object nodesService: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object maxUnavailable: type: integer minimum: 0 required: - replicas - storage topicOperator: type: object properties: watchedNamespace: type: string image: type: string reconciliationIntervalSeconds: type: integer minimum: 0 zookeeperSessionTimeoutSeconds: type: integer minimum: 0 affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' topicMetadataMaxAttempts: type: integer minimum: 0 tlsSidecar: type: object properties: image: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 logLevel: type: string enum: - emerg - alert - crit - err - warning - notice - info - debug readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' logging: type: object properties: loggers: type: object name: type: string type: type: string enum: - inline - external required: - type jvmOptions: type: object properties: gcLoggingEnabled: type: boolean entityOperator: type: object properties: topicOperator: type: object properties: watchedNamespace: type: string image: type: string reconciliationIntervalSeconds: type: integer minimum: 0 zookeeperSessionTimeoutSeconds: type: integer minimum: 0 resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' topicMetadataMaxAttempts: type: integer minimum: 0 logging: type: object properties: loggers: type: object name: type: string type: type: string enum: - inline - external required: - type jvmOptions: type: object properties: gcLoggingEnabled: type: boolean userOperator: type: object properties: watchedNamespace: type: string image: type: string reconciliationIntervalSeconds: type: integer minimum: 0 zookeeperSessionTimeoutSeconds: type: integer minimum: 0 resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' logging: type: object properties: loggers: type: object name: type: string type: type: string enum: - inline - external required: - type jvmOptions: type: object properties: gcLoggingEnabled: type: boolean affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string tlsSidecar: type: object properties: image: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 logLevel: type: string enum: - emerg - alert - crit - err - warning - notice - info - debug readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object pod: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: fsGroup: type: integer runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string supplementalGroups: type: array items: type: integer sysctls: type: array items: type: object properties: name: type: string value: type: string terminationGracePeriodSeconds: type: integer minimum: 0 clusterCa: type: object properties: generateCertificateAuthority: type: boolean validityDays: type: integer minimum: 1 renewalDays: type: integer minimum: 1 certificateExpirationPolicy: type: string enum: - renew-certificate - replace-key clientsCa: type: object properties: generateCertificateAuthority: type: boolean validityDays: type: integer minimum: 1 renewalDays: type: integer minimum: 1 certificateExpirationPolicy: type: string enum: - renew-certificate - replace-key maintenanceTimeWindows: type: array items: type: string required: - kafka - zookeeper ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/041-Crd-kafkaconnect.yaml
New file @@ -0,0 +1,552 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: kafkaconnects.kafka.strimzi.io labels: app: strimzi spec: group: kafka.strimzi.io version: v1alpha1 scope: Namespaced names: kind: KafkaConnect listKind: KafkaConnectList singular: kafkaconnect plural: kafkaconnects shortNames: - kc validation: openAPIV3Schema: properties: spec: type: object properties: replicas: type: integer image: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 jvmOptions: type: object properties: -XX: type: object -Xms: type: string pattern: '[0-9]+[mMgG]?' -Xmx: type: string pattern: '[0-9]+[mMgG]?' gcLoggingEnabled: type: boolean affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string logging: type: object properties: loggers: type: object name: type: string type: type: string enum: - inline - external required: - type metrics: type: object template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object pod: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: fsGroup: type: integer runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string supplementalGroups: type: array items: type: integer sysctls: type: array items: type: object properties: name: type: string value: type: string terminationGracePeriodSeconds: type: integer minimum: 0 apiService: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object maxUnavailable: type: integer minimum: 0 authentication: type: object properties: certificateAndKey: type: object properties: certificate: type: string key: type: string secretName: type: string required: - certificate - key - secretName passwordSecret: type: object properties: password: type: string secretName: type: string required: - password - secretName type: type: string enum: - tls - scram-sha-512 username: type: string required: - type bootstrapServers: type: string config: type: object externalConfiguration: type: object properties: env: type: array items: type: object properties: name: type: string valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - name - valueFrom volumes: type: array items: type: object properties: configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string required: - name resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' tls: type: object properties: trustedCertificates: type: array items: type: object properties: certificate: type: string secretName: type: string required: - certificate - secretName required: - trustedCertificates version: type: string required: - bootstrapServers ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/042-Crd-kafkaconnects2i.yaml
New file @@ -0,0 +1,554 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: kafkaconnects2is.kafka.strimzi.io labels: app: strimzi spec: group: kafka.strimzi.io version: v1alpha1 scope: Namespaced names: kind: KafkaConnectS2I listKind: KafkaConnectS2IList singular: kafkaconnects2i plural: kafkaconnects2is shortNames: - kcs2i validation: openAPIV3Schema: properties: spec: type: object properties: replicas: type: integer image: type: string livenessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 readinessProbe: type: object properties: initialDelaySeconds: type: integer minimum: 0 timeoutSeconds: type: integer minimum: 0 jvmOptions: type: object properties: -XX: type: object -Xms: type: string pattern: '[0-9]+[mMgG]?' -Xmx: type: string pattern: '[0-9]+[mMgG]?' gcLoggingEnabled: type: boolean affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string logging: type: object properties: loggers: type: object name: type: string type: type: string enum: - inline - external required: - type metrics: type: object template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object pod: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: fsGroup: type: integer runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string supplementalGroups: type: array items: type: integer sysctls: type: array items: type: object properties: name: type: string value: type: string terminationGracePeriodSeconds: type: integer minimum: 0 apiService: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object podDisruptionBudget: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object maxUnavailable: type: integer minimum: 0 authentication: type: object properties: certificateAndKey: type: object properties: certificate: type: string key: type: string secretName: type: string required: - certificate - key - secretName passwordSecret: type: object properties: password: type: string secretName: type: string required: - password - secretName type: type: string enum: - tls - scram-sha-512 username: type: string required: - type bootstrapServers: type: string config: type: object externalConfiguration: type: object properties: env: type: array items: type: object properties: name: type: string valueFrom: type: object properties: configMapKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean secretKeyRef: type: object properties: key: type: string name: type: string optional: type: boolean required: - name - valueFrom volumes: type: array items: type: object properties: configMap: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string name: type: string optional: type: boolean name: type: string secret: type: object properties: defaultMode: type: integer items: type: array items: type: object properties: key: type: string mode: type: integer path: type: string optional: type: boolean secretName: type: string required: - name insecureSourceRepository: type: boolean resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' tls: type: object properties: trustedCertificates: type: array items: type: object properties: certificate: type: string secretName: type: string required: - certificate - secretName required: - trustedCertificates tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string version: type: string required: - bootstrapServers ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/043-Crd-kafkatopic.yaml
New file @@ -0,0 +1,37 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: kafkatopics.kafka.strimzi.io labels: app: strimzi spec: group: kafka.strimzi.io version: v1alpha1 scope: Namespaced names: kind: KafkaTopic listKind: KafkaTopicList singular: kafkatopic plural: kafkatopics shortNames: - kt validation: openAPIV3Schema: properties: spec: type: object properties: partitions: type: integer minimum: 1 replicas: type: integer minimum: 1 maximum: 32767 config: type: object topicName: type: string required: - partitions - replicas ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/044-Crd-kafkauser.yaml
New file @@ -0,0 +1,93 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: kafkausers.kafka.strimzi.io labels: app: strimzi spec: group: kafka.strimzi.io version: v1alpha1 scope: Namespaced names: kind: KafkaUser listKind: KafkaUserList singular: kafkauser plural: kafkausers shortNames: - ku validation: openAPIV3Schema: properties: spec: type: object properties: authentication: type: object properties: type: type: string enum: - tls - scram-sha-512 required: - type authorization: type: object properties: acls: type: array items: type: object properties: host: type: string operation: type: string enum: - Read - Write - Create - Delete - Alter - Describe - ClusterAction - AlterConfigs - DescribeConfigs - IdempotentWrite - All resource: type: object properties: name: type: string patternType: type: string enum: - literal - prefix type: type: string enum: - topic - group - cluster - transactionalId required: - type type: type: string enum: - allow - deny required: - operation - resource type: type: string enum: - simple required: - acls - type required: - authentication ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/045-Crd-kafkamirrormaker.yaml
New file @@ -0,0 +1,519 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: kafkamirrormakers.kafka.strimzi.io labels: app: strimzi spec: group: kafka.strimzi.io version: v1alpha1 scope: Namespaced names: kind: KafkaMirrorMaker listKind: KafkaMirrorMakerList singular: kafkamirrormaker plural: kafkamirrormakers shortNames: - kmm validation: openAPIV3Schema: properties: spec: type: object properties: replicas: type: integer minimum: 1 image: type: string whitelist: type: string consumer: type: object properties: numStreams: type: integer minimum: 1 groupId: type: string bootstrapServers: type: string authentication: type: object properties: certificateAndKey: type: object properties: certificate: type: string key: type: string secretName: type: string required: - certificate - key - secretName passwordSecret: type: object properties: password: type: string secretName: type: string required: - password - secretName type: type: string enum: - tls - scram-sha-512 username: type: string required: - type config: type: object tls: type: object properties: trustedCertificates: type: array items: type: object properties: certificate: type: string secretName: type: string required: - certificate - secretName required: - trustedCertificates required: - groupId - bootstrapServers producer: type: object properties: bootstrapServers: type: string authentication: type: object properties: certificateAndKey: type: object properties: certificate: type: string key: type: string secretName: type: string required: - certificate - key - secretName passwordSecret: type: object properties: password: type: string secretName: type: string required: - password - secretName type: type: string enum: - tls - scram-sha-512 username: type: string required: - type config: type: object tls: type: object properties: trustedCertificates: type: array items: type: object properties: certificate: type: string secretName: type: string required: - certificate - secretName required: - trustedCertificates required: - bootstrapServers resources: type: object properties: limits: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' requests: type: object properties: cpu: type: string pattern: '[0-9]+m?$' memory: type: string pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' affinity: type: object properties: nodeAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: preference: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: object properties: nodeSelectorTerms: type: array items: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchFields: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string podAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string podAntiAffinity: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: podAffinityTerm: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string weight: type: integer requiredDuringSchedulingIgnoredDuringExecution: type: array items: type: object properties: labelSelector: type: object properties: matchExpressions: type: array items: type: object properties: key: type: string operator: type: string values: type: array items: type: string matchLabels: type: object namespaces: type: array items: type: string topologyKey: type: string tolerations: type: array items: type: object properties: effect: type: string key: type: string operator: type: string tolerationSeconds: type: integer value: type: string jvmOptions: type: object properties: -XX: type: object -Xms: type: string pattern: '[0-9]+[mMgG]?' -Xmx: type: string pattern: '[0-9]+[mMgG]?' gcLoggingEnabled: type: boolean logging: type: object properties: loggers: type: object name: type: string type: type: string enum: - inline - external required: - type metrics: type: object template: type: object properties: deployment: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object pod: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object imagePullSecrets: type: array items: type: object properties: name: type: string securityContext: type: object properties: fsGroup: type: integer runAsGroup: type: integer runAsNonRoot: type: boolean runAsUser: type: integer seLinuxOptions: type: object properties: level: type: string role: type: string type: type: string user: type: string supplementalGroups: type: array items: type: integer sysctls: type: array items: type: object properties: name: type: string value: type: string terminationGracePeriodSeconds: type: integer minimum: 0 podDisruptionBudget: type: object properties: metadata: type: object properties: labels: type: object annotations: type: object maxUnavailable: type: integer minimum: 0 version: type: string required: - replicas - whitelist - consumer - producer ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/cluster-operator/050-Deployment-strimzi-cluster-operator.yaml
New file @@ -0,0 +1,82 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: name: strimzi-cluster-operator labels: app: strimzi strimzi.io/kind: cluster-operator spec: replicas: 1 template: metadata: labels: name: strimzi-cluster-operator strimzi.io/kind: cluster-operator spec: serviceAccountName: strimzi-cluster-operator containers: - name: strimzi-cluster-operator image: registry.access.redhat.com/amq7/amq-streams-cluster-operator:1.1.0 imagePullPolicy: IfNotPresent env: - name: STRIMZI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS value: "120000" - name: STRIMZI_OPERATION_TIMEOUT_MS value: "300000" - name: STRIMZI_DEFAULT_ZOOKEEPER_IMAGE value: registry.access.redhat.com/amq7/amq-streams-zookeeper:1.1.0-kafka-2.1.1 - name: STRIMZI_KAFKA_IMAGES value: | 2.0.0=registry.access.redhat.com/amq7/amq-streams-kafka:1.1.0-kafka-2.0.0 2.1.1=registry.access.redhat.com/amq7/amq-streams-kafka:1.1.0-kafka-2.1.1 - name: STRIMZI_KAFKA_CONNECT_IMAGES value: | 2.0.0=registry.access.redhat.com/amq7/amq-streams-kafka-connect:1.1.0-kafka-2.0.0 2.1.1=registry.access.redhat.com/amq7/amq-streams-kafka-connect:1.1.0-kafka-2.1.1 - name: STRIMZI_KAFKA_CONNECT_S2I_IMAGES value: | 2.0.0=registry.access.redhat.com/amq7/amq-streams-kafka-connect-s2i:1.1.0-kafka-2.0.0 2.1.1=registry.access.redhat.com/amq7/amq-streams-kafka-connect-s2i:1.1.0-kafka-2.1.1 - name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES value: | 2.0.0=registry.access.redhat.com/amq7/amq-streams-kafka-mirror-maker:1.1.0-kafka-2.0.0 2.1.1=registry.access.redhat.com/amq7/amq-streams-kafka-mirror-maker:1.1.0-kafka-2.1.1 - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE value: registry.access.redhat.com/amq7/amq-streams-topic-operator:1.1.0 - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE value: registry.access.redhat.com/amq7/amq-streams-user-operator:1.1.0 - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE value: registry.access.redhat.com/amq7/amq-streams-kafka-init:1.1.0 - name: STRIMZI_DEFAULT_TLS_SIDECAR_ZOOKEEPER_IMAGE value: registry.access.redhat.com/amq7/amq-streams-zookeeper-stunnel:1.1.0 - name: STRIMZI_DEFAULT_TLS_SIDECAR_KAFKA_IMAGE value: registry.access.redhat.com/amq7/amq-streams-kafka-stunnel:1.1.0 - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE value: registry.access.redhat.com/amq7/amq-streams-entity-operator-stunnel:1.1.0 - name: STRIMZI_LOG_LEVEL value: INFO livenessProbe: httpGet: path: /healthy port: 8080 initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 10 periodSeconds: 30 resources: limits: cpu: 1000m memory: 256Mi requests: cpu: 200m memory: 256Mi strategy: type: Recreate ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/strimzi-admin/010-ClusterRole-strimzi-admin.yaml
New file @@ -0,0 +1,24 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: strimzi-admin labels: app: strimzi rules: - apiGroups: - "kafka.strimzi.io" resources: - kafkas - kafkaconnects - kafkaconnects2is - kafkamirrormakers - kafkausers - kafkatopics verbs: - get - list - watch - create - delete - patch - update ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/topic-operator/01-ServiceAccount-strimzi-topic-operator.yaml
New file @@ -0,0 +1,10 @@ apiVersion: v1 kind: ServiceAccount metadata: name: strimzi-topic-operator labels: app: strimzi chart: strimzi-kafka-operator-0.1.0 component: kafka-service-account release: RELEASE-NAME heritage: Tiller ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/topic-operator/02-Role-strimzi-topic-operator.yaml
New file @@ -0,0 +1,25 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: name: strimzi-topic-operator labels: app: strimzi rules: - apiGroups: - "kafka.strimzi.io" resources: - kafkatopics verbs: - get - list - watch - create - patch - update - delete - apiGroups: - "" resources: - events verbs: - create ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/topic-operator/03-RoleBinding-strimzi-topic-operator.yaml
New file @@ -0,0 +1,13 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: strimzi-topic-operator labels: app: strimzi subjects: - kind: ServiceAccount name: strimzi-topic-operator roleRef: kind: Role name: strimzi-topic-operator apiGroup: rbac.authorization.k8s.io ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/topic-operator/04-Crd-kafkatopic.yaml
New file @@ -0,0 +1,37 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: kafkatopics.kafka.strimzi.io labels: app: strimzi spec: group: kafka.strimzi.io version: v1alpha1 scope: Namespaced names: kind: KafkaTopic listKind: KafkaTopicList singular: kafkatopic plural: kafkatopics shortNames: - kt validation: openAPIV3Schema: properties: spec: type: object properties: partitions: type: integer minimum: 1 replicas: type: integer minimum: 1 maximum: 32767 config: type: object topicName: type: string required: - partitions - replicas ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/topic-operator/05-Deployment-strimzi-topic-operator.yaml
New file @@ -0,0 +1,59 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: name: strimzi-topic-operator labels: app: strimzi spec: replicas: 1 template: metadata: labels: name: strimzi-topic-operator spec: serviceAccountName: strimzi-topic-operator containers: - name: strimzi-topic-operator image: registry.access.redhat.com/amq7/amq-streams-topic-operator:1.1.0 env: - name: STRIMZI_RESOURCE_LABELS value: "strimzi.io/cluster=my-cluster" - name: STRIMZI_KAFKA_BOOTSTRAP_SERVERS value: my-cluster-kafka-bootstrap:9092 - name: STRIMZI_ZOOKEEPER_CONNECT value: my-cluster-zookeeper-client:2181 - name: STRIMZI_ZOOKEEPER_SESSION_TIMEOUT_MS value: "20000" - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS value: "900000" - name: STRIMZI_TOPIC_METADATA_MAX_ATTEMPTS value: "6" - name: STRIMZI_LOG_LEVEL value: INFO - name: STRIMZI_TLS_ENABLED value: "false" - name: STRIMZI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace livenessProbe: httpGet: path: /healthy port: 8080 initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 10 periodSeconds: 30 resources: limits: memory: 96Mi cpu: 100m requests: memory: 96Mi cpu: 100m strategy: type: Recreate ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/user-operator/01-ServiceAccount-strimzi-user-operator.yaml
New file @@ -0,0 +1,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: strimzi-user-operator labels: app: strimzi ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/user-operator/02-Role-strimzi-user-operator.yaml
New file @@ -0,0 +1,30 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: name: strimzi-user-operator labels: app: strimzi rules: - apiGroups: - "kafka.strimzi.io" resources: - kafkausers verbs: - get - list - watch - create - patch - update - delete - apiGroups: - "" resources: - secrets verbs: - get - list - create - patch - update - delete ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/user-operator/03-RoleBinding-strimzi-user-operator.yaml
New file @@ -0,0 +1,13 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: strimzi-user-operator labels: app: strimzi subjects: - kind: ServiceAccount name: strimzi-user-operator roleRef: kind: Role name: strimzi-user-operator apiGroup: rbac.authorization.k8s.io ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/user-operator/04-Crd-kafkauser.yaml
New file @@ -0,0 +1,93 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: kafkausers.kafka.strimzi.io labels: app: strimzi spec: group: kafka.strimzi.io version: v1alpha1 scope: Namespaced names: kind: KafkaUser listKind: KafkaUserList singular: kafkauser plural: kafkausers shortNames: - ku validation: openAPIV3Schema: properties: spec: type: object properties: authentication: type: object properties: type: type: string enum: - tls - scram-sha-512 required: - type authorization: type: object properties: acls: type: array items: type: object properties: host: type: string operation: type: string enum: - Read - Write - Create - Delete - Alter - Describe - ClusterAction - AlterConfigs - DescribeConfigs - IdempotentWrite - All resource: type: object properties: name: type: string patternType: type: string enum: - literal - prefix type: type: string enum: - topic - group - cluster - transactionalId required: - type type: type: string enum: - allow - deny required: - operation - resource type: type: string enum: - simple required: - acls - type required: - authentication ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/install/user-operator/05-Deployment-strimzi-user-operator.yaml
New file @@ -0,0 +1,63 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: name: strimzi-user-operator labels: app: strimzi spec: replicas: 1 template: metadata: labels: name: strimzi-user-operator spec: serviceAccountName: strimzi-user-operator containers: - name: strimzi-user-operator image: registry.access.redhat.com/amq7/amq-streams-user-operator:1.1.0 env: - name: STRIMZI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: STRIMZI_LABELS value: "strimzi.io/cluster=my-cluster" - name: STRIMZI_CA_CERT_NAME value: my-cluster-clients-ca-cert - name: STRIMZI_CA_KEY_NAME value: my-cluster-clients-ca - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS value: "120000" - name: STRIMZI_ZOOKEEPER_CONNECT value: my-cluster-zookeeper-client:2181 - name: STRIMZI_ZOOKEEPER_SESSION_TIMEOUT_MS value: "20000" - name: STRIMZI_LOG_LEVEL value: INFO - name: STRIMZI_GC_LOG_ENABLED value: "true" - name: STRIMZI_CA_VALIDITY value: "365" - name: STRIMZI_CA_RENEWAL value: "30" livenessProbe: httpGet: path: /healthy port: 8081 initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: /ready port: 8081 initialDelaySeconds: 10 periodSeconds: 30 resources: limits: memory: 256Mi cpu: 500m requests: memory: 256Mi cpu: 100m strategy: type: Recreate ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/personalization-rules-build-config-template.json
New file @@ -0,0 +1,67 @@ { "Kind": "Template", "apiVersion": "v1", "metadata": { "name": "personalizationRulesBuildConfigTemplate", "creationTimestamp": null, "annotations": { "description": "This template will create a single buildConfig for our Personalization Rules.", "tags": "" } }, "objects": [ { "apiVersion": "build.openshift.io/v1", "kind": "BuildConfig", "metadata": { "creationTimestamp": null, "labels": { "app": "personalization-dm" }, "name": "personalization-dm" }, "spec": { "failedBuildsHistoryLimit": 5, "nodeSelector": null, "output": {}, "postCommit": {}, "resources": {}, "runPolicy": "Serial", "source": { "git": { "uri": "https://github.com/snandakumar87/OfferManagementDMNModel" }, "type": "Git" }, "strategy": { "sourceStrategy": { "env": [ { "name": "NEXUSREPO", "value": "${NEXUSREPO}" } ], "from": { "kind": "ImageStreamTag", "name": "java:8", "namespace": "openshift" } }, "type": "Source" }, "successfulBuildsHistoryLimit": 5 } } ], "parameters": [ { "name": "NEXUSREPO", "description": "Location of the Nexus repository", "required": true } ], "labels": { "template": "buildConfigTemplate" } } ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/provision-properties-static.sh
New file @@ -0,0 +1,11 @@ PRJ_NAME="dm7-red" PRJ_DESCRIPTION="Red Hat Decision Manager 7 Realtime Event Decisioning Demo" DECISION_CENTRAL_REST_URL="$DC_URL/rest" SPACE="DemoSpace" DEFAULT_GROUPID="com.redhat" PROJECT_GIT="https://github.com/jbossdemocentral/rhdm-realtime-event-decisioning-demo-personalization-repo" PROJECT_ID="Personalization_Rules" PROJECT_NAME="Personalization_Rules" USERNAME="dmAdmin" PASSWORD="redhatdm1!" ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/rhpam_openshift_dmn_pmml/bc_docker_build/Dockerfile
New file @@ -0,0 +1,16 @@ FROM registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.5.0 # jPMML ADD https://search.maven.org/remotecontent?filepath=org/jpmml/pmml-evaluator/1.4.9/pmml-evaluator-1.4.9.jar /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-1.4.9.jar ADD https://search.maven.org/remotecontent?filepath=org/jpmml/pmml-evaluator-extension/1.4.9/pmml-evaluator-extension-1.4.9.jar /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-extension-1.4.9.jar ADD https://search.maven.org/remotecontent?filepath=org/kie/kie-dmn-jpmml/7.27.0.Final/kie-dmn-jpmml-7.27.0.Final.jar /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/kie-dmn-jpmml-7.27.0.Final.jar USER root RUN chown jboss:root /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-1.4.9.jar && \ chown jboss:root /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-extension-1.4.9.jar && \ chown jboss:root /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/kie-dmn-jpmml-7.27.0.Final.jar && \ chmod 664 /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-1.4.9.jar && \ chmod 664 /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-extension-1.4.9.jar && \ chmod 664 /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/kie-dmn-jpmml-7.27.0.Final.jar USER jboss ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/rhpam_openshift_dmn_pmml/ks_docker_build/Dockerfile
New file @@ -0,0 +1,20 @@ FROM docker-registry.default.svc:5000/openshift/rhpam-kieserver-rhel8:7.5.0 # jPMML ADD https://search.maven.org/remotecontent?filepath=org/jpmml/pmml-evaluator/1.4.9/pmml-evaluator-1.4.9.jar /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-1.4.9.jar ADD https://search.maven.org/remotecontent?filepath=org/jpmml/pmml-evaluator-extension/1.4.9/pmml-evaluator-extension-1.4.9.jar /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-extension-1.4.9.jar ADD https://search.maven.org/remotecontent?filepath=org/kie/kie-dmn-jpmml/7.27.0.Final/kie-dmn-jpmml-7.27.0.Final.jar /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/kie-dmn-jpmml-7.27.0.Final.jar COPY contrib/gdemo-prometheus-metrics-provider-1.0.0.jar /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/gdemo-prometheus-metrics-provider-1.0.0.jar USER root RUN chown jboss:root /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-1.4.9.jar && \ chown jboss:root /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-extension-1.4.9.jar && \ chown jboss:root /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/kie-dmn-jpmml-7.27.0.Final.jar && \ chown jboss:root /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/gdemo-prometheus-metrics-provider-1.0.0.jar && \ chmod 664 /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-1.4.9.jar && \ chmod 664 /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/pmml-evaluator-extension-1.4.9.jar && \ chmod 664 /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/kie-dmn-jpmml-7.27.0.Final.jar && \ chmod 664 /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/gdemo-prometheus-metrics-provider-1.0.0.jar USER jboss ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/files/rhpam_openshift_dmn_pmml/ks_docker_build/contrib/gdemo-prometheus-metrics-provider-1.0.0.jarBinary files differ
ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/readme.adoc
New file @@ -0,0 +1,131 @@ = ocp-workload-developer-environment - Sample Config == Role overview * This is a simple role that does the following: ** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an environment for the workload deployment *** Adds a user to a list of groups defined in the link:./defaults/main.yml[defaults file]. *** Sets a cluster resource quota for the user based on the variables in the link:./defaults/main.yml[defaults file] . *** Debug task will print out: `pre_workload Tasks Complete` ** Playbook: link:./tasks/workload.yml[workload.yml] - Used to deploy the actual workload, i.e, 3scale, Mobile or some Demo *** This role doesn't do anything here *** Debug task will print out: `workload Tasks Complete` ** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to configure the workload after deployment *** This role doesn't do anything here *** Debug task will print out: `post_workload Tasks Complete` == Review the defaults variable file * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload. * You can modify any of these default values by adding `-e"variable_name=variable_value"` to the command line === Deploy Workload on OpenShift Cluster from an existing playbook: [source,yaml] ---- - name: Deploy a workload role on a master host hosts: all become: true gather_facts: False tags: - step007 roles: - { role: "{{ocp_workload}}", when: 'ocp_workload is defined' } ---- NOTE: You might want to change `hosts: all` to fit your requirements === Common configuration to run these playbooks You should have these environment variables defined/exported in your system in order to run these playbooks. ---- HOST_GUID=dev37 TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" OCP_USERNAME="snandaku-redhat.com" SSH_USER="opentlc-mgr" SSH_PRIVATE_KEY="id_rsa" GUID=duncandoyle ---- === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] ---- WORKLOAD="ocp-workload-pam7-offer-management-dmn-pmml" # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ -e"ansible_user=${SSH_USER}" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ocp_user_needs_quota=true" \ -e"ocp_master=master.${HOST_GUID}.openshift.opentlc.com" \ -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ -e"ACTION=create" ---- === To Delete an environment Use the common configuration first. Then run this. ---- WORKLOAD="ocp-workload-pam7-offer-management-dmn-pmml" # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ -e"ansible_user=${SSH_USER}" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ACTION=remove" ---- == Set up your Ansible inventory file * You can create an Ansible inventory file to define your connection method to your host (Master/Bastion with OC command) * You can also use the command line to define the hosts directly if your `ssh` configuration is set to connect to the host correctly * You can also use the command line to use localhost or if your cluster is already authenticated and configured in your `oc` configuration [source, ini] .example inventory file ---- [gptehosts:vars] ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem ansible_user=ec2-user [gptehosts:children] openshift [openshift] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com bastion.cluster3.openshift.opentlc.com ansible_ssh_host=ec2-11-111-111-11.us-west-2.compute.amazonaws.com bastion.cluster4.openshift.opentlc.com [dev] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com [prod] bastion.cluster3.openshift.opentlc.com bastion.cluster4.openshift.opentlc.com ---- ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/tasks/main.yml
New file @@ -0,0 +1,20 @@ --- - name: Running Pre Workload Tasks import_tasks: ./pre_workload.yml become: false when: ACTION == "create" or ACTION == "provision" - name: Running Workload Tasks import_tasks: ./workload.yml become: false when: ACTION == "create" or ACTION == "provision" - name: Running Post Workload Tasks import_tasks: ./post_workload.yml become: false when: ACTION == "create" or ACTION == "provision" - name: Running Workload removal Tasks import_tasks: ./remove_workload.yml become: false when: ACTION == "destroy" or ACTION == "remove" ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/tasks/post_workload.yml
New file @@ -0,0 +1,9 @@ --- - name: Delete the remote files used in this role file: path: /tmp/{{guid}} state: absent - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully" ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/tasks/pre_workload.yml
New file @@ -0,0 +1,46 @@ --- # - name: Add user to developer group (allowed to create projects) # shell: "oadm groups add-users {{item}} {{ocp_username}}" # register: groupadd_register # with_items: "{{ocp_user_groups}}" # when: ocp_username is defined and ocp_user_groups is defined # # - name: test that command worked # debug: # var: groupadd_register # verbosity: 2 - name: Show path shell: "echo $PATH" - name: Create user Quota - clusterresourcequota shell: | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ --hard requests.cpu="{{quota_requests_cpu}}" \ --hard limits.cpu="{{quota_limits_cpu}}" \ --hard requests.memory="{{quota_requests_memory}}" \ --hard limits.memory="{{quota_limits_memory}}" \ --hard configmaps="{{quota_configmaps}}" \ --hard pods="{{quota_pods}}" \ --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ --hard services="{{quota_services}}" \ --hard secrets="{{quota_secrets}}" \ --hard requests.storage="{{quota_requests_storage}}" ignore_errors: true - name: Copy the files used in this role synchronize: src: "files/" dest: "/tmp/{{guid}}/" rsync_opts: - "--no-motd" - "--exclude=.git,*.qcow2" use_ssh_args: true - name: pre_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully" ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/tasks/remove_workload.yml
New file @@ -0,0 +1,20 @@ --- - name: post_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully - Removed" - name: define OCP_PROJECT set_fact: OCP_PROJECT: "rhpam7-offer-management-{{guid}}" - name: Remove user Project shell: "oc delete project {{ OCP_PROJECT }}" ignore_errors: true - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} ignore_errors: true - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully - Removed" ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/tasks/rhpam_openshift_dmn_pmml_workload.yml
New file @@ -0,0 +1,62 @@ --- # TODO: Replace the ImageStream approach with Binary Builds from a Dockerfile that patch the BC and KIE-Server images with PMML support and Prometheus Metrics Provider. - name: Debug message debug: msg: "Adding jPMML support to RHPAM 7.5." - name: Create Business Central DMN PMML build shell: oc new-build --strategy docker --image-stream="openshift/rhpam-businesscentral-rhel8:7.5.0" --binary --name rhpam-businesscentral-rhel8-dmn-pmml -n {{ OCP_PROJECT }} - name: Create KIE-Server DMN PMML build shell: oc new-build --strategy docker --image-stream="openshift/rhpam-kieserver-rhel8:7.5.0" --binary --name rhpam-kieserver-rhel8-dmn-pmml -n {{ OCP_PROJECT }} - name: "Configure Business Central ImageStream" shell: "oc patch dc/{{ pam_app_name }}-rhpamcentr --type='json' -p '[{\"op\": \"replace\", \"path\": \"/spec/triggers/0/imageChangeParams/from/name\", \"value\": \"rhpam-businesscentral-rhel8-dmn-pmml:latest\"}]' -n {{ OCP_PROJECT }}" ignore_errors: true - name: "Configure Business Central ImageStream Namespace" shell: "oc patch dc/{{ pam_app_name }}-rhpamcentr --type='json' -p '[{\"op\": \"replace\", \"path\": \"/spec/triggers/0/imageChangeParams/from/namespace\", \"value\": \"{{OCP_PROJECT}}\"}]' -n {{ OCP_PROJECT }}" - name: "Configure KIE-Server ImageStream" shell: "oc patch dc/{{ pam_app_name }}-kieserver --type='json' -p '[{\"op\": \"replace\", \"path\": \"/spec/triggers/0/imageChangeParams/from/name\", \"value\": \"rhpam-kieserver-rhel8-dmn-pmml:latest\"}]' -n {{ OCP_PROJECT }}" ignore_errors: true - name: "Configure KIE-Server ImageStream Namespace" shell: "oc patch dc/{{ pam_app_name }}-kieserver --type='json' -p '[{\"op\": \"replace\", \"path\": \"/spec/triggers/0/imageChangeParams/from/namespace\", \"value\": \"{{OCP_PROJECT}}\"}]' -n {{ OCP_PROJECT }}" ignore_errors: true #------------------------------------ Disable the OpenShift Startup Strategy and revert to the old Controller Strategy ------------------------------------------ - name: "Configure Business Central Environment Variables" shell: "oc set env dc/{{ pam_app_name }}-rhpamcentr KIE_WORKBENCH_CONTROLLER_OPENSHIFT_ENABLED=false" - name: "Configure KIE-Server Environment Variables" shell: "oc set env dc/{{ pam_app_name }}-kieserver KIE_SERVER_STARTUP_STRATEGY=ControllerBasedStartupStrategy KIE_SERVER_CONTROLLER_USER={{ kie_server_controller_user }} KIE_SERVER_CONTROLLER_PWD={{ kie_server_controller_pwd }} KIE_SERVER_CONTROLLER_SERVICE={{ pam_app_name }}-rhpamcentr KIE_SERVER_CONTROLLER_PROTOCOL=ws KIE_SERVER_ROUTE_NAME=insecure-{{ pam_app_name }}-kieserver" - name: "Configure KIE-Server Prometheus plugin environment variables." shell: "oc set env dc/{{ pam_app_name }}-kieserver JAVA_OPTS_APPEND=\"-Dorg.kie.prometheus.server.ext.disabled=false -Dorg.kie.prometheus.server.ext.metrics=org.kie.server.services.prometheus.PrometheusMetricsDMNListener\" -n {{ OCP_PROJECT }}" #---------------------------------------------------------------------------------------------------------------------- - name: Start Business Central DMN PMML build shell: oc start-build rhpam-businesscentral-rhel8-dmn-pmml --from-dir /tmp/{{guid}}/rhpam_openshift_dmn_pmml/bc_docker_build -n {{ OCP_PROJECT }} - name: Start KIE-Server DMN PMML Builds shell: oc start-build rhpam-kieserver-rhel8-dmn-pmml --from-dir /tmp/{{guid}}/rhpam_openshift_dmn_pmml/ks_docker_build -n {{ OCP_PROJECT }} # - include_tasks: ./wait_for_build.yml # vars: # build_to_wait: # - rhpam-businesscentral-rhel8-dmn-pmml # - rhpam-kieserver-rhel8-dmn-pmml ## TODO: Wait for deploy script does not work if there were previous ReplicationControllers (from a previous version) that were succesfully deployed. ## Not sure how to solve this, as the RepController JSON does not say which one is currently deploying, or if a rep controller superseeded another one .... #- include_tasks: ./wait_for_deploy.yml # vars: # pod_to_wait: # - "{{pam_app_name}}-rhpamcentr" # - "{{pam_app_name}}-kieserver" ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/tasks/wait_for_build.yml
New file @@ -0,0 +1,23 @@ --- # Purpose: # This script queries ocP for builds that exist but are not yet ready. # So long as there are unready builds, this script continues to loop # # Manual Test to determine list of unready builds : # 1) install jp : https://github.com/jmespath/jp # 2) ocget builds -o json | jp "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" # # Documentation pertaining to jq syntax: # - http://jmespath.org/tutorial.html # - https://stackoverflow.com/questions/41261680/ansible-json-query-path-to-select-item-by-content # - name: "Wait for following builds to become ready: {{build_to_wait}}" command: 'oc get build -o json -n "{{ OCP_PROJECT }}"' register: build_state changed_when: false retries: "{{ build_status_retries }}" delay: "{{ build_status_delay }}" vars: query: "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" until: "build_state.stdout |from_json |json_query(query) |intersect(build_to_wait) |length == 0" ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/tasks/wait_for_deploy.yml
New file @@ -0,0 +1,30 @@ --- # Purpose: # This script queries ocP for replication controllers that exist but are not yet ready. # So long as there are unready replication controllers, this script continues to loop # # Manual Test to determine list of unready replication controllers : # 1) install jp : https://github.com/jmespath/jp # 2) ocget rc -o json | jp 'items[? (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"' # - name: "Wait for following replication controllers to be created: {{ item }}" command: 'oc get rc -o json -n "{{ OCP_PROJECT }}"' register: rc_state changed_when: false retries: "{{ deploy_status_retries }}" delay: "{{ deploy_status_delay }}" until: 'rc_state.stdout |from_json | json_query("items[? (kind == ''ReplicationController'')].metadata.annotations.\"openshift.io/deployment-config.name\"") |intersect(item) |length >= 1' loop: "{{pod_to_wait}}" - name: "Wait for following deployments to become ready: {{pod_to_wait}}" command: 'oc get rc -o json -n "{{ OCP_PROJECT }}"' register: rc_state changed_when: false retries: "{{ deploy_status_retries }}" delay: "{{ deploy_status_delay }}" until: 'rc_state.stdout |from_json |json_query("items[? ((status.readyReplicas == \"\" || status.readyReplicas == ''`0`'') && (metadata.annotations.\"openshift.io/deployment.cancelled\" != ''true''))].metadata.annotations.\"openshift.io/deployment-config.name\"") |intersect(pod_to_wait) |length == 0' # Documentation pertaining to jq syntax: # - http://jmespath.org/tutorial.html ansible/roles/ocp-workload-pam7-offer-management-dmn-pmml/tasks/workload.yml
New file @@ -0,0 +1,274 @@ --- - name: define OCP_PROJECT set_fact: OCP_PROJECT: rhpam7-offermgt-{{guid}} - name: define ELASTIC_PROJ set_fact: ELASTIC_PROJ: elastic-{{guid}} # Templates come from here: https://raw.githubusercontent.com/jorgemoralespou/ose-sample-apps-layouts - name: "Elastic CRDs" shell: "oc apply -f https://download.elastic.co/downloads/eck/1.0.0/all-in-one.yaml" - name: "Project for elastic" shell: oc new-project {{ ELASTIC_PROJ }} - name: "Elastic deploy" k8s: state: present src: /tmp/{{guid}}/elastic_deploy.yaml namespace: "{{ ELASTIC_PROJ }}" - name: "Kibana deploy" k8s: state: present src: /tmp/{{guid}}/deploy_kibana.yaml namespace: "{{ ELASTIC_PROJ }}" - name: Create project for rhpam7 offer management shell: | oc new-project {{ OCP_PROJECT }} \ --display-name="RHPAM7 Offer Management" \ --description="Red Hat Process Automation Manager 7 Offer Management Demo" ignore_errors: true - name: Check if PAM ImageStreams exists shell: oc get is/rhpam-businesscentral-rhel8 -n openshift register: rhpam_is_exists_result ignore_errors: true - name: Wait for RHPAM ImageStream tags to be available shell: "oc get is -n openshift | grep -i rhpam | grep -i {{pam_imagestreams_tag}}" register: result until: result.stdout != "" retries: 5 delay: 10 - name: Import the RHPAM ImageStreams into the cluster. shell: "oc create -f {{pam_imagestreams_yml}} -n openshift" when: rhpam_is_exists_result is failed ignore_errors: true - name: Import PAM template shell: "oc create -f {{pam_template_yml}} -n {{ OCP_PROJECT }}" - name: Create Secrets Business Central shell: oc process -f {{pam_secrets_template_yml}} -p SECRET_NAME=businesscentral-app-secret | oc create -f - -n {{ OCP_PROJECT }} - name: Create Secrets KIE-server shell: oc process -f {{pam_secrets_template_yml}} -p SECRET_NAME=kieserver-app-secret | oc create -f - -n {{ OCP_PROJECT }} - name: Create Service Account Business Central shell: oc create serviceaccount businesscentral-service-account -n {{ OCP_PROJECT }} - name: Create Service Account KIE Server shell: oc create serviceaccount kieserver-service-account -n {{ OCP_PROJECT }} - name: Link secrets and service account Business Central shell: oc secrets link --for=mount businesscentral-service-account businesscentral-app-secret -n {{ OCP_PROJECT }} - name: Link secrets and service account KIE-server shell: oc secrets link --for=mount kieserver-service-account kieserver-app-secret -n {{ OCP_PROJECT }} - name: Create PAM7 Authoring environment 2 shell: | oc new-app --template=rhpam75-trial-ephemeral \ --name={{pam_app_name}} \ -p APPLICATION_NAME={{pam_app_name}} \ -p IMAGE_STREAM_NAMESPACE=openshift \ -p KIE_ADMIN_USER={{ kie_admin_user }} \ -p KIE_SERVER_USER={{ kie_server_user }} \ -p KIE_SERVER_CONTROLLER_USER="{{ kie_server_controller_user }}" \ -p BUSINESS_CENTRAL_MEMORY_LIMIT="2Gi" \ -p KIE_SERVER_MEMORY_LIMIT="2Gi" \ -e JAVA_OPTS_APPEND="-Dorg.jbpm.document.storage=/opt/eap/standalone/data/documents" - name: Configure Liveness probe shell: "oc set probe dc/{{pam_app_name}}-rhpamcentr --liveness --initial-delay-seconds=360 -n {{ OCP_PROJECT }}" - name: Configure Readiness probe shell: "oc set probe dc/{{pam_app_name}}-rhpamcentr --readiness --initial-delay-seconds=90 -n {{ OCP_PROJECT }}" - name: Set KIE_ADMIN Password Business Central shell: "oc set env dc/{{pam_app_name}}-rhpamcentr KIE_ADMIN_PWD=redhatpam1! -n {{ OCP_PROJECT }}" - name: Set KIE_ADMIN Password KIE-Server shell: "oc set env dc/{{pam_app_name}}-kieserver KIE_ADMIN_PWD=redhatpam1! -n {{ OCP_PROJECT }}" - name: Disable OpenShiftStartupStrategy shell: "oc set env dc/{{pam_app_name}}-rhpamcentr KIE_WORKBENCH_CONTROLLER_OPENSHIFT_ENABLED=false KIE_SERVER_CONTROLLER_PWD=test1234! -n {{ OCP_PROJECT }}" - name: Configure KIE-Server shell: "oc set env dc/{{pam_app_name}}-kieserver KIE_SERVER_STARTUP_STRATEGY=ControllerBasedStartupStrategy KIE_SERVER_CONTROLLER_USER=controllerUser KIE_SERVER_CONTROLLER_PWD=test1234! KIE_SERVER_CONTROLLER_SERVICE=rhpam7-rhpamcentr KIE_SERVER_CONTROLLER_PROTOCOL=ws KIE_SERVER_ROUTE_NAME=insecure-{{pam_app_name}}-kieserver -n {{ OCP_PROJECT }}" - name: Running RHPAM DMN PMML build. import_tasks: ./rhpam_openshift_dmn_pmml_workload.yml - name: "Get KIE-Server Route" shell: "oc get route insecure-{{pam_app_name}}-kieserver | awk 'FNR > 1 {print $2}'" register: oc_get_route_output - name: "Set KIE Server Route fact" set_fact: kie_server_route: "{{ oc_get_route_output.stdout }}" - name: "Get ocP Domain Suffix" shell: "oc get route insecure-{{pam_app_name}}-kieserver | awk 'FNR > 1 {print $2}'| cut -d\".\" -f2-" register: oc_get_domain_suffix_output - name: "ocP Domain Suffix fact" set_fact: ocp_domain_suffix: "{{ oc_get_domain_suffix_output.stdout }}" - name: "Create Nexus template" shell: "oc create -f https://raw.githubusercontent.com/OpenShiftDemos/nexus/master/nexus3-template.yaml -n {{ OCP_PROJECT }}" - name: "Create Nexus persistent template" shell: "oc create -f https://raw.githubusercontent.com/monodot/openshift-nexus/master/nexus3-persistent-template.yaml -n {{ OCP_PROJECT }}" - name: "Create Nexus Persistent application." shell: "oc new-app nexus3-persistent -n {{ OCP_PROJECT }}" - name: "Import Kafka/Strimzi templates." shell: "oc apply -f /tmp/{{guid}}/examples/templates/cluster-operator -n {{OCP_PROJECT}}" - name: "Create Strimzi cluster operator role binding." shell: "oc adm policy add-cluster-role-to-user strimzi-cluster-operator-namespaced --serviceaccount strimzi-cluster-operator -n {{OCP_PROJECT}}" - name: "Create Strimzi entity operator role binding." shell: "oc adm policy add-cluster-role-to-user strimzi-entity-operator --serviceaccount strimzi-cluster-operator -n {{OCP_PROJECT}}" - name: "Create Strimzi topic operator role binding. " shell: "oc adm policy add-cluster-role-to-user strimzi-topic-operator --serviceaccount strimzi-cluster-operator -n {{OCP_PROJECT}}" - name: "Install Strimzi cluster operator." shell: "oc apply -f /tmp/{{guid}}/install/cluster-operator -n {{OCP_PROJECT}}" - name: "Create ephemeral Kafka cluster" shell: "oc apply -f /tmp/{{guid}}/examples/kafka/kafka-ephemeral.yaml -n {{OCP_PROJECT}}" - name: "Create OpenJDK ImageStream." shell: "oc create -f https://raw.githubusercontent.com/jboss-openshift/application-templates/ose-v1.4.15/openjdk/openjdk18-image-stream.json -n {{OCP_PROJECT}}" - include_tasks: ./wait_for_deploy.yml vars: pod_to_wait: - nexus - name: "Create KJAR Build Config" shell: "oc process -f /tmp/{{guid}}/personalization-rules-build-config-template.json -p NEXUSREPO=\"http://nexus.{{OCP_PROJECT}}.svc.cluster.local:8081\" | oc create -f - -n {{OCP_PROJECT}}" - name: "Start KJAR Build." shell: "oc start-build personalization-dm -n {{OCP_PROJECT}}" - name : "Data grid" shell: "oc import-image -n openshift registry.access.redhat.com/jboss-datagrid-7/datagrid72-openshift --confirm" - name : "create cache" shell: "oc new-app --name=offer-management-cache \ --image-stream=datagrid72-openshift:latest \ -e INFINISPAN_CONNECTORS=hotrod \ -e CACHE_NAMES=customerCache,pastTransactionCache \ -e HOTROD_SERVICE_NAME=offer-management-cache\ -e HOTROD_AUTHENTICATION=true \ -e USERNAME=jdguser \ -e PASSWORD=P@ssword1" - name: "Create customer history repo build" shell: "oc process -f /tmp/{{guid}}/customer-hist-repo-config-template.json -p NEXUSREPO=\"http://nexus.{{OCP_PROJECT}}.svc.cluster.local:8081\" | oc create -f - -n {{OCP_PROJECT}}" - name: "Start KJAR Build." shell: "oc start-build cache-load-service -n {{OCP_PROJECT}}" - include_tasks: ./wait_for_build.yml vars: build_to_wait: - personalization-dm - cache-load-service - name: "load cache" shell: "oc new-app java:8~https://github.com/snandakumar87/cache-load-repository.git --name=load-cache-service -e JAVA_APP_JAR=cache-load-service-1.0.0.0-fat.jar --build-env=\"NEXUSREPO=http://nexus.{{OCP_PROJECT}}.svc.cluster.local:8081\" -n {{OCP_PROJECT}}" - name: "Create Event Emitter application" shell: | oc new-app centos/python-36-centos7~https://github.com/snandakumar87/transaction-events-emitter.git \ --name=event-emitter \ -e KAFKA_BROKERS=my-cluster-kafka-brokers \ -e KAFKA_TOPIC=event-input-stream\ -e RATE=1 \ --name=emitter -n {{OCP_PROJECT}} - name: "Create Event Analysis application" shell: "oc new-app java:8~https://github.com/snandakumar87/offer-analysis.git --name=offer-analysis --build-env=\"NEXUSREPO=http://nexus.{{OCP_PROJECT}}.svc.cluster.local:8081\" -n {{OCP_PROJECT}}" - name: "elastic password" shell: "echo $(oc -n {{ELASTIC_PROJ}} get secret elasticsearch-sample-es-elastic-user -o=jsonpath='{.data.elastic}' | base64 --decode)" register: elasticpwd - name: "elastic route" shell: "echo $(oc get routes -n {{ELASTIC_PROJ}} elasticsearch-sample -o jsonpath='{.spec.host}')" register: routeelastic - debug: msg="the echo was {{ elasticpwd.stdout }}" - debug: msg="the echo was {{ routeelastic.stdout }}" - name: "put index" shell: "curl -X PUT -u 'elastic:{{elasticpwd.stdout}}' -k https://{{routeelastic.stdout}}/off" - name: "push to elastic" shell: "oc new-app java:8~https://github.com/snandakumar87/offer-elastic-service.git --name=offer-elastic-service --build-env=\"PASSWORD={{elasticpwd.stdout}}\" --build-env=\"ROUTEADDR={{routeelastic.stdout}}\" -n {{OCP_PROJECT}}" - name: "Quarkus+Kafka Streams+Angular UI for producer" shell: "oc new-app quay.io/quarkus/ubi-quarkus-native-s2i:19.2.1~https://github.com/snandakumar87/quarkus-kafka-streams.git" - name: "cancel build so that we can increase memory limits" shell: "oc cancel-build bc/quarkus-kafka-streams" - name: "Patch" shell: "oc patch bc/quarkus-kafka-streams -p '{\"spec\":{\"resources\":{\"limits\":{\"cpu\":\"2\", \"memory\":\"6Gi\"}}}}'" - name: "Restart build" shell: "oc start-build bc/quarkus-kafka-streams" - name: "expose route" shell: "oc expose svc/quarkus-kafka-streams" - name: "Quarkus+Kafka Streams+Angular UI for consumer" shell: "oc new-app quay.io/quarkus/ubi-quarkus-native-s2i:19.2.1~https://github.com/snandakumar87/quarkus-kafka-consumer.git" - name: "cancel build so that we can increase memory limits" shell: "oc cancel-build bc/quarkus-kafka-consumer" - name: "Patch" shell: "oc patch bc/quarkus-kafka-consumer -p '{\"spec\":{\"resources\":{\"limits\":{\"cpu\":\"2\", \"memory\":\"6Gi\"}}}}'" - name: "Restart build" shell: "oc start-build bc/quarkus-kafka-consumer" - name: "expose route" shell: "oc expose svc/quarkus-kafka-consumer" - include_tasks: ./wait_for_deploy.yml vars: pod_to_wait: - "quarkus-kafka-consumer" - "quarkus-kafka-streams" - name: Give user access to the completed project shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ OCP_PROJECT }}"